package org.geoserver.wfs;

import java.io.IOException;
import java.util.Collections;
import java.util.List;
import javax.servlet.Filter;
import javax.xml.namespace.QName;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.commons.codec.binary.Base64;
import org.custommonkey.xmlunit.XMLAssert;
import org.custommonkey.xmlunit.exceptions.XpathException;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.AccessMode;
import org.geoserver.security.CatalogMode;
import org.geoserver.security.impl.DataAccessRuleDAO;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.mock.web.MockHttpServletRequest;
import org.springframework.mock.web.MockHttpServletResponse;
import org.w3c.dom.Document;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/geoserver/wfs/SecuredGetFeatureTest.class */
public class SecuredGetFeatureTest extends WFSTestSupport {
    public static QName NULL_GEOMETRIES = new QName(SystemTestData.CITE_URI, "NullGeometries", SystemTestData.CITE_PREFIX);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.geoserver.wfs.WFSTestSupport
    public void setUpInternal(SystemTestData systemTestData) throws Exception {
        addUser("cite", "cite", null, Collections.singletonList("ROLE_CITE_READER"));
        addLayerAccessRule("*", "*", AccessMode.READ, new String[]{"ROLE_NO_ONE"});
        addLayerAccessRule("*", "*", AccessMode.WRITE, new String[]{"ROLE_NO_ONE"});
        addLayerAccessRule(SystemTestData.CITE_PREFIX, "*", AccessMode.READ, new String[]{"ROLE_CITE_READER"});
    }

    protected List<Filter> getFilters() {
        return Collections.singletonList((Filter) GeoServerExtensions.bean("filterChainProxy"));
    }

    @Test
    public void testGetNoAuthHide() throws Exception {
        ((DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext)).setCatalogMode(CatalogMode.HIDE);
        Document asDOM = getAsDOM("wfs?request=GetFeature&version=1.1.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        checkOws10Exception(asDOM);
        XMLAssert.assertXpathEvaluatesTo("Unknown namespace [cite]", "//ows:ExceptionText/text()", asDOM);
    }

    @Test
    public void testGetNoAuthChallenge() throws Exception {
        DataAccessRuleDAO dataAccessRuleDAO = (DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext);
        dataAccessRuleDAO.setCatalogMode(CatalogMode.CHALLENGE);
        dataAccessRuleDAO.storeRules();
        MockHttpServletResponse asServletResponse = getAsServletResponse("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        Assert.assertEquals(401L, asServletResponse.getStatus());
        Assert.assertEquals("Basic realm=\"GeoServer Realm\"", asServletResponse.getHeader("WWW-Authenticate"));
    }

    @Test
    public void testInvalidAuthChallenge() throws Exception {
        ((DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext)).setCatalogMode(CatalogMode.CHALLENGE);
        MockHttpServletRequest createRequest = createRequest("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS));
        createRequest.setMethod("GET");
        createRequest.addHeader("Authorization", "Basic " + new String(Base64.encodeBase64("cite:wrongpassword".getBytes())));
        MockHttpServletResponse dispatch = dispatch(createRequest);
        Assert.assertEquals(401L, dispatch.getStatus());
        Assert.assertEquals("Basic realm=\"GeoServer Realm\"", dispatch.getHeader("WWW-Authenticate"));
    }

    @Test
    public void testValidAuth() throws Exception {
        checkValidAuth("cite", "cite");
    }

    @Test
    public void testValidAuthAdmin() throws Exception {
        checkValidAuth("admin", "geoserver");
    }

    private void checkValidAuth(String str, String str2) throws Exception, ParserConfigurationException, SAXException, IOException, XpathException {
        ((DataAccessRuleDAO) GeoServerExtensions.bean(DataAccessRuleDAO.class, applicationContext)).setCatalogMode(CatalogMode.CHALLENGE);
        setRequestAuth(str, str2);
        XMLAssert.assertXpathEvaluatesTo("1", "count(/wfs:FeatureCollection)", getAsDOM("wfs?request=GetFeature&version=1.0.0&service=wfs&typeName=" + getLayerId(SystemTestData.BUILDINGS)));
    }
}
