package org.geoserver.geofence.integration;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.CatalogBuilder;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.LayerInfo;
import org.geoserver.data.test.MockData;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.geofence.GeofenceAccessManager;
import org.geoserver.geofence.core.model.enums.CatalogMode;
import org.geoserver.geofence.core.model.enums.GrantType;
import org.geoserver.geofence.services.RuleAdminService;
import org.geoserver.ows.Dispatcher;
import org.geoserver.ows.Request;
import org.geoserver.security.VectorAccessLimits;
import org.geoserver.test.GeoServerSystemTestSupport;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.locationtech.jts.geom.MultiPolygon;
import org.locationtech.jts.io.WKTReader;
import org.opengis.filter.Filter;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;

/* loaded from: input_file:org/geoserver/geofence/integration/GeofenceAccessManagerIntegrationTest.class */
public class GeofenceAccessManagerIntegrationTest extends GeoServerSystemTestSupport {
    private GeofenceAccessManager accessManager;
    private RuleAdminService ruleService;
    private static final String AREA_WKT = "MULTIPOLYGON(((0.0016139656066815888 -0.0006386457758059581,0.0019599705696027314 -0.0006386457758059581,0.0019599705696027314 -0.0008854090051601674,0.0016139656066815888 -0.0008854090051601674,0.0016139656066815888 -0.0006386457758059581)))";
    private static final String AREA_WKT_2 = "MULTIPOLYGON(((0.0011204391479413545 -0.0006405065746780663,0.0015764146804730927 -0.0006405065746780663,0.0015764146804730927 -0.0014612625330857614,0.0011204391479413545 -0.0014612625330857614,0.0011204391479413545 -0.0006405065746780663)))";

    @Before
    public void setUp() {
        this.accessManager = (GeofenceAccessManager) applicationContext.getBean("geofenceRuleAccessManager", GeofenceAccessManager.class);
        this.ruleService = (RuleAdminService) applicationContext.getBean("ruleAdminService");
        if (this.ruleService.getRuleByPriority(9999L) == null) {
            GeofenceGetMapIntegrationTest.addRule(GrantType.ALLOW, null, null, null, null, null, null, 9999L, this.ruleService);
        }
    }

    protected void setUpTestData(SystemTestData systemTestData) throws Exception {
        super.setUpTestData(systemTestData);
    }

    @Test
    public void testAllowedAreaLayerInTwoGroups() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        LayerGroupInfo layerGroupInfo2 = null;
        try {
            Authentication user = getUser("anonymousUser", "", "ROLE_ANONYMOUS");
            login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
            Catalog catalog = getCatalog();
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.NAMED_PLACES));
            LayerInfo layerByName2 = catalog.getLayerByName(getLayerId(MockData.FORESTS));
            layerGroupInfo = createsLayerGroup(catalog, "group21", LayerGroupInfo.Mode.NAMED, null, Arrays.asList(layerByName, layerByName2));
            layerGroupInfo2 = createsLayerGroup(catalog, "group22", LayerGroupInfo.Mode.NAMED, null, Arrays.asList(layerByName, layerByName2));
            l = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group21", 0L, this.ruleService));
            l2 = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group22", 1L, this.ruleService));
            GeofenceGetMapIntegrationTest.addRuleLimits(l.longValue(), CatalogMode.HIDE, AREA_WKT, 4326, this.ruleService);
            Request request = new Request();
            request.setService("WMS");
            request.setRequest("GetMap");
            Dispatcher.REQUEST.set(request);
            logout();
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(user, layerByName);
            Assert.assertEquals(accessLimits.getReadFilter(), Filter.INCLUDE);
            Assert.assertEquals(accessLimits.getWriteFilter(), Filter.INCLUDE);
            logout();
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
        } catch (Throwable th) {
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
            throw th;
        }
    }

    @Test
    public void testAllowedAreaLayerInTwoGroups2() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        LayerGroupInfo layerGroupInfo2 = null;
        try {
            Authentication user = getUser("anonymousUser", "", "ROLE_ANONYMOUS");
            login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
            Catalog catalog = getCatalog();
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.BRIDGES));
            LayerInfo layerByName2 = catalog.getLayerByName(getLayerId(MockData.BUILDINGS));
            layerGroupInfo = createsLayerGroup(catalog, "group1", LayerGroupInfo.Mode.NAMED, null, Arrays.asList(layerByName, layerByName2));
            layerGroupInfo2 = createsLayerGroup(catalog, "group2", LayerGroupInfo.Mode.NAMED, null, Arrays.asList(layerByName, layerByName2));
            l = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group1", 2L, this.ruleService));
            GeofenceGetMapIntegrationTest.addRuleLimits(l.longValue(), CatalogMode.HIDE, AREA_WKT, 4326, this.ruleService);
            l2 = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group2", 3L, this.ruleService));
            GeofenceGetMapIntegrationTest.addRuleLimits(l2.longValue(), CatalogMode.HIDE, AREA_WKT_2, 4326, this.ruleService);
            Request request = new Request();
            request.setService("WMS");
            request.setRequest("GetMap");
            Dispatcher.REQUEST.set(request);
            logout();
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(user, layerByName);
            MultiPolygon union = new WKTReader().read(AREA_WKT).union(new WKTReader().read(AREA_WKT_2));
            MultiPolygon multiPolygon = (MultiPolygon) accessLimits.getReadFilter().getExpression2().evaluate((Object) null, MultiPolygon.class);
            MultiPolygon multiPolygon2 = (MultiPolygon) accessLimits.getWriteFilter().getExpression2().evaluate((Object) null, MultiPolygon.class);
            union.normalize();
            multiPolygon.normalize();
            multiPolygon2.normalize();
            Assert.assertTrue(union.equalsExact(multiPolygon, 1.0E-14d));
            Assert.assertTrue(union.equalsExact(multiPolygon2, 1.0E-14d));
            logout();
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
        } catch (Throwable th) {
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
            throw th;
        }
    }

    @Test
    public void testAllowedAreaLayerInTwoGroupsModeSingle() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        LayerGroupInfo layerGroupInfo2 = null;
        try {
            Authentication user = getUser("anonymousUser", "", "ROLE_ANONYMOUS");
            login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
            Catalog catalog = getCatalog();
            LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.LAKES));
            LayerInfo layerByName2 = catalog.getLayerByName(getLayerId(MockData.FIFTEEN));
            layerGroupInfo = createsLayerGroup(catalog, "group31", LayerGroupInfo.Mode.SINGLE, null, Arrays.asList(layerByName, layerByName2));
            layerGroupInfo2 = createsLayerGroup(catalog, "group32", LayerGroupInfo.Mode.SINGLE, null, Arrays.asList(layerByName, layerByName2));
            l = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group31", 4L, this.ruleService));
            l2 = Long.valueOf(GeofenceGetMapIntegrationTest.addRule(GrantType.LIMIT, "anonymousUser", "ROLE_ANONYMOUS", "WMS", null, null, "group32", 5L, this.ruleService));
            GeofenceGetMapIntegrationTest.addRuleLimits(l.longValue(), CatalogMode.HIDE, AREA_WKT, 4326, this.ruleService);
            GeofenceGetMapIntegrationTest.addRuleLimits(l2.longValue(), CatalogMode.HIDE, AREA_WKT_2, 4326, this.ruleService);
            Request request = new Request();
            request.setService("WMS");
            request.setRequest("GetMap");
            Dispatcher.REQUEST.set(request);
            logout();
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            VectorAccessLimits accessLimits = this.accessManager.getAccessLimits(user, layerByName);
            Assert.assertEquals(accessLimits.getReadFilter(), Filter.INCLUDE);
            Assert.assertEquals(accessLimits.getWriteFilter(), Filter.INCLUDE);
            logout();
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
        } catch (Throwable th) {
            removeLayerGroup(layerGroupInfo, layerGroupInfo2);
            GeofenceGetMapIntegrationTest.deleteRules(this.ruleService, l, l2);
            throw th;
        }
    }

    protected Authentication getUser(String str, String str2, String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str3 : strArr) {
            arrayList.add(new SimpleGrantedAuthority(str3));
        }
        return new UsernamePasswordAuthenticationToken(str, str2, arrayList);
    }

    protected LayerGroupInfo createsLayerGroup(Catalog catalog, String str, LayerGroupInfo.Mode mode, LayerInfo layerInfo, List<LayerInfo> list) throws Exception {
        LayerGroupInfo createLayerGroup = catalog.getFactory().createLayerGroup();
        createLayerGroup.setName(str);
        createLayerGroup.setMode(mode);
        if (layerInfo != null) {
            createLayerGroup.setRootLayer(layerInfo);
            createLayerGroup.setRootLayerStyle(layerInfo.getDefaultStyle());
        }
        Iterator<LayerInfo> it = list.iterator();
        while (it.hasNext()) {
            createLayerGroup.getLayers().add(it.next());
        }
        createLayerGroup.getStyles().add(null);
        createLayerGroup.getStyles().add(null);
        new CatalogBuilder(catalog).calculateLayerGroupBounds(createLayerGroup);
        catalog.add(createLayerGroup);
        return createLayerGroup;
    }

    private void removeLayerGroup(LayerGroupInfo... layerGroupInfoArr) {
        login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
        for (LayerGroupInfo layerGroupInfo : layerGroupInfoArr) {
            if (layerGroupInfo != null) {
                getCatalog().remove(layerGroupInfo);
            }
        }
        logout();
    }
}
