package org.geoserver.wfs;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import org.custommonkey.xmlunit.XMLAssert;
import org.custommonkey.xmlunit.XMLUnit;
import org.geoserver.catalog.FeatureTypeInfo;
import org.geoserver.data.test.CiteTestData;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.TestResourceAccessManager;
import org.geoserver.security.VectorAccessLimits;
import org.geotools.factory.CommonFactoryFinder;
import org.geotools.util.factory.Hints;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.opengis.filter.FilterFactory;
import org.opengis.filter.PropertyIsEqualTo;
import org.w3c.dom.Document;

/* loaded from: input_file:org/geoserver/wfs/ResourceAccessManagerWFSTest.class */
public class ResourceAccessManagerWFSTest extends WFSTestSupport {
    static final String INSERT_RESTRICTED_STREET = "<wfs:Transaction service=\"WFS\" version=\"1.0.0\"\n  xmlns:wfs=\"http://www.opengis.net/wfs\" xmlns:cite=\"http://www.opengis.net/cite\"\n  xmlns:gml=\"http://www.opengis.net/gml\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\"\n  xsi:schemaLocation=\"http://www.opengis.net/wfs http://schemas.opengis.net/wfs/1.0.0/WFS-transaction.xsd \">\n  <wfs:Insert>\n    <cite:Buildings fid=\"Buildings.123\">\n      <cite:the_geom>\n        <gml:MultiPolygon srsName=\"http://www.opengis.net/gml/srs/epsg.xml#4326\">\n          <gml:polygonMember>\n            <gml:Polygon>\n              <gml:outerBoundaryIs>\n                <gml:LinearRing>\n                  <gml:coordinates cs=\",\" decimal=\".\"\n                    ts=\" \" xmlns:gml=\"http://www.opengis.net/gml\">0.0020,0.0008 0.0020,0.0010\n                    0.0024,0.0010 0.0024,0.0008 0.0020,0.0008</gml:coordinates>\n                </gml:LinearRing>\n              </gml:outerBoundaryIs>\n            </gml:Polygon>\n          </gml:polygonMember>\n        </gml:MultiPolygon>\n      </cite:the_geom>\n      <cite:FID>151</cite:FID>\n      <cite:ADDRESS>123 Restricted Street</cite:ADDRESS>\n    </cite:Buildings>\n  </wfs:Insert>\n</wfs:Transaction>";
    static final String UPDATE_ADDRESS = "<wfs:Transaction service=\"WFS\" version=\"1.1.0\"\n  xmlns:cite=\"http://www.opengis.net/cite\"\n  xmlns:ogc=\"http://www.opengis.net/ogc\"\n  xmlns:wfs=\"http://www.opengis.net/wfs\">\n  <wfs:Update typeName=\"cite:Buildings\">\n    <wfs:Property>\n      <wfs:Name>ADDRESS</wfs:Name>\n      <wfs:Value>123 ABC Street</wfs:Value>\n    </wfs:Property>\n  </wfs:Update>\n</wfs:Transaction>";
    static final String DELETE_ADDRESS = "<wfs:Transaction service=\"WFS\" version=\"1.1.0\"\n  xmlns:cite=\"http://www.opengis.net/cite\"\n  xmlns:ogc=\"http://www.opengis.net/ogc\"\n  xmlns:wfs=\"http://www.opengis.net/wfs\"  xmlns:gml=\"http://www.opengis.net/gml\">\n  <wfs:Delete typeName=\"cite:Buildings\">  <ogc:Filter>\n    <ogc:BBOX>\n        <ogc:PropertyName>the_geom</ogc:PropertyName>\n        <gml:Envelope srsName=\"http://www.opengis.net/gml/srs/epsg.xml#4326\">\n           <gml:lowerCorner>-180 -90</gml:lowerCorner>\n           <gml:upperCorner>180 90</gml:upperCorner>\n        </gml:Envelope>\n      </ogc:BBOX>\n  </ogc:Filter>\n  </wfs:Delete>\n</wfs:Transaction>";

    @Before
    public void revert() throws Exception {
        revertLayer(CiteTestData.BUILDINGS);
    }

    protected void setUpSpring(List<String> list) {
        super.setUpSpring(list);
        list.add("classpath:/org/geoserver/wfs/ResourceAccessManagerContext.xml");
    }

    protected List<Filter> getFilters() {
        return Collections.singletonList((Filter) GeoServerExtensions.bean("filterChainProxy"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.wfs.WFSTestSupport
    public void setUpInternal(SystemTestData systemTestData) throws Exception {
        addUser("cite", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_readfilter", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite,ROLE_DUMMY", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_readatts", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_readattsnf", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_insertfilter", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_writefilter", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_writeatts", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        addUser("cite_mixed", "cite", null, Collections.singletonList("ROLE_DUMMY"));
        FilterFactory filterFactory = CommonFactoryFinder.getFilterFactory((Hints) null);
        TestResourceAccessManager testResourceAccessManager = (TestResourceAccessManager) applicationContext.getBean("testResourceAccessManager");
        FeatureTypeInfo featureTypeByName = getCatalog().getFeatureTypeByName(getLayerId(SystemTestData.BUILDINGS));
        PropertyIsEqualTo equal = filterFactory.equal(filterFactory.property("FID"), filterFactory.literal("113"), false);
        testResourceAccessManager.putLimits("cite_readfilter", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, (List) null, equal, (List) null, (org.opengis.filter.Filter) null));
        List asList = Arrays.asList(filterFactory.property("the_geom"), filterFactory.property("FID"));
        testResourceAccessManager.putLimits("cite_readatts", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, asList, equal, (List) null, (org.opengis.filter.Filter) null));
        testResourceAccessManager.putLimits("cite_readattsnf", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, asList, org.opengis.filter.Filter.INCLUDE, (List) null, org.opengis.filter.Filter.INCLUDE));
        testResourceAccessManager.putLimits("cite_insertfilter", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, (List) null, (org.opengis.filter.Filter) null, (List) null, filterFactory.not(filterFactory.like(filterFactory.property("ADDRESS"), "*Restricted Street*", "*", "?", "\\"))));
        testResourceAccessManager.putLimits("cite_writefilter", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, (List) null, (org.opengis.filter.Filter) null, (List) null, equal));
        testResourceAccessManager.putLimits("cite_writeatts", featureTypeByName, new VectorAccessLimits(CatalogMode.HIDE, (List) null, (org.opengis.filter.Filter) null, Arrays.asList(filterFactory.property("the_geom"), filterFactory.property("FID")), (org.opengis.filter.Filter) null));
        testResourceAccessManager.putLimits("cite_mixed", featureTypeByName, new VectorAccessLimits(CatalogMode.MIXED, (List) null, org.opengis.filter.Filter.EXCLUDE, (List) null, org.opengis.filter.Filter.EXCLUDE));
    }

    @Test
    public void testNoLimits() throws Exception {
        setRequestAuth("cite", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        print(asDOM);
        XMLAssert.assertXpathEvaluatesTo("2", "count(//cite:Buildings)", asDOM);
        XMLAssert.assertXpathEvaluatesTo("2", "count(//cite:ADDRESS)", asDOM);
    }

    @Test
    public void testReadFilter() throws Exception {
        setRequestAuth("cite_readfilter", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        print(asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:Buildings)", asDOM);
        XMLAssert.assertXpathEvaluatesTo("113", "//cite:FID", asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:ADDRESS)", asDOM);
    }

    @Test
    public void testReadFilterReproject() throws Exception {
        setRequestAuth("cite_readfilter", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS) + "&srsName=EPSG:4269");
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:Buildings)", asDOM);
        XMLAssert.assertXpathEvaluatesTo("113", "//cite:FID", asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:ADDRESS)", asDOM);
        XMLAssert.assertXpathEvaluatesTo("http://www.opengis.net/gml/srs/epsg.xml#4269", "//gml:MultiPolygon/@srsName", asDOM);
    }

    @Test
    public void testFilterAttribute() throws Exception {
        setRequestAuth("cite_readatts", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:Buildings)", asDOM);
        XMLAssert.assertXpathEvaluatesTo("113", "//cite:FID", asDOM);
        XMLAssert.assertXpathEvaluatesTo("0", "count(//cite:ADDRESS)", asDOM);
    }

    @Test
    public void testDescribeLimitedAttributes() throws Exception {
        setRequestAuth("admin", "geoserver");
        Document asDOM = getAsDOM("wfs?request=DescribeFeatureType&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='the_geom'])", asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='FID'])", asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='ADDRESS'])", asDOM);
        setRequestAuth("cite_readatts", "cite");
        Document asDOM2 = getAsDOM("wfs?request=DescribeFeatureType&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='the_geom'])", asDOM2);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='FID'])", asDOM2);
        XMLAssert.assertXpathEvaluatesTo("0", "count(//xsd:element[@name='ADDRESS'])", asDOM2);
        setRequestAuth("admin", "geoserver");
        Document asDOM3 = getAsDOM("wfs?request=DescribeFeatureType&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='the_geom'])", asDOM3);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='FID'])", asDOM3);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:element[@name='ADDRESS'])", asDOM3);
    }

    @Test
    public void testCapabilitiesMixed() throws Exception {
        setRequestAuth("admin", "geoserver");
        Document asDOM = getAsDOM("cite/wfs?request=GetCapabilities&version=1.1.0&service=wfs");
        print(asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:FeatureType[wfs:Name='cite:Buildings'])", asDOM);
        setRequestAuth("cite_mixed", "cite");
        Document asDOM2 = getAsDOM("cite/wfs?request=GetCapabilities&version=1.1.0&service=wfs");
        print(asDOM2);
        XMLAssert.assertXpathEvaluatesTo("0", "count(//wfs:FeatureType[wfs:Name='cite:Buildings'])", asDOM2);
    }

    @Test
    public void testDescribeMixed() throws Exception {
        setRequestAuth("admin", "geoserver");
        XMLAssert.assertXpathEvaluatesTo("1", "count(//xsd:complexType[@name='BuildingsType'])", getAsDOM("cite/wfs?request=DescribeFeatureType&version=1.1.0&service=wfs"));
        setRequestAuth("cite_mixed", "cite");
        XMLAssert.assertXpathEvaluatesTo("0", "count(//xsd:complexType[@name='BuildingsType'])", getAsDOM("cite/wfs?request=DescribeFeatureType&version=1.1.0&service=wfs"));
        setRequestAuth("cite_mixed", "cite");
        Assert.assertEquals(403L, getAsServletResponse("cite/wfs?request=DescribeFeatureType&version=1.1.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS)).getStatus());
    }

    @Test
    public void testFilterRequestedAttribute() throws Exception {
        setRequestAuth("cite_readatts", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.1.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS) + "&propertyName=FID,ADDRESS");
        XMLAssert.assertXpathEvaluatesTo("1", "count(//ows:ExceptionReport)", asDOM);
        Assert.assertTrue(Pattern.compile(".*ADDRESS.*not available.*", 40).matcher(XMLUnit.newXpathEngine().evaluate("//ows:ExceptionText", asDOM)).matches());
    }

    @Test
    public void testExtraAttributesNoFilter() throws Exception {
        setRequestAuth("cite_readattsnf", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.1.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS) + "&propertyName=FID,ADDRESS");
        XMLAssert.assertXpathEvaluatesTo("1", "count(//ows:ExceptionReport)", asDOM);
        Assert.assertTrue(Pattern.compile(".*ADDRESS.*not available.*", 40).matcher(XMLUnit.newXpathEngine().evaluate("//ows:ExceptionText", asDOM)).matches());
    }

    @Test
    public void testLimitAttributesNoFilter() throws Exception {
        setRequestAuth("cite_readattsnf", "cite");
        XMLAssert.assertXpathEvaluatesTo("0", "count(//cite:ADDRESS)", getAsDOM("wfs?request=GetFeature&version=1.1.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS)));
    }

    @Test
    public void testInsertNoLimits() throws Exception {
        setRequestAuth("cite", "cite");
        Document postAsDOM = postAsDOM("wfs", INSERT_RESTRICTED_STREET);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:WFS_TransactionResponse)", postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//ogc:FeatureId)", postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("new0", "//ogc:FeatureId/@fid", postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:Status/wfs:SUCCESS)", postAsDOM);
    }

    @Test
    public void testInsertRestricted() throws Exception {
        setRequestAuth("cite_insertfilter", "cite");
        Document postAsDOM = postAsDOM("wfs", INSERT_RESTRICTED_STREET);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:WFS_TransactionResponse)", postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:Status/wfs:FAILED)", postAsDOM);
        Assert.assertTrue(XMLUnit.newXpathEngine().evaluate("//wfs:Message", postAsDOM).matches(".*write restrictions.*"));
    }

    @Test
    public void testInsertAttributeRestricted() throws Exception {
        setRequestAuth("cite_writeatts", "cite");
        Document postAsDOM = postAsDOM("wfs", INSERT_RESTRICTED_STREET);
        print(postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:WFS_TransactionResponse)", postAsDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//wfs:Status/wfs:FAILED)", postAsDOM);
        Assert.assertTrue(XMLUnit.newXpathEngine().evaluate("//wfs:Message", postAsDOM).matches(".*write protected.*ADDRESS.*"));
    }

    @Test
    public void testUpdateNoLimits() throws Exception {
        setRequestAuth("cite", "cite");
        XMLAssert.assertXpathEvaluatesTo("2", "//wfs:totalUpdated", postAsDOM("wfs", UPDATE_ADDRESS));
    }

    @Test
    public void testUpdateLimitWrite() throws Exception {
        setRequestAuth("cite_writefilter", "cite");
        XMLAssert.assertXpathEvaluatesTo("1", "//wfs:totalUpdated", postAsDOM("wfs", UPDATE_ADDRESS));
        setRequestAuth("cite", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("123 ABC Street", "//cite:Buildings[cite:FID = '113']/cite:ADDRESS", asDOM);
        XMLAssert.assertXpathEvaluatesTo("215 Main Street", "//cite:Buildings[cite:FID = '114']/cite:ADDRESS", asDOM);
    }

    @Test
    public void testUpdateAttributeRestricted() throws Exception {
        setRequestAuth("cite_writeatts", "cite");
        Document postAsDOM = postAsDOM("wfs", UPDATE_ADDRESS);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//ows:ExceptionReport)", postAsDOM);
        Assert.assertTrue(XMLUnit.newXpathEngine().evaluate("//ows:ExceptionText", postAsDOM).matches(".*write protected.*ADDRESS.*"));
    }

    @Test
    public void testDeleteLimitWrite() throws Exception {
        setRequestAuth("cite_writefilter", "cite");
        XMLAssert.assertXpathEvaluatesTo("1", "//wfs:totalDeleted", postAsDOM("wfs", DELETE_ADDRESS));
        setRequestAuth("cite", "cite");
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        XMLAssert.assertXpathEvaluatesTo("0", "count(//cite:Buildings[cite:FID = '113'])", asDOM);
        XMLAssert.assertXpathEvaluatesTo("1", "count(//cite:Buildings[cite:FID = '114'])", asDOM);
    }
}
