package org.geoserver.security;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletResponse;
import org.geoserver.security.config.SecurityFilterConfig;
import org.geoserver.security.config.SecurityManagerConfig;
import org.geoserver.security.config.SecurityNamedServiceConfig;
import org.geoserver.security.filter.GeoServerAuthenticationFilter;
import org.geoserver.security.filter.GeoServerSecurityFilter;
import org.geoserver.security.validation.SecurityConfigException;
import org.geoserver.test.GeoServerSystemTestSupport;
import org.geoserver.test.SystemTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.springframework.mock.web.MockHttpServletRequest;

@Category({SystemTest.class})
/* loaded from: input_file:org/geoserver/security/GeoServerCustomFilterTest.class */
public class GeoServerCustomFilterTest extends GeoServerSystemTestSupport {

    /* loaded from: input_file:org/geoserver/security/GeoServerCustomFilterTest$Filter.class */
    static class Filter extends GeoServerSecurityFilter implements GeoServerAuthenticationFilter {
        boolean assertAuth = true;

        public void setAssertAuth(boolean z) {
            this.assertAuth = z;
        }

        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
            ((HttpServletResponse) servletResponse).setHeader("foo", "bar");
            filterChain.doFilter(servletRequest, servletResponse);
        }

        public boolean applicableForHtml() {
            return true;
        }

        public boolean applicableForServices() {
            return true;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/geoserver/security/GeoServerCustomFilterTest$FilterConfig.class */
    public static class FilterConfig extends SecurityFilterConfig {
        boolean assertAuth = true;

        FilterConfig() {
        }

        public void setAssertAuth(boolean z) {
            this.assertAuth = z;
        }

        public boolean isAssertSecurityContext() {
            return this.assertAuth;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/geoserver/security/GeoServerCustomFilterTest$Pos.class */
    public enum Pos {
        FIRST,
        LAST,
        BEFORE,
        AFTER
    }

    /* loaded from: input_file:org/geoserver/security/GeoServerCustomFilterTest$SecurityProvider.class */
    static class SecurityProvider extends GeoServerSecurityProvider {
        SecurityProvider() {
        }

        public Class<? extends GeoServerSecurityFilter> getFilterClass() {
            return Filter.class;
        }

        public GeoServerSecurityFilter createFilter(SecurityNamedServiceConfig securityNamedServiceConfig) {
            Filter filter = new Filter();
            filter.setAssertAuth(((FilterConfig) securityNamedServiceConfig).isAssertSecurityContext());
            return filter;
        }
    }

    protected void setUpSpring(List<String> list) {
        super.setUpSpring(list);
        list.add(getClass().getResource(getClass().getSimpleName() + "-context.xml").toString());
    }

    @After
    public void removeCustomFilterConfig() throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        if (securityManager.listFilters().contains("custom")) {
            securityManager.removeFilter(securityManager.loadFilterConfig("custom", true));
        }
        securityManager.getSecurityConfig().getFilterChain().remove("custom");
        securityManager.saveSecurityConfig(securityManager.getSecurityConfig());
    }

    @Test
    public void testInactive() throws Exception {
        MockHttpServletRequest createRequest = createRequest("/foo");
        createRequest.setMethod("GET");
        Assert.assertNull(dispatch(createRequest).getHeader("foo"));
    }

    void setupFilterEntry(Pos pos, String str, boolean z) throws Exception {
        GeoServerSecurityManager securityManager = getSecurityManager();
        FilterConfig filterConfig = new FilterConfig();
        filterConfig.setName("custom");
        filterConfig.setClassName(Filter.class.getName());
        filterConfig.setAssertAuth(z);
        securityManager.saveFilter(filterConfig);
        SecurityManagerConfig securityConfig = securityManager.getSecurityConfig();
        securityConfig.setConfigPasswordEncrypterName(getPlainTextPasswordEncoder().getName());
        securityConfig.getFilterChain().remove("custom");
        if (pos == Pos.FIRST) {
            securityConfig.getFilterChain().insertFirst("/**", "custom");
        }
        if (pos == Pos.LAST) {
            securityConfig.getFilterChain().insertLast("/**", "custom");
        }
        if (pos == Pos.BEFORE) {
            securityConfig.getFilterChain().insertBefore("/**", "custom", str);
        }
        if (pos == Pos.AFTER) {
            securityConfig.getFilterChain().insertAfter("/**", "custom", str);
        }
        securityManager.saveSecurityConfig(securityConfig);
    }

    @Test
    public void testFirst() throws Exception {
        setupFilterEntry(Pos.FIRST, null, false);
        MockHttpServletRequest createRequest = createRequest("/foo");
        createRequest.setMethod("GET");
        Assert.assertEquals("bar", dispatch(createRequest).getHeader("foo"));
    }

    @Test
    public void testLast() throws Exception {
        try {
            setupFilterEntry(Pos.LAST, null, true);
            Assert.fail("SecurityConfigException missing, anonymous filter must be the last one");
        } catch (SecurityConfigException e) {
        }
    }

    @Test
    public void testBefore() throws Exception {
        setupFilterEntry(Pos.BEFORE, "anonymous", false);
        MockHttpServletRequest createRequest = createRequest("/foo");
        createRequest.setMethod("GET");
        Assert.assertEquals("bar", dispatch(createRequest).getHeader("foo"));
    }

    @Test
    public void testAfter() throws Exception {
        setupFilterEntry(Pos.AFTER, "basic", true);
        MockHttpServletRequest createRequest = createRequest("/foo");
        createRequest.setMethod("GET");
        Assert.assertEquals("bar", dispatch(createRequest).getHeader("foo"));
    }

    protected List<javax.servlet.Filter> getFilters() {
        return Arrays.asList((javax.servlet.Filter) applicationContext.getBean(GeoServerSecurityFilterChainProxy.class));
    }
}
