package org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.EmptyPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.OpenPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConfiguration;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest.class */
public class AbstractAccessControlManagerTest extends AbstractAccessControlTest {
    private static final String WSP_NAME = "wspName";
    public static final String TEST_PREFIX = "jr";
    private final String testName = "jr:testRoot";
    private final String testPath = "/jr:testRoot";
    private final String nonExistingPath = "/not/existing";
    private final Set<Principal> testPrincipals = ImmutableSet.of(this.testPrincipal);
    private Privilege[] testPrivileges;
    private Privilege[] allPrivileges;
    private AbstractAccessControlManager acMgr;
    private PrivilegeManager privilegeManager;
    private AuthorizationConfiguration authorizationConfiguration;
    private SecurityProvider securityProvider;
    private ContentSession cs;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/accesscontrol/AbstractAccessControlManagerTest$TestAcMgr.class */
    public class TestAcMgr extends AbstractAccessControlManager {
        protected TestAcMgr(@NotNull Root root, @NotNull NamePathMapper namePathMapper, @NotNull SecurityProvider securityProvider) {
            super(root, namePathMapper, securityProvider);
        }

        @NotNull
        public JackrabbitAccessControlPolicy[] getApplicablePolicies(@NotNull Principal principal) {
            throw new UnsupportedOperationException();
        }

        @NotNull
        public JackrabbitAccessControlPolicy[] getPolicies(@NotNull Principal principal) {
            throw new UnsupportedOperationException();
        }

        @NotNull
        public AccessControlPolicy[] getEffectivePolicies(@NotNull Set<Principal> set) {
            throw new UnsupportedOperationException();
        }

        public AccessControlPolicy[] getPolicies(String str) {
            throw new UnsupportedOperationException();
        }

        public AccessControlPolicy[] getEffectivePolicies(String str) {
            throw new UnsupportedOperationException();
        }

        public AccessControlPolicyIterator getApplicablePolicies(String str) {
            throw new UnsupportedOperationException();
        }

        public void setPolicy(String str, AccessControlPolicy accessControlPolicy) {
            throw new UnsupportedOperationException();
        }

        public void removePolicy(String str, AccessControlPolicy accessControlPolicy) {
            throw new UnsupportedOperationException();
        }
    }

    @Before
    public void before() throws Exception {
        this.testPrivileges = new Privilege[]{mockPrivilege("priv1"), mockPrivilege("priv2")};
        this.allPrivileges = new Privilege[]{mockPrivilege("jcr:all")};
        this.cs = (ContentSession) Mockito.mock(ContentSession.class);
        Mockito.when(this.cs.getWorkspaceName()).thenReturn(WSP_NAME);
        Mockito.when(this.cs.getAuthInfo()).thenReturn(new AuthInfoImpl((String) null, ImmutableMap.of(), this.testPrincipals));
        Mockito.when(this.root.getContentSession()).thenReturn(this.cs);
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree.exists())).thenReturn(false);
        Mockito.when(this.root.getTree("/not/existing")).thenReturn(tree);
        Tree tree2 = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree2.exists())).thenReturn(true);
        Mockito.when(this.root.getTree("/jr:testRoot")).thenReturn(tree2);
        Tree tree3 = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree3.exists())).thenReturn(true);
        Mockito.when(this.root.getTree("/")).thenReturn(tree3);
        this.privilegeManager = (PrivilegeManager) Mockito.mock(PrivilegeManager.class);
        Mockito.when(this.privilegeManager.getRegisteredPrivileges()).thenReturn(this.testPrivileges);
        Mockito.when(this.privilegeManager.getPrivilege("priv1")).thenReturn(this.testPrivileges[0]);
        Mockito.when(this.privilegeManager.getPrivilege("priv2")).thenReturn(this.testPrivileges[1]);
        Mockito.when(this.privilegeManager.getPrivilege("jcr:all")).thenReturn(this.allPrivileges[0]);
        PrivilegeConfiguration privilegeConfiguration = (PrivilegeConfiguration) Mockito.mock(PrivilegeConfiguration.class);
        Mockito.when(privilegeConfiguration.getPrivilegeManager(this.root, getNamePathMapper())).thenReturn(this.privilegeManager);
        this.authorizationConfiguration = (AuthorizationConfiguration) Mockito.mock(AuthorizationConfiguration.class);
        Mockito.when(this.authorizationConfiguration.getPermissionProvider(this.root, WSP_NAME, getEveryonePrincipalSet())).thenReturn(EmptyPermissionProvider.getInstance());
        Mockito.when(this.authorizationConfiguration.getPermissionProvider(this.root, WSP_NAME, this.testPrincipals)).thenReturn(OpenPermissionProvider.getInstance());
        Mockito.when(this.authorizationConfiguration.getPermissionProvider(this.root, WSP_NAME, ImmutableSet.of())).thenReturn(EmptyPermissionProvider.getInstance());
        Mockito.when(this.authorizationConfiguration.getContext()).thenReturn(Context.DEFAULT);
        this.securityProvider = (SecurityProvider) Mockito.mock(SecurityProvider.class);
        Mockito.when(this.securityProvider.getConfiguration(PrivilegeConfiguration.class)).thenReturn(privilegeConfiguration);
        Mockito.when(this.securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(this.authorizationConfiguration);
        this.acMgr = createAccessControlManager(this.root, getNamePathMapper());
    }

    private AbstractAccessControlManager createAccessControlManager(@NotNull Root root, @NotNull NamePathMapper namePathMapper) {
        return new TestAcMgr(root, namePathMapper, this.securityProvider);
    }

    private static List<String> getInvalidPaths() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        arrayList.add("../../jcr:testRoot");
        arrayList.add("jcr:testRoot");
        arrayList.add("jcr:test/Root");
        arrayList.add("./jcr:testRoot");
        return arrayList;
    }

    private static Privilege mockPrivilege(@NotNull String str) {
        Privilege privilege = (Privilege) Mockito.mock(Privilege.class);
        Mockito.when(privilege.getName()).thenReturn(str);
        return privilege;
    }

    private static Set<Principal> getEveryonePrincipalSet() {
        return ImmutableSet.of(EveryonePrincipal.getInstance());
    }

    @Test
    public void testGetConfig() {
        Assert.assertSame(this.authorizationConfiguration, this.acMgr.getConfig());
    }

    @Test
    public void testGetRoot() {
        Assert.assertSame(this.root, createAccessControlManager(this.root, getNamePathMapper()).getRoot());
    }

    @Test
    public void testGetLatestRoot() {
        Assert.assertNotSame(this.root, createAccessControlManager(this.root, getNamePathMapper()).getLatestRoot());
    }

    @Test
    public void testGetNamePathMapper() {
        Assert.assertSame(getNamePathMapper(), createAccessControlManager(this.root, getNamePathMapper()).getNamePathMapper());
    }

    @Test
    public void testGetPrivilegeManager() {
        Assert.assertSame(this.privilegeManager, this.acMgr.getPrivilegeManager());
    }

    @Test
    public void testGetOakPathNull() throws Exception {
        Assert.assertNull(this.acMgr.getOakPath((String) null));
    }

    @Test(expected = RepositoryException.class)
    public void testGetOakPathNotAbsolute() throws Exception {
        this.acMgr.getOakPath("a/rel/path");
    }

    @Test(expected = RepositoryException.class)
    public void testGetOakPathInvalid() throws Exception {
        createAccessControlManager(this.root, new NamePathMapper.Default() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManagerTest.1
            public String getOakPath(String str) {
                return null;
            }
        }).getOakPath("/any/abs/path");
    }

    @Test
    public void testGetTreeTestPath() throws Exception {
        Assert.assertNotNull(this.acMgr.getTree("/jr:testRoot", 0L, false));
        Assert.assertNotNull(this.acMgr.getTree("/jr:testRoot", 0L, true));
    }

    @Test(expected = PathNotFoundException.class)
    public void testGetTreeNonExstingPath() throws Exception {
        this.acMgr.getTree("/not/existing", 0L, false);
    }

    @Test
    public void testGetTreeNullPath() throws Exception {
        Assert.assertNotNull(this.acMgr.getTree((String) null, 0L, false));
    }

    @Test
    public void testGetTreeNullPathCheckPermission() throws Exception {
        Assert.assertNotNull(this.acMgr.getTree((String) null, 2097151L, false));
    }

    @Test(expected = AccessControlException.class)
    public void testGetTreeDefinesAcContent() throws Exception {
        Mockito.when(this.authorizationConfiguration.getContext()).thenReturn(new Context.Default() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlManagerTest.2
            public boolean definesTree(@NotNull Tree tree) {
                return true;
            }
        });
        this.acMgr.getTree("/jr:testRoot", 0L, true);
    }

    @Test(expected = AccessDeniedException.class)
    public void testGetTreeDefinesNoAccess() throws Exception {
        Mockito.when(this.cs.getAuthInfo()).thenReturn(new AuthInfoImpl((String) null, ImmutableMap.of(), getEveryonePrincipalSet()));
        createAccessControlManager(this.root, getNamePathMapper()).getTree("/jr:testRoot", 2097151L, true);
    }

    @Test
    public void testGetSupportedPrivileges() throws Exception {
        List asList = Arrays.asList(this.privilegeManager.getRegisteredPrivileges());
        Privilege[] supportedPrivileges = this.acMgr.getSupportedPrivileges("/jr:testRoot");
        Assert.assertNotNull(supportedPrivileges);
        Assert.assertEquals(asList.size(), supportedPrivileges.length);
        Assert.assertTrue(asList.containsAll(Arrays.asList(supportedPrivileges)));
    }

    @Test
    public void testGetSupportedPrivilegesInvalidPath() {
        for (String str : getInvalidPaths()) {
            try {
                this.acMgr.getSupportedPrivileges(str);
                Assert.fail("Expects valid node path, found: " + str);
            } catch (RepositoryException e) {
            }
        }
    }

    @Test(expected = PathNotFoundException.class)
    public void testGetSupportedPrivilegesNonExistingPath() throws Exception {
        this.acMgr.getSupportedPrivileges("/not/existing");
    }

    @Test
    public void testPrivilegeFromName() throws Exception {
        for (Privilege privilege : Arrays.asList(this.privilegeManager.getRegisteredPrivileges())) {
            Assert.assertEquals(privilege, this.acMgr.privilegeFromName(privilege.getName()));
        }
    }

    @Test
    public void testHasNullPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", (Privilege[]) null));
    }

    @Test
    public void testHasEmptyPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", new Privilege[0]));
    }

    @Test(expected = PathNotFoundException.class)
    public void testHasPrivilegesNonExistingNodePath() throws Exception {
        this.acMgr.hasPrivileges("/not/existing", this.testPrivileges);
    }

    @Test(expected = PathNotFoundException.class)
    public void testHasPrivilegesNonExistingNodePathEveryoneSet() throws Exception {
        this.acMgr.hasPrivileges("/not/existing", getEveryonePrincipalSet(), this.testPrivileges);
    }

    @Test(expected = PathNotFoundException.class)
    public void testHasPrivilegesNonExistingNodePathEmptyPrincipalSet() throws Exception {
        this.acMgr.hasPrivileges("/not/existing", ImmutableSet.of(), this.testPrivileges);
    }

    @Test
    public void testHasPrivilegesInvalidPaths() {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.hasPrivileges(it.next(), this.testPrivileges);
                Assert.fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail.");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testHasPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", this.allPrivileges));
    }

    @Test
    public void testHasPrivilegesSessionSet() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", this.testPrincipals, this.allPrivileges));
    }

    @Test
    public void testHasPrivilegesInvalidPathsEveryoneSet() {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.hasPrivileges(it.next(), ImmutableSet.of(EveryonePrincipal.getInstance()), this.testPrivileges);
                Assert.fail("AccessControlManager#hasPrivileges for node that doesn't exist should fail.");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testHasRepoPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges((String) null, this.testPrivileges));
    }

    @Test
    public void testHasRepoPrivilegesEveryoneSet() throws Exception {
        Assert.assertFalse(this.acMgr.hasPrivileges((String) null, getEveryonePrincipalSet(), this.testPrivileges));
    }

    @Test
    public void testHasRepoPrivilegesEmptyPrincipalSet() throws Exception {
        Assert.assertFalse(this.acMgr.hasPrivileges((String) null, ImmutableSet.of(), this.testPrivileges));
    }

    @Test(expected = PathNotFoundException.class)
    public void testGetPrivilegesNonExistingNodePath() throws Exception {
        this.acMgr.getPrivileges("/not/existing");
    }

    @Test(expected = PathNotFoundException.class)
    public void testGetPrivilegesNonExistingNodePathEmptyPrincipalSet() throws Exception {
        this.acMgr.getPrivileges("/not/existing", ImmutableSet.of());
    }

    @Test
    public void testGetPrivilegesInvalidPaths() {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getPrivileges(it.next());
                Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e) {
            }
        }
        Iterator<String> it2 = getInvalidPaths().iterator();
        while (it2.hasNext()) {
            try {
                this.acMgr.getPrivileges(it2.next(), Collections.singleton(this.testPrincipal));
                Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e2) {
            }
        }
        Iterator<String> it3 = getInvalidPaths().iterator();
        while (it3.hasNext()) {
            try {
                this.acMgr.getPrivileges(it3.next(), ImmutableSet.of());
                Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e3) {
            }
        }
    }

    @Test
    public void testGetPrivileges() throws Exception {
        Assert.assertArrayEquals(this.allPrivileges, this.acMgr.getPrivileges("/jr:testRoot"));
    }

    @Test
    public void testGetPrivilegesEveronePrincipalSet() throws Exception {
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges("/jr:testRoot", getEveryonePrincipalSet()));
    }

    @Test
    public void testGetPrivilegesEmptyPrincipalSet() throws Exception {
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges("/jr:testRoot", ImmutableSet.of()));
    }

    @Test
    public void testGetPrivilegesSessionPrincipalSet() throws Exception {
        AbstractAccessControlManager abstractAccessControlManager = (AbstractAccessControlManager) Mockito.spy(this.acMgr);
        Assert.assertArrayEquals(this.acMgr.getPrivileges("/jr:testRoot"), abstractAccessControlManager.getPrivileges("/jr:testRoot", this.testPrincipals));
        ((AbstractAccessControlManager) Mockito.verify(abstractAccessControlManager, Mockito.times(1))).getPrivileges("/jr:testRoot");
    }

    @Test
    public void testGetRepoPrivileges() throws Exception {
        Assert.assertArrayEquals(this.allPrivileges, this.acMgr.getPrivileges((String) null));
    }

    @Test
    public void testGetRepoPrivilegesEveryonePrincipalSet() throws Exception {
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges((String) null, getEveryonePrincipalSet()));
    }

    @Test
    public void testGetRepoPrivilegesEmptyPrincipalSet() throws Exception {
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges((String) null, ImmutableSet.of()));
    }
}
