package org.geoserver.security;

import java.io.ByteArrayInputStream;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.io.InputStream;
import java.net.URL;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Properties;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerEnvironment;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.auth.AbstractAuthenticationProviderTest;
import org.geoserver.security.impl.GeoServerRole;
import org.geoserver.security.impl.GeoServerUser;
import org.geoserver.security.validation.FilterConfigException;
import org.geoserver.security.xml.XMLUserGroupService;
import org.geoserver.test.http.AbstractHttpClient;
import org.geotools.http.HTTPResponse;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:org/geoserver/security/AuthKeyAuthenticationTest.class */
public class AuthKeyAuthenticationTest extends AbstractAuthenticationProviderTest {

    /* loaded from: input_file:org/geoserver/security/AuthKeyAuthenticationTest$TestHttpClient.class */
    class TestHttpClient extends AbstractHttpClient {
        private String authkey;
        private String response;

        public TestHttpClient(String str, String str2) {
            this.authkey = str;
            this.response = str2;
        }

        public HTTPResponse get(final URL url) throws IOException {
            return new HTTPResponse() { // from class: org.geoserver.security.AuthKeyAuthenticationTest.TestHttpClient.1
                public InputStream getResponseStream() throws IOException {
                    return url.getPath().substring(1).equals(TestHttpClient.this.authkey) ? new ByteArrayInputStream(TestHttpClient.this.response.getBytes()) : new ByteArrayInputStream("".getBytes());
                }

                public String getResponseHeader(String str) {
                    return null;
                }

                public String getResponseCharset() {
                    return null;
                }

                public String getContentType() {
                    return null;
                }

                public void dispose() {
                }
            };
        }

        public HTTPResponse post(URL url, InputStream inputStream, String str) throws IOException {
            return null;
        }
    }

    @BeforeClass
    public static void setupClass() {
        System.setProperty("ALLOW_ENV_PARAMETRIZATION", "true");
        GeoServerEnvironment.reloadAllowEnvParametrization();
    }

    @AfterClass
    public static void tearDownClass() {
        System.clearProperty("ALLOW_ENV_PARAMETRIZATION");
        GeoServerEnvironment.reloadAllowEnvParametrization();
    }

    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
    }

    @Test
    public void testMapperParameters() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyParams1");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKeyParams");
        authenticationKeyFilterConfig.setAuthKeyMapperName("fakeMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("param1", "value1");
        hashMap.put("param2", "value2");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        GeoServerAuthenticationKeyFilter loadFilter = getSecurityManager().loadFilter("testAuthKeyParams1");
        Assert.assertTrue(loadFilter.getMapper() instanceof FakeMapper);
        FakeMapper mapper = loadFilter.getMapper();
        Assert.assertEquals("value1", mapper.getMapperParameter("param1"));
        Assert.assertEquals("value2", mapper.getMapperParameter("param2"));
    }

    @Test
    public void testMapperParametersFromEnv() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyParams2");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKeyParams");
        authenticationKeyFilterConfig.setAuthKeyMapperName("fakeMapper");
        System.setProperty("authkey_param1", "value1");
        System.setProperty("authkey_param2", "value2");
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("param1", "${authkey_param1}");
            hashMap.put("param2", "${authkey_param2}");
            authenticationKeyFilterConfig.setMapperParameters(hashMap);
            getSecurityManager().saveFilter(authenticationKeyFilterConfig);
            GeoServerAuthenticationKeyFilter loadFilter = getSecurityManager().loadFilter("testAuthKeyParams2");
            Assert.assertTrue(loadFilter.getMapper() instanceof FakeMapper);
            FakeMapper mapper = loadFilter.getMapper();
            Assert.assertEquals("value1", mapper.getMapperParameter("param1"));
            Assert.assertEquals("value2", mapper.getMapperParameter("param2"));
            System.clearProperty("authkey_param1");
            System.clearProperty("authkey_param2");
        } catch (Throwable th) {
            System.clearProperty("authkey_param1");
            System.clearProperty("authkey_param2");
            throw th;
        }
    }

    @Test
    public void testMapperParametersFromEnvWhenDisabled() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyParams3");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKeyParams");
        authenticationKeyFilterConfig.setAuthKeyMapperName("fakeMapper");
        System.setProperty("authkey_param1", "value1");
        System.setProperty("authkey_param2", "value2");
        System.setProperty("ALLOW_ENV_PARAMETRIZATION", "false");
        GeoServerEnvironment.reloadAllowEnvParametrization();
        try {
            HashMap hashMap = new HashMap();
            hashMap.put("param1", "${authkey_param1}");
            hashMap.put("param2", "${authkey_param2}");
            authenticationKeyFilterConfig.setMapperParameters(hashMap);
            getSecurityManager().saveFilter(authenticationKeyFilterConfig);
            GeoServerAuthenticationKeyFilter loadFilter = getSecurityManager().loadFilter("testAuthKeyParams3");
            Assert.assertTrue(loadFilter.getMapper() instanceof FakeMapper);
            FakeMapper mapper = loadFilter.getMapper();
            Assert.assertEquals("${authkey_param1}", mapper.getMapperParameter("param1"));
            Assert.assertEquals("${authkey_param2}", mapper.getMapperParameter("param2"));
            System.clearProperty("authkey_param1");
            System.clearProperty("authkey_param2");
            System.setProperty("ALLOW_ENV_PARAMETRIZATION", "true");
            GeoServerEnvironment.reloadAllowEnvParametrization();
        } catch (Throwable th) {
            System.clearProperty("authkey_param1");
            System.clearProperty("authkey_param2");
            System.setProperty("ALLOW_ENV_PARAMETRIZATION", "true");
            GeoServerEnvironment.reloadAllowEnvParametrization();
            throw th;
        }
    }

    @Test
    public void testMapperParamsFilterConfigValidation() throws Exception {
        AuthenticationKeyFilterConfigValidator authenticationKeyFilterConfigValidator = new AuthenticationKeyFilterConfigValidator(getSecurityManager());
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("fakeFilter");
        authenticationKeyFilterConfig.setUserGroupServiceName(XMLUserGroupService.DEFAULT_NAME);
        authenticationKeyFilterConfig.setAuthKeyParamName("authkey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("fakeMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("param1", "value1");
        hashMap.put("param2", "value2");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        boolean z = false;
        try {
            authenticationKeyFilterConfigValidator.validateFilterConfig(authenticationKeyFilterConfig);
        } catch (FilterConfigException e) {
            z = true;
        }
        Assert.assertFalse(z);
        hashMap.put("param3", "value3");
        try {
            authenticationKeyFilterConfigValidator.validateFilterConfig(authenticationKeyFilterConfig);
        } catch (FilterConfigException e2) {
            Assert.assertEquals("INVALID_AUTH_KEY_MAPPER_PARAMETER", e2.getId());
            Assert.assertEquals(1L, e2.getArgs().length);
            Assert.assertEquals("param3", e2.getArgs()[0]);
            LOGGER.info(e2.getMessage());
            z = true;
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testFileBasedWithSessionEnabled() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyFilter1Enabled");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("propertyMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("cacheTtlSeconds", "0");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        PropertyAuthenticationKeyMapper mapper = getSecurityManager().loadFilter("testAuthKeyFilter1Enabled").getMapper();
        mapper.synchronize();
        prepareFilterChain(this.pattern, new String[]{"testAuthKeyFilter1Enabled"});
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        getSecurityManager().getAuthenticationCache().removeAll();
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        mapper.synchronize();
        getProxy().doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(403L, mockHttpServletResponse.getStatus());
        String str = null;
        Iterator it = mapper.authKeyProps.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry entry = (Map.Entry) it.next();
            if ("user1".equals(entry.getValue())) {
                str = (String) entry.getKey();
                break;
            }
        }
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest2.setQueryString("myAuthKey" + "=" + str);
        createRequest2.addParameter("myAuthKey", str);
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain2);
        Assert.assertNotEquals(mockHttpServletResponse2.getStatus(), 302L);
        SecurityContext securityContext = (SecurityContext) createRequest2.getSession(false).getAttribute("SPRING_SECURITY_CONTEXT");
        Assert.assertNotNull(securityContext);
        Authentication authentication = securityContext.getAuthentication();
        Assert.assertNotNull(authentication);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        checkForAuthenticatedRole(authentication);
        Assert.assertEquals("user1", authentication.getPrincipal());
        this.username = "unknown";
        this.password = this.username;
        MockHttpServletRequest createRequest3 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse3 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain3 = new MockFilterChain();
        createRequest3.setQueryString("myAuthKey" + "=abc");
        createRequest3.addParameter("myAuthKey", "abc");
        mapper.synchronize();
        getProxy().doFilter(createRequest3, mockHttpServletResponse3, mockFilterChain3);
        Assert.assertEquals(403L, mockHttpServletResponse3.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testFileBasedWithSessionDisabled() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyFilter1Disabled");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("propertyMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("cacheTtlSeconds", "0");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        PropertyAuthenticationKeyMapper mapper = getSecurityManager().loadFilter("testAuthKeyFilter1Disabled").getMapper();
        mapper.synchronize();
        prepareFilterChain(this.pattern, new String[]{"testAuthKeyFilter1Disabled"});
        modifyChain(this.pattern, false, true, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        getSecurityManager().getAuthenticationCache().removeAll();
        createRequest("/foo/bar");
        new MockHttpServletResponse();
        new MockFilterChain();
        mapper.synchronize();
        String str = null;
        Iterator it = mapper.authKeyProps.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry entry = (Map.Entry) it.next();
            if ("user1".equals(entry.getValue())) {
                str = (String) entry.getKey();
                break;
            }
        }
        this.username = "user1";
        this.password = this.username;
        updateUser("ug1", this.username, false);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest.setQueryString("myAuthKey" + "=" + str);
        createRequest.addParameter("myAuthKey", str);
        getProxy().doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(403L, mockHttpServletResponse.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", this.username, true);
        mapper.synchronize();
        SecurityContextHolder.clearContext();
        getSecurityManager().getAuthenticationCache().removeAll();
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testUserPropertyWithCacheEnabled() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyFilter2Enabled");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("userPropertyMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("cacheTtlSeconds", "0");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        UserPropertyAuthenticationKeyMapper mapper = getSecurityManager().loadFilter("testAuthKeyFilter2Enabled").getMapper();
        mapper.synchronize();
        prepareFilterChain(this.pattern, new String[]{"testAuthKeyFilter2Enabled"});
        modifyChain(this.pattern, false, false, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        getSecurityManager().getAuthenticationCache().removeAll();
        getProxy().doFilter(createRequest("/foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(403L, r0.getStatus());
        GeoServerUser loadUserByUsername = getSecurityManager().loadUserGroupService("ug1").loadUserByUsername("user1");
        mapper.synchronize();
        mapper.resetUserCache();
        String property = loadUserByUsername.getProperties().getProperty(mapper.getUserPropertyName());
        Assert.assertNotNull(property);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest.setQueryString("myAuthKey" + "=" + property);
        createRequest.addParameter("myAuthKey", property);
        mapper.synchronize();
        SecurityContextHolder.clearContext();
        getSecurityManager().getAuthenticationCache().removeAll();
        getProxy().doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertNotEquals(302L, mockHttpServletResponse.getStatus());
        Assert.assertNull(createRequest.getSession(false));
        this.username = "unknown";
        this.password = this.username;
        MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
        MockFilterChain mockFilterChain2 = new MockFilterChain();
        createRequest2.setQueryString("myAuthKey" + "=abc");
        createRequest2.addParameter("myAuthKey", "abc");
        getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain2);
        Assert.assertEquals(403L, mockHttpServletResponse2.getStatus());
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }

    @Test
    public void testUserPropertyWithCacheDisabled() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyFilter2Disabled");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("userPropertyMapper");
        HashMap hashMap = new HashMap();
        hashMap.put("cacheTtlSeconds", "0");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        UserPropertyAuthenticationKeyMapper mapper = getSecurityManager().loadFilter("testAuthKeyFilter2Disabled").getMapper();
        mapper.synchronize();
        prepareFilterChain(this.pattern, new String[]{"testAuthKeyFilter2Disabled"});
        modifyChain(this.pattern, false, false, null);
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
        getSecurityManager().getAuthenticationCache().removeAll();
        this.username = "user1";
        this.password = this.username;
        updateUser("ug1", this.username, false);
        mapper.synchronize();
        mapper.resetUserCache();
        String property = getSecurityManager().loadUserGroupService("ug1").loadUserByUsername("user1").getProperties().getProperty(mapper.getUserPropertyName());
        Assert.assertNotNull(property);
        SecurityContextHolder.clearContext();
        getSecurityManager().getAuthenticationCache().removeAll();
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        createRequest.setQueryString("myAuthKey" + "=" + property);
        createRequest.addParameter("myAuthKey", property);
        getProxy().doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals(403L, mockHttpServletResponse.getStatus());
        Assert.assertNull(getSecurityManager().getAuthenticationCache().get("testAuthKeyFilter2Disabled", property));
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
        updateUser("ug1", this.username, true);
        insertAnonymousFilter();
        getProxy().doFilter(createRequest("foo/bar"), new MockHttpServletResponse(), new MockFilterChain());
        Assert.assertEquals(200L, r0.getStatus());
        removeAnonymousFilter();
    }

    @Test
    public void testWebServiceAuthKeyMapper() throws Exception {
        GeoServerUserGroupStore createStore = createUserGroupService("testWebServiceAuthKey").createStore();
        createStore.addUser(createStore.createUserObject("user1", "passwd1", true));
        createStore.addUser(createStore.createUserObject("user2", "passwd2", true));
        createStore.store();
        WebServiceAuthenticationKeyMapper webServiceAuthenticationKeyMapper = (WebServiceAuthenticationKeyMapper) GeoServerExtensions.extensions(WebServiceAuthenticationKeyMapper.class).iterator().next();
        webServiceAuthenticationKeyMapper.setUserGroupServiceName("testWebServiceAuthKey");
        webServiceAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        webServiceAuthenticationKeyMapper.setWebServiceUrl("http://service/{key}");
        webServiceAuthenticationKeyMapper.setHttpClient(new TestHttpClient("testkey", "user1"));
        GeoServerUser user = webServiceAuthenticationKeyMapper.getUser("testkey");
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getUsername(), "user1");
        boolean z = false;
        try {
            webServiceAuthenticationKeyMapper.getUser("wrongkey");
        } catch (UsernameNotFoundException e) {
            z = true;
        }
        Assert.assertTrue(z);
    }

    @Test
    public void testWebServiceAuthKeyMapperSearchUser() throws Exception {
        GeoServerUserGroupStore createStore = createUserGroupService("testWebServiceAuthKey2").createStore();
        createStore.addUser(createStore.createUserObject("user1", "passwd1", true));
        createStore.addUser(createStore.createUserObject("user2", "passwd2", true));
        createStore.store();
        WebServiceAuthenticationKeyMapper webServiceAuthenticationKeyMapper = (WebServiceAuthenticationKeyMapper) GeoServerExtensions.extensions(WebServiceAuthenticationKeyMapper.class).iterator().next();
        webServiceAuthenticationKeyMapper.setUserGroupServiceName("testWebServiceAuthKey2");
        webServiceAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        webServiceAuthenticationKeyMapper.setWebServiceUrl("http://service/{key}");
        webServiceAuthenticationKeyMapper.setSearchUser("^.*?\"user\"\\s*:\\s*\"([^\"]+)\".*$");
        webServiceAuthenticationKeyMapper.setHttpClient(new TestHttpClient("testkey", "{\n    \"user\": \"user1\", \"detail\": \"mydetail\"\n   }"));
        GeoServerUser user = webServiceAuthenticationKeyMapper.getUser("testkey");
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getUsername(), "user1");
        webServiceAuthenticationKeyMapper.setSearchUser("^.*?<username>(.*?)</username>.*$");
        webServiceAuthenticationKeyMapper.setHttpClient(new TestHttpClient("testkey", "<root>\n<userdetail>\n<username>user1</username>\n</userdetail>\n</root>"));
        GeoServerUser user2 = webServiceAuthenticationKeyMapper.getUser("testkey");
        Assert.assertNotNull(user2);
        Assert.assertEquals(user2.getUsername(), "user1");
        Assert.assertNull(webServiceAuthenticationKeyMapper.getUser("wrongkey"));
    }

    @Test
    public void testWebServiceAuthKeyBodyResponseUGS() throws Exception {
        WebServiceBodyResponseUserGroupServiceConfig webServiceBodyResponseUserGroupServiceConfig = new WebServiceBodyResponseUserGroupServiceConfig();
        webServiceBodyResponseUserGroupServiceConfig.setName("testWebServiceAuthKey3");
        webServiceBodyResponseUserGroupServiceConfig.setClassName(WebServiceBodyResponseUserGroupService.class.getName());
        webServiceBodyResponseUserGroupServiceConfig.setPasswordEncoderName(getPBEPasswordEncoder().getName());
        webServiceBodyResponseUserGroupServiceConfig.setPasswordPolicyName("default");
        webServiceBodyResponseUserGroupServiceConfig.setSearchRoles("^.*?\"roles\"\\s*:\\s*\"([^\"]+)\".*$");
        webServiceBodyResponseUserGroupServiceConfig.setAvailableGroups("GROUP_MYROLE_1, GROUP_MYROLE_2");
        getSecurityManager().saveUserGroupService(webServiceBodyResponseUserGroupServiceConfig);
        GeoServerUserGroupService loadUserGroupService = getSecurityManager().loadUserGroupService("testWebServiceAuthKey3");
        Assert.assertNotNull(loadUserGroupService);
        WebServiceAuthenticationKeyMapper webServiceAuthenticationKeyMapper = (WebServiceAuthenticationKeyMapper) GeoServerExtensions.extensions(WebServiceAuthenticationKeyMapper.class).iterator().next();
        webServiceAuthenticationKeyMapper.setUserGroupServiceName("testWebServiceAuthKey3");
        webServiceAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        webServiceAuthenticationKeyMapper.setWebServiceUrl("http://service/{key}");
        webServiceAuthenticationKeyMapper.setSearchUser("^.*?\"user\"\\s*:\\s*\"([^\"]+)\".*$");
        webServiceAuthenticationKeyMapper.setHttpClient(new TestHttpClient("testkey", "{\n    \"user\": \"user1\", \"detail\": \"mydetail\", \"roles\": \"myrole_1, myrole_2\"\n   }"));
        GeoServerUser user = webServiceAuthenticationKeyMapper.getUser("testkey");
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getUsername(), "user1");
        Assert.assertNotNull(user.getAuthorities());
        Assert.assertEquals(2L, user.getAuthorities().size());
        Assert.assertTrue(user.getAuthorities().contains(new GeoServerRole("ROLE_MYROLE_1")));
        Assert.assertTrue(user.getAuthorities().contains(new GeoServerRole("ROLE_MYROLE_2")));
        Assert.assertEquals(2L, loadUserGroupService.getGroupCount());
        Assert.assertEquals(2L, loadUserGroupService.getUserGroups().size());
        Assert.assertEquals(loadUserGroupService.getUserGroups(), loadUserGroupService.getGroupsForUser(user));
    }

    @Test
    public void testAuthKeyMapperSynchronize() throws Exception {
        GeoServerUserGroupService createUserGroupService = createUserGroupService("testAuthKey");
        GeoServerUserGroupStore createStore = createUserGroupService.createStore();
        GeoServerUser createUserObject = createStore.createUserObject("user1", "passwd1", true);
        createStore.addUser(createUserObject);
        GeoServerUser createUserObject2 = createStore.createUserObject("user2", "passwd2", true);
        createStore.addUser(createUserObject2);
        createStore.store();
        PropertyAuthenticationKeyMapper propertyAuthenticationKeyMapper = (PropertyAuthenticationKeyMapper) GeoServerExtensions.extensions(PropertyAuthenticationKeyMapper.class).iterator().next();
        UserPropertyAuthenticationKeyMapper userPropertyAuthenticationKeyMapper = (UserPropertyAuthenticationKeyMapper) GeoServerExtensions.extensions(UserPropertyAuthenticationKeyMapper.class).iterator().next();
        propertyAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        propertyAuthenticationKeyMapper.setUserGroupServiceName("testAuthKey");
        userPropertyAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        userPropertyAuthenticationKeyMapper.setUserGroupServiceName("testAuthKey");
        Assert.assertEquals(2L, propertyAuthenticationKeyMapper.synchronize());
        File file = new File(new File(getSecurityManager().userGroup().dir(), "testAuthKey"), "authkeys.properties");
        Assert.assertTrue(file.exists());
        Properties properties = new Properties();
        loadPropFile(file, properties);
        Assert.assertEquals(2L, properties.size());
        String str = null;
        String str2 = null;
        String str3 = null;
        for (Map.Entry entry : properties.entrySet()) {
            if ("user1".equals(entry.getValue())) {
                str = (String) entry.getKey();
            }
            if ("user2".equals(entry.getValue())) {
                str2 = (String) entry.getKey();
            }
        }
        Assert.assertNotNull(str);
        Assert.assertNotNull(str2);
        Assert.assertEquals(createUserObject, propertyAuthenticationKeyMapper.getUser(str));
        Assert.assertEquals(createUserObject2, propertyAuthenticationKeyMapper.getUser(str2));
        Assert.assertNull(propertyAuthenticationKeyMapper.getUser("blblal"));
        Assert.assertEquals(2L, userPropertyAuthenticationKeyMapper.synchronize());
        GeoServerUser loadUserByUsername = createUserGroupService.loadUserByUsername("user1");
        String property = loadUserByUsername.getProperties().getProperty(userPropertyAuthenticationKeyMapper.getUserPropertyName());
        GeoServerUser loadUserByUsername2 = createUserGroupService.loadUserByUsername("user2");
        String property2 = loadUserByUsername2.getProperties().getProperty(userPropertyAuthenticationKeyMapper.getUserPropertyName());
        Assert.assertEquals(loadUserByUsername, userPropertyAuthenticationKeyMapper.getUser(property));
        Assert.assertEquals(loadUserByUsername2, userPropertyAuthenticationKeyMapper.getUser(property2));
        Assert.assertNull(userPropertyAuthenticationKeyMapper.getUser("blblal"));
        GeoServerUserGroupStore createStore2 = createUserGroupService.createStore();
        GeoServerUser createUserObject3 = createStore2.createUserObject("user3", "passwd3", true);
        createStore2.addUser(createUserObject3);
        createStore2.removeUser(loadUserByUsername);
        createStore2.store();
        Assert.assertEquals(1L, propertyAuthenticationKeyMapper.synchronize());
        Properties properties2 = new Properties();
        loadPropFile(file, properties2);
        Assert.assertEquals(2L, properties2.size());
        for (Map.Entry entry2 : properties2.entrySet()) {
            if ("user2".equals(entry2.getValue())) {
                Assert.assertEquals(str2, entry2.getKey());
            }
            if ("user3".equals(entry2.getValue())) {
                str3 = (String) entry2.getKey();
            }
        }
        Assert.assertNotNull(str3);
        Assert.assertNull(propertyAuthenticationKeyMapper.getUser(str));
        Assert.assertEquals(loadUserByUsername2, propertyAuthenticationKeyMapper.getUser(str2));
        Assert.assertEquals(createUserObject3, propertyAuthenticationKeyMapper.getUser(str3));
        Assert.assertEquals(1L, userPropertyAuthenticationKeyMapper.synchronize());
        GeoServerUser loadUserByUsername3 = createUserGroupService.loadUserByUsername("user2");
        Assert.assertEquals(property2, loadUserByUsername3.getProperties().getProperty(userPropertyAuthenticationKeyMapper.getUserPropertyName()));
        GeoServerUser loadUserByUsername4 = createUserGroupService.loadUserByUsername("user3");
        String property3 = loadUserByUsername4.getProperties().getProperty(userPropertyAuthenticationKeyMapper.getUserPropertyName());
        Assert.assertNull(userPropertyAuthenticationKeyMapper.getUser(property));
        Assert.assertEquals(loadUserByUsername3, userPropertyAuthenticationKeyMapper.getUser(property2));
        Assert.assertEquals(loadUserByUsername4, userPropertyAuthenticationKeyMapper.getUser(property3));
        GeoServerUserGroupStore createStore3 = createUserGroupService.createStore();
        GeoServerUser loadUserByUsername5 = createStore3.loadUserByUsername("user2");
        loadUserByUsername5.setEnabled(false);
        createStore3.updateUser(loadUserByUsername5);
        createStore3.store();
        propertyAuthenticationKeyMapper.resetUserCache();
        userPropertyAuthenticationKeyMapper.resetUserCache();
        Assert.assertNull(propertyAuthenticationKeyMapper.getUser(str2));
        Assert.assertNull(userPropertyAuthenticationKeyMapper.getUser(property2));
    }

    @Test
    public void testAuthKeyMapperAutoSynchronize() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAuthKeyFilterAuto1");
        authenticationKeyFilterConfig.setAllowMapperKeysAutoSync(true);
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("propertyMapper");
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        File file = new File(new File(getSecurityManager().userGroup().dir(), "testAuthKey"), "authkeys.properties");
        GeoServerAuthenticationKeyProvider geoServerAuthenticationKeyProvider = new GeoServerAuthenticationKeyProvider(getSecurityManager(), 2);
        Assert.assertNotNull(geoServerAuthenticationKeyProvider.getScheduler());
        Assert.assertFalse(geoServerAuthenticationKeyProvider.getScheduler().isTerminated());
        Assert.assertFalse(geoServerAuthenticationKeyProvider.getScheduler().isShutdown());
        Assert.assertEquals(2L, geoServerAuthenticationKeyProvider.getAutoSyncDelaySeconds());
        Properties properties = new Properties();
        for (int i = 0; i < 400 && properties.isEmpty(); i++) {
            try {
                Thread.sleep(25L);
                loadPropFile(file, properties);
            } catch (InterruptedException e) {
            }
        }
        Assert.assertTrue(file.exists());
        Assert.assertFalse(properties.isEmpty());
    }

    @Test
    public void testWebServiceAuthKeyBodyResponseNoRoleMatchingRegex() throws Exception {
        WebServiceBodyResponseUserGroupServiceConfig webServiceBodyResponseUserGroupServiceConfig = new WebServiceBodyResponseUserGroupServiceConfig();
        webServiceBodyResponseUserGroupServiceConfig.setName("testWebServiceAuthKey4");
        webServiceBodyResponseUserGroupServiceConfig.setClassName(WebServiceBodyResponseUserGroupService.class.getName());
        webServiceBodyResponseUserGroupServiceConfig.setPasswordEncoderName(getPBEPasswordEncoder().getName());
        webServiceBodyResponseUserGroupServiceConfig.setPasswordPolicyName("default");
        webServiceBodyResponseUserGroupServiceConfig.setSearchRoles("wrong_regex");
        webServiceBodyResponseUserGroupServiceConfig.setAvailableGroups("GROUP_MYROLE_1, GROUP_MYROLE_2");
        getSecurityManager().saveUserGroupService(webServiceBodyResponseUserGroupServiceConfig);
        Assert.assertNotNull(getSecurityManager().loadUserGroupService("testWebServiceAuthKey4"));
        WebServiceAuthenticationKeyMapper webServiceAuthenticationKeyMapper = (WebServiceAuthenticationKeyMapper) GeoServerExtensions.extensions(WebServiceAuthenticationKeyMapper.class).iterator().next();
        webServiceAuthenticationKeyMapper.setUserGroupServiceName("testWebServiceAuthKey4");
        webServiceAuthenticationKeyMapper.setSecurityManager(getSecurityManager());
        webServiceAuthenticationKeyMapper.setWebServiceUrl("http://service/{key}");
        webServiceAuthenticationKeyMapper.setSearchUser("^.*?\"user\"\\s*:\\s*\"([^\"]+)\".*$");
        webServiceAuthenticationKeyMapper.setHttpClient(new TestHttpClient("testkey", "{\n    \"user\": \"user1\", \"detail\": \"mydetail\", \"roles\": \"myrole_1, myrole_2\"\n   }"));
        GeoServerUser user = webServiceAuthenticationKeyMapper.getUser("testkey");
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getUsername(), "user1");
        Assert.assertNotNull(user.getAuthorities());
        Assert.assertEquals(1L, user.getAuthorities().size());
        Assert.assertTrue(user.getAuthorities().contains(new GeoServerRole("ROLE_ANONYMOUS")));
    }

    @Test
    public void testAllowChallengeAnonymousSessionsBehavior() throws Exception {
        AuthenticationKeyFilterConfig authenticationKeyFilterConfig = new AuthenticationKeyFilterConfig();
        authenticationKeyFilterConfig.setClassName(GeoServerAuthenticationKeyFilter.class.getName());
        authenticationKeyFilterConfig.setName("testAllowChallengeAnonymousSessionsBehavior");
        authenticationKeyFilterConfig.setUserGroupServiceName("ug1");
        authenticationKeyFilterConfig.setAuthKeyParamName("myAuthKey");
        authenticationKeyFilterConfig.setAuthKeyMapperName("userPropertyMapper");
        authenticationKeyFilterConfig.setAllowChallengeAnonymousSessions(true);
        HashMap hashMap = new HashMap();
        hashMap.put("cacheTtlSeconds", "0");
        authenticationKeyFilterConfig.setMapperParameters(hashMap);
        getSecurityManager().saveFilter(authenticationKeyFilterConfig);
        UserPropertyAuthenticationKeyMapper mapper = getSecurityManager().loadFilter("testAllowChallengeAnonymousSessionsBehavior").getMapper();
        mapper.synchronize();
        prepareFilterChain(this.pattern, new String[]{"testAllowChallengeAnonymousSessionsBehavior"});
        modifyChain(this.pattern, false, false, null);
        GeoServerUser loadUserByUsername = getSecurityManager().loadUserGroupService("ug1").loadUserByUsername("user1");
        mapper.resetUserCache();
        String property = loadUserByUsername.getProperties().getProperty(mapper.getUserPropertyName());
        Assert.assertNotNull(property);
        MockHttpServletRequest createRequest = createRequest("/foo/bar");
        createRequest.setQueryString("myAuthKey" + "=" + property);
        createRequest.addParameter("myAuthKey", property);
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        List of = List.of(new SimpleGrantedAuthority("ROLE_ANONYMOUS"));
        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("test", "anonymous", of));
        getProxy().doFilter(createRequest, mockHttpServletResponse, mockFilterChain);
        Authentication authentication = getSecurityManager().getAuthenticationCache().get("testAllowChallengeAnonymousSessionsBehavior", property);
        Authentication authentication2 = authentication != null ? authentication : SecurityContextHolder.getContext().getAuthentication();
        if (authentication2 != null) {
            Assert.assertEquals("user1", authentication2.getPrincipal());
            authenticationKeyFilterConfig.setAllowChallengeAnonymousSessions(false);
            getSecurityManager().saveFilter(authenticationKeyFilterConfig);
            getSecurityManager().loadFilter("testAllowChallengeAnonymousSessionsBehavior");
            MockHttpServletRequest createRequest2 = createRequest("/foo/bar");
            createRequest2.setQueryString("myAuthKey" + "=" + property);
            createRequest2.addParameter("myAuthKey", property);
            MockHttpServletResponse mockHttpServletResponse2 = new MockHttpServletResponse();
            MockFilterChain mockFilterChain2 = new MockFilterChain();
            getSecurityManager().getAuthenticationCache().removeAll();
            SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("test", "validUser", of));
            getProxy().doFilter(createRequest2, mockHttpServletResponse2, mockFilterChain2);
            Authentication authentication3 = getSecurityManager().getAuthenticationCache().get("testAllowChallengeAnonymousSessionsBehavior", property);
            Authentication authentication4 = authentication3 != null ? authentication3 : SecurityContextHolder.getContext().getAuthentication();
            Assert.assertNotNull(authentication4);
            Assert.assertEquals("user1", authentication4.getPrincipal());
        }
    }

    private void loadPropFile(File file, Properties properties) throws FileNotFoundException, IOException {
        FileInputStream fileInputStream = new FileInputStream(file);
        try {
            properties.load(fileInputStream);
            fileInputStream.close();
        } catch (Throwable th) {
            try {
                fileInputStream.close();
            } catch (Throwable th2) {
                th.addSuppressed(th2);
            }
            throw th;
        }
    }

    protected GeoServerSecurityManager getSecurityManager() {
        return getProxy().securityManager;
    }
}
