package org.geoserver.gwc;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import org.geoserver.data.test.MockData;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.geoserver.wms.WMSTestSupport;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletResponse;

/* loaded from: input_file:org/geoserver/gwc/GWCDataSecurityChallengeIntegrationTest.class */
public class GWCDataSecurityChallengeIntegrationTest extends WMSTestSupport {
    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        ((DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext)).setCatalogMode(CatalogMode.CHALLENGE);
        GWC.get().getConfig().setDirectWMSIntegrationEnabled(true);
        GWC.get().getConfig().setSecurityEnabled(true);
        addUser("cite", "cite", null, Arrays.asList("ROLE_CITE_LAKES_VIEWER"));
        addUser("other", "other", null, Arrays.asList("OTHER_VIEWER"));
        addLayerAccessRule("*", "*", AccessMode.READ, new String[]{"*"});
        addLayerAccessRule("*", "*", AccessMode.WRITE, new String[]{"*"});
        addLayerAccessRule("cite", "Lakes", AccessMode.READ, new String[]{"ROLE_CITE_LAKES_VIEWER"});
    }

    protected List<Filter> getFilters() {
        return Collections.singletonList((Filter) GeoServerExtensions.bean("filterChainProxy"));
    }

    @Test
    public void testDirectWMSIntegration() throws Exception {
        String str = "wms?service=WMS&request=GetMap&version=1.1.1&format=image/png&layers=" + getLayerId(MockData.LAKES) + "&srs=EPSG:4326&width=256&height=256&styles=&bbox=-180.0,-90.0,0.0,90.0&tiled=true";
        setRequestAuth(null, null);
        Assert.assertEquals(401L, getAsServletResponse(str).getStatus());
        setRequestAuth("cite", "cite");
        MockHttpServletResponse asServletResponse = getAsServletResponse(str);
        Assert.assertEquals(200L, asServletResponse.getStatus());
        Assert.assertEquals("image/png", asServletResponse.getContentType());
        MatcherAssert.assertThat(asServletResponse.getHeader("geowebcache-cache-result"), Matchers.equalToIgnoringCase("MISS"));
        MockHttpServletResponse asServletResponse2 = getAsServletResponse(str);
        Assert.assertEquals(200L, asServletResponse2.getStatus());
        Assert.assertEquals("image/png", asServletResponse2.getContentType());
        MatcherAssert.assertThat(asServletResponse2.getHeader("geowebcache-cache-result"), Matchers.equalToIgnoringCase("HIT"));
        setRequestAuth("other", "other");
        Assert.assertEquals(403L, getAsServletResponse(str).getStatus());
        setRequestAuth(null, null);
        Assert.assertEquals(401L, getAsServletResponse(str).getStatus());
    }
}
