package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.core.ImmutableRoot;
import org.apache.jackrabbit.oak.core.TreeTypeProvider;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.class */
public class PermissionProviderImplTest extends AbstractSecurityTest implements AccessControlConstants {
    private static final String ADMINISTRATOR_GROUP = "administrators";
    private static final Set<String> READ_PATHS = ImmutableSet.of("/jcr:system/rep:namespaces", "/jcr:system/jcr:nodeTypes", "/jcr:system/rep:privileges", "/test");
    private Group adminstrators;
    private AuthorizationConfiguration config;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild(TestNameMapper.TEST_LOCAL_PREFIX, "nt:unstructured");
        this.adminstrators = getUserManager(this.root).createGroup(ADMINISTRATOR_GROUP);
        this.root.commit();
        this.config = (AuthorizationConfiguration) getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.getTree("/test").remove();
            UserManager userManager = getUserManager(this.root);
            if (this.adminstrators != null) {
                userManager.getAuthorizable(this.adminstrators.getID()).remove();
            }
            if (this.root.hasPendingChanges()) {
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        HashMap hashMap = new HashMap();
        hashMap.put("readPaths", READ_PATHS);
        hashMap.put("administrativePrincipals", new String[]{ADMINISTRATOR_GROUP});
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of(hashMap)));
    }

    private PermissionProvider createPermissionProvider(ContentSession contentSession) {
        return this.config.getPermissionProvider(contentSession.getLatestRoot(), contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals());
    }

    @Test
    public void testHasPrivileges() throws Exception {
        ContentSession createTestSession = createTestSession();
        try {
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            Assert.assertTrue(createPermissionProvider.hasPrivileges((Tree) null, new String[0]));
            Assert.assertTrue(createPermissionProvider.hasPrivileges((Tree) null, new String[0]));
            Assert.assertFalse(createPermissionProvider.hasPrivileges((Tree) null, new String[]{"jcr:workspaceManagement"}));
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void testReadPath() throws Exception {
        ContentSession createTestSession = createTestSession();
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            Tree tree = latestRoot.getTree(IdentifierManagerTest.ID_ROOT);
            Assert.assertFalse(tree.exists());
            Assert.assertFalse(createPermissionProvider.getTreePermission(tree, TreePermission.EMPTY).canRead());
            Iterator<String> it = READ_PATHS.iterator();
            while (it.hasNext()) {
                Tree tree2 = latestRoot.getTree(it.next());
                Assert.assertTrue(tree2.exists());
                Assert.assertTrue(createPermissionProvider.getTreePermission(tree2, TreePermission.EMPTY).canRead());
            }
        } finally {
            createTestSession.close();
        }
    }

    @Test
    public void testIsGrantedForReadPaths() throws Exception {
        ContentSession createTestSession = createTestSession();
        try {
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            for (String str : READ_PATHS) {
                Assert.assertTrue(createPermissionProvider.isGranted(str, Permissions.getString(3L)));
                Assert.assertTrue(createPermissionProvider.isGranted(str, Permissions.getString(1L)));
                Assert.assertTrue(createPermissionProvider.isGranted(str + "/jcr:primaryType", Permissions.getString(2L)));
                Assert.assertFalse(createPermissionProvider.isGranted(str, Permissions.getString(128L)));
            }
            Iterator<String> it = READ_PATHS.iterator();
            while (it.hasNext()) {
                Tree tree = this.root.getTree(it.next());
                Assert.assertTrue(createPermissionProvider.isGranted(tree, (PropertyState) null, 3L));
                Assert.assertTrue(createPermissionProvider.isGranted(tree, (PropertyState) null, 1L));
                Assert.assertTrue(createPermissionProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
                Assert.assertFalse(createPermissionProvider.isGranted(tree, (PropertyState) null, 128L));
            }
            RepositoryPermission repositoryPermission = createPermissionProvider.getRepositoryPermission();
            Assert.assertFalse(repositoryPermission.isGranted(3L));
            Assert.assertFalse(repositoryPermission.isGranted(1L));
            Assert.assertFalse(repositoryPermission.isGranted(2L));
            Assert.assertFalse(repositoryPermission.isGranted(128L));
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void testGetPrivilegesForReadPaths() throws Exception {
        ContentSession createTestSession = createTestSession();
        try {
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            Iterator<String> it = READ_PATHS.iterator();
            while (it.hasNext()) {
                Assert.assertEquals(Collections.singleton("jcr:read"), createPermissionProvider.getPrivileges(this.root.getTree(it.next())));
            }
            Assert.assertEquals(Collections.emptySet(), createPermissionProvider.getPrivileges((Tree) null));
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void testHasPrivilegesForReadPaths() throws Exception {
        ContentSession createTestSession = createTestSession();
        try {
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            Iterator<String> it = READ_PATHS.iterator();
            while (it.hasNext()) {
                Tree tree = this.root.getTree(it.next());
                Assert.assertTrue(createPermissionProvider.hasPrivileges(tree, new String[]{"jcr:read"}));
                Assert.assertTrue(createPermissionProvider.hasPrivileges(tree, new String[]{"rep:readNodes"}));
                Assert.assertTrue(createPermissionProvider.hasPrivileges(tree, new String[]{"rep:readProperties"}));
                Assert.assertFalse(createPermissionProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl"}));
            }
            Assert.assertFalse(createPermissionProvider.hasPrivileges((Tree) null, new String[]{"jcr:read"}));
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void testAdministatorConfig() throws Exception {
        this.adminstrators.addMember(getTestUser());
        this.root.commit();
        ContentSession createTestSession = createTestSession();
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            ImmutableRoot immutableRoot = new ImmutableRoot(latestRoot, TreeTypeProvider.EMPTY);
            PermissionProvider createPermissionProvider = createPermissionProvider(createTestSession);
            Assert.assertTrue(latestRoot.getTree(IdentifierManagerTest.ID_ROOT).exists());
            Assert.assertSame(TreePermission.ALL, createPermissionProvider.getTreePermission(immutableRoot.getTree(IdentifierManagerTest.ID_ROOT), TreePermission.EMPTY));
            Iterator<String> it = READ_PATHS.iterator();
            while (it.hasNext()) {
                Tree tree = latestRoot.getTree(it.next());
                Assert.assertTrue(tree.exists());
                Assert.assertSame(TreePermission.ALL, createPermissionProvider.getTreePermission(tree, TreePermission.EMPTY));
            }
        } finally {
            createTestSession.close();
        }
    }
}
