package org.apache.jackrabbit.oak.security.authorization.permission;

import javax.jcr.security.AccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreTest.class */
public class PermissionStoreTest extends AbstractSecurityTest {
    private AuthorizationConfiguration acConfig;
    private ContentSession testSession;
    private Root testRoot;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, IdentifierManagerTest.ID_ROOT);
        if (accessControlList != null) {
            accessControlList.addEntry(getTestUser().getPrincipal(), privilegesFromNames("jcr:all"), true);
        }
        accessControlManager.setPolicy(IdentifierManagerTest.ID_ROOT, accessControlList);
        this.root.commit();
        this.testSession = createTestSession();
        this.testRoot = this.testSession.getLatestRoot();
        this.acConfig = (AuthorizationConfiguration) getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            if (this.testSession != null) {
                this.testSession.close();
            }
            JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, IdentifierManagerTest.ID_ROOT);
            if (accessControlList != null) {
                for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
                    if (getTestUser().getPrincipal().equals(accessControlEntry.getPrincipal())) {
                        accessControlList.removeAccessControlEntry(accessControlEntry);
                    }
                }
            }
            accessControlManager.setPolicy(IdentifierManagerTest.ID_ROOT, accessControlList);
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    private PermissionProvider createPermissionProvider() {
        return this.acConfig.getPermissionProvider(this.testRoot, this.testSession.getWorkspaceName(), this.testSession.getAuthInfo().getPrincipals());
    }

    @Test
    public void testReadAccess() {
        Assert.assertFalse(this.testRoot.getTree("/jcr:system/rep:permissionStore").exists());
    }

    @Test
    public void testGetTreePermission() {
        Assert.assertSame(TreePermission.EMPTY, createPermissionProvider().getTreePermission(this.root.getTree("/jcr:system/rep:permissionStore"), TreePermission.ALL));
    }

    @Test
    public void testIsGranted() {
        PermissionProvider createPermissionProvider = createPermissionProvider();
        Tree tree = this.root.getTree("/jcr:system/rep:permissionStore");
        Assert.assertFalse(createPermissionProvider.isGranted(tree, (PropertyState) null, 3L));
        Assert.assertFalse(createPermissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 3L));
    }

    @Test
    public void testIsGrantedAtPath() {
        PermissionProvider createPermissionProvider = createPermissionProvider();
        Assert.assertFalse(createPermissionProvider.isGranted("/jcr:system/rep:permissionStore", "read"));
        Assert.assertFalse(createPermissionProvider.isGranted("/jcr:system/rep:permissionStore", "add_node"));
    }

    @Test
    public void testHasPrivilege() {
        Assert.assertFalse(createPermissionProvider().hasPrivileges(this.root.getTree("/jcr:system/rep:permissionStore"), new String[]{"jcr:read"}));
    }

    @Test
    public void testGetPrivilege() {
        Assert.assertTrue(createPermissionProvider().getPrivileges(this.root.getTree("/jcr:system/rep:permissionStore")).isEmpty());
    }
}
