package org.geoserver.wms.wms_1_1_1;

import com.github.tomakehurst.wiremock.WireMockServer;
import com.github.tomakehurst.wiremock.client.WireMock;
import com.github.tomakehurst.wiremock.core.WireMockConfiguration;
import java.awt.Color;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Map;
import org.apache.commons.io.IOUtils;
import org.geoserver.config.GeoServer;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.ows.util.ResponseUtils;
import org.geoserver.security.urlchecks.GeoServerURLChecker;
import org.geoserver.security.urlchecks.RegexURLCheck;
import org.geoserver.security.urlchecks.StyleURLChecker;
import org.geoserver.security.urlchecks.URLCheckDAO;
import org.geoserver.wms.WMSTestSupport;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/geoserver/wms/wms_1_1_1/GetMapURLCheckersTest.class */
public class GetMapURLCheckersTest extends WMSTestSupport {
    private static final boolean debugMode = false;
    private static WireMockServer service;
    private static String bridgesStyleURL;
    private static String burgStyle;

    @BeforeClass
    public static void beforeClass() throws Exception {
        service = new WireMockServer(WireMockConfiguration.wireMockConfig().dynamicPort());
        service.start();
        String resourceAsString = getResourceAsString("bridges.sld");
        bridgesStyleURL = "http://localhost:" + service.port() + "/styles/bridges.sld";
        service.stubFor(WireMock.get(WireMock.urlEqualTo("/styles/bridges.sld")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", new String[]{"text/xml"}).withBody(resourceAsString)));
        burgStyle = getResourceAsString("burg_remote.sld").replace("${styleBase}", "http://localhost:" + service.port() + "/styles");
        service.stubFor(WireMock.get(WireMock.urlEqualTo("/styles/burg02.svg")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", new String[]{"text/xml"}).withBody(getResourceAsString("burg02.svg"))));
        service.stubFor(WireMock.get(WireMock.urlEqualTo("/wfs?REQUEST=GetCapabilities&SERVICE=WFS")).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", new String[]{"text/xml"}).withBody(getWFSResource("capabilities.xml"))));
        String wFSResource = getWFSResource("describePoi.xml");
        Map of = Map.of("wfs", "http://www.opengis.net/wfs");
        service.stubFor(WireMock.post("/wfs").withRequestBody(WireMock.matchingXPath("/wfs:DescribeFeatureType[wfs:TypeName='tiger:poi']", of)).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", new String[]{"text/xml"}).withBody(wFSResource)));
        service.stubFor(WireMock.post("/wfs").withRequestBody(WireMock.matchingXPath("/wfs:GetFeature[wfs:Query[@typeName='tiger:poi']]", of)).willReturn(WireMock.aResponse().withStatus(200).withHeader("Content-Type", new String[]{"text/xml"}).withBody(getWFSResource("getFeature.xml"))));
    }

    private static String getWFSResource(String str) throws IOException {
        return getResourceAsString("poiwfs/" + str).replace("${wfsBase}", "http://localhost:" + service.port() + "/wfs");
    }

    private static String getResourceAsString(String str) throws IOException {
        return getResourceAsString(GetMapURLCheckersTest.class, str);
    }

    private static String getResourceAsString(Class cls, String str) throws IOException {
        InputStream resourceAsStream = cls.getResourceAsStream(str);
        try {
            String iOUtils = IOUtils.toString(resourceAsStream, StandardCharsets.UTF_8);
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            return iOUtils;
        } catch (Throwable th) {
            if (resourceAsStream != null) {
                try {
                    resourceAsStream.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @AfterClass
    public static void afterClass() throws Exception {
        service.shutdown();
    }

    @Before
    public void setup() throws Exception {
        Assert.assertNotNull(applicationContext.getBean(GeoServerURLChecker.class));
        Assert.assertNotNull(applicationContext.getBean(StyleURLChecker.class));
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).saveChecks(Collections.emptyList());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.wms.WMSTestSupport
    public void onSetUp(SystemTestData systemTestData) throws Exception {
        systemTestData.addStyle("burg", "burg.sld", GeoServer.class, getCatalog());
        InputStream resourceAsStream = GeoServer.class.getResourceAsStream("burg02.svg");
        try {
            systemTestData.copyTo(resourceAsStream, "styles/burg02.svg");
            if (resourceAsStream != null) {
                resourceAsStream.close();
            }
            resourceAsStream = getClass().getResourceAsStream("burg03.svg");
            try {
                systemTestData.copyTo(resourceAsStream, "burg03.svg");
                if (resourceAsStream != null) {
                    resourceAsStream.close();
                }
                String replace = systemTestData.getDataDirectoryRoot().getAbsolutePath().replace('\\', '/');
                String str = "file://" + (replace.startsWith("/") ? "" : "/") + replace + "/";
                systemTestData.addStyle("burg_query", "burg_query.sld", getClass(), getCatalog());
                String iOUtils = IOUtils.toString(getClass().getResource("burg_query.sld"), StandardCharsets.UTF_8);
                int indexOf = iOUtils.indexOf("burg03");
                systemTestData.copyTo(new ByteArrayInputStream((iOUtils.substring(debugMode, indexOf) + str + iOUtils.substring(indexOf)).getBytes(StandardCharsets.UTF_8)), "styles/burg_query.sld");
                systemTestData.addStyle("burg_fragment", "burg_fragment.sld", getClass(), getCatalog());
                String iOUtils2 = IOUtils.toString(getClass().getResource("burg_fragment.sld"), StandardCharsets.UTF_8);
                int indexOf2 = iOUtils2.indexOf("burg03");
                systemTestData.copyTo(new ByteArrayInputStream((iOUtils2.substring(debugMode, indexOf2) + str + iOUtils2.substring(indexOf2)).getBytes(StandardCharsets.UTF_8)), "styles/burg_fragment.sld");
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testRemoteStyleAllowed() throws Exception {
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).save(new RegexURLCheck("pointStyle", "Just the point style", "^" + bridgesStyleURL + "$"));
        MockHttpServletResponse asServletResponse = getAsServletResponse("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png" + "&sld=" + bridgesStyleURL);
        Assert.assertEquals(200L, asServletResponse.getStatus());
        Assert.assertEquals("image/png", asServletResponse.getContentType());
    }

    @Test
    public void testRemoteStyleDenied() throws Exception {
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).save(new RegexURLCheck("deny", "Won't match anything useful", "^abcd$"));
        MatcherAssert.assertThat(checkLegacyException(getAsDOM("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png" + "&sld=" + bridgesStyleURL), "InvalidParameterValue", "sld"), CoreMatchers.containsString(bridgesStyleURL));
    }

    @Test
    public void testRemoteWFSAllowed() throws Exception {
        URLCheckDAO uRLCheckDAO = (URLCheckDAO) applicationContext.getBean(URLCheckDAO.class);
        String str = "http://localhost:" + service.port() + "/wfs";
        uRLCheckDAO.save(new RegexURLCheck("localWFS", "The local wiremock WFS", "^" + str + ".*$"));
        assertNotBlank("testRemoteWFSAllowed", getAsImage(getMapRemoteWFS(str), "image/png"), Color.WHITE);
    }

    @Test
    public void testRemoveWFSDisallowed() throws Exception {
        URLCheckDAO uRLCheckDAO = (URLCheckDAO) applicationContext.getBean(URLCheckDAO.class);
        String str = "http://localhost:" + service.port() + "/wfs";
        uRLCheckDAO.save(new RegexURLCheck("deny", "Won't match anything useful", "^abcd$"));
        MatcherAssert.assertThat(checkLegacyException(getAsDOM(getMapRemoteWFS(str)), "InvalidParameterValue", "REMOTE_OWS_URL"), CoreMatchers.containsString(str));
    }

    private static String getMapRemoteWFS(String str) {
        return "wms?service=WMS&version=1.1.1&request=GetMap&bbox=-74.044847,40.694924,-73.963094,40.726836&width=256&height=256&srs=EPSG:4326&format=image/png&layers=tiger:poi&styles=point&REMOTE_OWS_URL=" + str + "&REMOTE_OWS_TYPE=WFS";
    }

    @Test
    public void testRemoteIconAllowed() throws Exception {
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).save(new RegexURLCheck("icons", "Any SVG icon", "^http://localhost:" + service.port() + "/styles/.*\\.svg$"));
        assertPixel(getAsImage("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png" + "&sld_body=" + ResponseUtils.urlEncode(burgStyle, new char[debugMode]), "image/png"), 130, 121, Color.RED);
    }

    @Test
    public void testRemoteIconNotAllowed() throws Exception {
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).save(new RegexURLCheck("noIcons", "We like it gray", "^abcd$"));
        assertPixel(getAsImage("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png" + "&sld_body=" + ResponseUtils.urlEncode(burgStyle, new char[debugMode]), "image/png"), 130, 121, Color.GRAY);
    }

    @Test
    public void testLocalReference() throws Exception {
        ((URLCheckDAO) applicationContext.getBean(URLCheckDAO.class)).save(new RegexURLCheck("noIcons", "We like it gray", "^abcd$"));
        assertPixel(getAsImage("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png&layers=cite:Bridges&styles=burg", "image/png"), 130, 121, Color.RED);
    }

    @Test
    public void testLocalReferenceWithBadQuery() throws Exception {
        assertPixel(getAsImage("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png&layers=cite:Bridges&styles=burg_query", "image/png"), 130, 121, Color.GRAY);
    }

    @Test
    public void testLocalReferenceWithBadFragment() throws Exception {
        assertPixel(getAsImage("wms?service=WMS&version=1.1.1&request=GetMap&bbox=-180,-90,180,90&width=256&height=256&srs=EPSG:4326&format=image/png&layers=cite:Bridges&styles=burg_fragment", "image/png"), 130, 121, Color.GRAY);
    }
}
