package org.apache.jackrabbit.oak.security.authorization.restriction;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Maps;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.security.AccessControlException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.CompositePattern;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionDefinition;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/restriction/RestrictionProviderImplTest.class */
public class RestrictionProviderImplTest extends AbstractAccessControlTest implements AccessControlConstants {
    private RestrictionProviderImpl provider;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.provider = new RestrictionProviderImpl();
    }

    @Test
    public void testGetSupportedDefinitions() {
        Assert.assertTrue(this.provider.getSupportedRestrictions((String) null).isEmpty());
        Set<RestrictionDefinition> supportedRestrictions = this.provider.getSupportedRestrictions("/testPath");
        Assert.assertNotNull(supportedRestrictions);
        Assert.assertEquals(3L, supportedRestrictions.size());
        for (RestrictionDefinition restrictionDefinition : supportedRestrictions) {
            if ("rep:glob".equals(restrictionDefinition.getName())) {
                Assert.assertEquals(Type.STRING, restrictionDefinition.getRequiredType());
                Assert.assertFalse(restrictionDefinition.isMandatory());
            } else if ("rep:ntNames".equals(restrictionDefinition.getName())) {
                Assert.assertEquals(Type.NAMES, restrictionDefinition.getRequiredType());
                Assert.assertFalse(restrictionDefinition.isMandatory());
            } else if ("rep:prefixes".equals(restrictionDefinition.getName())) {
                Assert.assertEquals(Type.STRINGS, restrictionDefinition.getRequiredType());
                Assert.assertFalse(restrictionDefinition.isMandatory());
            } else {
                Assert.fail("unexpected restriction " + restrictionDefinition.getName());
            }
        }
    }

    @Test
    public void testGetRestrictionPattern() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(PropertyStates.createProperty("rep:glob", "/*/jcr:content"), GlobPattern.create("/testPath", "/*/jcr:content"));
        ImmutableList of = ImmutableList.of("nt:folder", "nt:linkedFile");
        newHashMap.put(PropertyStates.createProperty("rep:ntNames", of, Type.NAMES), new NodeTypePattern(of));
        Tree tree = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).getOrAddTree("testPath", "nt:unstructured").addChild("rep:restrictions", "rep:Restrictions").getTree();
        for (Map.Entry entry : newHashMap.entrySet()) {
            tree.setProperty((PropertyState) entry.getKey());
            Assert.assertEquals(entry.getValue(), this.provider.getPattern("/testPath", tree));
            tree.removeProperty(((PropertyState) entry.getKey()).getName());
        }
        Iterator it = newHashMap.entrySet().iterator();
        while (it.hasNext()) {
            tree.setProperty((PropertyState) ((Map.Entry) it.next()).getKey());
        }
        Assert.assertTrue(this.provider.getPattern("/testPath", tree) instanceof CompositePattern);
    }

    @Test
    public void testGetPatternForAllSupported() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(PropertyStates.createProperty("rep:glob", "/*/jcr:content"), GlobPattern.create("/testPath", "/*/jcr:content"));
        ImmutableList of = ImmutableList.of("nt:folder", "nt:linkedFile");
        newHashMap.put(PropertyStates.createProperty("rep:ntNames", of, Type.NAMES), new NodeTypePattern(of));
        ImmutableList of2 = ImmutableList.of("rep", "jcr");
        newHashMap.put(PropertyStates.createProperty("rep:prefixes", of2, Type.STRINGS), new PrefixPattern(of2));
        Tree tree = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).getOrAddTree("testPath", "nt:unstructured").addChild("rep:restrictions", "rep:Restrictions").getTree();
        Iterator it = newHashMap.entrySet().iterator();
        while (it.hasNext()) {
            tree.setProperty((PropertyState) ((Map.Entry) it.next()).getKey());
        }
        Assert.assertTrue(this.provider.getPattern("/testPath", tree) instanceof CompositePattern);
    }

    @Test
    public void testGetPatternFromRestrictions() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(PropertyStates.createProperty("rep:glob", "/*/jcr:content"), GlobPattern.create("/testPath", "/*/jcr:content"));
        ImmutableList of = ImmutableList.of("nt:folder", "nt:linkedFile");
        newHashMap.put(PropertyStates.createProperty("rep:ntNames", of, Type.NAMES), new NodeTypePattern(of));
        ImmutableList of2 = ImmutableList.of("rep", "jcr");
        newHashMap.put(PropertyStates.createProperty("rep:prefixes", of2, Type.STRINGS), new PrefixPattern(of2));
        NodeUtil orAddTree = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).getOrAddTree("testPath", "nt:unstructured");
        Tree tree = orAddTree.addChild("rep:restrictions", "rep:Restrictions").getTree();
        for (Map.Entry entry : newHashMap.entrySet()) {
            tree.setProperty((PropertyState) entry.getKey());
            Assert.assertEquals(entry.getValue(), this.provider.getPattern("/testPath", this.provider.readRestrictions("/testPath", orAddTree.getTree())));
            tree.removeProperty(((PropertyState) entry.getKey()).getName());
        }
        Iterator it = newHashMap.entrySet().iterator();
        while (it.hasNext()) {
            tree.setProperty((PropertyState) ((Map.Entry) it.next()).getKey());
        }
        Assert.assertTrue(this.provider.getPattern("/testPath", this.provider.readRestrictions("/testPath", orAddTree.getTree())) instanceof CompositePattern);
    }

    @Test
    public void testValidateGlobRestriction() throws Exception {
        Tree tree = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild("testTree", "nt:unstructured").getTree();
        String path = tree.getPath();
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        for (String str : ImmutableList.of("/1*/2*/3*/4*/5*/6*/7*/8*/9*/10*/11*/12*/13*/14*/15*/16*/17*/18*/19*/20*/21*", "*********************")) {
            JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, path);
            accessControlList.addEntry(getTestPrincipal(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:read"}), true, Collections.singletonMap("rep:glob", getValueFactory().createValue(str)));
            accessControlManager.setPolicy(path, accessControlList);
            try {
                this.provider.validateRestrictions(path, tree.getChild("rep:policy").getChild("allow"));
                Assert.fail("AccessControlException expected.");
                accessControlManager.removePolicy(path, accessControlList);
            } catch (AccessControlException e) {
                accessControlManager.removePolicy(path, accessControlList);
            } catch (Throwable th) {
                accessControlManager.removePolicy(path, accessControlList);
                throw th;
            }
        }
    }
}
