package org.geoserver.geofence;

import org.geoserver.catalog.LayerInfo;
import org.geoserver.catalog.impl.CoverageInfoImpl;
import org.geoserver.catalog.impl.CoverageStoreInfoImpl;
import org.geoserver.catalog.impl.DataStoreInfoImpl;
import org.geoserver.catalog.impl.FeatureTypeInfoImpl;
import org.geoserver.catalog.impl.LayerInfoImpl;
import org.geoserver.catalog.impl.WorkspaceInfoImpl;
import org.geoserver.data.test.MockData;
import org.geoserver.ows.Dispatcher;
import org.geoserver.ows.Request;
import org.geoserver.security.VectorAccessLimits;
import org.geoserver.security.WorkspaceAccessLimits;
import org.geotools.factory.CommonFactoryFinder;
import org.geotools.filter.visitor.DefaultFilterVisitor;
import org.geotools.util.factory.Hints;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.locationtech.jts.geom.Geometry;
import org.locationtech.jts.io.WKTReader;
import org.opengis.filter.Filter;
import org.opengis.filter.FilterFactory2;
import org.opengis.filter.spatial.Intersects;
import org.springframework.security.core.Authentication;

/* loaded from: input_file:org/geoserver/geofence/GeofenceAccessManagerTest.class */
public class GeofenceAccessManagerTest extends GeofenceBaseTest {

    /* loaded from: input_file:org/geoserver/geofence/GeofenceAccessManagerTest$IntersectExtractor.class */
    static class IntersectExtractor extends DefaultFilterVisitor {
        Geometry geom;

        IntersectExtractor() {
        }

        public Object visit(Intersects intersects, Object obj) {
            this.geom = (Geometry) intersects.getExpression2().evaluate((Object) null);
            return obj;
        }
    }

    @Test
    public void testAdmin() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("admin", "geoserver", "ROLE_ADMINISTRATOR");
        login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
        WorkspaceAccessLimits accessLimits = accessManager.getAccessLimits(user, catalog.getWorkspaceByName(MockData.CITE_PREFIX));
        Assert.assertTrue(accessLimits.isReadable());
        Assert.assertTrue(accessLimits.isWritable());
        VectorAccessLimits accessLimits2 = accessManager.getAccessLimits(user, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
        Assert.assertEquals(Filter.INCLUDE, accessLimits2.getReadFilter());
        Assert.assertEquals(Filter.INCLUDE, accessLimits2.getWriteFilter());
        Assert.assertNull(accessLimits2.getReadAttributes());
        Assert.assertNull(accessLimits2.getWriteAttributes());
    }

    @Test
    public void testCiteCannotWriteOnWorkspace() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false);
        WorkspaceAccessLimits accessLimits = accessManager.getAccessLimits(getUser("cite", "cite", "ROLE_AUTHENTICATED"), catalog.getWorkspaceByName(MockData.CITE_PREFIX));
        Assert.assertTrue(accessLimits.isReadable());
        Assert.assertFalse(accessLimits.isWritable());
    }

    @Test
    public void testCiteCanWriteOnWorkspace() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(true);
        WorkspaceAccessLimits accessLimits = accessManager.getAccessLimits(getUser("cite", "cite", "ROLE_AUTHENTICATED"), catalog.getWorkspaceByName(MockData.CITE_PREFIX));
        Assert.assertTrue(accessLimits.isReadable());
        Assert.assertTrue(accessLimits.isWritable());
        configManager.getConfiguration().setGrantWriteToWorkspacesToAuthenticatedUsers(false);
    }

    @Test
    public void testAnonymousUser() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
        VectorAccessLimits accessLimits = accessManager.getAccessLimits((Authentication) null, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
        Assert.assertEquals(Filter.EXCLUDE, accessLimits.getReadFilter());
        Assert.assertEquals(Filter.EXCLUDE, accessLimits.getWriteFilter());
        Assert.assertNull(accessLimits.getReadAttributes());
        Assert.assertNull(accessLimits.getWriteAttributes());
    }

    @Test
    public void testCiteWorkspaceAccess() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("cite", "cite", "ROLE_AUTHENTICATED");
        login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
        WorkspaceAccessLimits accessLimits = accessManager.getAccessLimits(user, catalog.getWorkspaceByName(MockData.CITE_PREFIX));
        Assert.assertTrue(accessLimits.isReadable());
        Assert.assertFalse(accessLimits.isWritable());
        WorkspaceAccessLimits accessLimits2 = accessManager.getAccessLimits(user, catalog.getWorkspaceByName(MockData.CDF_PREFIX));
        Assert.assertTrue(accessLimits2.isReadable());
        Assert.assertFalse(accessLimits2.isWritable());
        WorkspaceAccessLimits accessLimits3 = accessManager.getAccessLimits(user, catalog.getWorkspaceByName(MockData.SF_PREFIX));
        Assert.assertTrue(accessLimits3.isReadable());
        Assert.assertFalse(accessLimits3.isWritable());
    }

    @Test
    public void testCiteLayerAccess() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("cite", "cite", "ROLE_AUTHENTICATED");
        login("admin", "geoserver", new String[]{"ROLE_ADMINISTRATOR"});
        VectorAccessLimits accessLimits = accessManager.getAccessLimits(user, catalog.getLayerByName(getLayerId(MockData.BASIC_POLYGONS)));
        Assert.assertEquals(Filter.INCLUDE, accessLimits.getReadFilter());
        Assert.assertEquals(Filter.INCLUDE, accessLimits.getWriteFilter());
        Assert.assertNull(accessLimits.getReadAttributes());
        Assert.assertNull(accessLimits.getWriteAttributes());
        Request request = new Request();
        request.setService("WFS");
        request.setRequest("GetFeature");
        Dispatcher.REQUEST.set(request);
        LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
        VectorAccessLimits accessLimits2 = accessManager.getAccessLimits(user, layerByName);
        Assert.assertEquals(Filter.EXCLUDE, accessLimits2.getReadFilter());
        Assert.assertEquals(Filter.EXCLUDE, accessLimits2.getWriteFilter());
        Request request2 = new Request();
        request2.setService("WmS");
        request2.setRequest("gETmAP");
        Dispatcher.REQUEST.set(request2);
        VectorAccessLimits accessLimits3 = accessManager.getAccessLimits(user, layerByName);
        Assert.assertEquals(Filter.INCLUDE, accessLimits3.getReadFilter());
        Assert.assertEquals(Filter.INCLUDE, accessLimits3.getWriteFilter());
    }

    @Test
    public void testWmsLimited() {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("wmsuser", "wmsuser", "ROLE_AUTHENTICATED");
        Request request = new Request();
        request.setService("WFS");
        request.setRequest("GetFeature");
        Dispatcher.REQUEST.set(request);
        LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
        if (layerByName != null) {
            VectorAccessLimits accessLimits = accessManager.getAccessLimits(user, layerByName);
            Assert.assertEquals(Filter.INCLUDE, accessLimits.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits.getWriteFilter());
            Request request2 = new Request();
            request2.setService("wms");
            Dispatcher.REQUEST.set(request2);
            VectorAccessLimits accessLimits2 = accessManager.getAccessLimits(user, layerByName);
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getReadFilter());
            Assert.assertEquals(Filter.INCLUDE, accessLimits2.getWriteFilter());
        }
    }

    @Test
    public void testAreaLimited() throws Exception {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("area", "area", "ROLE_AUTHENTICATED");
        login("area", "area", new String[]{"ROLE_AUTHENTICATED"});
        VectorAccessLimits accessLimits = accessManager.getAccessLimits(user, catalog.getLayerByName(getLayerId(MockData.GENERICENTITY)));
        FilterFactory2 filterFactory2 = CommonFactoryFinder.getFilterFactory2((Hints) null);
        Intersects intersects = filterFactory2.intersects(filterFactory2.property(""), filterFactory2.literal(new WKTReader().read("MULTIPOLYGON(((48 62, 48 63, 49 63, 49 62, 48 62)))")));
        Assert.assertEquals(intersects, accessLimits.getReadFilter());
        Assert.assertEquals(intersects, accessLimits.getWriteFilter());
    }

    @Test
    public void testArea900913Vector() throws Exception {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("area", "area", "ROLE_AUTHENTICATED");
        login("area", "area", new String[]{"ROLE_AUTHENTICATED"});
        LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
        WorkspaceInfoImpl workspaceInfoImpl = new WorkspaceInfoImpl();
        workspaceInfoImpl.setName(layerByName.getResource().getStore().getWorkspace().getName());
        DataStoreInfoImpl dataStoreInfoImpl = new DataStoreInfoImpl(catalog);
        dataStoreInfoImpl.setWorkspace(workspaceInfoImpl);
        FeatureTypeInfoImpl featureTypeInfoImpl = new FeatureTypeInfoImpl(catalog);
        featureTypeInfoImpl.setNamespace(layerByName.getResource().getNamespace());
        featureTypeInfoImpl.setSRS("EPSG:900913");
        featureTypeInfoImpl.setName(layerByName.getResource().getName());
        featureTypeInfoImpl.setStore(dataStoreInfoImpl);
        LayerInfoImpl layerInfoImpl = new LayerInfoImpl();
        layerInfoImpl.setResource(featureTypeInfoImpl);
        layerInfoImpl.setName(layerByName.getName());
        VectorAccessLimits accessLimits = accessManager.getAccessLimits(user, featureTypeInfoImpl);
        Geometry read = new WKTReader().read(" MULTIPOLYGON (((5343335.558077131 8859142.800565697, 5343335.558077131 9100250.907059547, 5454655.048870404 9100250.907059547, 5454655.048870404 8859142.800565697, 5343335.558077131 8859142.800565697)))");
        IntersectExtractor intersectExtractor = new IntersectExtractor();
        accessLimits.getReadFilter().accept(intersectExtractor, (Object) null);
        Assert.assertTrue(read.equalsExact(intersectExtractor.geom, 1.0E-9d));
        IntersectExtractor intersectExtractor2 = new IntersectExtractor();
        accessLimits.getWriteFilter().accept(intersectExtractor2, (Object) null);
        Assert.assertTrue(read.equalsExact(intersectExtractor2.geom, 1.0E-9d));
    }

    @Test
    public void testArea900913Raster() throws Exception {
        Assume.assumeTrue(IS_GEOFENCE_AVAILABLE.booleanValue());
        Authentication user = getUser("area", "area", "ROLE_AUTHENTICATED");
        login("area", "area", new String[]{"ROLE_AUTHENTICATED"});
        LayerInfo layerByName = catalog.getLayerByName(getLayerId(MockData.GENERICENTITY));
        WorkspaceInfoImpl workspaceInfoImpl = new WorkspaceInfoImpl();
        workspaceInfoImpl.setName(layerByName.getResource().getStore().getWorkspace().getName());
        CoverageStoreInfoImpl coverageStoreInfoImpl = new CoverageStoreInfoImpl(catalog);
        coverageStoreInfoImpl.setWorkspace(workspaceInfoImpl);
        CoverageInfoImpl coverageInfoImpl = new CoverageInfoImpl(catalog);
        coverageInfoImpl.setNamespace(layerByName.getResource().getNamespace());
        coverageInfoImpl.setSRS("EPSG:900913");
        coverageInfoImpl.setName(layerByName.getResource().getName());
        coverageInfoImpl.setStore(coverageStoreInfoImpl);
        LayerInfoImpl layerInfoImpl = new LayerInfoImpl();
        layerInfoImpl.setResource(coverageInfoImpl);
        layerInfoImpl.setName(layerByName.getName());
        Assert.assertTrue(new WKTReader().read("MULTIPOLYGON (((5343335.558077131 8859142.800565697, 5343335.558077131 9100250.907059547, 5454655.048870404 9100250.907059547, 5454655.048870404 8859142.800565697, 5343335.558077131 8859142.800565697)))").equalsExact(accessManager.getAccessLimits(user, coverageInfoImpl).getRasterFilter(), 1.0E-9d));
    }
}
