package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Set;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.security.authorization.monitor.AuthorizationMonitor;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.VisibleValidator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/MoveAwarePermissionValidatorTest.class */
public class MoveAwarePermissionValidatorTest extends AbstractSecurityTest {
    private Tree t;
    private PermissionProvider pp;
    private JackrabbitAccessControlList acl;
    private final AuthorizationMonitor monitor = (AuthorizationMonitor) Mockito.mock(AuthorizationMonitor.class);

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        Tree tree = this.root.getTree(IdentifierManagerTest.ID_ROOT);
        TreeUtil.addChild(tree, "src", "oak:Unstructured");
        TreeUtil.addChild(tree, "dest", "oak:Unstructured");
        this.root.commit();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            Mockito.clearInvocations(new AuthorizationMonitor[]{this.monitor});
            if (this.acl != null) {
                getAccessControlManager(this.root).removePolicy(this.acl.getPath(), this.acl);
            }
            Tree tree = this.root.getTree("/src");
            if (tree.exists()) {
                tree.remove();
            }
            Tree tree2 = this.root.getTree("/dest");
            if (tree2.exists()) {
                tree2.remove();
            }
            this.root.commit();
        } finally {
            super.after();
        }
    }

    private void grant(@NotNull String str, @NotNull Principal principal, @NotNull String... strArr) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        accessControlList.addEntry(principal, AccessControlUtils.privilegesFromNames(accessControlManager, strArr), true);
        accessControlManager.setPolicy(str, accessControlList);
        this.root.commit();
        this.acl = accessControlList;
    }

    @NotNull
    private MoveAwarePermissionValidator createRootValidator(@NotNull Set<Principal> set, @NotNull MoveTracker moveTracker) {
        ProviderCtx providerCtx = (ProviderCtx) Mockito.mock(ProviderCtx.class);
        Mockito.when(providerCtx.getSecurityProvider()).thenReturn(getSecurityProvider());
        Mockito.when(providerCtx.getTreeProvider()).thenReturn(getTreeProvider());
        Mockito.when(providerCtx.getRootProvider()).thenReturn(getRootProvider());
        Mockito.when(providerCtx.getMonitor()).thenReturn(this.monitor);
        String workspaceName = this.root.getContentSession().getWorkspaceName();
        Root createReadOnlyRoot = getRootProvider().createReadOnlyRoot(this.root);
        this.t = createReadOnlyRoot.getTree(IdentifierManagerTest.ID_ROOT);
        this.pp = (PermissionProvider) Mockito.spy(new PermissionProviderImpl(createReadOnlyRoot, workspaceName, set, RestrictionProvider.EMPTY, ConfigurationParameters.EMPTY, Context.DEFAULT, providerCtx));
        PermissionValidatorProvider permissionValidatorProvider = new PermissionValidatorProvider(workspaceName, set, moveTracker, providerCtx);
        NodeState asNodeState = getTreeProvider().asNodeState(this.t);
        return new MoveAwarePermissionValidator(asNodeState, asNodeState, this.pp, permissionValidatorProvider, moveTracker);
    }

    @Test
    public void testChildNodeAddedNoMatchingMove() throws Exception {
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), new MoveTracker()));
        Assert.assertTrue(moveAwarePermissionValidator.childNodeAdded("name", (NodeState) Mockito.mock(NodeState.class)) instanceof VisibleValidator);
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("name"), false, 32L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeAddedNonExistingSrc() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/srcNonExisting", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Assert.assertTrue(moveAwarePermissionValidator.childNodeAdded("dest", (NodeState) Mockito.mock(NodeState.class)) instanceof VisibleValidator);
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("dest"), false, 32L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.never())).isGranted(this.t.getChild("src"), (PropertyState) null, 64L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeAddedExistingSrc() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Assert.assertNull(moveAwarePermissionValidator.childNodeAdded("dest", (NodeState) Mockito.mock(NodeState.class)));
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("dest"), false, 544L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.times(1))).isGranted(this.t.getChild("src"), (PropertyState) null, 64L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeAddedNullPraent() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Mockito.when(moveAwarePermissionValidator.getParentAfter()).thenReturn((Object) null);
        Assert.assertTrue(moveAwarePermissionValidator.childNodeAdded("dest", (NodeState) Mockito.mock(NodeState.class)) instanceof VisibleValidator);
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("dest"), false, 32L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.never())).isGranted(this.t.getChild("src"), (PropertyState) null, 64L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test(expected = CommitFailedException.class)
    public void testChildNodeAddedMissingPermissionAtSrc() throws Exception {
        grant(IdentifierManagerTest.ID_ROOT, EveryonePrincipal.getInstance(), "jcr:addChildNodes", "jcr:nodeTypeManagement");
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(ImmutableSet.of(EveryonePrincipal.getInstance()), moveTracker));
        try {
            try {
                moveAwarePermissionValidator.childNodeAdded("dest", (NodeState) Mockito.mock(NodeState.class));
                ((AuthorizationMonitor) Mockito.verify(this.monitor)).accessViolation();
                ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionAllLoaded(ArgumentMatchers.anyLong());
                Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
            } catch (CommitFailedException e) {
                ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("dest"), false, 544L);
                ((PermissionProvider) Mockito.verify(this.pp, Mockito.times(1))).isGranted(this.t.getChild("src"), (PropertyState) null, 64L);
                Assert.assertTrue(e.isAccessViolation());
                Assert.assertEquals(0L, e.getCode());
                throw e;
            }
        } catch (Throwable th) {
            ((AuthorizationMonitor) Mockito.verify(this.monitor)).accessViolation();
            ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionAllLoaded(ArgumentMatchers.anyLong());
            Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
            throw th;
        }
    }

    @Test
    public void testChildNodeDeletedNoMatchingMove() throws Exception {
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), new MoveTracker()));
        Assert.assertNull(moveAwarePermissionValidator.childNodeDeleted("name", (NodeState) Mockito.mock(NodeState.class)));
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("name"), true, 64L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeDeletedNonExistingDestination() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/nonExistingDest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Assert.assertNull(moveAwarePermissionValidator.childNodeDeleted("src", (NodeState) Mockito.mock(NodeState.class)));
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("src"), true, 64L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.never())).isGranted(this.t.getChild("nonExistingDest"), (PropertyState) null, 544L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeDeletedExistingDestination() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Assert.assertNull(moveAwarePermissionValidator.childNodeDeleted("src", (NodeState) Mockito.mock(NodeState.class)));
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("src"), true, 64L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.times(1))).isGranted(this.t.getChild("dest"), (PropertyState) null, 544L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testChildNodeDeletedNullParent() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        Mockito.when(moveAwarePermissionValidator.getParentBefore()).thenReturn((Object) null);
        Assert.assertNull(moveAwarePermissionValidator.childNodeDeleted("src", (NodeState) Mockito.mock(NodeState.class)));
        ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("src"), true, 64L);
        ((PermissionProvider) Mockito.verify(this.pp, Mockito.never())).isGranted(this.t.getChild("dest"), (PropertyState) null, 544L);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test(expected = CommitFailedException.class)
    public void testChildNodeDeletedMissingPermissionAtDestination() throws Exception {
        grant(IdentifierManagerTest.ID_ROOT, EveryonePrincipal.getInstance(), "jcr:removeChildNodes", "jcr:removeNode");
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(ImmutableSet.of(EveryonePrincipal.getInstance()), moveTracker));
        try {
            try {
                moveAwarePermissionValidator.childNodeDeleted("src", (NodeState) Mockito.mock(NodeState.class));
                ((AuthorizationMonitor) Mockito.verify(this.monitor)).accessViolation();
                ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionAllLoaded(ArgumentMatchers.anyLong());
                Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
            } catch (CommitFailedException e) {
                ((MoveAwarePermissionValidator) Mockito.verify(moveAwarePermissionValidator, Mockito.times(1))).checkPermissions(this.t.getChild("src"), true, 64L);
                ((PermissionProvider) Mockito.verify(this.pp, Mockito.times(1))).isGranted(this.t.getChild("dest"), (PropertyState) null, 544L);
                Assert.assertTrue(e.isAccessViolation());
                Assert.assertEquals(0L, e.getCode());
                throw e;
            }
        } catch (Throwable th) {
            ((AuthorizationMonitor) Mockito.verify(this.monitor)).accessViolation();
            ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionAllLoaded(ArgumentMatchers.anyLong());
            Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
            throw th;
        }
    }

    /* JADX WARN: Finally extract failed */
    @Test(expected = CommitFailedException.class)
    public void testDiffThrowsException() throws Exception {
        MoveTracker moveTracker = new MoveTracker();
        moveTracker.addMove("/src", "/dest");
        moveTracker.addMove("/dest", "/otherPath");
        Throwable commitFailedException = new CommitFailedException("error", 0, "Oak");
        MoveAwarePermissionValidator moveAwarePermissionValidator = (MoveAwarePermissionValidator) Mockito.spy(createRootValidator(this.adminSession.getAuthInfo().getPrincipals(), moveTracker));
        ((MoveAwarePermissionValidator) Mockito.doReturn(moveAwarePermissionValidator).when(moveAwarePermissionValidator)).createValidator((Tree) ArgumentMatchers.any(Tree.class), (Tree) ArgumentMatchers.any(Tree.class), (TreePermission) ArgumentMatchers.eq(TreePermission.ALL), (PermissionValidator) ArgumentMatchers.eq(moveAwarePermissionValidator));
        ((MoveAwarePermissionValidator) Mockito.doThrow(new Throwable[]{commitFailedException}).when(moveAwarePermissionValidator)).enter((NodeState) ArgumentMatchers.any(NodeState.class), (NodeState) ArgumentMatchers.any(NodeState.class));
        try {
            try {
                moveAwarePermissionValidator.childNodeAdded("dest", (NodeState) Mockito.mock(NodeState.class));
                Mockito.verifyNoInteractions(new Object[]{this.monitor});
            } catch (CommitFailedException e) {
                Assert.assertSame(commitFailedException, e);
                throw e;
            }
        } catch (Throwable th) {
            Mockito.verifyNoInteractions(new Object[]{this.monitor});
            throw th;
        }
    }
}
