package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.ValueFormatException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrivilegeCollection;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.guava.common.base.Strings;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterables;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.PrincipalPolicyImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinitionImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/PrincipalPolicyImplTest.class */
public class PrincipalPolicyImplTest extends AbstractPrincipalBasedTest {
    private static final String TEST_OAK_PATH = "/oak:test";
    private static final String POLICY_OAK_PATH = SUPPORTED_PATH + "/oak:testPath";
    private Principal principal;
    private String testJcrPath;
    private String policyJcrPath;
    private PrincipalPolicyImpl emptyPolicy;
    private PrincipalPolicyImpl policy;
    private PrivilegeBitsProvider privilegeBitsProvider;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        this.testJcrPath = getNamePathMapper().getJcrPath(TEST_OAK_PATH);
        this.policyJcrPath = getNamePathMapper().getJcrPath(POLICY_OAK_PATH);
        this.principal = new PrincipalImpl("principalName");
        this.emptyPolicy = createPolicy(POLICY_OAK_PATH);
        this.policy = createPolicy(POLICY_OAK_PATH);
        this.policy.addEntry(this.testJcrPath, privilegesFromNames("jcr:nodeTypeManagement", "rep:write"));
        this.policy.addEntry((String) null, privilegesFromNames("jcr:nodeTypeDefinitionManagement"));
        this.privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
    }

    private PrincipalPolicyImpl createPolicy(@NotNull String str) {
        return new PrincipalPolicyImpl(this.principal, str, getMgrProvider(this.root));
    }

    private Tree createEntryTree(@NotNull PrincipalPolicyImpl.EntryImpl entryImpl) {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree.getProperty("rep:effectivePath")).thenReturn(PropertyStates.createProperty("rep:effectivePath", Strings.nullToEmpty(entryImpl.getOakPath())));
        Mockito.when(tree.getProperty("rep:privileges")).thenReturn(PropertyStates.createProperty("rep:privileges", this.privilegeBitsProvider.getPrivilegeNames(entryImpl.getPrivilegeBits()), Type.NAMES));
        Iterable transform = Iterables.transform(entryImpl.getRestrictions(), (v0) -> {
            return v0.getProperty();
        });
        Tree tree2 = (Tree) Mockito.mock(Tree.class);
        if (transform.iterator().hasNext()) {
            Mockito.when(Boolean.valueOf(tree2.exists())).thenReturn(true);
            Mockito.when(tree2.getProperties()).thenReturn(transform);
            Mockito.when(Boolean.valueOf(tree.hasChild("rep:restrictions"))).thenReturn(true);
            Mockito.when(tree.getChild("rep:restrictions")).thenReturn(tree2);
        } else {
            Mockito.when(Boolean.valueOf(tree2.exists())).thenReturn(false);
            Mockito.when(Boolean.valueOf(tree.hasChild("rep:restrictions"))).thenReturn(false);
            Mockito.when(tree.getChild("rep:restrictions")).thenReturn(tree2);
        }
        return tree;
    }

    private Tree createEntryTree(@NotNull String str, @NotNull String... strArr) {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree.getProperty("rep:effectivePath")).thenReturn(PropertyStates.createProperty("rep:effectivePath", str));
        Mockito.when(tree.getProperty("rep:privileges")).thenReturn(PropertyStates.createProperty("rep:privileges", ImmutableList.copyOf(strArr), Type.NAMES));
        Mockito.when(tree.getChild("rep:restrictions")).thenReturn((Tree) Mockito.when(((Tree) Mockito.mock(Tree.class)).getProperties()).thenReturn(Collections.emptySet()).getMock());
        return tree;
    }

    private Map<String, Value> createGlobRestriction(@NotNull String str) {
        return ImmutableMap.of(getJcrName("rep:glob"), getValueFactory(this.root).createValue(str));
    }

    private Map<String, Value> createRestrictions(@NotNull String str, @NotNull String str2) {
        return ImmutableMap.of(getJcrName(str), getValueFactory(this.root).createValue(str2));
    }

    private Map<String, Value[]> createMvRestrictions(@NotNull String str, int i, @NotNull String... strArr) throws ValueFormatException {
        ValueFactory valueFactory = getValueFactory(this.root);
        Value[] valueArr = new Value[strArr.length];
        for (int i2 = 0; i2 < strArr.length; i2++) {
            valueArr[i2] = valueFactory.createValue(strArr[i2], i);
        }
        return ImmutableMap.of(getJcrName(str), valueArr);
    }

    private String getJcrName(@NotNull String str) {
        return getNamePathMapper().getJcrName(str);
    }

    @Test
    public void testGetInitialSize() {
        Assert.assertEquals(0L, this.emptyPolicy.size());
    }

    @Test
    public void testGetSize() {
        Assert.assertEquals(this.policy.getEntries().size(), this.policy.size());
    }

    @Test
    public void testInitiallyIsEmpty() {
        Assert.assertTrue(this.emptyPolicy.isEmpty());
    }

    @Test
    public void testIsEmpty() {
        Assert.assertEquals(Boolean.valueOf(this.policy.getEntries().isEmpty()), Boolean.valueOf(this.policy.isEmpty()));
    }

    @Test
    public void testGetPath() {
        Assert.assertEquals(this.policyJcrPath, this.policy.getPath());
    }

    @Test
    public void testGetOakPath() {
        Assert.assertEquals(POLICY_OAK_PATH, this.policy.getOakPath());
    }

    @Test
    public void testGetNamePathMapper() {
        Assert.assertSame(getMgrProvider(this.root).getNamePathMapper(), this.policy.getNamePathMapper());
    }

    @Test
    public void testGetPrincipal() {
        Assert.assertSame(this.principal, this.policy.getPrincipal());
    }

    @Test
    public void testAddEntry() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes")));
        Assert.assertEquals(1L, this.emptyPolicy.size());
    }

    @Test
    public void testAddEntryTwice() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes")));
        Assert.assertFalse(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes")));
        Assert.assertEquals(1L, this.emptyPolicy.getEntries().size());
    }

    @Test
    public void testAddEntriesForSamePath() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes")));
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:removeChildNodes", "jcr:removeNode")));
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(2L, entries.size());
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
        Assert.assertEquals(this.testJcrPath, ((PrincipalPolicyImpl.EntryImpl) entries.get(0)).getEffectivePath());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:addChildNodes"}), ((PrincipalPolicyImpl.EntryImpl) entries.get(0)).getPrivilegeBits());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:removeChildNodes", "jcr:removeNode"}), ((PrincipalPolicyImpl.EntryImpl) entries.get(1)).getPrivilegeBits());
    }

    @Test
    public void testAddEntriesWithRestrictionsForSamePath() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes")));
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:removeChildNodes"), ImmutableMap.of(), createMvRestrictions("rep:itemNames", 7, "removable")));
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(2L, entries.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) entries.get(0);
        Assert.assertEquals(this.testJcrPath, entryImpl.getEffectivePath());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:addChildNodes"}), entryImpl.getPrivilegeBits());
        Assert.assertTrue(entryImpl.getRestrictions().isEmpty());
        PrincipalPolicyImpl.EntryImpl entryImpl2 = (PrincipalPolicyImpl.EntryImpl) entries.get(1);
        Assert.assertEquals(this.testJcrPath, entryImpl2.getEffectivePath());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:removeChildNodes"}), entryImpl2.getPrivilegeBits());
        Assert.assertEquals(1L, entryImpl2.getRestrictions().size());
        Assert.assertEquals("rep:itemNames", ((Restriction) entryImpl2.getRestrictions().iterator().next()).getDefinition().getName());
    }

    @Test
    public void testAddEntriesWithMultipleRestrictionsForSamePath() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:addChildNodes"), createGlobRestriction("/any*/glob"), ImmutableMap.of()));
        Assert.assertTrue(this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:removeChildNodes"), ImmutableMap.of(), createMvRestrictions("rep:itemNames", 7, "removable")));
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(2L, entries.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) entries.get(0);
        Assert.assertEquals(this.testJcrPath, entryImpl.getEffectivePath());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:addChildNodes"}), entryImpl.getPrivilegeBits());
        Assert.assertEquals(1L, entryImpl.getRestrictions().size());
        Assert.assertEquals("rep:glob", ((Restriction) entryImpl.getRestrictions().iterator().next()).getDefinition().getName());
        PrincipalPolicyImpl.EntryImpl entryImpl2 = (PrincipalPolicyImpl.EntryImpl) entries.get(1);
        Assert.assertEquals(this.testJcrPath, entryImpl2.getEffectivePath());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:removeChildNodes"}), entryImpl2.getPrivilegeBits());
        Assert.assertEquals(privilegeBitsProvider.getBits(new String[]{"jcr:removeChildNodes"}), entryImpl2.getPrivilegeBits());
        Assert.assertEquals(1L, entryImpl2.getRestrictions().size());
        Assert.assertEquals("rep:itemNames", ((Restriction) entryImpl2.getRestrictions().iterator().next()).getDefinition().getName());
    }

    @Test
    public void testAddEntryWithRestrictions() throws Exception {
        Map<String, Value[]> createMvRestrictions = createMvRestrictions("rep:itemNames", 7, getNamePathMapper().getJcrName("oak:test"), "abc");
        int size = this.policy.getEntries().size() + 1;
        Assert.assertTrue(this.policy.addEntry(this.testJcrPath, privilegesFromNames("jcr:write"), Collections.emptyMap(), createMvRestrictions));
        Assert.assertEquals(size, this.policy.size());
    }

    @Test
    public void testAddEntryWithRestrictionsTwice() throws Exception {
        Map<String, Value> createGlobRestriction = createGlobRestriction("*/some*glob");
        Assert.assertTrue(this.policy.addEntry(this.testJcrPath, privilegesFromNames("jcr:readAccessControl", "jcr:modifyAccessControl"), createGlobRestriction, Collections.emptyMap()));
        Assert.assertFalse(this.policy.addEntry(this.testJcrPath, privilegesFromNames("jcr:readAccessControl", "jcr:modifyAccessControl"), createGlobRestriction, Collections.emptyMap()));
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryMissingMandatoryRestriction() throws Exception {
        RestrictionProvider restrictionProvider = (RestrictionProvider) Mockito.mock(RestrictionProvider.class);
        Mockito.when(restrictionProvider.getSupportedRestrictions(ArgumentMatchers.anyString())).thenReturn(ImmutableSet.of(new RestrictionDefinitionImpl("oak:mandatory", Type.LONG, true)));
        MgrProvider mgrProvider = (MgrProvider) Mockito.when(((MgrProvider) Mockito.mock(MgrProvider.class)).getRestrictionProvider()).thenReturn(restrictionProvider).getMock();
        Mockito.when(mgrProvider.getNamePathMapper()).thenReturn(getNamePathMapper());
        new PrincipalPolicyImpl(this.principal, POLICY_OAK_PATH, mgrProvider).addEntry(this.testJcrPath, privilegesFromNames("jcr:versionManagement"), ImmutableMap.of(), ImmutableMap.of(this.namePathMapper.getJcrName("oak:mandatory"), new Value[]{getValueFactory(this.root).createValue(1L)}));
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryMissingMandatoryMVRestriction() throws Exception {
        RestrictionProvider restrictionProvider = (RestrictionProvider) Mockito.mock(RestrictionProvider.class);
        Mockito.when(restrictionProvider.getSupportedRestrictions(ArgumentMatchers.anyString())).thenReturn(ImmutableSet.of(new RestrictionDefinitionImpl("oak:mandatory", Type.LONGS, true)));
        MgrProvider mgrProvider = (MgrProvider) Mockito.when(((MgrProvider) Mockito.mock(MgrProvider.class)).getRestrictionProvider()).thenReturn(restrictionProvider).getMock();
        Mockito.when(mgrProvider.getNamePathMapper()).thenReturn(getNamePathMapper());
        new PrincipalPolicyImpl(this.principal, POLICY_OAK_PATH, mgrProvider).addEntry(this.testJcrPath, privilegesFromNames("jcr:versionManagement"), ImmutableMap.of(this.namePathMapper.getJcrName("oak:mandatory"), getValueFactory(this.root).createValue(1L)), ImmutableMap.of());
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryMandatoryRestrictionWithOakName() throws Exception {
        MgrProvider mgrProvider = (MgrProvider) Mockito.when(((MgrProvider) Mockito.mock(MgrProvider.class)).getRestrictionProvider()).thenReturn((RestrictionProvider) Mockito.when(((RestrictionProvider) Mockito.mock(RestrictionProvider.class)).getSupportedRestrictions(ArgumentMatchers.anyString())).thenReturn(ImmutableSet.of(new RestrictionDefinitionImpl("oak:mandatory", Type.LONG, true))).getMock()).getMock();
        Mockito.when(mgrProvider.getNamePathMapper()).thenReturn(getNamePathMapper());
        new PrincipalPolicyImpl(this.principal, POLICY_OAK_PATH, mgrProvider).addEntry(this.testJcrPath, privilegesFromNames("jcr:versionManagement"), ImmutableMap.of("oak:mandatory", getValueFactory(this.root).createValue(1L)), ImmutableMap.of());
    }

    @Test
    public void testAddEntryMandatoryRestriction() throws Exception {
        RestrictionDefinitionImpl restrictionDefinitionImpl = new RestrictionDefinitionImpl("mandatory", Type.LONG, true);
        Restriction restriction = (Restriction) Mockito.mock(Restriction.class);
        RestrictionProvider restrictionProvider = (RestrictionProvider) Mockito.mock(RestrictionProvider.class);
        Mockito.when(restrictionProvider.getSupportedRestrictions(ArgumentMatchers.anyString())).thenReturn(ImmutableSet.of(restrictionDefinitionImpl));
        Mockito.when(restrictionProvider.createRestriction(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Value) ArgumentMatchers.any(Value.class))).thenReturn(restriction);
        MgrProvider mgrProvider = (MgrProvider) Mockito.when(((MgrProvider) Mockito.mock(MgrProvider.class)).getRestrictionProvider()).thenReturn(restrictionProvider).getMock();
        Mockito.when(mgrProvider.getNamePathMapper()).thenReturn(getNamePathMapper());
        Mockito.when(mgrProvider.getPrivilegeManager()).thenReturn(getPrivilegeManager(this.root));
        Mockito.when(mgrProvider.getPrivilegeBitsProvider()).thenReturn(new PrivilegeBitsProvider(this.root));
        PrincipalPolicyImpl principalPolicyImpl = new PrincipalPolicyImpl(this.principal, POLICY_OAK_PATH, mgrProvider);
        principalPolicyImpl.addEntry(this.testJcrPath, privilegesFromNames("jcr:versionManagement"), ImmutableMap.of("mandatory", getValueFactory(this.root).createValue(1L)), ImmutableMap.of());
        Assert.assertTrue(((PrincipalPolicyImpl.EntryImpl) principalPolicyImpl.getEntries().get(0)).getRestrictions().contains(restriction));
    }

    @Test
    public void testAddEntryForRepositoryLevel() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry((String) null, privilegesFromNames("jcr:workspaceManagement")));
        Assert.assertEquals(1L, this.emptyPolicy.getEntries().size());
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryWithRelativePath() throws Exception {
        this.emptyPolicy.addEntry("relative/path", privilegesFromNames("jcr:addChildNodes"));
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryWithEmptyPath() throws Exception {
        this.emptyPolicy.addEntry("", privilegesFromNames("jcr:removeNode"));
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryEmptyPrivileges() throws Exception {
        this.policy.addEntry(this.testJcrPath, new Privilege[0]);
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryUnknownPrivilege() throws Exception {
        this.policy.addEntry(this.testJcrPath, new Privilege[]{(Privilege) Mockito.when(((Privilege) Mockito.mock(Privilege.class)).getName()).thenReturn("unknown").getMock()});
    }

    @Test(expected = AccessControlException.class)
    public void testAddEntryAbstractPrivilege() throws Exception {
        Privilege privilege = (Privilege) Mockito.when(Boolean.valueOf(((Privilege) Mockito.mock(Privilege.class)).isAbstract())).thenReturn(true).getMock();
        Mockito.when(privilege.getName()).thenReturn("abstract");
        MgrProvider mgrProvider = (MgrProvider) Mockito.when(((MgrProvider) Mockito.mock(MgrProvider.class)).getPrivilegeManager()).thenReturn((PrivilegeManager) Mockito.when(((PrivilegeManager) Mockito.mock(PrivilegeManager.class)).getPrivilege("abstract")).thenReturn(privilege).getMock()).getMock();
        Mockito.when(mgrProvider.getNamePathMapper()).thenReturn(getNamePathMapper());
        Mockito.when(mgrProvider.getRestrictionProvider()).thenReturn(RestrictionProvider.EMPTY);
        new PrincipalPolicyImpl(this.principal, POLICY_OAK_PATH, mgrProvider).addEntry(this.testJcrPath, new Privilege[]{privilege});
    }

    @Test(expected = AccessControlException.class)
    public void testAddAccessControlEntryDifferentPrincipal() throws Exception {
        this.policy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames("jcr:all"), true, (Map) null, Collections.emptyMap());
    }

    @Test(expected = AccessControlException.class)
    public void testAddDenyingAccessControlEntry() throws Exception {
        this.policy.addEntry(this.principal, privilegesFromNames("rep:readNodes"), false, Collections.emptyMap(), (Map) null);
    }

    @Test(expected = AccessControlException.class)
    public void testAddAccessControlEntryMissingNodePath() throws Exception {
        this.policy.addEntry(this.principal, privilegesFromNames("rep:userManagement"), true, Collections.emptyMap(), Collections.singletonMap("rep:ntNames", new Value[]{getValueFactory(this.root).createValue("rep:system")}));
    }

    @Test(expected = AccessControlException.class)
    public void testAddAccessControlEntryMissingNodePath2() throws Exception {
        this.policy.addEntry(this.principal, privilegesFromNames("rep:write"), true, (Map) null, (Map) null);
    }

    @Test
    public void testAddAccessControlEntryWithEmptyNodePathRestriction() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.principal, privilegesFromNames("rep:addProperties"), true, createRestrictions("rep:nodePath", ""), (Map) null));
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(1L, entries.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) entries.get(0);
        Assert.assertNull(entryImpl.getOakPath());
        Assert.assertNull(entryImpl.getRestrictions(getJcrName("rep:nodePath")));
    }

    @Test
    public void testAddAccessControlEntryWithNodePathRestriction() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(this.principal, privilegesFromNames("rep:addProperties"), true, createRestrictions("rep:nodePath", this.testJcrPath), createMvRestrictions("rep:itemNames", 7, "itemName")));
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(1L, entries.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) entries.get(0);
        Assert.assertEquals(TEST_OAK_PATH, entryImpl.getOakPath());
        Assert.assertNull(entryImpl.getRestrictions(getJcrName("rep:nodePath")));
    }

    @Test
    public void testAddAccessControlEntryWithRestrictions() throws Exception {
        ValueFactory valueFactory = getValueFactory(this.root);
        Assert.assertTrue(this.emptyPolicy.addEntry(this.principal, privilegesFromNames("rep:userManagement"), true, ImmutableMap.of(getJcrName("rep:nodePath"), valueFactory.createValue(this.testJcrPath), getJcrName("rep:glob"), valueFactory.createValue("string")), (Map) null));
        List entries = this.emptyPolicy.getEntries();
        Assert.assertEquals(1L, entries.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) entries.get(0);
        Assert.assertEquals(TEST_OAK_PATH, entryImpl.getOakPath());
        Assert.assertNull(entryImpl.getRestrictions(getJcrName("rep:nodePath")));
        Assert.assertNotNull(entryImpl.getRestrictions(getJcrName("rep:glob")));
    }

    @Test
    public void addEntryTree() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(createEntryTree(TEST_OAK_PATH, "jcr:read", "jcr:write"), Collections.emptyList()));
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) this.emptyPolicy.getEntries().get(0);
        Assert.assertEquals(this.testJcrPath, entryImpl.getEffectivePath());
        Assert.assertEquals(TEST_OAK_PATH, entryImpl.getOakPath());
        Assert.assertEquals(this.privilegeBitsProvider.getBits(new String[]{"jcr:read", "jcr:write"}), entryImpl.getPrivilegeBits());
    }

    @Test
    public void addEntryTreeRepositoryLevel() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(createEntryTree("", "jcr:read", "jcr:write"), Collections.emptyList()));
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) this.emptyPolicy.getEntries().get(0);
        Assert.assertNull(entryImpl.getEffectivePath());
        Assert.assertNull(entryImpl.getOakPath());
    }

    @Test
    public void addEntryTreeJcrAll() throws Exception {
        Assert.assertTrue(this.emptyPolicy.addEntry(createEntryTree(TEST_OAK_PATH, "jcr:all"), Collections.emptyList()));
        Assert.assertArrayEquals(privilegesFromNames("jcr:all"), ((PrincipalPolicyImpl.EntryImpl) this.emptyPolicy.getEntries().get(0)).getPrivileges());
    }

    @Test
    public void addEntryTreeExistingEntry() throws Exception {
        Assert.assertFalse(this.policy.addEntry(createEntryTree((PrincipalPolicyImpl.EntryImpl) this.policy.getEntries().get(0)), Collections.emptyList()));
    }

    @Test
    public void addEntryTreeNullPathWithFilter() throws Exception {
        Tree createEntryTree = createEntryTree("", "jcr:all");
        Assert.assertTrue(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(null)));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/not/matching/path")));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/")));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(TEST_OAK_PATH)));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/oak:test/subtree")));
    }

    @Test
    public void addEntryTreeWithFilter() throws Exception {
        Tree createEntryTree = createEntryTree(TEST_OAK_PATH, "jcr:all");
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(null)));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/not/matching/path")));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/")));
        Assert.assertTrue(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(TEST_OAK_PATH)));
        Assert.assertTrue(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/oak:test/subtree")));
    }

    @Test
    public void addEntryTreeWithPathFilterAndRestrictions() throws Exception {
        PrincipalPolicyImpl createPolicy = createPolicy(POLICY_OAK_PATH);
        createPolicy.addEntry(this.testJcrPath, privilegesFromNames("jcr:read"), Collections.emptyMap(), Collections.singletonMap(getJcrName("rep:subtrees"), new Value[]{getValueFactory(this.root).createValue("child")}));
        Tree createEntryTree = createEntryTree((PrincipalPolicyImpl.EntryImpl) createPolicy.getEntries().get(0));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(null)));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/not/matching/path")));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/")));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList(TEST_OAK_PATH)));
        Assert.assertFalse(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/oak:test/subtree")));
        Assert.assertTrue(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/oak:test/child")));
        Assert.assertTrue(createPolicy(POLICY_OAK_PATH).addEntry(createEntryTree, Collections.singletonList("/oak:test/child/subtree")));
    }

    @Test
    public void testRemoveEntry() throws Exception {
        for (AccessControlEntry accessControlEntry : this.policy.getAccessControlEntries()) {
            Assert.assertFalse(this.policy.isEmpty());
            this.policy.removeAccessControlEntry(accessControlEntry);
        }
        Assert.assertTrue(this.policy.isEmpty());
    }

    @Test(expected = AccessControlException.class)
    public void testRemoveEntryTwice() throws Exception {
        AccessControlEntry accessControlEntry = this.policy.getAccessControlEntries()[0];
        this.policy.removeAccessControlEntry(accessControlEntry);
        this.policy.removeAccessControlEntry(accessControlEntry);
    }

    @Test(expected = AccessControlException.class)
    public void testRemoveEntryInvalidEntry() throws Exception {
        this.policy.removeAccessControlEntry(invalidEntry((PrincipalAccessControlList.Entry) this.policy.getEntries().get(0)));
    }

    @Test
    public void testOrderBefore() throws Exception {
        AccessControlEntry accessControlEntry = (PrincipalAccessControlList.Entry) this.policy.getEntries().get(0);
        AccessControlEntry accessControlEntry2 = (PrincipalAccessControlList.Entry) this.policy.getEntries().get(1);
        this.policy.orderBefore(accessControlEntry2, accessControlEntry);
        Assert.assertArrayEquals(new AccessControlEntry[]{accessControlEntry2, accessControlEntry}, this.policy.getAccessControlEntries());
    }

    @Test
    public void testOrderBeforeDestNull() throws Exception {
        PrincipalAccessControlList.Entry entry = (PrincipalAccessControlList.Entry) this.policy.getEntries().get(0);
        this.policy.orderBefore(entry, (AccessControlEntry) null);
        Assert.assertEquals(entry, this.policy.getAccessControlEntries()[1]);
    }

    @Test
    public void testOrderBeforeSame() throws Exception {
        this.policy.orderBefore((AccessControlEntry) this.policy.getEntries().get(1), (AccessControlEntry) this.policy.getEntries().get(1));
    }

    @Test(expected = AccessControlException.class)
    public void testOrderBeforeNonExistingSrc() throws Exception {
        PrincipalAccessControlList.Entry entry = (PrincipalAccessControlList.Entry) this.policy.getEntries().get(0);
        this.policy.removeAccessControlEntry(entry);
        this.policy.orderBefore(entry, (AccessControlEntry) null);
    }

    @Test(expected = AccessControlException.class)
    public void testOrderBeforeNonExistingDest() throws Exception {
        PrincipalAccessControlList.Entry entry = (PrincipalAccessControlList.Entry) this.policy.getEntries().get(1);
        this.policy.removeAccessControlEntry(entry);
        this.policy.orderBefore((AccessControlEntry) this.policy.getEntries().get(0), entry);
    }

    @Test(expected = AccessControlException.class)
    public void testOrderBeforeInvalidSrc() throws Exception {
        this.policy.orderBefore(invalidEntry((PrincipalAccessControlList.Entry) this.policy.getEntries().get(1)), (AccessControlEntry) this.policy.getEntries().get(0));
    }

    @Test(expected = AccessControlException.class)
    public void testOrderBeforeInvalidDest() throws Exception {
        this.policy.orderBefore((AccessControlEntry) this.policy.getEntries().get(1), invalidEntry((PrincipalAccessControlList.Entry) this.policy.getEntries().get(0)));
    }

    @Test
    public void testEntry() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        this.emptyPolicy.addEntry(this.testJcrPath, privilegesFromNames);
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) this.emptyPolicy.getEntries().get(0);
        Assert.assertEquals(TEST_OAK_PATH, entryImpl.getOakPath());
        Assert.assertEquals(this.testJcrPath, entryImpl.getEffectivePath());
        Assert.assertArrayEquals(privilegesFromNames, entryImpl.getPrivileges());
        Assert.assertEquals(this.privilegeBitsProvider.getBits(new String[]{"jcr:all"}), entryImpl.getPrivilegeBits());
        Assert.assertSame(this.principal, entryImpl.getPrincipal());
        Assert.assertTrue(entryImpl.isAllow());
    }

    @Test
    public void testEntryRepositoryLevel() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:namespaceManagement");
        this.emptyPolicy.addEntry((String) null, privilegesFromNames);
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) this.emptyPolicy.getEntries().get(0);
        Assert.assertEquals((Object) null, entryImpl.getOakPath());
        Assert.assertEquals((Object) null, entryImpl.getEffectivePath());
        Assert.assertArrayEquals(privilegesFromNames, entryImpl.getPrivileges());
        Assert.assertEquals(this.privilegeBitsProvider.getBits(new String[]{"jcr:namespaceManagement"}), entryImpl.getPrivilegeBits());
        Assert.assertSame(this.principal, entryImpl.getPrincipal());
        Assert.assertTrue(entryImpl.isAllow());
    }

    private static PrincipalAccessControlList.Entry invalidEntry(@NotNull final PrincipalAccessControlList.Entry entry) {
        return new PrincipalAccessControlList.Entry() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.PrincipalPolicyImplTest.1
            @Nullable
            public String getEffectivePath() {
                return entry.getEffectivePath();
            }

            public boolean isAllow() {
                return entry.isAllow();
            }

            @NotNull
            public String[] getRestrictionNames() throws RepositoryException {
                return entry.getRestrictionNames();
            }

            @Nullable
            public Value getRestriction(@NotNull String str) throws RepositoryException {
                return entry.getRestriction(str);
            }

            @Nullable
            public Value[] getRestrictions(@NotNull String str) throws RepositoryException {
                return entry.getRestrictions(str);
            }

            @NotNull
            public PrivilegeCollection getPrivilegeCollection() throws RepositoryException {
                return entry.getPrivilegeCollection();
            }

            public Principal getPrincipal() {
                return entry.getPrincipal();
            }

            public Privilege[] getPrivileges() {
                return entry.getPrivileges();
            }
        };
    }
}
