package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Map;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
import org.apache.sling.testing.mock.osgi.ReferenceViolationException;
import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugConfigurationOsgiTest.class */
public class CugConfigurationOsgiTest extends AbstractSecurityTest {
    private static final String EXCLUDED_PRINCIPAL_NAME = "excludedPrincipal";
    private static final String ANY_PRINCIPAL_NAME = "anyPrincipal";
    private static final Map<String, Object> PROPERTIES = ImmutableMap.of("cugEnabled", true, "cugSupportedPaths", new String[]{"/"});

    @Rule
    public final OsgiContext context = new OsgiContext();
    private CugConfiguration cugConfiguration;
    private CugExcludeImpl cugExclude;
    private String wspName;

    @Before
    public void before() throws Exception {
        super.before();
        this.wspName = this.root.getContentSession().getWorkspaceName();
        this.cugConfiguration = new CugConfiguration(getSecurityProvider());
        this.cugExclude = new CugExcludeImpl();
    }

    @Test(expected = ReferenceViolationException.class)
    public void testMissingCugExclude() {
        this.context.registerInjectActivateService(this.cugConfiguration, PROPERTIES);
    }

    @Test
    public void testCugExcludeExcludedDefault() {
        this.context.registerInjectActivateService(this.cugExclude);
        this.context.registerInjectActivateService(this.cugConfiguration, PROPERTIES);
        Principal principal = new AdminPrincipal() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfigurationOsgiTest.1
            public String getName() {
                return "name";
            }
        };
        Principal principal2 = new SystemUserPrincipal() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfigurationOsgiTest.2
            public String getName() {
                return "name";
            }
        };
        AuthorizationConfiguration authorizationConfiguration = (AuthorizationConfiguration) this.context.getService(AuthorizationConfiguration.class);
        for (Principal principal3 : new Principal[]{SystemPrincipal.INSTANCE, principal, principal2}) {
            Assert.assertSame(EmptyPermissionProvider.getInstance(), authorizationConfiguration.getPermissionProvider(this.root, this.wspName, ImmutableSet.of(principal3)));
        }
        Assert.assertTrue(authorizationConfiguration.getPermissionProvider(this.root, this.wspName, ImmutableSet.of(new PrincipalImpl(EXCLUDED_PRINCIPAL_NAME))) instanceof CugPermissionProvider);
    }

    @Test
    public void testCugExcludeExcludedPrincipal() {
        this.context.registerInjectActivateService(this.cugExclude, ImmutableMap.of("principalNames", new String[]{EXCLUDED_PRINCIPAL_NAME}));
        this.context.registerInjectActivateService(this.cugConfiguration, PROPERTIES);
        Assert.assertSame(EmptyPermissionProvider.getInstance(), ((AuthorizationConfiguration) this.context.getService(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.wspName, ImmutableSet.of(new PrincipalImpl(EXCLUDED_PRINCIPAL_NAME))));
    }

    @Test
    public void testCugExcludeAnyPrincipal() {
        this.context.registerInjectActivateService(this.cugExclude, ImmutableMap.of("principalNames", new String[]{EXCLUDED_PRINCIPAL_NAME}));
        this.context.registerInjectActivateService(this.cugConfiguration, PROPERTIES);
        Assert.assertTrue(((AuthorizationConfiguration) this.context.getService(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME))) instanceof CugPermissionProvider);
    }

    @Test
    public void testNotEnabled() {
        this.context.registerInjectActivateService(this.cugExclude, ImmutableMap.of("principalNames", new String[]{ANY_PRINCIPAL_NAME}));
        this.context.registerInjectActivateService(this.cugConfiguration, ImmutableMap.of("cugEnabled", false, "cugSupportedPaths", new String[]{"/"}));
        Assert.assertSame(EmptyPermissionProvider.getInstance(), ((AuthorizationConfiguration) this.context.getService(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME))));
    }

    @Test
    public void testNoSupportedPaths() {
        this.context.registerInjectActivateService(this.cugExclude, ImmutableMap.of("principalNames", new String[]{ANY_PRINCIPAL_NAME}));
        this.context.registerInjectActivateService(this.cugConfiguration, ImmutableMap.of("cugEnabled", true, "cugSupportedPaths", new String[0]));
        Assert.assertSame(EmptyPermissionProvider.getInstance(), ((AuthorizationConfiguration) this.context.getService(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.wspName, ImmutableSet.of(new PrincipalImpl(ANY_PRINCIPAL_NAME))));
    }
}
