package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.util.Iterator;
import java.util.List;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.util.Text;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AccessControlTest.class */
public class AccessControlTest extends AbstractCugTest {
    private List<String> acPaths;
    private CugPermissionProvider pp;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    @Before
    public void before() throws Exception {
        super.before();
        setupCugsAndAcls();
        this.acPaths = ImmutableList.of("/content/rep:policy", "/content/a/rep:cugPolicy", "/content/aa/bb/rep:cugPolicy", "/content/a/b/c/rep:cugPolicy", "/content2/rep:cugPolicy");
        this.pp = createCugPermissionProvider(ImmutableSet.of("/"), EveryonePrincipal.getInstance(), getTestGroupPrincipal(), getTestUser().getPrincipal());
    }

    @Test
    public void testSupportedPermissions() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertEquals(0L, this.pp.supportedPermissions(this.root.getTree(it.next()), (PropertyState) null, 3L));
        }
    }

    @Test
    public void testSupportedPermissionsLocation() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertEquals(0L, this.pp.supportedPermissions(TreeLocation.create(this.root, it.next()), 3L));
        }
    }

    @Test
    public void testSupportedPrivileges() {
        PrivilegeBits bits = new PrivilegeBitsProvider(this.root).getBits(new String[]{"jcr:read"});
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertSame(PrivilegeBits.EMPTY, this.pp.supportedPrivileges(this.root.getTree(it.next()), bits));
        }
    }

    @Test
    public void testTreePermission() {
        for (String str : this.acPaths) {
            Tree tree = this.root.getTree("/");
            TreePermission treePermission = this.pp.getTreePermission(tree, TreePermission.EMPTY);
            Iterator it = PathUtils.elements(str).iterator();
            while (it.hasNext()) {
                tree = tree.getChild((String) it.next());
                treePermission = this.pp.getTreePermission(tree, treePermission);
            }
            Assert.assertSame(TreePermission.NO_RECOURSE, treePermission);
            Assert.assertEquals(0L, this.pp.supportedPermissions(treePermission, (PropertyState) null, 3L));
        }
    }

    @Test
    public void testIsGranted() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(this.pp.isGranted(this.root.getTree(it.next()), (PropertyState) null, 3L));
        }
    }

    @Test
    public void testIsGrantedPath() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(this.pp.isGranted(it.next(), Permissions.getString(3L)));
        }
    }

    @Test
    public void testHasPrivileges() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(this.pp.hasPrivileges(this.root.getTree(it.next()), new String[]{"jcr:read"}));
        }
    }

    @Test
    public void testGetPrivileges() {
        Iterator<String> it = this.acPaths.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(this.pp.getPrivileges(this.root.getTree(it.next())).isEmpty());
        }
    }

    @Test
    public void testCombinedSetup() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/content");
        accessControlList.addAccessControlEntry(getTestGroupPrincipal(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:readAccessControl"}));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        PermissionProvider permissionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), ImmutableSet.of(getTestGroupPrincipal()));
        for (String str : this.acPaths) {
            boolean isDescendantOrEqual = Text.isDescendantOrEqual("/content", str);
            Tree tree = this.root.getTree(str);
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl"})));
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(permissionProvider.getPrivileges(tree).contains("jcr:readAccessControl")));
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(permissionProvider.isGranted(str, "read_access_control")));
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(permissionProvider.isGranted(tree, (PropertyState) null, 128L)));
            Tree tree2 = this.root.getTree("/");
            TreePermission treePermission = permissionProvider.getTreePermission(tree2, TreePermission.EMPTY);
            Iterator it = PathUtils.elements(str).iterator();
            while (it.hasNext()) {
                tree2 = tree2.getChild((String) it.next());
                treePermission = permissionProvider.getTreePermission(tree2, treePermission);
            }
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(treePermission.canRead()));
            Assert.assertEquals(Boolean.valueOf(isDescendantOrEqual), Boolean.valueOf(treePermission.isGranted(128L)));
        }
    }
}
