package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugTreePermissionTest.class */
public class CugTreePermissionTest extends AbstractCugTest {
    private CugTreePermission allowedTp;
    private CugTreePermission deniedTp;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    public void before() throws Exception {
        super.before();
        createCug("/content", EveryonePrincipal.getInstance());
        this.root.commit();
        this.allowedTp = getCugTreePermission(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
        this.deniedTp = getCugTreePermission(new Principal[0]);
    }

    private CugTreePermission getCugTreePermission(@NotNull Principal... principalArr) {
        return getCugTreePermission("/content", principalArr);
    }

    private CugTreePermission getCugTreePermission(@NotNull String str, @NotNull Principal... principalArr) {
        CugTreePermission treePermission = getTreePermission(this.root, str, createCugPermissionProvider(ImmutableSet.copyOf(SUPPORTED_PATHS), principalArr));
        Assert.assertTrue(treePermission instanceof CugTreePermission);
        return treePermission;
    }

    @Test
    public void testGetChildPermission() throws Exception {
        NodeState nodeState = this.root.getTree("/content/subtree").getNodeState();
        Assert.assertTrue(this.allowedTp.getChildPermission("subtree", nodeState) instanceof CugTreePermission);
        Assert.assertTrue(this.deniedTp.getChildPermission("subtree", nodeState) instanceof CugTreePermission);
        Assert.assertSame(TreePermission.NO_RECOURSE, this.allowedTp.getChildPermission("rep:cugPolicy", this.root.getTree(PathUtils.concat("/content", "rep:cugPolicy")).getNodeState()));
    }

    @Test
    public void testIsAllow() throws Exception {
        Assert.assertTrue(this.allowedTp.isAllow());
        Assert.assertFalse(this.deniedTp.isAllow());
    }

    @Test
    public void testIsAllowNestedCug() throws Exception {
        Assert.assertFalse(getCugTreePermission("/content/subtree", new Principal[0]).isAllow());
        Assert.assertTrue(getCugTreePermission("/content/subtree", getTestUser().getPrincipal(), EveryonePrincipal.getInstance()).isAllow());
        createCug("/content/subtree", EveryonePrincipal.getInstance());
        this.root.commit();
        Assert.assertFalse(getCugTreePermission("/content/subtree", new Principal[0]).isAllow());
        Assert.assertTrue(getCugTreePermission("/content/subtree", getTestUser().getPrincipal(), EveryonePrincipal.getInstance()).isAllow());
    }

    @Test
    public void testIsInCug() {
        Assert.assertTrue(this.allowedTp.isInCug());
        Assert.assertTrue(this.deniedTp.isInCug());
    }

    @Test
    public void testIsInCugChild() throws Exception {
        Assert.assertTrue(getCugTreePermission("/content/subtree", new Principal[0]).isInCug());
        Assert.assertTrue(getCugTreePermission("/content/subtree", getTestUser().getPrincipal(), EveryonePrincipal.getInstance()).isInCug());
    }

    @Test
    public void testIsInCugNestedCug() throws Exception {
        createCug("/content/subtree", EveryonePrincipal.getInstance());
        this.root.commit();
        Assert.assertTrue(getCugTreePermission("/content/subtree", new Principal[0]).isInCug());
        Assert.assertTrue(getCugTreePermission("/content/subtree", getTestUser().getPrincipal(), EveryonePrincipal.getInstance()).isInCug());
    }

    @Test
    public void testIsInCugSupportedPathWithoutCug() throws Exception {
        NodeUtil nodeUtil = new NodeUtil(this.root.getTree("/content2"));
        Tree tree = nodeUtil.addChild("c1", "oak:Unstructured").getTree();
        String path = nodeUtil.addChild("c2", "oak:Unstructured").getTree().getPath();
        createCug(path, getTestGroupPrincipal());
        this.root.commit();
        Assert.assertTrue(getCugTreePermission(path, new Principal[0]).isInCug());
        Assert.assertFalse(getCugTreePermission(tree.getPath(), new Principal[0]).isInCug());
    }

    @Test
    public void testHasNested() {
        Assert.assertFalse(getCugTreePermission("/content", new Principal[0]).hasNestedCug());
        Assert.assertFalse(getCugTreePermission("/content/subtree", new Principal[0]).hasNestedCug());
    }

    @Test
    public void testHasNestedWithNestedCug() throws Exception {
        createCug("/content/subtree", EveryonePrincipal.getInstance());
        this.root.commit();
        Assert.assertTrue(getCugTreePermission("/content", new Principal[0]).hasNestedCug());
        Assert.assertFalse(getCugTreePermission("/content/subtree", new Principal[0]).hasNestedCug());
    }

    @Test
    public void testCanRead() {
        Assert.assertTrue(this.allowedTp.canRead());
        Assert.assertFalse(this.deniedTp.canRead());
    }

    @Test
    public void testCanReadProperty() {
        PropertyState createProperty = PropertyStates.createProperty("prop", "val");
        Assert.assertTrue(this.allowedTp.canRead(createProperty));
        Assert.assertFalse(this.deniedTp.canRead(createProperty));
    }

    @Test
    public void testCanReadAll() {
        Assert.assertFalse(this.allowedTp.canReadAll());
        Assert.assertFalse(this.deniedTp.canReadAll());
    }

    @Test
    public void testCanReadProperties() {
        Assert.assertTrue(this.allowedTp.canReadProperties());
        Assert.assertFalse(this.deniedTp.canReadProperties());
    }

    @Test
    public void testIsGranted() {
        Assert.assertFalse(this.allowedTp.isGranted(2097151L));
        Assert.assertFalse(this.allowedTp.isGranted(124L));
        Assert.assertTrue(this.allowedTp.isGranted(1L));
        Assert.assertFalse(this.deniedTp.isGranted(2097151L));
        Assert.assertFalse(this.deniedTp.isGranted(124L));
        Assert.assertFalse(this.deniedTp.isGranted(1L));
    }

    @Test
    public void testIsGrantedProperty() {
        PropertyState createProperty = PropertyStates.createProperty("prop", "val");
        Assert.assertFalse(this.allowedTp.isGranted(2097151L, createProperty));
        Assert.assertFalse(this.allowedTp.isGranted(124L, createProperty));
        Assert.assertTrue(this.allowedTp.isGranted(2L, createProperty));
        Assert.assertFalse(this.deniedTp.isGranted(2097151L, createProperty));
        Assert.assertFalse(this.deniedTp.isGranted(124L, createProperty));
        Assert.assertFalse(this.deniedTp.isGranted(2L, createProperty));
    }
}
