package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/MoveRenameTest.class */
public class MoveRenameTest extends AbstractCugTest {
    private static final Logger log = LoggerFactory.getLogger(MoveRenameTest.class);
    private Principal testgroup;
    private Principal everyone;
    private String testPath;
    private String nestedPath;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    @Before
    public void before() throws Exception {
        super.before();
        this.testgroup = getTestGroupPrincipal();
        this.everyone = EveryonePrincipal.getInstance();
        setupCugsAndAcls("/content/a", "/content/a/b/c", "/content2");
        this.testPath = PathUtils.concat("/content", new String[]{"a"});
        this.nestedPath = PathUtils.concat("/content", new String[]{"a", "b", "c"});
        assertCugPrivileges(this.testgroup, true, this.testPath);
        assertCugPrivileges(this.everyone, true, this.nestedPath, "/content2");
        assertCugPrivileges(this.testgroup, false, this.nestedPath, "/content2");
        assertCugPrivileges(this.everyone, false, this.testPath);
    }

    private void assertCugPrivileges(@NotNull Principal principal, boolean z, String... strArr) {
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.copyOf(SUPPORTED_PATHS), principal);
        for (String str : strArr) {
            Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(createCugPermissionProvider.isGranted(str, "read")));
        }
    }

    private void removeCug(@NotNull String str) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        for (AccessControlPolicy accessControlPolicy : accessControlManager.getPolicies(str)) {
            if (accessControlPolicy instanceof CugPolicyImpl) {
                accessControlManager.removePolicy(str, accessControlPolicy);
                this.root.commit();
                return;
            }
        }
        Assert.fail("No CUG policy to remove at " + str);
    }

    @Test
    public void testMove() throws Exception {
        this.root.move("/content2", "/some/content/tree/content");
        this.root.commit();
        assertCugPrivileges(this.everyone, true, "/some/content/tree/content");
        assertCugPrivileges(this.everyone, false, "/content2");
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/some/content/tree/content", this.testPath);
    }

    @Test
    public void testMoveAndRename() throws Exception {
        this.root.move("/content2", "/some/content/tree/content");
        this.root.move("/some/content/tree/content", "/some/content/tree/content2");
        this.root.commit();
        assertCugPrivileges(this.everyone, true, "/some/content/tree/content2");
        assertCugPrivileges(this.everyone, false, "/some/content/tree/content");
        assertCugPrivileges(this.everyone, false, "/content2");
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/some/content/tree/content2", this.testPath);
    }

    @Test
    public void testMoveAndBack() throws Exception {
        this.root.move("/content2", "/some/content/tree/content");
        this.root.commit();
        this.root.move("/some/content/tree/content", "/content2");
        this.root.commit();
        assertCugPrivileges(this.everyone, true, "/content2");
        assertCugPrivileges(this.everyone, false, "/some/content/tree/content");
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/content2", this.testPath);
    }

    @Test
    public void testMoveWithNested() throws Exception {
        this.root.move(this.testPath, "/some/content/tree/content");
        this.root.commit();
        String concat = PathUtils.concat("/some/content/tree/content", PathUtils.relativize(this.testPath, this.nestedPath));
        assertCugPrivileges(this.testgroup, true, "/some/content/tree/content");
        assertCugPrivileges(this.everyone, true, concat);
        assertCugPrivileges(this.testgroup, false, concat);
        assertCugPrivileges(this.testgroup, false, this.testPath);
        assertCugPrivileges(this.everyone, false, this.nestedPath);
        assertNestedCugs(this.root, getRootProvider(), "/some/content/tree/content", true, concat);
    }

    @Test
    public void testMoveWithNestedAndRename() throws Exception {
        this.root.move(this.testPath, "/some/content/tree/content");
        this.root.move("/some/content/tree/content", "/some/content/tree/content2");
        this.root.commit();
        assertCugPrivileges(this.testgroup, true, "/some/content/tree/content2");
        assertCugPrivileges(this.testgroup, false, "/some/content/tree/content");
        String concat = PathUtils.concat("/some/content/tree/content2", PathUtils.relativize(this.testPath, this.nestedPath));
        assertCugPrivileges(this.everyone, true, concat);
        assertCugPrivileges(this.testgroup, false, concat);
        assertNestedCugs(this.root, getRootProvider(), "/some/content/tree/content2", true, concat);
    }

    @Test
    public void testMoveParentWithNested() throws Exception {
        this.root.move("/content", "/content2/content");
        this.root.commit();
        String concat = PathUtils.concat("/content2/content", PathUtils.relativize("/content", this.testPath));
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/content2");
        assertNestedCugs(this.root, getRootProvider(), "/content2", true, concat);
        assertNestedCugs(this.root, getRootProvider(), concat, true, PathUtils.concat(concat, PathUtils.relativize(this.testPath, this.nestedPath)));
    }

    @Test
    public void testMoveParentWithNestedAndBack() throws Exception {
        this.root.move("/content", "/some/content/tree/content");
        this.root.commit();
        this.root.move("/some/content/tree/content", "/content");
        this.root.commit();
        assertCugPrivileges(this.testgroup, true, this.testPath);
        assertCugPrivileges(this.everyone, true, this.nestedPath);
        assertCugPrivileges(this.testgroup, false, this.nestedPath);
        assertNestedCugs(this.root, getRootProvider(), "/", false, this.testPath, "/content2");
        assertNestedCugs(this.root, getRootProvider(), this.testPath, true, this.nestedPath);
    }

    @Test
    public void testRemoveCugAfterMoveParentWithNested() throws Exception {
        this.root.move("/content", "/some/content/tree/content");
        this.root.commit();
        String concat = PathUtils.concat("/some/content/tree/content", "a");
        String concat2 = PathUtils.concat(concat, PathUtils.relativize(this.testPath, this.nestedPath));
        assertCugPrivileges(this.testgroup, false, "/some/content/tree/content");
        assertCugPrivileges(this.everyone, true, concat2);
        assertCugPrivileges(this.testgroup, false, concat2);
        assertNestedCugs(this.root, getRootProvider(), "/", false, concat, "/content2");
        assertNestedCugs(this.root, getRootProvider(), concat, true, concat2);
        removeCug(concat);
        assertNestedCugs(this.root, getRootProvider(), "/", false, concat2, "/content2");
    }

    @Test
    public void testRenameWithNested() throws Exception {
        this.root.move(this.testPath, "/content/a2");
        this.root.commit();
        assertCugPrivileges(this.testgroup, true, "/content/a2");
        assertCugPrivileges(this.everyone, true, PathUtils.concat("/content/a2", PathUtils.relativize(this.testPath, this.nestedPath)));
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/content/a2", "/content2");
        assertNestedCugs(this.root, getRootProvider(), "/content/a2", true, "/content/a2/b/c");
    }

    @Test
    public void testRemoveCugAfterRenameWithNested() throws Exception {
        this.root.move(this.testPath, "/content/a2");
        this.root.commit();
        removeCug("/content/a2");
        String concat = PathUtils.concat("/content/a2", PathUtils.relativize(this.testPath, this.nestedPath));
        assertCugPrivileges(this.testgroup, false, this.testPath);
        assertCugPrivileges(this.testgroup, false, "/content/a2");
        assertCugPrivileges(this.everyone, true, concat);
        assertNestedCugs(this.root, getRootProvider(), "/", false, concat, "/content2");
    }

    @Test
    public void testRemoveCugAfterDoubleRenameWithNested() throws Exception {
        this.root.move(this.testPath, "/content/a2");
        this.root.commit();
        this.root.move("/content/a2", this.testPath);
        this.root.commit();
        assertNestedCugs(this.root, getRootProvider(), "/", false, this.testPath, "/content2");
        assertNestedCugs(this.root, getRootProvider(), this.testPath, true, this.nestedPath);
        removeCug(this.testPath);
        assertCugPrivileges(this.testgroup, false, this.testPath);
        assertCugPrivileges(this.everyone, true, this.nestedPath);
        assertNestedCugs(this.root, getRootProvider(), "/", false, this.nestedPath, "/content2");
    }
}
