package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManager;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
import org.apache.jackrabbit.oak.plugins.version.VersionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/VersionTest.class */
public class VersionTest extends AbstractCugTest implements NodeTypeConstants, VersionConstants {
    private ContentSession testSession;
    private Root testRoot;
    private ReadOnlyVersionManager versionManager;
    private List<String> readAccess = new ArrayList();
    private List<String> noReadAccess = new ArrayList();

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    @Before
    public void before() throws Exception {
        super.before();
        setupCugsAndAcls();
        this.readAccess = ImmutableList.of("/content", "/content/subtree", "/content/aa");
        this.noReadAccess = ImmutableList.of("/testNode", "/content2", "/content/a", "/content/aa/bb");
        Iterator it = Iterables.concat(this.readAccess, this.noReadAccess).iterator();
        while (it.hasNext()) {
            addVersionContent((String) it.next());
        }
        this.testSession = createTestSession();
        this.testRoot = this.testSession.getLatestRoot();
        this.versionManager = ReadOnlyVersionManager.getInstance(this.root, NamePathMapper.DEFAULT);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    public void after() throws Exception {
        try {
            if (this.testSession != null) {
                this.testSession.close();
            }
        } finally {
            super.after();
        }
    }

    private Tree addVersionContent(@Nonnull String str) throws Exception {
        Tree tree = this.root.getTree(str);
        TreeUtil.addMixin(tree, "mix:versionable", this.root.getTree("/jcr:system/jcr:nodeTypes"), (String) null);
        this.root.commit();
        tree.setProperty("jcr:isCheckedOut", false);
        this.root.commit();
        tree.setProperty("jcr:isCheckedOut", true);
        this.root.commit();
        if (this.testRoot != null) {
            this.testRoot.refresh();
        }
        return tree;
    }

    @Test
    public void testReadVersionContent() throws Exception {
        IdentifierManager identifierManager = new IdentifierManager(this.testRoot);
        ReadOnlyVersionManager readOnlyVersionManager = ReadOnlyVersionManager.getInstance(this.testRoot, NamePathMapper.DEFAULT);
        for (String str : this.readAccess) {
            Tree tree = this.testRoot.getTree(str);
            Assert.assertTrue(str, tree.exists());
            PropertyState property = tree.getProperty("jcr:versionHistory");
            Assert.assertNotNull(property);
            String str2 = (String) property.getValue(Type.STRING);
            Assert.assertEquals(str2, property.getValue(Type.STRING));
            Tree versionHistory = readOnlyVersionManager.getVersionHistory(tree);
            Assert.assertNotNull(versionHistory);
            Assert.assertTrue(versionHistory.exists());
            Assert.assertTrue(versionHistory.getChild("jcr:rootVersion").exists());
            Assert.assertFalse(versionHistory.getParent().exists());
            Assert.assertTrue(this.testRoot.getTree(versionHistory.getPath()).exists());
            String resolveUUID = identifierManager.resolveUUID(str2);
            Assert.assertNotNull(resolveUUID);
            Assert.assertEquals(versionHistory.getPath(), resolveUUID);
            Assert.assertTrue(this.testRoot.getTree(resolveUUID).exists());
            Assert.assertTrue(this.testRoot.getTree(resolveUUID + "/jcr:rootVersion").exists());
        }
    }

    @Test
    public void testReadVersionContentNoAccess() throws Exception {
        IdentifierManager identifierManager = new IdentifierManager(this.testRoot);
        for (String str : this.noReadAccess) {
            String str2 = (String) Preconditions.checkNotNull(TreeUtil.getString(this.root.getTree(str), "jcr:versionHistory"));
            String concat = PathUtils.concat("/jcr:system/jcr:versionStorage", this.versionManager.getVersionHistoryPath(str2));
            Tree tree = this.testRoot.getTree(concat);
            Assert.assertFalse(tree.exists());
            Assert.assertFalse(tree.getParent().exists());
            Assert.assertFalse(tree.getChild("jcr:rootVersion").exists());
            Assert.assertFalse(this.testRoot.getTree(concat + "/jcr:rootVersion").exists());
            Assert.assertNull(str, identifierManager.resolveUUID(str2));
        }
    }

    @Test
    public void testReadVersionStorage() {
        Assert.assertFalse(this.testRoot.getTree("/jcr:system/jcr:versionStorage").exists());
    }

    @Test
    public void testSupportedPermissions() throws Exception {
        Tree addVersionContent = addVersionContent("/content/a/b/c");
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), new Principal[0]);
        Tree tree = this.root.getTree("/jcr:system/jcr:versionStorage");
        Assert.assertEquals(0L, createCugPermissionProvider.supportedPermissions(tree, (PropertyState) null, 3L));
        Assert.assertEquals(0L, createCugPermissionProvider.supportedPermissions(tree.getParent(), (PropertyState) null, 3L));
        Assert.assertEquals(3L, createCugPermissionProvider.supportedPermissions(this.versionManager.getVersionHistory(addVersionContent), (PropertyState) null, 3L));
        Assert.assertEquals(3L, createCugPermissionProvider.supportedPermissions(this.versionManager.getVersionHistory(this.root.getTree("/content2")), (PropertyState) null, 3L));
        Assert.assertEquals(0L, createCugPermissionProvider.supportedPermissions(this.versionManager.getVersionHistory(this.root.getTree("/testNode")), (PropertyState) null, 3L));
        Assert.assertEquals(0L, createCugPermissionProvider.supportedPermissions(this.versionManager.getVersionHistory(this.root.getTree("/content")), (PropertyState) null, 3L));
    }

    @Test
    public void testVersionableRemoved() throws Exception {
        Tree addVersionContent = addVersionContent("/content/a/b/c");
        Tree tree = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(addVersionContent));
        Assert.assertTrue(this.testRoot.getTree(tree.getPath()).exists());
        addVersionContent.remove();
        this.root.commit();
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), new Principal[0]);
        Assert.assertEquals(3L, createCugPermissionProvider.supportedPermissions(tree, (PropertyState) null, 3L));
        Assert.assertFalse(createCugPermissionProvider.isGranted(tree, (PropertyState) null, 3L));
        this.testRoot.refresh();
        Assert.assertFalse(this.testRoot.getTree(tree.getPath()).exists());
    }

    @Test
    public void testVersionableRemoved2() throws Exception {
        Tree tree = this.root.getTree("/content/a");
        Tree tree2 = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(tree));
        Assert.assertFalse(this.testRoot.getTree(tree2.getPath()).exists());
        tree.remove();
        this.root.commit();
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), new Principal[0]);
        Assert.assertEquals(0L, createCugPermissionProvider.supportedPermissions(tree2, (PropertyState) null, 3L));
        Assert.assertFalse(createCugPermissionProvider.isGranted(tree2, (PropertyState) null, 3L));
        this.testRoot.refresh();
        Assert.assertTrue(this.testRoot.getTree(tree2.getPath()).exists());
    }

    @Test
    public void testTreePermissionVersionable() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(this.root.getTree("/content/a")));
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), EveryonePrincipal.getInstance());
        Tree tree2 = this.root.getTree("/");
        TreePermission treePermission = createCugPermissionProvider.getTreePermission(tree2, TreePermission.EMPTY);
        for (String str : PathUtils.elements(PathUtils.concat(tree.getPath(), new String[]{"1.0", "jcr:frozenNode", "b/c"}))) {
            tree2 = tree2.getChild(str);
            treePermission = createCugPermissionProvider.getTreePermission(tree2, treePermission);
            if ("jcr:system".equals(str) || ReadOnlyVersionManager.isVersionStoreTree(tree2)) {
                Assert.assertTrue(tree2.getPath(), treePermission instanceof EmptyCugTreePermission);
            } else {
                Assert.assertTrue(tree2.getPath(), treePermission instanceof CugTreePermission);
                Assert.assertEquals(tree2.getPath(), Boolean.valueOf("c".equals(str)), Boolean.valueOf(treePermission.canRead()));
            }
        }
    }

    @Test
    public void testTreePermissionVersionable2() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(this.root.getTree("/content")));
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), new Principal[0]);
        Tree tree2 = this.root.getTree("/");
        TreePermission treePermission = createCugPermissionProvider.getTreePermission(tree2, TreePermission.EMPTY);
        for (String str : PathUtils.elements(PathUtils.concat(tree.getPath(), new String[]{"1.0", "jcr:frozenNode", "aa"}))) {
            tree2 = tree2.getChild(str);
            treePermission = createCugPermissionProvider.getTreePermission(tree2, treePermission);
            if ("jcr:system".equals(str) || ReadOnlyVersionManager.isVersionStoreTree(tree2)) {
                Assert.assertTrue(tree2.getPath(), treePermission instanceof EmptyCugTreePermission);
            } else {
                Assert.assertTrue(tree2.getPath(), treePermission instanceof EmptyCugTreePermission);
            }
        }
    }

    @Test
    public void testTreePermissionVersionableUnsupportedPath() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(this.root.getTree("/testNode")));
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content", "/content2"), new Principal[0]);
        Tree tree2 = this.root.getTree("/");
        TreePermission treePermission = createCugPermissionProvider.getTreePermission(tree2, TreePermission.EMPTY);
        for (String str : PathUtils.elements(tree.getPath())) {
            tree2 = tree2.getChild(str);
            treePermission = createCugPermissionProvider.getTreePermission(tree2, treePermission);
            if ("jcr:system".equals(str) || ReadOnlyVersionManager.isVersionStoreTree(tree2)) {
                Assert.assertTrue(tree2.getPath(), treePermission instanceof EmptyCugTreePermission);
            } else {
                Assert.assertSame(tree2.getPath(), TreePermission.NO_RECOURSE, treePermission);
            }
        }
    }

    @Test
    public void testTreePermissionAtVersionableAboveSupported() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(this.root.getTree("/content")));
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content/a"), new Principal[0]);
        Tree tree2 = this.root.getTree("/");
        TreePermission treePermission = createCugPermissionProvider.getTreePermission(tree2, TreePermission.EMPTY);
        Iterator it = PathUtils.elements(tree.getPath()).iterator();
        while (it.hasNext()) {
            tree2 = tree2.getChild((String) it.next());
            treePermission = createCugPermissionProvider.getTreePermission(tree2, treePermission);
        }
        Assert.assertTrue(treePermission instanceof EmptyCugTreePermission);
    }

    @Test
    public void testCugAtRoot() throws Exception {
        String path = ((Tree) Preconditions.checkNotNull(this.versionManager.getVersionHistory(this.root.getTree("/testNode")))).getPath();
        try {
            NodeUtil nodeUtil = new NodeUtil(this.root.getTree("/"));
            nodeUtil.setNames("jcr:mixinTypes", new String[]{"rep:CugMixin"});
            nodeUtil.addChild("rep:cugPolicy", "rep:CugPolicy").setStrings("rep:principalNames", new String[]{"everyone"});
            this.root.commit();
            CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/"), new Principal[0]);
            Tree tree = this.root.getTree("/");
            TreePermission treePermission = createCugPermissionProvider.getTreePermission(tree, TreePermission.EMPTY);
            Assert.assertTrue(treePermission instanceof CugTreePermission);
            Iterator it = PathUtils.elements(path).iterator();
            while (it.hasNext()) {
                tree = tree.getChild((String) it.next());
                treePermission = createCugPermissionProvider.getTreePermission(tree, treePermission);
                Assert.assertTrue(treePermission instanceof CugTreePermission);
            }
        } finally {
            this.root.getTree("/").removeProperty("jcr:mixinTypes");
            Tree tree2 = this.root.getTree("/rep:cugPolicy");
            if (tree2.exists()) {
                tree2.remove();
            }
            this.root.commit();
        }
    }
}
