package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import java.util.Iterator;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalBasedPermissionProviderTest.class */
public class PrincipalBasedPermissionProviderTest extends AbstractPrincipalBasedTest {
    private Principal testPrincipal;
    private PrincipalBasedPermissionProvider permissionProvider;
    private String contentPath;
    private String childPath;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        this.contentPath = PathUtils.getAncestorPath("/oak:content/child/grandchild/oak:subtree", 3);
        this.childPath = PathUtils.getAncestorPath("/oak:content/child/grandchild/oak:subtree", 2);
        this.testPrincipal = getTestSystemUser().getPrincipal();
        setupContentTrees("/oak:content/child/grandchild/oak:subtree");
        setupContentTrees("nt:folder", this.childPath + "/folder", "/oak:content/child/grandchild/oak:subtree/folder");
        addPrincipalBasedEntry(setupPrincipalBasedAccessControl(this.testPrincipal, getNamePathMapper().getJcrPath(this.childPath), "jcr:read", "jcr:removeChildNodes"), getNamePathMapper().getJcrPath("/oak:content/child/grandchild/oak:subtree"), "jcr:versionManagement");
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(this.testPrincipal, accessControlManager);
        principalPolicyImpl.addEntry(this.childPath, privilegesFromNames("jcr:removeNode"), ImmutableMap.of(), ImmutableMap.of("rep:ntNames", new Value[]{getValueFactory(this.root).createValue("nt:folder", 7)}));
        accessControlManager.setPolicy(principalPolicyImpl.getPath(), principalPolicyImpl);
        this.root.commit();
        this.permissionProvider = createPermissionProvider(this.root, getTestSystemUser().getPrincipal());
    }

    protected NamePathMapper getNamePathMapper() {
        return NamePathMapper.DEFAULT;
    }

    @Test
    public void testSupportedPrivileges() {
        for (PrivilegeBits privilegeBits : PrivilegeBits.BUILT_IN.values()) {
            Assert.assertEquals(privilegeBits, this.permissionProvider.supportedPrivileges((Tree) null, privilegeBits));
            Assert.assertEquals(privilegeBits, this.permissionProvider.supportedPrivileges((Tree) Mockito.mock(Tree.class), privilegeBits));
        }
    }

    @Test
    public void testSupportedPrivilegesAllBits() {
        PrivilegeBits bits = new PrivilegeBitsProvider(this.root).getBits(new String[]{"jcr:all"});
        Assert.assertEquals(bits, this.permissionProvider.supportedPrivileges((Tree) null, bits));
        Assert.assertEquals(bits, this.permissionProvider.supportedPrivileges((Tree) Mockito.mock(Tree.class), bits));
    }

    @Test
    public void testSupportedPrivilegesNullBits() {
        PrivilegeBits bits = new PrivilegeBitsProvider(this.root).getBits(new String[]{"jcr:all"});
        Assert.assertEquals(bits, this.permissionProvider.supportedPrivileges((Tree) null, (PrivilegeBits) null));
        Assert.assertEquals(bits, this.permissionProvider.supportedPrivileges((Tree) Mockito.mock(Tree.class), (PrivilegeBits) null));
    }

    @Test
    public void testSupportedPermissions() {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        PropertyState propertyState = (PropertyState) Mockito.mock(PropertyState.class);
        Iterator it = Permissions.aggregates(2097151L).iterator();
        while (it.hasNext()) {
            long longValue = ((Long) it.next()).longValue();
            Assert.assertEquals(longValue, this.permissionProvider.supportedPermissions(tree, propertyState, longValue));
            Assert.assertEquals(longValue, this.permissionProvider.supportedPermissions(tree, (PropertyState) null, longValue));
        }
        Assert.assertEquals(2097151L, this.permissionProvider.supportedPermissions(tree, propertyState, 2097151L));
        Assert.assertEquals(2097151L, this.permissionProvider.supportedPermissions(tree, (PropertyState) null, 2097151L));
    }

    @Test
    public void testSupportedPermissionsTreeLocation() {
        TreeLocation treeLocation = (TreeLocation) Mockito.mock(TreeLocation.class);
        Iterator it = Permissions.aggregates(2097151L).iterator();
        while (it.hasNext()) {
            long longValue = ((Long) it.next()).longValue();
            Assert.assertEquals(longValue, this.permissionProvider.supportedPermissions(treeLocation, longValue));
        }
        Assert.assertEquals(2097151L, this.permissionProvider.supportedPermissions(treeLocation, 2097151L));
    }

    @Test
    public void testSupportedPermissionsTreePermission() {
        TreePermission treePermission = (TreePermission) Mockito.mock(TreePermission.class);
        PropertyState propertyState = (PropertyState) Mockito.mock(PropertyState.class);
        Iterator it = Permissions.aggregates(2097151L).iterator();
        while (it.hasNext()) {
            long longValue = ((Long) it.next()).longValue();
            Assert.assertEquals(longValue, this.permissionProvider.supportedPermissions(treePermission, propertyState, longValue));
            Assert.assertEquals(longValue, this.permissionProvider.supportedPermissions(treePermission, (PropertyState) null, longValue));
        }
        Assert.assertEquals(2097151L, this.permissionProvider.supportedPermissions(treePermission, propertyState, 2097151L));
        Assert.assertEquals(2097151L, this.permissionProvider.supportedPermissions(treePermission, (PropertyState) null, 2097151L));
    }

    @Test
    public void testHasPrivileges() {
        Assert.assertTrue(this.permissionProvider.hasPrivileges(this.root.getTree(this.childPath), new String[]{"jcr:read"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(this.root.getTree(this.childPath), new String[]{"jcr:read", "jcr:removeNode"}));
        Assert.assertTrue(this.permissionProvider.hasPrivileges(this.root.getTree(this.childPath + "/folder"), new String[]{"jcr:read", "jcr:removeNode"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(this.root.getTree(this.childPath), new String[]{"jcr:read", "jcr:versionManagement"}));
        Assert.assertTrue(this.permissionProvider.hasPrivileges(this.root.getTree("/oak:content/child/grandchild/oak:subtree"), new String[]{"jcr:read", "jcr:versionManagement"}));
    }

    @Test
    public void testGetTreePermission() {
        Tree tree = this.root.getTree("/");
        AbstractTreePermission treePermission = this.permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
        Iterator it = PathUtils.elements("/oak:content/child/grandchild/oak:subtree").iterator();
        while (it.hasNext()) {
            tree = tree.getChild((String) it.next());
            treePermission = this.permissionProvider.getTreePermission(tree, treePermission);
            Assert.assertTrue(treePermission instanceof AbstractTreePermission);
            Assert.assertSame(TreeType.DEFAULT, treePermission.getType());
        }
    }

    @Test
    public void testIsGranted() {
        Tree tree = this.root.getTree(this.childPath);
        Assert.assertTrue(this.permissionProvider.isGranted(tree, (PropertyState) null, 1L));
        Assert.assertTrue(this.permissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
        Assert.assertFalse(this.permissionProvider.isGranted(tree, (PropertyState) null, 1025L));
        Tree tree2 = this.root.getTree("/oak:content/child/grandchild/oak:subtree");
        Assert.assertTrue(this.permissionProvider.isGranted(tree2, (PropertyState) null, 1025L));
        Assert.assertTrue(this.permissionProvider.isGranted(tree2, tree2.getProperty("jcr:primaryType"), 1026L));
    }

    @Test
    public void testIsGrantedNonExistingTree() {
        Tree child = this.root.getTree("/oak:content/child/grandchild/oak:subtree").getChild("nonExisting");
        Assert.assertTrue(this.permissionProvider.isGranted(child, (PropertyState) null, 3L));
        Assert.assertTrue(this.permissionProvider.isGranted(child, PropertyStates.createProperty("propName", "value"), 3L));
    }

    @Test
    public void testIsGrantedWithRestriction() {
        Assert.assertFalse(this.permissionProvider.isGranted(this.root.getTree("/oak:content/child/grandchild/oak:subtree"), (PropertyState) null, 64L));
        Assert.assertFalse(this.permissionProvider.isGranted(this.root.getTree(this.childPath), (PropertyState) null, 64L));
        Assert.assertTrue(this.permissionProvider.isGranted(this.root.getTree("/oak:content/child/grandchild/oak:subtree/folder"), (PropertyState) null, 64L));
        Assert.assertTrue(this.permissionProvider.isGranted(this.root.getTree(this.childPath + "/folder"), (PropertyState) null, 64L));
    }

    @Test
    public void testIsGrantedTreeLocation() {
        Assert.assertFalse(this.permissionProvider.isGranted(TreeLocation.create(this.root, "/oak:content/child/grandchild/oak:subtree"), 67L));
    }

    @Test
    public void testIsGrantedNonExistingTreeLocation() {
        TreeLocation create = TreeLocation.create(this.root, this.childPath + "/nonExisting");
        Assert.assertTrue(this.permissionProvider.isGranted(create, 3L));
        Assert.assertFalse(this.permissionProvider.isGranted(create, 64L));
    }

    @Test
    public void testIsGrantedNonExistingParentTreeLocation() {
        TreeLocation create = TreeLocation.create(this.root, this.childPath + "/nonExistingParent/nonExisting");
        Assert.assertTrue(this.permissionProvider.isGranted(create, 3L));
        Assert.assertFalse(this.permissionProvider.isGranted(create, 64L));
    }

    @Test
    public void testIsGrantedAccessControlTreeLocation() throws Exception {
        Assert.assertFalse(this.permissionProvider.isGranted(TreeLocation.create(this.root, PathUtils.concat(getTestSystemUser().getPath(), "rep:principalPolicy")), 3L));
    }
}
