package org.geoserver.rest.security;

import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import org.geoserver.rest.security.AuthenticationFilterChainRestController;
import org.geoserver.rest.security.xml.AuthFilterChain;
import org.geoserver.rest.wrapper.RestWrapper;
import org.geoserver.security.GeoServerSecurityManager;
import org.geoserver.security.HtmlLoginFilterChain;
import org.geoserver.test.GeoServerTestSupport;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/geoserver/rest/security/AuthenticationFilterChainRestControllerTest.class */
public class AuthenticationFilterChainRestControllerTest extends GeoServerTestSupport {
    private static final String DEFAULT_CHAIN_NAME = "default";
    private static final String TEST_CHAIN_NAME_PREFIX = "TEST-";
    public static final boolean ALLOW_SESSION_CREATION_FLAG = true;
    public static final boolean DISABLED_FLAG = true;
    public static final boolean REQUIRE_SSL_FLAG = true;
    public static final int POSITION = 1;
    public static final int NEW_POSITION = 2;
    public static final boolean MATCH_HTTP_METHOD_FLAG = true;
    private AuthenticationFilterChainRestController controller;
    public static final String ROLE_FILTER_NAME = null;
    private static final List<String> TEST_FILTERS = List.of("basic", "anonymous");
    public static final String CLASS_NAME = HtmlLoginFilterChain.class.getName();
    public static final Set<String> HTTP_METHODS = Set.of("GET", "POST");
    public static final Set<String> NEW_HTTP_METHODS = Set.of("GET");
    public static final List<String> PATTERNS = List.of("/test/path1/*", "/test/path2/*");
    public static final String NEW_ROLE_FILTER_NAME = null;
    private static final List<String> NEW_TEST_FILTERS = List.of("basic");
    private static final List<String> NEW_PATTERNS = List.of("/test/path1/*");

    @Before
    public void oneTimeSetUp() throws Exception {
        setValidating(true);
        super.oneTimeSetUp();
        this.controller = new AuthenticationFilterChainRestController((GeoServerSecurityManager) applicationContext.getBean(GeoServerSecurityManager.class));
    }

    public void setUser() {
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken("admin", "password", Collections.singletonList(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR"))));
    }

    private void clearUser() {
        SecurityContextHolder.clearContext();
    }

    @Test
    public void testListFilterChains() {
        setUser();
        try {
            List list = (List) ((RestWrapper) Objects.requireNonNull(this.controller.list())).getObject();
            Assert.assertNotNull(list);
            list.stream().filter(authFilterChain -> {
                return authFilterChain.getName().equals(DEFAULT_CHAIN_NAME);
            }).findFirst().ifPresentOrElse(authFilterChain2 -> {
                Assert.assertEquals(DEFAULT_CHAIN_NAME, authFilterChain2.getName());
            }, () -> {
                Assert.fail("No default message");
            });
        } finally {
            clearUser();
        }
    }

    @Test
    public void testViewFilterChain() {
        setUser();
        try {
            AuthFilterChain authFilterChain = (AuthFilterChain) Objects.requireNonNull(this.controller.view(DEFAULT_CHAIN_NAME).getObject());
            Assert.assertNotNull(authFilterChain);
            Assert.assertEquals(DEFAULT_CHAIN_NAME, authFilterChain.getName());
        } finally {
            clearUser();
        }
    }

    @Test(expected = AuthenticationFilterChainRestController.FilterChainNotFound.class)
    public void testViewFilterChain_Unknown() {
        setUser();
        try {
            this.controller.view("UnknownName");
        } finally {
            clearUser();
        }
    }

    @Test
    public void testCreateFilterChain() {
        setUser();
        try {
            UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
            AuthFilterChain createNewAuthFilterChain = createNewAuthFilterChain();
            this.controller.create(createNewAuthFilterChain, newInstance);
            AuthFilterChain authFilterChain = (AuthFilterChain) Objects.requireNonNull(this.controller.view(createNewAuthFilterChain.getName()).getObject());
            Assert.assertNotNull(authFilterChain);
            Assert.assertEquals(createNewAuthFilterChain.getName(), authFilterChain.getName());
            Assert.assertEquals(createNewAuthFilterChain.getFilters(), authFilterChain.getFilters());
            Assert.assertEquals(createNewAuthFilterChain.getRoleFilterName(), authFilterChain.getRoleFilterName());
            Assert.assertEquals(createNewAuthFilterChain.getClassName(), authFilterChain.getClassName());
            Assert.assertEquals(createNewAuthFilterChain.getHttpMethods(), authFilterChain.getHttpMethods());
            Assert.assertEquals(createNewAuthFilterChain.getPatterns(), authFilterChain.getPatterns());
            Assert.assertEquals(createNewAuthFilterChain.getPosition(), authFilterChain.getPosition());
            Assert.assertEquals(Boolean.valueOf(createNewAuthFilterChain.isAllowSessionCreation()), Boolean.valueOf(authFilterChain.isAllowSessionCreation()));
            Assert.assertEquals(Boolean.valueOf(createNewAuthFilterChain.isDisabled()), Boolean.valueOf(authFilterChain.isDisabled()));
            Assert.assertEquals(Boolean.valueOf(createNewAuthFilterChain.isRequireSSL()), Boolean.valueOf(authFilterChain.isRequireSSL()));
            Assert.assertEquals(Boolean.valueOf(createNewAuthFilterChain.isMatchHTTPMethod()), Boolean.valueOf(authFilterChain.isMatchHTTPMethod()));
            clearUser();
        } catch (Throwable th) {
            clearUser();
            throw th;
        }
    }

    @Test(expected = AuthenticationFilterChainRestController.DuplicateChainName.class)
    public void testCreateFilterChain_duplicateName() {
        setUser();
        try {
            UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
            AuthFilterChain createNewAuthFilterChain = createNewAuthFilterChain();
            this.controller.create(createNewAuthFilterChain, newInstance);
            this.controller.create(createNewAuthFilterChain, newInstance);
        } finally {
            clearUser();
        }
    }

    @Test
    public void testUpdateFilterChain() {
        setUser();
        try {
            UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
            AuthFilterChain createNewAuthFilterChain = createNewAuthFilterChain();
            this.controller.create(createNewAuthFilterChain, newInstance);
            AuthFilterChain updateAuthFilterChain = updateAuthFilterChain(createNewAuthFilterChain);
            this.controller.update(updateAuthFilterChain.getName(), updateAuthFilterChain);
            AuthFilterChain authFilterChain = (AuthFilterChain) Objects.requireNonNull(this.controller.view(updateAuthFilterChain.getName()).getObject());
            Assert.assertEquals(updateAuthFilterChain.getName(), authFilterChain.getName());
            Assert.assertEquals(updateAuthFilterChain.getFilters(), authFilterChain.getFilters());
            Assert.assertEquals(updateAuthFilterChain.getRoleFilterName(), authFilterChain.getRoleFilterName());
            Assert.assertEquals(updateAuthFilterChain.getClassName(), authFilterChain.getClassName());
            Assert.assertEquals(updateAuthFilterChain.getHttpMethods(), authFilterChain.getHttpMethods());
            Assert.assertEquals(updateAuthFilterChain.getPatterns(), authFilterChain.getPatterns());
            Assert.assertEquals(updateAuthFilterChain.getPosition(), authFilterChain.getPosition());
            Assert.assertEquals(Boolean.valueOf(updateAuthFilterChain.isAllowSessionCreation()), Boolean.valueOf(authFilterChain.isAllowSessionCreation()));
            Assert.assertEquals(Boolean.valueOf(updateAuthFilterChain.isDisabled()), Boolean.valueOf(authFilterChain.isDisabled()));
            Assert.assertEquals(Boolean.valueOf(updateAuthFilterChain.isRequireSSL()), Boolean.valueOf(authFilterChain.isRequireSSL()));
            Assert.assertEquals(Boolean.valueOf(updateAuthFilterChain.isMatchHTTPMethod()), Boolean.valueOf(authFilterChain.isMatchHTTPMethod()));
            clearUser();
        } catch (Throwable th) {
            clearUser();
            throw th;
        }
    }

    @Test(expected = AuthenticationFilterChainRestController.BadRequest.class)
    public void testUpdateFilterChain_MismatchName() {
        setUser();
        try {
            this.controller.update("unKnown", createNewAuthFilterChain());
        } finally {
            clearUser();
        }
    }

    @Test
    public void testDeleteFilterChain() {
        setUser();
        try {
            UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
            AuthFilterChain createNewAuthFilterChain = createNewAuthFilterChain();
            this.controller.create(createNewAuthFilterChain, newInstance);
            this.controller.delete(createNewAuthFilterChain.getName());
            try {
                this.controller.view(createNewAuthFilterChain.getName());
                Assert.fail("Expected there to not exist");
            } catch (AuthenticationFilterChainRestController.FilterChainNotFound e) {
            }
        } finally {
            clearUser();
        }
    }

    @Test(expected = AuthenticationFilterChainRestController.NothingToDelete.class)
    public void testDeleteFilterChain_Unknown() {
        setUser();
        try {
            this.controller.delete("UnknownName");
        } finally {
            clearUser();
        }
    }

    @Test(expected = AuthenticationFilterChainRestController.BadRequest.class)
    public void testDeleteFilterChain_cannotBeRemoved() {
        setUser();
        try {
            this.controller.delete("webLogout");
        } finally {
            clearUser();
        }
    }

    public static AuthFilterChain createNewAuthFilterChain() {
        AuthFilterChain authFilterChain = new AuthFilterChain();
        authFilterChain.setName("TEST-" + UUID.randomUUID());
        authFilterChain.setRoleFilterName(ROLE_FILTER_NAME);
        authFilterChain.setFilters(TEST_FILTERS);
        authFilterChain.setAllowSessionCreation(true);
        authFilterChain.setDisabled(true);
        authFilterChain.setRequireSSL(true);
        authFilterChain.setClassName(CLASS_NAME);
        authFilterChain.setHttpMethods(HTTP_METHODS);
        authFilterChain.setPatterns(PATTERNS);
        authFilterChain.setPosition(1);
        authFilterChain.setMatchHTTPMethod(true);
        return authFilterChain;
    }

    public static AuthFilterChain updateAuthFilterChain(AuthFilterChain authFilterChain) {
        authFilterChain.setRoleFilterName(NEW_ROLE_FILTER_NAME);
        authFilterChain.setFilters(NEW_TEST_FILTERS);
        authFilterChain.setAllowSessionCreation(false);
        authFilterChain.setDisabled(false);
        authFilterChain.setRequireSSL(false);
        authFilterChain.setHttpMethods(NEW_HTTP_METHODS);
        authFilterChain.setPatterns(NEW_PATTERNS);
        authFilterChain.setPosition(2);
        authFilterChain.setMatchHTTPMethod(false);
        return authFilterChain;
    }
}
