package org.geoserver.security.impl;

import java.util.Arrays;
import java.util.Properties;
import java.util.Set;
import junit.framework.TestCase;
import org.easymock.EasyMock;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.WorkspaceInfo;
import org.geoserver.security.AccessMode;
import org.springframework.security.authentication.TestingAuthenticationToken;

/* loaded from: input_file:org/geoserver/security/impl/DefaultDataAccessManagerTreeTest.class */
public class DefaultDataAccessManagerTreeTest extends TestCase {
    private Catalog catalog;
    private TestingAuthenticationToken rwUser;
    private TestingAuthenticationToken milUser;
    private TestingAuthenticationToken roUser;
    private TestingAuthenticationToken anonymous;

    protected void setUp() throws Exception {
        this.catalog = (Catalog) EasyMock.createNiceMock(Catalog.class);
        EasyMock.expect(this.catalog.getWorkspace((String) EasyMock.anyObject())).andReturn(EasyMock.createNiceMock(WorkspaceInfo.class)).anyTimes();
        EasyMock.replay(new Object[]{this.catalog});
        this.rwUser = new TestingAuthenticationToken("rw", "supersecret", Arrays.asList(new GeoServerRole("READER"), new GeoServerRole("WRITER")));
        this.roUser = new TestingAuthenticationToken("ro", "supersecret", Arrays.asList(new GeoServerRole("READER")));
        this.anonymous = new TestingAuthenticationToken("anonymous", (Object) null);
        this.milUser = new TestingAuthenticationToken("military", "supersecret", Arrays.asList(new GeoServerRole("MILITARY")));
    }

    private SecureTreeNode buildTree(String str) throws Exception {
        Properties properties = new Properties();
        properties.load(getClass().getResourceAsStream(str));
        return new DefaultDataAccessManager(new MemoryDataAccessRuleDAO(this.catalog, properties)).root;
    }

    public void testWideOpen() throws Exception {
        SecureTreeNode buildTree = buildTree("wideOpen.properties");
        assertEquals(0, buildTree.children.size());
        assertEquals(1, buildTree.getAuthorizedRoles(AccessMode.READ).size());
        assertEquals(1, buildTree.getAuthorizedRoles(AccessMode.WRITE).size());
        assertTrue(buildTree.canAccess(this.anonymous, AccessMode.READ));
        assertTrue(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
    }

    public void testLockedDown() throws Exception {
        SecureTreeNode buildTree = buildTree("lockedDown.properties");
        assertEquals(0, buildTree.children.size());
        Set authorizedRoles = buildTree.getAuthorizedRoles(AccessMode.READ);
        assertEquals(1, authorizedRoles.size());
        assertTrue(authorizedRoles.contains("WRITER"));
        Set authorizedRoles2 = buildTree.getAuthorizedRoles(AccessMode.WRITE);
        assertEquals(1, authorizedRoles2.size());
        assertTrue(authorizedRoles2.contains("WRITER"));
        assertFalse(buildTree.canAccess(this.anonymous, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        assertFalse(buildTree.canAccess(this.roUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        assertTrue(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
    }

    public void testPublicRead() throws Exception {
        SecureTreeNode buildTree = buildTree("publicRead.properties");
        assertEquals(0, buildTree.children.size());
        assertEquals(SecureTreeNode.EVERYBODY, buildTree.getAuthorizedRoles(AccessMode.READ));
        Set authorizedRoles = buildTree.getAuthorizedRoles(AccessMode.WRITE);
        assertEquals(1, authorizedRoles.size());
        assertTrue(authorizedRoles.contains("WRITER"));
        assertTrue(buildTree.canAccess(this.anonymous, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        assertTrue(buildTree.canAccess(this.roUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        assertTrue(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
    }

    public void testComplex() throws Exception {
        SecureTreeNode buildTree = buildTree("complex.properties");
        assertEquals(2, buildTree.children.size());
        SecureTreeNode child = buildTree.getChild("topp");
        assertNotNull(child);
        assertEquals(3, child.children.size());
        SecureTreeNode child2 = child.getChild("states");
        SecureTreeNode child3 = child.getChild("landmarks");
        SecureTreeNode child4 = child.getChild("bases");
        assertNotNull(child2);
        assertNotNull(child3);
        assertNotNull(child4);
        assertFalse(buildTree.canAccess(this.anonymous, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.anonymous, AccessMode.WRITE));
        assertTrue(child.canAccess(this.anonymous, AccessMode.READ));
        assertFalse(child2.canAccess(this.anonymous, AccessMode.READ));
        assertTrue(child3.canAccess(this.anonymous, AccessMode.READ));
        assertFalse(child3.canAccess(this.anonymous, AccessMode.WRITE));
        assertFalse(child4.canAccess(this.anonymous, AccessMode.READ));
        assertTrue(buildTree.canAccess(this.roUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.roUser, AccessMode.WRITE));
        assertTrue(child.canAccess(this.roUser, AccessMode.READ));
        assertTrue(child2.canAccess(this.roUser, AccessMode.READ));
        assertTrue(child3.canAccess(this.roUser, AccessMode.READ));
        assertFalse(child3.canAccess(this.roUser, AccessMode.WRITE));
        assertFalse(child4.canAccess(this.roUser, AccessMode.READ));
        assertTrue(buildTree.canAccess(this.rwUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.rwUser, AccessMode.WRITE));
        assertTrue(child.canAccess(this.rwUser, AccessMode.READ));
        assertTrue(child2.canAccess(this.rwUser, AccessMode.WRITE));
        assertTrue(child3.canAccess(this.rwUser, AccessMode.READ));
        assertTrue(child3.canAccess(this.rwUser, AccessMode.WRITE));
        assertFalse(child4.canAccess(this.rwUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.milUser, AccessMode.READ));
        assertFalse(buildTree.canAccess(this.milUser, AccessMode.WRITE));
        assertTrue(child.canAccess(this.milUser, AccessMode.READ));
        assertFalse(child2.canAccess(this.milUser, AccessMode.WRITE));
        assertTrue(child3.canAccess(this.milUser, AccessMode.READ));
        assertFalse(child3.canAccess(this.milUser, AccessMode.WRITE));
        assertTrue(child4.canAccess(this.milUser, AccessMode.READ));
        assertTrue(child4.canAccess(this.milUser, AccessMode.WRITE));
    }
}
