package org.geoserver.geofence.integration;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import javax.imageio.ImageIO;
import org.geoserver.catalog.LayerGroupInfo;
import org.geoserver.catalog.PublishedInfo;
import org.geoserver.catalog.StyleInfo;
import org.geoserver.data.test.MockData;
import org.geoserver.geofence.config.GeoFenceConfiguration;
import org.geoserver.geofence.config.GeoFenceConfigurationManager;
import org.geoserver.geofence.core.model.enums.CatalogMode;
import org.geoserver.geofence.core.model.enums.GrantType;
import org.geoserver.geofence.core.model.enums.LayerType;
import org.geoserver.geofence.core.model.enums.SpatialFilterType;
import org.geotools.image.test.ImageAssert;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/geoserver/geofence/integration/GeofenceGetMapIntegrationTest.class */
public class GeofenceGetMapIntegrationTest extends GeofenceWMSTestSupport {
    private GeoFenceConfigurationManager configurationManager;

    @Test
    public void testLimitRuleWithAllowedAreaLayerGroup() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.LIMIT, null, "ROLE_ANONYMOUS", "WMS", null, null, "lakes_and_places", 0L, this.ruleService));
            addRuleLimits(l2.longValue(), CatalogMode.HIDE, "MULTIPOLYGON (((0.0006 -0.0018, 0.001 -0.0006, 0.0024 -0.0001, 0.0031 -0.0015, 0.0006 -0.0018), (0.0017 -0.0011, 0.0025 -0.0011, 0.0025 -0.0006, 0.0017 -0.0006, 0.0017 -0.0011)))", 4326, this.ruleService);
            layerGroupInfo = addLakesPlacesLayerGroup(LayerGroupInfo.Mode.SINGLE, "lakes_and_places");
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            ImageAssert.assertEquals(getAsImage("wms?request=getmap&service=wms&layers=" + layerGroupInfo.getName() + "&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002", "image/png"), ImageIO.read(getClass().getResource("layer-group-allowed-area.png")), 500);
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
            throw th;
        }
    }

    @Test
    public void testRoleOnlyMatch() throws Exception {
        this.configurationManager = (GeoFenceConfigurationManager) applicationContext.getBean("geofenceConfigurationManager", GeoFenceConfigurationManager.class);
        GeoFenceConfiguration configuration = this.configurationManager.getConfiguration();
        configuration.setUseRolesToFilter(true);
        configuration.getRoles().add("ROLE_USER");
        LayerGroupInfo addLakesPlacesLayerGroup = addLakesPlacesLayerGroup(LayerGroupInfo.Mode.NAMED, "lakes_and_places");
        Long l = null;
        Long l2 = null;
        try {
            l = Long.valueOf(addRule(GrantType.DENY, "john", null, "WMS", null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.ALLOW, "jane", null, "WMS", null, null, null, 0L, this.ruleService));
            login("john", "", new String[]{"ROLE_USER"});
            Assert.assertTrue(getAsServletResponse("wms?request=getmap&service=wms&layers=Lakes&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentAsString().contains("Could not find layer Lakes"));
            deleteRules(this.ruleService, l, l2);
            configuration.setUseRolesToFilter(false);
            configuration.getRoles().remove("ROLE_USER");
            removeLayerGroup(addLakesPlacesLayerGroup);
            logout();
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            configuration.setUseRolesToFilter(false);
            configuration.getRoles().remove("ROLE_USER");
            removeLayerGroup(addLakesPlacesLayerGroup);
            logout();
            throw th;
        }
    }

    @Test
    public void testAccessWithoutRole() throws Exception {
        this.configurationManager = (GeoFenceConfigurationManager) applicationContext.getBean("geofenceConfigurationManager", GeoFenceConfigurationManager.class);
        GeoFenceConfiguration configuration = this.configurationManager.getConfiguration();
        configuration.setUseRolesToFilter(true);
        LayerGroupInfo addLakesPlacesLayerGroup = addLakesPlacesLayerGroup(LayerGroupInfo.Mode.NAMED, "lakes_and_places");
        Long l = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, "john", null, "WMS", null, null, null, 1L, this.ruleService));
            login("john", "", new String[]{"ROLE_WMS"});
            Assert.assertTrue(getAsServletResponse("wms?request=getmap&service=wms&layers=Lakes&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentAsString().contains("Could not find layer Lakes"));
            deleteRules(this.ruleService, l);
            configuration.setUseRolesToFilter(false);
            removeLayerGroup(addLakesPlacesLayerGroup);
            logout();
        } catch (Throwable th) {
            deleteRules(this.ruleService, l);
            configuration.setUseRolesToFilter(false);
            removeLayerGroup(addLakesPlacesLayerGroup);
            logout();
            throw th;
        }
    }

    @Test
    public void testDenyRuleOnLayerGroup() throws Exception {
        Long l = null;
        Long l2 = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.DENY, null, "ROLE_ANONYMOUS", "WMS", null, null, "containerGroup", 0L, this.ruleService));
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            Assert.assertTrue(getAsServletResponse("wms?request=getmap&service=wms&layers=containerGroup&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentAsString().contains("Could not find layer containerGroup"));
            deleteRules(this.ruleService, l, l2);
            logout();
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            logout();
            throw th;
        }
    }

    @Test
    public void testLayerDirectAccessInOpaqueLayerGroup() throws Exception {
        Long l = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 0L, this.ruleService));
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            setupOpaqueGroup(getCatalog());
            for (PublishedInfo publishedInfo : getCatalog().getLayerGroupByName("opaqueGroup").layers()) {
                Assert.assertTrue(getAsServletResponse("wms?request=getmap&service=wms&layers=" + publishedInfo.prefixedName() + "&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentAsString().contains("Could not find layer " + publishedInfo.prefixedName()));
            }
            deleteRules(this.ruleService, l);
            logout();
        } catch (Throwable th) {
            deleteRules(this.ruleService, l);
            logout();
            throw th;
        }
    }

    @Test
    public void testDirectAccessLayerWithNamedTreeContainer() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.LIMIT, null, "ROLE_ANONYMOUS", "WMS", null, null, "lakes_and_places", 0L, this.ruleService));
            addRuleLimits(l2.longValue(), CatalogMode.HIDE, "MULTIPOLYGON (((0.0006 -0.0018, 0.001 -0.0006, 0.0024 -0.0001, 0.0031 -0.0015, 0.0006 -0.0018), (0.0017 -0.0011, 0.0025 -0.0011, 0.0025 -0.0006, 0.0017 -0.0006, 0.0017 -0.0011)))", 4326, this.ruleService);
            layerGroupInfo = addLakesPlacesLayerGroup(LayerGroupInfo.Mode.NAMED, "lakes_and_places");
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            ImageAssert.assertEquals(getAsImage("wms?request=getmap&service=wms&layers=cite:NamedPlaces&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002", "image/png"), ImageIO.read(getClass().getResource("places-allowed-area.png")), 500);
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
            throw th;
        }
    }

    @Test
    public void testClipAndIntersectSpatialFilters() throws Exception {
        Long l = null;
        Long l2 = null;
        Long l3 = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 999L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.LIMIT, null, "ROLE_ANONYMOUS", "WMS", null, "cite", "BasicPolygons", 20L, this.ruleService));
            addRuleLimits(l2.longValue(), CatalogMode.HIDE, "MultiPolygon (((-2.01345454545454672 5.93445454545454698, -2.00454545454545574 4.30409090909090963, -0.2049090909090916 4.31300000000000061, 1.00672727272727203 5.57809090909091054, 0.97999999999999998 5.98790909090909285, -2.01345454545454672 5.93445454545454698)))", 4326, SpatialFilterType.CLIP, this.ruleService);
            l3 = Long.valueOf(addRule(GrantType.LIMIT, null, "ROLE_ANONYMOUS2", "WMS", null, "cite", "BasicPolygons", 21L, this.ruleService));
            addRuleLimits(l3.longValue(), CatalogMode.HIDE, "MultiPolygon (((-2.41436363636363804 1.47100000000000009, 1.77290909090909077 1.23936363636363645, 1.47890909090909028 -0.40881818181818197, -2.83309090909091044 -0.18609090909090931, -2.41436363636363804 1.47100000000000009)))", 4326, SpatialFilterType.INTERSECT, this.ruleService);
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS", "ROLE_ANONYMOUS2"});
            ImageAssert.assertEquals(getAsImage("wms?request=getmap&service=wms&layers=cite:BasicPolygons&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-2.0,-1.0,2.0,6.0", "image/png"), ImageIO.read(getClass().getResource("clip_and_intersects.png")), 500);
            deleteRules(this.ruleService, l, l2, l3);
            logout();
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2, l3);
            logout();
            throw th;
        }
    }

    @Test
    public void testDirectAccessLayerWithNonGlobalNamedTreeContainer() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.LIMIT, null, "ROLE_ANONYMOUS", "WMS", null, null, "lakes_and_places", 0L, this.ruleService));
            addRuleLimits(l2.longValue(), CatalogMode.HIDE, "MULTIPOLYGON (((0.0006 -0.0018, 0.001 -0.0006, 0.0024 -0.0001, 0.0031 -0.0015, 0.0006 -0.0018), (0.0017 -0.0011, 0.0025 -0.0011, 0.0025 -0.0006, 0.0017 -0.0006, 0.0017 -0.0011)))", 4326, this.ruleService);
            layerGroupInfo = createLakesPlacesLayerGroup(getCatalog(), "lakes_and_places", getCatalog().getWorkspaceByName(MockData.CITE_PREFIX), LayerGroupInfo.Mode.NAMED, null);
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            ImageAssert.assertEquals(getAsImage("wms?request=getmap&service=wms&layers=cite:NamedPlaces&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002", "image/png"), ImageIO.read(getClass().getResource("places-allowed-area.png")), 500);
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
            throw th;
        }
    }

    @Test
    public void testGeofenceAccessManagerNotFailsGetMapNestedGroup() throws Exception {
        Long l = null;
        LayerGroupInfo layerGroupInfo = null;
        LayerGroupInfo layerGroupInfo2 = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            addLakesPlacesLayerGroup(LayerGroupInfo.Mode.SINGLE, "nested");
            addLakesPlacesLayerGroup(LayerGroupInfo.Mode.OPAQUE_CONTAINER, "container");
            login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
            layerGroupInfo = getCatalog().getLayerGroupByName("container");
            layerGroupInfo2 = getCatalog().getLayerGroupByName("nested");
            layerGroupInfo.getLayers().add(layerGroupInfo2);
            layerGroupInfo.getStyles().add(null);
            getCatalog().save(layerGroupInfo);
            logout();
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            Assert.assertEquals(getAsServletResponse("wms?request=getmap&service=wms&layers=" + layerGroupInfo.getName() + "&styles=&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentType(), "image/png");
            deleteRules(this.ruleService, l);
            logout();
            removeLayerGroup(layerGroupInfo);
            removeLayerGroup(layerGroupInfo2);
        } catch (Throwable th) {
            deleteRules(this.ruleService, l);
            logout();
            removeLayerGroup(layerGroupInfo);
            removeLayerGroup(layerGroupInfo2);
            throw th;
        }
    }

    @Test
    public void testLayerGroupAndStyleRules() throws Exception {
        Long l = null;
        Long l2 = null;
        LayerGroupInfo layerGroupInfo = null;
        try {
            l = Long.valueOf(addRule(GrantType.ALLOW, null, null, null, null, null, null, 1L, this.ruleService));
            l2 = Long.valueOf(addRule(GrantType.ALLOW, null, "ROLE_ANONYMOUS", "WMS", null, "cite", "Forests", 0L, this.ruleService));
            addLayerDetails(this.ruleService, l2, new HashSet(Arrays.asList("Lakes", "NamedPlaces")), Collections.emptySet(), CatalogMode.HIDE, null, null, LayerType.VECTOR);
            addLakesPlacesLayerGroup(LayerGroupInfo.Mode.SINGLE, "lakes_and_places_style");
            login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
            layerGroupInfo = getCatalog().getLayerGroupByName("lakes_and_places_style");
            StyleInfo styleByName = getCatalog().getStyleByName("polygon");
            PublishedInfo layerByName = getCatalog().getLayerByName(getLayerId(MockData.FORESTS));
            layerByName.getStyles().add(styleByName);
            getCatalog().save(layerByName);
            ArrayList arrayList = new ArrayList();
            arrayList.add(styleByName);
            addLayerGroupStyle(layerGroupInfo, "forests_style", Arrays.asList(layerByName), arrayList);
            logout();
            login("anonymousUser", "", new String[]{"ROLE_ANONYMOUS"});
            Assert.assertEquals(getAsServletResponse("wms?request=getmap&service=wms&layers=" + layerGroupInfo.getName() + "&styles=&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002").getContentType(), "image/png");
            MockHttpServletResponse asServletResponse = getAsServletResponse("wms?request=getmap&service=wms&layers=" + layerGroupInfo.getName() + "&styles=forests_style&width=100&height=100&format=image/png&srs=epsg:4326&bbox=-0.002,-0.003,0.005,0.002");
            Assert.assertEquals(asServletResponse.getContentType(), "text/xml");
            Assert.assertTrue(asServletResponse.getContentAsString().contains("style is not available on this layer"));
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
        } catch (Throwable th) {
            deleteRules(this.ruleService, l, l2);
            logout();
            removeLayerGroup(layerGroupInfo);
            throw th;
        }
    }
}
