package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableSet;
import java.util.Iterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/HiddenTest.class */
public class HiddenTest extends AbstractCugTest {
    private Root readOnlyRoot;
    private Tree hiddenTree;
    private CugPermissionProvider pp;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    @Before
    public void before() throws Exception {
        super.before();
        createCug("/content", EveryonePrincipal.getInstance());
        this.root.commit();
        this.readOnlyRoot = getRootProvider().createReadOnlyRoot(this.root);
        this.hiddenTree = this.readOnlyRoot.getTree("/oak:index/acPrincipalName/:index");
        Assert.assertTrue(this.hiddenTree.exists());
        this.pp = createCugPermissionProvider(ImmutableSet.of("/"), EveryonePrincipal.getInstance());
    }

    @Test
    public void testSupportedPermissions() {
        Assert.assertEquals(0L, this.pp.supportedPermissions(this.hiddenTree, (PropertyState) null, 3L));
    }

    @Test
    public void testSupportedPermissionsLocation() {
        Assert.assertEquals(0L, this.pp.supportedPermissions(TreeLocation.create(this.hiddenTree), 3L));
    }

    @Test
    public void testSupportedPrivileges() {
        Assert.assertSame(PrivilegeBits.EMPTY, this.pp.supportedPrivileges(this.hiddenTree, new PrivilegeBitsProvider(this.readOnlyRoot).getBits(new String[]{"jcr:read"})));
    }

    @Test
    public void testTreePermission() {
        Tree tree = this.readOnlyRoot.getTree("/");
        TreePermission treePermission = this.pp.getTreePermission(tree, TreePermission.EMPTY);
        for (String str : PathUtils.elements(this.hiddenTree.getPath())) {
            assertCugPermission(treePermission, true);
            tree = tree.getChild(str);
            treePermission = this.pp.getTreePermission(tree, treePermission);
        }
        Assert.assertSame(TreePermission.NO_RECOURSE, treePermission);
        Assert.assertEquals(0L, this.pp.supportedPermissions(treePermission, (PropertyState) null, 3L));
    }

    @Test
    public void testIsGranted() {
        Assert.assertFalse(this.pp.isGranted(this.hiddenTree, (PropertyState) null, 3L));
    }

    @Test
    public void testIsGrantedHiddenBelowCug() {
        Assert.assertTrue(this.pp.isGranted(this.readOnlyRoot.getTree("/content"), (PropertyState) null, 3L));
        Assert.assertFalse(this.pp.isGranted(this.readOnlyRoot.getTree("/content/:hidden"), (PropertyState) null, 3L));
    }

    @Test
    public void testIsGrantedPath() {
        Assert.assertTrue(this.pp.isGranted("/content", Permissions.getString(3L)));
        Assert.assertFalse(this.pp.isGranted("/content/:hidden", Permissions.getString(3L)));
        Assert.assertFalse(this.pp.isGranted("/content/:hidden/child", Permissions.getString(3L)));
        Assert.assertFalse(this.pp.isGranted(this.hiddenTree.getPath(), Permissions.getString(3L)));
    }

    @Test
    public void testHasPrivileges() {
        Assert.assertTrue(this.pp.hasPrivileges(this.readOnlyRoot.getTree("/content"), new String[]{"jcr:read"}));
        Assert.assertFalse(this.pp.hasPrivileges(this.readOnlyRoot.getTree("/content/:hidden"), new String[]{"jcr:read"}));
    }

    @Test
    public void testGetPrivileges() {
        Assert.assertFalse(this.pp.getPrivileges(this.readOnlyRoot.getTree("/content")).isEmpty());
        Assert.assertTrue(this.pp.getPrivileges(this.readOnlyRoot.getTree("/content/:hidden")).isEmpty());
    }

    @Test
    public void testCombinedSetup() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        try {
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/");
            accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:read"}));
            accessControlManager.setPolicy("/", accessControlList);
            this.root.commit();
            PermissionProvider permissionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.readOnlyRoot, this.root.getContentSession().getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
            Assert.assertFalse(permissionProvider.hasPrivileges(this.hiddenTree, new String[]{"jcr:read"}));
            Assert.assertTrue(permissionProvider.getPrivileges(this.hiddenTree).isEmpty());
            Assert.assertTrue(permissionProvider.isGranted(this.hiddenTree, (PropertyState) null, 2097151L));
            Assert.assertTrue(permissionProvider.isGranted(this.hiddenTree.getPath(), Permissions.getString(2097151L)));
            Tree tree = this.readOnlyRoot.getTree("/");
            TreePermission treePermission = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
            Iterator it = PathUtils.elements(this.hiddenTree.getPath()).iterator();
            while (it.hasNext()) {
                tree = tree.getChild((String) it.next());
                treePermission = permissionProvider.getTreePermission(tree, treePermission);
            }
            Assert.assertTrue(treePermission.isGranted(2097151L));
            JackrabbitAccessControlList accessControlList2 = AccessControlUtils.getAccessControlList(accessControlManager, "/");
            accessControlList2.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:read"}));
            accessControlManager.removePolicy("/", accessControlList2);
            this.root.commit();
        } catch (Throwable th) {
            JackrabbitAccessControlList accessControlList3 = AccessControlUtils.getAccessControlList(accessControlManager, "/");
            accessControlList3.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:read"}));
            accessControlManager.removePolicy("/", accessControlList3);
            this.root.commit();
            throw th;
        }
    }
}
