package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.Iterator;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PermissionProviderVersionStoreTest.class */
public class PermissionProviderVersionStoreTest extends AbstractPrincipalBasedTest {
    private Principal testPrincipal;
    private PrincipalBasedPermissionProvider permissionProvider;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        this.testPrincipal = getTestSystemUser().getPrincipal();
        setupContentTrees("/oak:content/child/grandchild/oak:subtree");
        String ancestorPath = PathUtils.getAncestorPath("/oak:content/child/grandchild/oak:subtree", 3);
        String ancestorPath2 = PathUtils.getAncestorPath("/oak:content/child/grandchild/oak:subtree", 3);
        Tree tree = this.root.getTree("/jcr:system/jcr:nodeTypes");
        for (String str : new String[]{ancestorPath, ancestorPath2, "/oak:content/child/grandchild/oak:subtree"}) {
            TreeUtil.addMixin(this.root.getTree(str), "mix:versionable", tree, "uid");
        }
        this.root.commit();
        this.permissionProvider = createPermissionProvider(this.root, this.testPrincipal);
    }

    protected NamePathMapper getNamePathMapper() {
        return NamePathMapper.DEFAULT;
    }

    private void grantReadOnVersionStoreTrees() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(this.testPrincipal, accessControlManager);
        principalPolicyImpl.addEntry("/", privilegesFromNames("jcr:read"), ImmutableMap.of(), ImmutableMap.of("rep:ntNames", new Value[]{getValueFactory(this.root).createValue("rep:versionStorage", 7)}));
        accessControlManager.setPolicy(principalPolicyImpl.getPath(), principalPolicyImpl);
        this.root.commit();
        this.permissionProvider.refresh();
    }

    @Test
    public void testGetTreePermission() {
        Tree tree = getRootProvider().createReadOnlyRoot(this.root).getTree("/");
        TreePermission treePermission = this.permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
        Iterator it = PathUtils.elements("/jcr:system/jcr:versionStorage").iterator();
        while (it.hasNext()) {
            tree = tree.getChild((String) it.next());
            treePermission = this.permissionProvider.getTreePermission(tree, treePermission);
        }
        Assert.assertTrue(treePermission instanceof AbstractTreePermission);
        AbstractTreePermission abstractTreePermission = (AbstractTreePermission) treePermission;
        Assert.assertSame(TreeType.VERSION, abstractTreePermission.getType());
        Assert.assertSame(tree, abstractTreePermission.getTree());
    }

    @Test
    public void testGetTreePermissionFromNodeState() {
        Tree tree = getRootProvider().createReadOnlyRoot(this.root).getTree("/");
        TreePermission treePermission = this.permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
        NodeState asNodeState = getTreeProvider().asNodeState(tree);
        for (String str : PathUtils.elements("/jcr:system/jcr:versionStorage")) {
            asNodeState = asNodeState.getChildNode(str);
            treePermission = this.permissionProvider.getTreePermission(str, asNodeState, (AbstractTreePermission) treePermission);
            Assert.assertTrue(treePermission instanceof AbstractTreePermission);
        }
        Assert.assertSame(TreeType.VERSION, ((AbstractTreePermission) treePermission).getType());
    }

    @Test
    public void testIsGranted() throws Exception {
        Tree tree = this.root.getTree("/jcr:system/jcr:versionStorage");
        Assert.assertFalse(this.permissionProvider.isGranted(tree, (PropertyState) null, 1L));
        Assert.assertFalse(this.permissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(this.permissionProvider.isGranted(tree, (PropertyState) null, 1L));
        Assert.assertTrue(this.permissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
    }

    @Test
    public void testIsGrantedTreeLocation() throws Exception {
        TreeLocation create = TreeLocation.create(this.root, "/jcr:system/jcr:versionStorage");
        Assert.assertFalse(this.permissionProvider.isGranted(create, 1L));
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(this.permissionProvider.isGranted(create, 3L));
    }

    @Test
    public void testIsGrantedPropertyLocation() throws Exception {
        TreeLocation child = TreeLocation.create(this.root, "/jcr:system/jcr:versionStorage").getChild("jcr:primaryType");
        Assert.assertNotNull(child.getProperty());
        Assert.assertFalse(this.permissionProvider.isGranted(child, 2L));
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(this.permissionProvider.isGranted(child, 2L));
    }

    @Test
    public void testIsGrantedNonExistingLocation() throws Exception {
        TreeLocation create = TreeLocation.create(this.root, "/jcr:system/jcr:versionStorage/nonExisting");
        Assert.assertFalse(this.permissionProvider.isGranted(create, 1L));
        grantReadOnVersionStoreTrees();
        Assert.assertFalse(this.permissionProvider.isGranted(create, 1L));
    }

    @Test
    public void testIsGrantedByPath() throws Exception {
        Assert.assertFalse(this.permissionProvider.isGranted("/jcr:system/jcr:versionStorage", "read"));
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(this.permissionProvider.isGranted("/jcr:system/jcr:versionStorage", "read"));
    }

    @Test
    public void testIsGrantedByNonExistingPath() throws Exception {
        Assert.assertFalse(this.permissionProvider.isGranted("/jcr:system/jcr:versionStorage/nonExisting", "read"));
        grantReadOnVersionStoreTrees();
        Assert.assertFalse(this.permissionProvider.isGranted("/jcr:system/jcr:versionStorage/nonExisting", "read"));
    }

    @Test
    public void testGetPrivileges() throws Exception {
        Tree tree = this.root.getTree("/jcr:system/jcr:versionStorage");
        Assert.assertTrue(this.permissionProvider.getPrivileges(tree).isEmpty());
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(Iterables.elementsEqual(ImmutableSet.of("jcr:read"), this.permissionProvider.getPrivileges(tree)));
    }

    @Test
    public void testHasPrivileges() throws Exception {
        Tree tree = this.root.getTree("/jcr:system/jcr:versionStorage");
        Assert.assertFalse(this.permissionProvider.hasPrivileges(tree, new String[]{"rep:readNodes"}));
        grantReadOnVersionStoreTrees();
        Assert.assertTrue(this.permissionProvider.hasPrivileges(tree, new String[]{"rep:readNodes", "rep:readProperties"}));
    }
}
