package org.geoserver.geofence;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.impl.DataStoreInfoImpl;
import org.geoserver.catalog.impl.FeatureTypeInfoImpl;
import org.geoserver.catalog.impl.LayerGroupInfoImpl;
import org.geoserver.catalog.impl.LayerInfoImpl;
import org.geoserver.catalog.impl.WorkspaceInfoImpl;
import org.geoserver.data.test.MockData;
import org.geoserver.ows.Dispatcher;
import org.geoserver.ows.Request;
import org.geoserver.security.VectorAccessLimits;
import org.geoserver.security.WorkspaceAccessLimits;
import org.geoserver.wms.GetMapRequest;
import org.geoserver.wms.MapLayerInfo;
import org.geotools.factory.CommonFactoryFinder;
import org.geotools.factory.Hints;
import org.junit.Assert;
import org.junit.Test;
import org.locationtech.jts.io.WKTReader;
import org.opengis.filter.Filter;
import org.opengis.filter.FilterFactory2;
import org.opengis.filter.spatial.Intersects;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:org/geoserver/geofence/AccessManagerTest.class */
public class AccessManagerTest extends GeofenceBaseTest {
    @Test
    public void testAdmin() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("admin", "geoserver", Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR")));
            WorkspaceAccessLimits accessLimits = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getWorkspaceByName(MockData.CITE_PREFIX));
            Assert.assertTrue(accessLimits.isReadable());
            Assert.assertTrue(accessLimits.isWritable());
            VectorAccessLimits accessLimits2 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getWriteFilter());
            Assert.assertNull(accessLimits2.getReadAttributes());
            Assert.assertNull(accessLimits2.getWriteAttributes());
        }
    }

    @Test
    public void testCiteCannotWriteOnWorkspace() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            this.configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false);
            WorkspaceAccessLimits accessLimits = this.accessManager.getAccessLimits(new UsernamePasswordAuthenticationToken("cite", "cite", Arrays.asList(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"))), catalog.getWorkspaceByName(MockData.CITE_PREFIX));
            Assert.assertTrue(accessLimits.isReadable());
            Assert.assertFalse(accessLimits.isWritable());
        }
    }

    @Test
    public void testCiteCanWriteOnWorkspace() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            this.configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(true);
            WorkspaceAccessLimits accessLimits = this.accessManager.getAccessLimits(new UsernamePasswordAuthenticationToken("cite", "cite", Arrays.asList(new SimpleGrantedAuthority("ROLE_AUTHENTICATED"))), catalog.getWorkspaceByName(MockData.CITE_PREFIX));
            Assert.assertTrue(accessLimits.isReadable());
            Assert.assertTrue(accessLimits.isWritable());
            this.configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false);
        }
    }

    @Test
    public void testAnonymousUser() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits((Authentication) null, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
            Assert.assertEquals(Filter.EXCLUDE, accessLimits.getReadFilter());
            Assert.assertEquals(Filter.EXCLUDE, accessLimits.getWriteFilter());
            Assert.assertNull(accessLimits.getReadAttributes());
            Assert.assertNull(accessLimits.getWriteAttributes());
        }
    }

    public void IGNOREtestCiteWorkspaceAccess() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("cite", "cite");
            WorkspaceAccessLimits accessLimits = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getWorkspaceByName(MockData.CITE_PREFIX));
            Assert.assertTrue(accessLimits.isReadable());
            Assert.assertTrue(accessLimits.isWritable());
            WorkspaceAccessLimits accessLimits2 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getWorkspaceByName(MockData.CDF_PREFIX));
            Assert.assertFalse(accessLimits2.isReadable());
            Assert.assertFalse(accessLimits2.isWritable());
            WorkspaceAccessLimits accessLimits3 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getWorkspaceByName(MockData.SF_PREFIX));
            Assert.assertTrue(accessLimits3.isReadable());
            Assert.assertTrue(accessLimits3.isWritable());
        }
    }

    @Test
    public void testCiteLayerAccess() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("cite", "cite");
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
            Assert.assertEquals(Filter.INCLUDE, accessLimits.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits.getWriteFilter());
            Assert.assertNull(accessLimits.getReadAttributes());
            Assert.assertNull(accessLimits.getWriteAttributes());
            Request request = new Request();
            request.setService("WFS");
            request.setRequest("GetFeature");
            Dispatcher.REQUEST.set(request);
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
            VectorAccessLimits accessLimits2 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, layerByName);
            Assert.assertEquals(Filter.EXCLUDE, accessLimits2.getReadFilter());
            Assert.assertEquals(Filter.EXCLUDE, accessLimits2.getWriteFilter());
            Request request2 = new Request();
            request2.setService("WmS");
            request2.setRequest("gETmAP");
            Dispatcher.REQUEST.set(request2);
            VectorAccessLimits accessLimits3 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, layerByName);
            Assert.assertEquals(Filter.INCLUDE, accessLimits3.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits3.getWriteFilter());
        }
    }

    @Test
    public void testWmsLimited() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("wmsuser", "wmsuser");
            Request request = new Request();
            request.setService("WFS");
            request.setRequest("GetFeature");
            Dispatcher.REQUEST.set(request);
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, layerByName);
            Assert.assertEquals(Filter.EXCLUDE, accessLimits.getReadFilter());
            Assert.assertEquals(Filter.EXCLUDE, accessLimits.getWriteFilter());
            Request request2 = new Request();
            request2.setService("wms");
            Dispatcher.REQUEST.set(request2);
            VectorAccessLimits accessLimits2 = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, layerByName);
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getWriteFilter());
        }
    }

    @Test
    public void testAreaLimited() throws Exception {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(new UsernamePasswordAuthenticationToken("area", "area"), catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)));
            FilterFactory2 filterFactory2 = CommonFactoryFinder.getFilterFactory2((Hints) null);
            Intersects intersects = filterFactory2.intersects(filterFactory2.property(""), filterFactory2.literal(new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))")));
            Assert.assertEquals(intersects, accessLimits.getReadFilter());
            Assert.assertEquals(intersects, accessLimits.getWriteFilter());
        }
    }

    @Test
    public void testArea900913() throws Exception {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("area", "area");
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
            WorkspaceInfoImpl workspaceInfoImpl = new WorkspaceInfoImpl();
            workspaceInfoImpl.setName(layerByName.getResource().getStore().getWorkspace().getName());
            DataStoreInfoImpl dataStoreInfoImpl = new DataStoreInfoImpl(catalog);
            dataStoreInfoImpl.setWorkspace(workspaceInfoImpl);
            FeatureTypeInfoImpl featureTypeInfoImpl = new FeatureTypeInfoImpl(catalog);
            featureTypeInfoImpl.setNamespace(layerByName.getResource().getNamespace());
            featureTypeInfoImpl.setSRS("EPSG:900913");
            featureTypeInfoImpl.setName(layerByName.getResource().getName());
            featureTypeInfoImpl.setStore(dataStoreInfoImpl);
            LayerInfoImpl layerInfoImpl = new LayerInfoImpl();
            layerInfoImpl.setResource(featureTypeInfoImpl);
            layerInfoImpl.setName(layerByName.getName());
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(usernamePasswordAuthenticationToken, featureTypeInfoImpl);
            FilterFactory2 filterFactory2 = CommonFactoryFinder.getFilterFactory2((Hints) null);
            Intersects intersects = filterFactory2.intersects(filterFactory2.property(""), filterFactory2.literal(new WKTReader().read(" MULTIPOLYGON (((5343335.558077131 8859142.800565697, 5343335.558077131 9100250.907059547, 5454655.048870404 9100250.907059547, 5454655.048870404 8859142.800565697, 5343335.558077131 8859142.800565697)))")));
            Assert.assertEquals(intersects, accessLimits.getReadFilter());
            Assert.assertEquals(intersects, accessLimits.getWriteFilter());
        }
    }

    @Test
    public void testWmsGetMapRequestWithLayerGroupAndNormalLayerAndStyles() {
        if (IS_GEOFENCE_AVAILABLE.booleanValue()) {
            RequestContextHolder.setRequestAttributes(new ServletRequestAttributes(new MockHttpServletRequest()));
            ArrayList arrayList = new ArrayList();
            arrayList.add(catalog.getLayerByName("Buildings"));
            arrayList.add(catalog.getLayerByName("DividedRoutes"));
            ArrayList arrayList2 = new ArrayList();
            arrayList2.add(catalog.getLayerByName("Buildings").getDefaultStyle());
            arrayList2.add(catalog.getLayerByName("DividedRoutes").getDefaultStyle());
            LayerGroupInfoImpl layerGroupInfoImpl = new LayerGroupInfoImpl();
            layerGroupInfoImpl.setName("layer_group");
            layerGroupInfoImpl.setLayers(arrayList);
            layerGroupInfoImpl.setStyles(arrayList2);
            catalog.add(layerGroupInfoImpl);
            HashMap hashMap = new HashMap();
            hashMap.put("LAYERS", "layer_group,Bridges");
            hashMap.put("layers", "layer_group,Bridges");
            hashMap.put("STYLES", ",lines");
            Request request = new Request();
            request.setKvp(hashMap);
            request.setRawKvp(hashMap);
            UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("admin", "geoserver", Arrays.asList(new SimpleGrantedAuthority("ROLE_ADMINISTRATOR")));
            SecurityContextHolder.getContext().setAuthentication(usernamePasswordAuthenticationToken);
            ArrayList arrayList3 = new ArrayList();
            arrayList3.add(new MapLayerInfo(catalog.getLayerByName("Buildings")));
            arrayList3.add(new MapLayerInfo(catalog.getLayerByName("DividedRoutes")));
            arrayList3.add(new MapLayerInfo(catalog.getLayerByName("Bridges")));
            GetMapRequest getMapRequest = new GetMapRequest();
            getMapRequest.setLayers(arrayList3);
            this.accessManager.overrideGetMapRequest(request, "WMS", "GetMap", usernamePasswordAuthenticationToken, getMapRequest);
        }
    }
}
