package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import java.lang.reflect.Field;
import java.security.Principal;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeAware;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.authorization.monitor.AuthorizationMonitor;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/CompiledPermissionImplTest.class */
public class CompiledPermissionImplTest extends AbstractSecurityTest {
    private static String TEST_PATH = "/test";
    private static String SUBTREE_PATH = TEST_PATH + "/subtree";
    private static String ACCESS_CONTROLLED_PATH = TEST_PATH + "/accessControlled";
    private ContentSession testSession;
    private Set<String> accessControlledPaths = new HashSet();

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        Tree addChild = TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "test", "oak:Unstructured");
        TreeUtil.addChild(addChild, "subtree", "oak:Unstructured");
        TreeUtil.addChild(addChild, "accessControlled", "oak:Unstructured");
        grant(ACCESS_CONTROLLED_PATH, EveryonePrincipal.getInstance(), "jcr:read", "jcr:write");
        this.root.commit();
        this.testSession = createTestSession();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        JackrabbitAccessControlList accessControlList;
        try {
            this.testSession.close();
            JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
            for (String str : this.accessControlledPaths) {
                if (this.root.getTree(str).exists() && (accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str)) != null) {
                    accessControlManager.removePolicy(str, accessControlList);
                }
            }
            this.root.getTree(TEST_PATH).remove();
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    @NotNull
    private PermissionStore mockPermissionStore(@NotNull Root root, @NotNull String str) {
        return (PermissionStore) Mockito.spy(new PermissionStoreImpl(root, str, ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider(), (AuthorizationMonitor) Mockito.mock(AuthorizationMonitor.class)));
    }

    private CompiledPermissionImpl create(@NotNull Root root, @NotNull String str, @NotNull Set<Principal> set, @NotNull PermissionStore permissionStore, @NotNull ConfigurationParameters configurationParameters) {
        CompositeAuthorizationConfiguration compositeAuthorizationConfiguration = (AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class);
        Assert.assertTrue(compositeAuthorizationConfiguration instanceof CompositeAuthorizationConfiguration);
        AuthorizationConfigurationImpl authorizationConfigurationImpl = (AuthorizationConfiguration) compositeAuthorizationConfiguration.getDefaultConfig();
        Assert.assertTrue(authorizationConfigurationImpl instanceof AuthorizationConfigurationImpl);
        CompiledPermissionImpl create = CompiledPermissionImpl.create(root, str, permissionStore, set, configurationParameters, compositeAuthorizationConfiguration.getContext(), authorizationConfigurationImpl);
        Assert.assertTrue(create instanceof CompiledPermissionImpl);
        return create;
    }

    @NotNull
    private CompiledPermissionImpl createForTestSession(@NotNull ConfigurationParameters configurationParameters) {
        Root createReadOnlyRoot = getRootProvider().createReadOnlyRoot(this.testSession.getLatestRoot());
        String workspaceName = this.testSession.getWorkspaceName();
        return create(createReadOnlyRoot, workspaceName, this.testSession.getAuthInfo().getPrincipals(), mockPermissionStore(createReadOnlyRoot, workspaceName), configurationParameters);
    }

    @NotNull
    private Tree createReadonlyTree(@NotNull String str) {
        return getRootProvider().createReadOnlyRoot(this.root).getTree(str);
    }

    @NotNull
    private TreePermission createTreePermission(@NotNull CompiledPermissionImpl compiledPermissionImpl, @NotNull String str) {
        Tree createReadonlyTree = createReadonlyTree(IdentifierManagerTest.ID_ROOT);
        TreePermission treePermission = compiledPermissionImpl.getTreePermission(createReadonlyTree, TreePermission.EMPTY);
        Iterator it = PathUtils.elements(str).iterator();
        while (it.hasNext()) {
            Tree child = createReadonlyTree.getChild((String) it.next());
            treePermission = compiledPermissionImpl.getTreePermission(child, treePermission);
            createReadonlyTree = child;
        }
        return treePermission;
    }

    private void grant(@Nullable String str, @NotNull Principal principal, @NotNull String... strArr) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        accessControlList.addAccessControlEntry(principal, privilegesFromNames(strArr));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.accessControlledPaths.add(str);
    }

    @NotNull
    private Tree createVersions(@NotNull String str) throws Exception {
        Tree tree = this.root.getTree(str);
        TreeUtil.addMixin(tree, "mix:versionable", this.root.getTree("/jcr:system/jcr:nodeTypes"), "uid");
        this.root.commit();
        for (int i = 0; i < 3; i++) {
            tree.setProperty(PropertyStates.createProperty("jcr:isCheckedOut", false));
            this.root.commit();
            tree.setProperty(PropertyStates.createProperty("jcr:isCheckedOut", true));
            this.root.commit();
        }
        return (Tree) Preconditions.checkNotNull(ReadOnlyVersionManager.getInstance(this.root, getNamePathMapper()).getVersionHistory(tree));
    }

    @Test
    public void testCreateFromEmptyPrincipals() {
        Assert.assertSame(NoPermissions.getInstance(), CompiledPermissionImpl.create(this.root, "wspName", (PermissionStore) Mockito.mock(PermissionStore.class), ImmutableSet.of(), ConfigurationParameters.EMPTY, (Context) Mockito.mock(Context.class), (ProviderCtx) Mockito.mock(ProviderCtx.class)));
    }

    @Test
    public void testCreateNonExistingPermissionStore() {
        Assert.assertSame(NoPermissions.getInstance(), CompiledPermissionImpl.create((Root) Mockito.when(((Root) Mockito.mock(Root.class)).getTree(ArgumentMatchers.anyString())).thenReturn((Tree) Mockito.when(Boolean.valueOf(((Tree) Mockito.mock(Tree.class)).exists())).thenReturn(false).getMock()).getMock(), "wspName", (PermissionStore) Mockito.mock(PermissionStore.class), ImmutableSet.of(new PrincipalImpl("principalName")), ConfigurationParameters.EMPTY, (Context) Mockito.mock(Context.class), (ProviderCtx) Mockito.mock(ProviderCtx.class)));
    }

    @Test
    public void testEmpyReadPaths() {
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of()));
        for (String str : PermissionConstants.DEFAULT_READ_PATHS) {
            Assert.assertFalse(createForTestSession.isGranted(str, 1L));
            Assert.assertFalse(createForTestSession.isGranted(str, 3L));
            Tree createReadonlyTree = createReadonlyTree(str);
            Assert.assertFalse(createForTestSession.isGranted(createReadonlyTree, (PropertyState) null, 1L));
            Assert.assertFalse(createForTestSession.isGranted(createReadonlyTree, createReadonlyTree.getProperty("jcr:primaryType"), 2L));
            Assert.assertFalse(createForTestSession.hasPrivileges(createReadonlyTree, new String[]{"rep:readNodes"}));
            Assert.assertFalse(createForTestSession.hasPrivileges(createReadonlyTree, new String[]{"jcr:read"}));
            Assert.assertTrue(createForTestSession.getPrivileges(createReadonlyTree).isEmpty());
            TreePermission createTreePermission = createTreePermission(createForTestSession, str);
            Assert.assertFalse(createTreePermission.canRead());
            Assert.assertFalse(createTreePermission.canRead((PropertyState) Mockito.mock(PropertyState.class)));
            Assert.assertFalse(createTreePermission.canReadAll());
        }
    }

    @Test
    public void testDefaultReadPath() {
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.EMPTY);
        Iterator it = PermissionConstants.DEFAULT_READ_PATHS.iterator();
        while (it.hasNext()) {
            assertReadPath(createForTestSession, (String) it.next());
        }
    }

    @Test
    public void testNonDefaultReadPath() {
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of(TEST_PATH, "/another", "/yet/another")));
        for (String str : new String[]{TEST_PATH, SUBTREE_PATH, TEST_PATH + "/nonExisting"}) {
            assertReadPath(createForTestSession, str);
        }
    }

    private void assertReadPath(@NotNull CompiledPermissionImpl compiledPermissionImpl, @NotNull String str) {
        Assert.assertTrue(compiledPermissionImpl.isGranted(str, 1L));
        Tree createReadonlyTree = createReadonlyTree(str);
        Assert.assertTrue(compiledPermissionImpl.isGranted(createReadonlyTree, (PropertyState) null, 1L));
        Assert.assertTrue(compiledPermissionImpl.isGranted(createReadonlyTree, createReadonlyTree.getProperty("jcr:primaryType"), 2L));
        Assert.assertTrue(compiledPermissionImpl.hasPrivileges(createReadonlyTree, new String[]{"rep:readNodes"}));
        Assert.assertTrue(compiledPermissionImpl.hasPrivileges(createReadonlyTree, new String[]{"jcr:read"}));
        Assert.assertEquals(ImmutableSet.of("jcr:read"), compiledPermissionImpl.getPrivileges(createReadonlyTree));
        TreePermission createTreePermission = createTreePermission(compiledPermissionImpl, str);
        Assert.assertTrue(createTreePermission.canRead());
        Assert.assertTrue(createTreePermission.canRead((PropertyState) Mockito.mock(PropertyState.class)));
        Assert.assertFalse(createTreePermission.canReadAll());
    }

    @Test
    public void testHidden() {
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of()));
        Tree createReadonlyTree = createReadonlyTree("/oak:index/acPrincipalName/:index");
        Assert.assertTrue(createReadonlyTree.exists());
        Assert.assertTrue(createForTestSession.isGranted(createReadonlyTree, (PropertyState) null, 2097151L));
        Assert.assertFalse(createForTestSession.isGranted("/oak:index/acPrincipalName/:index", 2097151L));
        Assert.assertTrue(createForTestSession.getPrivileges(createReadonlyTree).isEmpty());
        Assert.assertSame(TreePermission.ALL, createTreePermission(createForTestSession, "/oak:index/acPrincipalName/:index"));
    }

    @Test
    public void testInternal() throws Exception {
        grant(IdentifierManagerTest.ID_ROOT, EveryonePrincipal.getInstance(), "jcr:read");
        this.root.commit();
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.EMPTY);
        for (String str : new String[]{"/jcr:system/rep:permissionStore", PathUtils.concat("/jcr:system/rep:permissionStore", this.testSession.getWorkspaceName())}) {
            Tree createReadonlyTree = createReadonlyTree(str);
            Assert.assertTrue(createReadonlyTree.exists());
            Assert.assertFalse(createForTestSession.isGranted(createReadonlyTree, (PropertyState) null, 1L));
            Assert.assertTrue(createForTestSession.isGranted(str, 1L));
            Assert.assertTrue(createForTestSession.getPrivileges(createReadonlyTree).isEmpty());
            Assert.assertSame(InternalTreePermission.INSTANCE, createTreePermission(createForTestSession, str));
        }
    }

    @Test
    public void testVersionHistory() throws Exception {
        Tree createVersions = createVersions(SUBTREE_PATH);
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of(TEST_PATH)));
        Assert.assertTrue(createForTestSession.isGranted(createVersions, (PropertyState) null, 3L));
        Assert.assertFalse(createForTestSession.isGranted(createVersions.getPath(), 3L));
        Assert.assertEquals(ImmutableSet.of("jcr:read"), createForTestSession.getPrivileges(createVersions));
        Assert.assertTrue(createForTestSession.hasPrivileges(createVersions, new String[]{"jcr:read"}));
        Assert.assertTrue(createTreePermission(createForTestSession, createVersions.getPath()) instanceof VersionTreePermission);
    }

    @Test
    public void testVersion() throws Exception {
        Tree child = createVersions(SUBTREE_PATH).getChild("1.2");
        Assert.assertEquals("nt:version", TreeUtil.getPrimaryTypeName(child));
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of(TEST_PATH)));
        Assert.assertTrue(createForTestSession.isGranted(child, (PropertyState) null, 3L));
        Assert.assertFalse(createForTestSession.isGranted(child.getPath(), 3L));
        Assert.assertEquals(ImmutableSet.of("jcr:read"), createForTestSession.getPrivileges(child));
        Assert.assertTrue(createForTestSession.hasPrivileges(child, new String[]{"jcr:read"}));
        Assert.assertTrue(createTreePermission(createForTestSession, child.getPath()) instanceof VersionTreePermission);
    }

    @Test
    public void testFrozenNode() throws Exception {
        Tree child = ((Tree) createVersions(TEST_PATH).getChildren().iterator().next()).getChild("jcr:frozenNode");
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.EMPTY);
        for (Tree tree : new Tree[]{child, child.getChild("subtree"), child.getChild("nonExistingChild")}) {
            String path = tree.getPath();
            Assert.assertFalse(path, createForTestSession.isGranted(tree, (PropertyState) null, 3L));
            Assert.assertFalse(path, createForTestSession.isGranted(path, 3L));
            Assert.assertTrue(path, createForTestSession.getPrivileges(tree).isEmpty());
            Assert.assertFalse(path, createForTestSession.hasPrivileges(tree, new String[]{"jcr:read"}));
            Assert.assertTrue(createTreePermission(createForTestSession, path) instanceof VersionTreePermission);
        }
    }

    @Test
    public void testAccessControlledChildInFrozenNode() throws Exception {
        Tree child = createVersions(TEST_PATH).getChild("1.2");
        Tree child2 = child.getChild("jcr:frozenNode").getChild("accessControlled");
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.EMPTY);
        Assert.assertTrue(createForTestSession.isGranted(child2, (PropertyState) null, 31L));
        Assert.assertFalse(createForTestSession.isGranted(child2.getPath(), 3L));
        Assert.assertEquals(ImmutableSet.of("jcr:read", "jcr:write"), createForTestSession.getPrivileges(child2));
        Assert.assertTrue(createForTestSession.hasPrivileges(child2, new String[]{"jcr:read", "jcr:write"}));
        Assert.assertTrue(createTreePermission(createForTestSession, child.getPath()) instanceof VersionTreePermission);
    }

    @Test
    public void testVersionStoreTree() throws Exception {
        Tree parent = createVersions(SUBTREE_PATH).getParent();
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.of("readPaths", ImmutableSet.of(TEST_PATH)));
        Assert.assertFalse(createForTestSession.isGranted(parent, (PropertyState) null, 3L));
        Assert.assertFalse(createForTestSession.isGranted(parent.getPath(), 3L));
        Assert.assertTrue(createForTestSession.getPrivileges(parent).isEmpty());
        Assert.assertFalse(createForTestSession.hasPrivileges(parent, new String[]{"jcr:read"}));
        Assert.assertFalse(createTreePermission(createForTestSession, parent.getPath()) instanceof VersionTreePermission);
    }

    @Test
    public void testVersionableTreeRemoved() throws Exception {
        Tree child = createVersions(ACCESS_CONTROLLED_PATH).getChild("1.2");
        Assert.assertEquals("nt:version", TreeUtil.getPrimaryTypeName(child));
        Tree tree = this.root.getTree(ACCESS_CONTROLLED_PATH);
        PropertyState property = tree.getProperty("jcr:primaryType");
        tree.remove();
        this.root.commit();
        CompiledPermissionImpl createForTestSession = createForTestSession(ConfigurationParameters.EMPTY);
        Assert.assertFalse(createForTestSession.isGranted(child, (PropertyState) null, 3L));
        Assert.assertFalse(createForTestSession.isGranted(child, property, 3L));
        Assert.assertFalse(createForTestSession.isGranted(child.getPath(), 3L));
        Assert.assertTrue(createForTestSession.getPrivileges(child).isEmpty());
        Assert.assertFalse(createForTestSession.hasPrivileges(child, new String[]{"jcr:read"}));
        Assert.assertTrue(createTreePermission(createForTestSession, child.getPath()) instanceof VersionTreePermission);
    }

    @Test
    public void testCacheBuildOnDemand() throws Exception {
        grant(ACCESS_CONTROLLED_PATH, getTestUser().getPrincipal(), "jcr:versionManagement");
        grant(ACCESS_CONTROLLED_PATH, EveryonePrincipal.getInstance(), "jcr:read");
        this.root.commit();
        Root createReadOnlyRoot = getRootProvider().createReadOnlyRoot(this.testSession.getLatestRoot());
        String workspaceName = this.testSession.getWorkspaceName();
        PermissionStore mockPermissionStore = mockPermissionStore(createReadOnlyRoot, workspaceName);
        CompiledPermissionImpl create = create(createReadOnlyRoot, workspaceName, ImmutableSet.of(getTestUser().getPrincipal(), EveryonePrincipal.getInstance()), mockPermissionStore, ConfigurationParameters.EMPTY);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 1024L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 3L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        Mockito.clearInvocations(new PermissionStore[]{mockPermissionStore});
        create.isGranted(ACCESS_CONTROLLED_PATH, 124L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.refresh(createReadOnlyRoot, workspaceName);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(1))).flush(createReadOnlyRoot);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 8L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
    }

    @Test
    public void testMissingGroupStore() throws Exception {
        grant(ACCESS_CONTROLLED_PATH, getTestUser().getPrincipal(), "jcr:versionManagement");
        this.root.commit();
        Root createReadOnlyRoot = getRootProvider().createReadOnlyRoot(this.testSession.getLatestRoot());
        String workspaceName = this.testSession.getWorkspaceName();
        PermissionStore mockPermissionStore = mockPermissionStore(createReadOnlyRoot, workspaceName);
        CompiledPermissionImpl create = create(createReadOnlyRoot, workspaceName, ImmutableSet.of(getTestUser().getPrincipal()), mockPermissionStore, ConfigurationParameters.EMPTY);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 1L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(1))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.refresh(createReadOnlyRoot, workspaceName);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(1))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 1L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        Assert.assertFalse(create.isGranted(ACCESS_CONTROLLED_PATH, 28L));
        Assert.assertTrue(create.isGranted(ACCESS_CONTROLLED_PATH, 1024L));
        Tree createReadonlyTree = createReadonlyTree(ACCESS_CONTROLLED_PATH);
        Assert.assertFalse(create.hasPrivileges(createReadonlyTree, new String[]{"jcr:write"}));
        Assert.assertTrue(create.hasPrivileges(createReadonlyTree, new String[]{"jcr:versionManagement"}));
        Assert.assertEquals(ImmutableSet.of("jcr:versionManagement"), create.getPrivileges(createReadonlyTree(ACCESS_CONTROLLED_PATH)));
        TreePermission createTreePermission = createTreePermission(create, ACCESS_CONTROLLED_PATH);
        Assert.assertTrue(createTreePermission.isGranted(1024L));
        Assert.assertFalse(createTreePermission.canRead());
        Assert.assertFalse(createTreePermission.canRead((PropertyState) Mockito.mock(PropertyState.class)));
        Assert.assertFalse(createTreePermission.canReadAll());
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).load(ArgumentMatchers.anyString());
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).load(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
    }

    @Test
    public void testMissingUserStore() {
        Root createReadOnlyRoot = getRootProvider().createReadOnlyRoot(this.testSession.getLatestRoot());
        String workspaceName = this.testSession.getWorkspaceName();
        PermissionStore mockPermissionStore = mockPermissionStore(createReadOnlyRoot, workspaceName);
        CompiledPermissionImpl create = create(createReadOnlyRoot, workspaceName, ImmutableSet.of(EveryonePrincipal.getInstance()), mockPermissionStore, ConfigurationParameters.EMPTY);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 1L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(1))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.refresh(createReadOnlyRoot, workspaceName);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(1))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        create.isGranted(ACCESS_CONTROLLED_PATH, 1L);
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).getNumEntries(ArgumentMatchers.anyString(), ArgumentMatchers.anyLong());
        Assert.assertTrue(create.isGranted(ACCESS_CONTROLLED_PATH, 28L));
        Assert.assertTrue(create.hasPrivileges(createReadonlyTree(ACCESS_CONTROLLED_PATH), new String[]{"jcr:write"}));
        Assert.assertEquals(ImmutableSet.of("jcr:read", "jcr:write"), create.getPrivileges(createReadonlyTree(ACCESS_CONTROLLED_PATH)));
        TreePermission createTreePermission = createTreePermission(create, ACCESS_CONTROLLED_PATH);
        Assert.assertTrue(createTreePermission.isGranted(28L));
        Assert.assertTrue(createTreePermission.canRead());
        Assert.assertTrue(createTreePermission.canRead((PropertyState) Mockito.mock(PropertyState.class)));
        Assert.assertFalse(createTreePermission.canReadAll());
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.times(2))).load(ArgumentMatchers.anyString());
        ((PermissionStore) Mockito.verify(mockPermissionStore, Mockito.never())).load(ArgumentMatchers.anyString(), ArgumentMatchers.anyString());
    }

    @Test(expected = IllegalArgumentException.class)
    public void testGetTreePermissionInvalidParent() {
        String workspaceName = this.adminSession.getWorkspaceName();
        create(this.root, workspaceName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(this.root, workspaceName), ConfigurationParameters.EMPTY).getTreePermission(this.root.getTree("/jcr:system"), (TreePermission) Mockito.mock(TreePermission.class));
    }

    @Test
    public void testGetTreePermissionForHiddenVersionable() throws Exception {
        String workspaceName = this.adminSession.getWorkspaceName();
        CompiledPermissionImpl create = create(this.root, workspaceName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(this.root, workspaceName), ConfigurationParameters.EMPTY);
        TreeTypeAware treeTypeAware = (Tree) Mockito.mock(Tree.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeTypeAware.class}));
        Mockito.when(treeTypeAware.getType()).thenReturn(TreeType.HIDDEN);
        Mockito.when(Boolean.valueOf(treeTypeAware.exists())).thenReturn(true);
        setVersionManager(create, treeTypeAware);
        TreePermission treePermission = create.getTreePermission((Tree) Mockito.when(Boolean.valueOf(((Tree) Mockito.mock(Tree.class)).exists())).thenReturn(true).getMock(), TreeType.VERSION, TreePermission.EMPTY);
        Assert.assertTrue(treePermission instanceof VersionTreePermission);
        Assert.assertTrue(treePermission.canReadAll());
    }

    @Test
    public void testGetTreePermissionForInternalVersionable() throws Exception {
        String workspaceName = this.adminSession.getWorkspaceName();
        CompiledPermissionImpl create = create(this.root, workspaceName, Collections.singleton(EveryonePrincipal.getInstance()), mockPermissionStore(this.root, workspaceName), ConfigurationParameters.EMPTY);
        TreeTypeAware treeTypeAware = (Tree) Mockito.mock(Tree.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeTypeAware.class}));
        Mockito.when(treeTypeAware.getType()).thenReturn(TreeType.INTERNAL);
        Mockito.when(Boolean.valueOf(treeTypeAware.exists())).thenReturn(true);
        setVersionManager(create, treeTypeAware);
        TreePermission treePermission = create.getTreePermission((Tree) Mockito.when(Boolean.valueOf(((Tree) Mockito.mock(Tree.class)).exists())).thenReturn(true).getMock(), TreeType.VERSION, TreePermission.EMPTY);
        Assert.assertTrue(treePermission instanceof VersionTreePermission);
        Assert.assertFalse(treePermission.canRead());
        Assert.assertFalse(treePermission.canReadProperties());
        Assert.assertFalse(treePermission.canReadAll());
        Assert.assertFalse(treePermission.isGranted(0L));
    }

    private static void setVersionManager(@NotNull CompiledPermissionImpl compiledPermissionImpl, @NotNull Tree tree) throws Exception {
        ReadOnlyVersionManager createVersionManager = createVersionManager(tree);
        Field declaredField = CompiledPermissionImpl.class.getDeclaredField("versionManager");
        declaredField.setAccessible(true);
        declaredField.set(compiledPermissionImpl, createVersionManager);
    }

    private static ReadOnlyVersionManager createVersionManager(@Nullable final Tree tree) {
        return new ReadOnlyVersionManager() { // from class: org.apache.jackrabbit.oak.security.authorization.permission.CompiledPermissionImplTest.1
            @NotNull
            protected Tree getVersionStorage() {
                throw new UnsupportedOperationException();
            }

            @NotNull
            protected Root getWorkspaceRoot() {
                throw new UnsupportedOperationException();
            }

            @NotNull
            protected ReadOnlyNodeTypeManager getNodeTypeManager() {
                throw new UnsupportedOperationException();
            }

            @Nullable
            public Tree getVersionable(@NotNull Tree tree2, @NotNull String str) {
                return tree;
            }
        };
    }
}
