package org.geoserver.security.filter;

import java.io.File;
import java.io.IOException;
import java.util.Collection;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import org.geoserver.config.GeoServerDataDirectory;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.config.PreAuthenticatedUserNameFilterConfig;
import org.geoserver.security.config.SecurityInterceptorFilterConfig;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockFilterChain;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.access.SecurityMetadataSource;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:org/geoserver/security/filter/GeoServerRequestHeaderAuthenticationFilterTest.class */
public class GeoServerRequestHeaderAuthenticationFilterTest {

    /* loaded from: input_file:org/geoserver/security/filter/GeoServerRequestHeaderAuthenticationFilterTest$AuthCapturingFilter.class */
    static class AuthCapturingFilter extends GeoServerSecurityFilter implements GeoServerAuthenticationFilter {
        AuthCapturingFilter() {
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            servletRequest.setAttribute("auth", SecurityContextHolder.getContext().getAuthentication());
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public boolean applicableForHtml() {
            return true;
        }

        public boolean applicableForServices() {
            return true;
        }
    }

    @Test
    public void testAuthenticationViaPreAuthChanging() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(new PreAuthenticatedAuthenticationToken("testadmin", (Object) null));
        SecurityContextHolder.setContext(securityContextImpl);
        GeoServerRequestHeaderAuthenticationFilter geoServerRequestHeaderAuthenticationFilter = new GeoServerRequestHeaderAuthenticationFilter();
        geoServerRequestHeaderAuthenticationFilter.setPrincipalHeaderAttribute("sec-username");
        mockHttpServletRequest.addHeader("sec-username", "testuser");
        geoServerRequestHeaderAuthenticationFilter.setSecurityManager(new GeoServerSecurityManager(new GeoServerDataDirectory(new File("/tmp"))));
        geoServerRequestHeaderAuthenticationFilter.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header);
        SecurityInterceptorFilterConfig securityInterceptorFilterConfig = new SecurityInterceptorFilterConfig();
        securityInterceptorFilterConfig.setName("custom");
        securityInterceptorFilterConfig.setClassName(AuthCapturingFilter.class.getName());
        securityInterceptorFilterConfig.setSecurityMetadataSource("geoserverMetadataSource");
        geoServerRequestHeaderAuthenticationFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertEquals("testuser", SecurityContextHolder.getContext().getAuthentication().getPrincipal().toString());
    }

    @Test
    public void testAuthenticationWithNullAttributes() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        GeoServerSecurityInterceptorFilter geoServerSecurityInterceptorFilter = new GeoServerSecurityInterceptorFilter();
        geoServerSecurityInterceptorFilter.setSecurityManager(new GeoServerSecurityManager(new GeoServerDataDirectory(new File("/tmp"))));
        geoServerSecurityInterceptorFilter.setSecurityManager(new GeoServerSecurityManager(new GeoServerDataDirectory(new File("/tmp"))));
        SecurityInterceptorFilterConfig securityInterceptorFilterConfig = new SecurityInterceptorFilterConfig();
        securityInterceptorFilterConfig.setName("custom");
        securityInterceptorFilterConfig.setClassName(AuthCapturingFilter.class.getName());
        securityInterceptorFilterConfig.setSecurityMetadataSource("geoserverMetadataSource");
        geoServerSecurityInterceptorFilter.initializeFromConfig(securityInterceptorFilterConfig, new SecurityMetadataSource() { // from class: org.geoserver.security.filter.GeoServerRequestHeaderAuthenticationFilterTest.1
            public Collection<ConfigAttribute> getAttributes(Object obj) throws IllegalArgumentException {
                return null;
            }

            public Collection<ConfigAttribute> getAllConfigAttributes() {
                return null;
            }

            public boolean supports(Class<?> cls) {
                return false;
            }
        });
        try {
            geoServerSecurityInterceptorFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
            Assert.fail("Expected AccessDeniedException because the attributes are empty");
        } catch (AccessDeniedException e) {
            Assert.assertEquals("Access Denied", e.getMessage());
        }
    }

    @Test
    public void testAuthenticationViaPreAuthNoHeader() throws Exception {
        MockHttpServletRequest mockHttpServletRequest = new MockHttpServletRequest();
        MockHttpServletResponse mockHttpServletResponse = new MockHttpServletResponse();
        MockFilterChain mockFilterChain = new MockFilterChain();
        SecurityContextImpl securityContextImpl = new SecurityContextImpl();
        securityContextImpl.setAuthentication(new PreAuthenticatedAuthenticationToken("testadmin", (Object) null));
        SecurityContextHolder.setContext(securityContextImpl);
        GeoServerRequestHeaderAuthenticationFilter geoServerRequestHeaderAuthenticationFilter = new GeoServerRequestHeaderAuthenticationFilter();
        geoServerRequestHeaderAuthenticationFilter.setPrincipalHeaderAttribute("sec-username");
        geoServerRequestHeaderAuthenticationFilter.setSecurityManager(new GeoServerSecurityManager(new GeoServerDataDirectory(new File("/tmp"))));
        geoServerRequestHeaderAuthenticationFilter.setRoleSource(PreAuthenticatedUserNameFilterConfig.PreAuthenticatedUserNameRoleSource.Header);
        geoServerRequestHeaderAuthenticationFilter.doFilter(mockHttpServletRequest, mockHttpServletResponse, mockFilterChain);
        Assert.assertNull(SecurityContextHolder.getContext().getAuthentication());
    }
}
