package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.UUID;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/TransientPrincipalTest.class */
public class TransientPrincipalTest extends AbstractPrincipalBasedTest {
    private String uid = "testSystemUser" + UUID.randomUUID();
    private Principal principal;
    private PrincipalBasedAccessControlManager acMgr;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        this.principal = getUserManager(this.root).createSystemUser(this.uid, "system/test").getPrincipal();
        this.acMgr = new PrincipalBasedAccessControlManager(getMgrProvider(this.root), getFilterProvider());
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @After
    public void after() throws Exception {
        try {
            this.root.refresh();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(this.uid);
            if (authorizable != null) {
                authorizable.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("importBehavior", "besteffort"));
    }

    private PrincipalPolicyImpl getApplicable() throws Exception {
        return this.acMgr.getApplicablePolicies(this.principal)[0];
    }

    @Test
    public void testApplicablePolicies() throws Exception {
        PrincipalPolicyImpl[] applicablePolicies = this.acMgr.getApplicablePolicies(this.principal);
        Assert.assertEquals(1L, applicablePolicies.length);
        Assert.assertTrue(applicablePolicies[0] instanceof PrincipalPolicyImpl);
        Assert.assertEquals(this.principal.getName(), applicablePolicies[0].getPrincipal().getName());
    }

    @Test
    public void testTransientGetSetRemovePolicy() throws Exception {
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.principal).length);
        PrincipalPolicyImpl applicable = getApplicable();
        this.acMgr.setPolicy(applicable.getPath(), applicable);
        PrincipalPolicyImpl[] policies = this.acMgr.getPolicies(this.principal);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof PrincipalPolicyImpl);
        PrincipalPolicyImpl principalPolicyImpl = policies[0];
        Assert.assertTrue(principalPolicyImpl.isEmpty());
        principalPolicyImpl.addEntry(this.testContentJcrPath, privilegesFromNames("jcr:versionManagement"));
        this.acMgr.setPolicy(principalPolicyImpl.getPath(), principalPolicyImpl);
        PrincipalPolicyImpl[] policies2 = this.acMgr.getPolicies(this.principal);
        Assert.assertEquals(1L, policies2.length);
        Assert.assertTrue(policies2[0] instanceof PrincipalPolicyImpl);
        PrincipalPolicyImpl principalPolicyImpl2 = policies2[0];
        Assert.assertEquals(1L, principalPolicyImpl2.size());
        this.acMgr.removePolicy(principalPolicyImpl2.getPath(), principalPolicyImpl2);
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.principal).length);
    }

    @Test
    public void testGetSetRemovePolicy() throws Exception {
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.principal).length);
        PrincipalPolicyImpl applicable = getApplicable();
        this.acMgr.setPolicy(applicable.getPath(), applicable);
        this.root.commit();
        Assert.assertEquals(1L, this.acMgr.getPolicies(this.principal).length);
        this.acMgr.removePolicy(applicable.getPath(), applicable);
        this.root.commit();
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.principal).length);
    }

    @Test
    public void testGetEffectivePolicies() throws Exception {
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies(ImmutableSet.of(this.principal)).length);
        PrincipalPolicyImpl applicable = getApplicable();
        applicable.addEntry(this.testJcrPath, privilegesFromNames("jcr:write"));
        this.acMgr.setPolicy(applicable.getPath(), applicable);
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies(ImmutableSet.of(this.principal)).length);
    }

    @Test
    public void testGetEffectivePoliciesByPath() throws Exception {
        setupContentTrees("/oak:content/child/grandchild/oak:subtree");
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies(this.testJcrPath).length);
        PrincipalPolicyImpl applicable = getApplicable();
        applicable.addEntry(this.testJcrPath, privilegesFromNames("jcr:write"));
        this.acMgr.setPolicy(applicable.getPath(), applicable);
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies(this.testJcrPath).length);
    }

    @Test
    public void testGetPrivileges() throws Exception {
        setupContentTrees("/oak:content/child/grandchild/oak:subtree");
        Assert.assertEquals(0L, this.acMgr.getPrivileges(this.testJcrPath, ImmutableSet.of(this.principal)).length);
        PrincipalPolicyImpl applicable = getApplicable();
        applicable.addEntry(this.testJcrPath, privilegesFromNames("jcr:lockManagement"));
        this.acMgr.setPolicy(applicable.getPath(), applicable);
        Assert.assertEquals(0L, this.acMgr.getPrivileges(this.testJcrPath, ImmutableSet.of(this.principal)).length);
    }

    @Test
    public void testGetPermssionProvider() throws Exception {
        PrincipalBasedAuthorizationConfiguration principalBasedAuthorizationConfiguration = getPrincipalBasedAuthorizationConfiguration();
        Assert.assertSame(EmptyPermissionProvider.getInstance(), principalBasedAuthorizationConfiguration.getPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), ImmutableSet.of(this.principal)));
        Assert.assertSame(EmptyPermissionProvider.getInstance(), principalBasedAuthorizationConfiguration.getPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), ImmutableSet.of(((UserConfiguration) getConfig(UserConfiguration.class)).getUserManager(this.root, NamePathMapper.DEFAULT).getAuthorizable(this.uid).getPrincipal())));
    }
}
