package org.geoserver.security.impl;

import java.io.File;
import java.io.IOException;
import org.geoserver.catalog.Catalog;
import org.geoserver.catalog.StoreInfo;
import org.geoserver.data.test.SystemTestData;
import org.geoserver.platform.GeoServerExtensions;
import org.geoserver.security.impl.FileSandboxEnforcer;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/geoserver/security/impl/AbstractSandboxEnforcerTest.class */
public abstract class AbstractSandboxEnforcerTest extends AbstractFileAccessTest {
    protected static final String ADMIN_STORE = "lakesAdmin";
    protected static final String CITE_STORE = "lakesCite";
    protected static final String CGF_STORE = "lakesCgf";
    protected static final String CDF_STORE = "lakesCdf";

    @Override // org.geoserver.security.impl.AbstractFileAccessTest, org.geoserver.test.GeoServerSystemTestSupport
    protected void onSetUp(SystemTestData systemTestData) throws Exception {
        super.onSetUp(systemTestData);
        GeoServerExtensions.bean(FileSandboxEnforcer.class, applicationContext);
    }

    @After
    public void clearFileAccessManagerConfiguration() {
        System.clearProperty(DefaultFileAccessManager.GEOSERVER_DATA_SANDBOX);
        getDataDirectory().get(new String[]{"security/layers.properties"}).delete();
        this.fileAccessManager.reload();
    }

    @Before
    public void clearStores() throws Exception {
        Catalog catalog = getCatalog();
        for (StoreInfo storeInfo : catalog.getStores(StoreInfo.class)) {
            String name = storeInfo.getName();
            if (ADMIN_STORE.equals(name) || CITE_STORE.equals(name)) {
                catalog.remove(storeInfo);
            }
        }
    }

    @Test
    public void testNoRestrictions() throws Exception {
        File canonicalFile = new File("./target/test").getCanonicalFile();
        loginAdmin();
        addStore(ADMIN_STORE, canonicalFile);
        loginCite();
        addStore(CITE_STORE, canonicalFile);
    }

    @Test
    public void testSystemSandbox() throws Exception {
        File canonicalFile = new File("./target/systemSandbox").getCanonicalFile();
        canonicalFile.mkdirs();
        System.setProperty(DefaultFileAccessManager.GEOSERVER_DATA_SANDBOX, canonicalFile.getAbsolutePath());
        this.fileAccessManager.reload();
        File canonicalFile2 = new File("./target/test").getCanonicalFile();
        loginAdmin();
        Catalog catalog = getCatalog();
        MatcherAssert.assertThat(Assert.assertThrows(FileSandboxEnforcer.SandboxException.class, () -> {
            addStore(ADMIN_STORE, canonicalFile2);
        }).getMessage(), Matchers.allOf(Matchers.startsWith("Access to "), Matchers.containsString(canonicalFile2.getAbsolutePath()), Matchers.endsWith(" denied by file sandboxing")));
        Assert.assertNull(catalog.getDataStoreByName(ADMIN_STORE));
    }

    @Test
    public void testWorkspaceAdminSandbox() throws Exception {
        configureCiteAccess();
        this.fileAccessManager.reload();
        loginCite();
        addStore(CITE_STORE, this.citeFolder);
        Assert.assertThrows(FileSandboxEnforcer.SandboxException.class, () -> {
            addStore(CGF_STORE, this.cgfFolder);
        });
        Assert.assertThrows(FileSandboxEnforcer.SandboxException.class, () -> {
            addStore(CDF_STORE, this.cdfFolder);
        });
        Assert.assertThrows(FileSandboxEnforcer.SandboxException.class, () -> {
            modifyStore(CITE_STORE, this.cgfFolder);
        });
        testLocation(getCatalog().getStoreByName(CITE_STORE, StoreInfo.class), this.citeFolder);
    }

    @Test
    public void testMultipleWorkspaceAdminSandbox() throws Exception {
        configureCiteCgfMissingAccess();
        loginCiteCgfMissing();
        addStore(CITE_STORE, this.citeFolder);
        addStore(CGF_STORE, this.cgfFolder);
        Assert.assertThrows(FileSandboxEnforcer.SandboxException.class, () -> {
            addStore(CDF_STORE, this.cdfFolder);
        });
    }

    protected abstract void testLocation(StoreInfo storeInfo, File file) throws Exception;

    protected abstract void addStore(String str, File file) throws IOException;

    protected abstract void modifyStore(String str, File file);
}
