package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ReadablePathsPermissionTest.class */
public class ReadablePathsPermissionTest extends AbstractPrincipalBasedTest {
    private Iterator<String> readablePaths;
    private Iterator<String> readableChildPaths;
    private PrincipalBasedPermissionProvider permissionProvider;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        Set set = (Set) ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getParameters().getConfigValue("readPaths", PermissionConstants.DEFAULT_READ_PATHS);
        Assert.assertFalse(set.isEmpty());
        this.readablePaths = Iterators.cycle(set);
        HashSet newHashSet = Sets.newHashSet();
        Iterator it = set.iterator();
        while (it.hasNext()) {
            Iterables.addAll(newHashSet, Iterables.transform(this.root.getTree((String) it.next()).getChildren(), (v0) -> {
                return v0.getPath();
            }));
        }
        this.readableChildPaths = Iterators.cycle(newHashSet);
        this.permissionProvider = new PrincipalBasedPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), Collections.singleton(getTestSystemUser().getPath()), getPrincipalBasedAuthorizationConfiguration());
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("readPaths", new String[]{"/jcr:system/rep:namespaces", "/jcr:system/rep:privileges"}));
    }

    @NotNull
    private Tree getTree(@NotNull String str) {
        return this.root.getTree(str);
    }

    @Test
    public void testHasPrivileges() {
        Assert.assertTrue(this.permissionProvider.hasPrivileges(getTree(this.readablePaths.next()), new String[]{"jcr:read"}));
        Assert.assertTrue(this.permissionProvider.hasPrivileges(getTree(this.readablePaths.next()), new String[]{"rep:readProperties"}));
        Assert.assertTrue(this.permissionProvider.hasPrivileges(getTree(this.readableChildPaths.next()), new String[]{"rep:readNodes"}));
        Assert.assertTrue(this.permissionProvider.hasPrivileges(getTree(this.readableChildPaths.next()), new String[]{"rep:readNodes", "rep:readProperties"}));
    }

    @Test
    public void testNotHasPrivileges() {
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree(this.readablePaths.next()), new String[]{"jcr:read", "jcr:readAccessControl"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree(this.readablePaths.next()), new String[]{"jcr:write"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree(this.readableChildPaths.next()), new String[]{"jcr:modifyAccessControl", "rep:readProperties"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree(this.readableChildPaths.next()), new String[]{"rep:readNodes", "jcr:removeNode"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree("/"), new String[]{"jcr:read"}));
        Assert.assertFalse(this.permissionProvider.hasPrivileges(getTree(PathUtils.concat("/", "jcr:system")), new String[]{"rep:readNodes"}));
    }

    @Test
    public void testGetPrivileges() {
        Set singleton = Collections.singleton("jcr:read");
        Assert.assertEquals(singleton, this.permissionProvider.getPrivileges(getTree(this.readablePaths.next())));
        Assert.assertEquals(singleton, this.permissionProvider.getPrivileges(getTree(this.readableChildPaths.next())));
        Assert.assertTrue(this.permissionProvider.getPrivileges(getTree("/")).isEmpty());
        Assert.assertTrue(this.permissionProvider.getPrivileges(getTree(PathUtils.concat("/", "jcr:system"))).isEmpty());
    }

    @Test
    public void testIsGrantedPath() {
        Assert.assertTrue(this.permissionProvider.isGranted(this.readablePaths.next(), Permissions.getString(3L)));
        Assert.assertTrue(this.permissionProvider.isGranted(this.readablePaths.next(), Permissions.getString(3L)));
        Assert.assertTrue(this.permissionProvider.isGranted(this.readableChildPaths.next(), Permissions.getString(1L)));
        Assert.assertTrue(this.permissionProvider.isGranted(PathUtils.concat(this.readableChildPaths.next(), "jcr:primaryType"), Permissions.getString(2L)));
        Assert.assertTrue(this.permissionProvider.isGranted(PathUtils.concat(this.readableChildPaths.next(), "nonExisting"), Permissions.getString(3L)));
    }

    @Test
    public void testNotIsGrantedPath() {
        Assert.assertFalse(this.permissionProvider.isGranted(this.readablePaths.next(), Permissions.getString(1027L)));
        Assert.assertFalse(this.permissionProvider.isGranted(this.readablePaths.next(), Permissions.getString(129L)));
        Assert.assertFalse(this.permissionProvider.isGranted(this.readableChildPaths.next(), Permissions.getString(2097151L)));
        Assert.assertFalse(this.permissionProvider.isGranted("/", Permissions.getString(3L)));
        Assert.assertFalse(this.permissionProvider.isGranted(PathUtils.concat("/", "jcr:system"), Permissions.getString(1L)));
        Assert.assertFalse(this.permissionProvider.isGranted("/nonExistingContent", Permissions.getString(2L)));
    }

    @Test
    public void testIsGrantedTree() {
        Assert.assertTrue(this.permissionProvider.isGranted(getTree(this.readablePaths.next()), (PropertyState) null, 3L));
        Assert.assertTrue(this.permissionProvider.isGranted(getTree(this.readablePaths.next()), (PropertyState) null, 1L));
        Tree tree = getTree(this.readablePaths.next());
        Assert.assertTrue(this.permissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
        Assert.assertTrue(this.permissionProvider.isGranted(getTree(this.readableChildPaths.next()), (PropertyState) null, 3L));
        Assert.assertTrue(this.permissionProvider.isGranted(getTree(this.readableChildPaths.next()), (PropertyState) null, 1L));
        Tree tree2 = getTree(this.readableChildPaths.next());
        Assert.assertTrue(this.permissionProvider.isGranted(tree2, tree2.getProperty("jcr:primaryType"), 2L));
    }

    @Test
    public void testNotIsGrantedTree() {
        Assert.assertFalse(this.permissionProvider.isGranted(getTree(this.readablePaths.next()), (PropertyState) null, 131L));
        Assert.assertFalse(this.permissionProvider.isGranted(getTree(this.readablePaths.next()), (PropertyState) null, 32L));
        Tree tree = getTree(this.readableChildPaths.next());
        Assert.assertFalse(this.permissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 10L));
        Tree tree2 = getTree("/");
        Assert.assertFalse(this.permissionProvider.isGranted(tree2, (PropertyState) null, 3L));
        Assert.assertFalse(this.permissionProvider.isGranted(tree2, tree2.getProperty("jcr:primaryType"), 2L));
        Assert.assertFalse(this.permissionProvider.isGranted((Tree) tree2.getChildren().iterator().next(), (PropertyState) null, 1L));
    }

    @Test
    public void testIsGrantedLocation() {
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readablePaths.next()), 3L));
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readableChildPaths.next()), 1L));
        Assert.assertTrue(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readableChildPaths.next()).getChild("jcr:primaryType"), 2L));
    }

    @Test
    public void testNotIsGrantedLocation() {
        Assert.assertFalse(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readablePaths.next()), 127L));
        Assert.assertFalse(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readableChildPaths.next()), 2097151L));
        Assert.assertFalse(this.permissionProvider.isGranted(TreeLocation.create(this.root, this.readableChildPaths.next()).getChild("jcr:primaryType"), 10L));
        TreeLocation create = TreeLocation.create(this.root);
        Assert.assertFalse(this.permissionProvider.isGranted(create, 3L));
        Assert.assertFalse(this.permissionProvider.isGranted(create.getChild("jcr:system"), 1L));
        Assert.assertFalse(this.permissionProvider.isGranted(create.getChild("jcr:primaryType"), 2L));
    }

    @Test
    public void testTreePermission() {
        Tree tree = getTree("/");
        TreePermission treePermission = this.permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
        Assert.assertFalse(treePermission.isGranted(3L));
        Assert.assertFalse(treePermission.canRead());
        Assert.assertFalse(treePermission.canRead(tree.getProperty("jcr:primaryType")));
        TreePermission treePermission2 = this.permissionProvider.getTreePermission(tree.getChild("jcr:system"), treePermission);
        Assert.assertFalse(treePermission2.isGranted(1L));
        Assert.assertFalse(treePermission2.canReadProperties());
        Assert.assertFalse(treePermission2.canReadAll());
        Tree tree2 = this.root.getTree(this.readablePaths.next());
        TreePermission treePermission3 = this.permissionProvider.getTreePermission(tree2, treePermission2);
        Assert.assertTrue(treePermission3.isGranted(3L));
        Assert.assertFalse(treePermission3.isGranted(128L));
        Assert.assertTrue(treePermission3.canRead());
        Assert.assertTrue(treePermission3.canRead(tree2.getProperty("jcr:primaryType")));
        Assert.assertFalse(treePermission3.canReadProperties());
        Tree tree3 = (Tree) tree2.getChildren().iterator().next();
        TreePermission treePermission4 = this.permissionProvider.getTreePermission(tree3, treePermission3);
        Assert.assertTrue(treePermission4.isGranted(1L));
        Assert.assertTrue(treePermission4.isGranted(2L, tree3.getProperty("jcr:primaryType")));
        Assert.assertFalse(treePermission4.isGranted(10L, tree3.getProperty("jcr:primaryType")));
        Assert.assertTrue(treePermission4.canRead());
        Assert.assertFalse(treePermission4.canReadAll());
    }

    @Test
    public void testRepositoryPermission() {
        Assert.assertFalse(this.permissionProvider.getRepositoryPermission().isGranted(3L));
    }
}
