package org.apache.jackrabbit.oak.security.authorization.composite;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderNoScopeTest.class */
public class CompositeProviderNoScopeTest extends AbstractCompositeProviderTest {
    private CompositePermissionProvider cppTestUser;
    private PermissionProvider defTestUser;
    private CompositePermissionProvider cppAdminUser;
    private PermissionProvider defAdminUser;

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        ContentSession contentSession = this.root.getContentSession();
        ImmutableSet of = ImmutableSet.of(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
        this.cppTestUser = createPermissionProvider((Set<Principal>) of);
        this.defTestUser = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, contentSession.getWorkspaceName(), of);
        Set<Principal> principals = contentSession.getAuthInfo().getPrincipals();
        this.cppAdminUser = createPermissionProvider(principals);
        this.defAdminUser = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, contentSession.getWorkspaceName(), principals);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    protected AggregatedPermissionProvider getTestPermissionProvider() {
        return new NoScopeProvider(this.root);
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    @Test
    public void testGetTreePermissionInstance() {
        CompositePermissionProvider createPermissionProviderOR = createPermissionProviderOR(new Principal[0]);
        TreePermission treePermission = TreePermission.EMPTY;
        Iterator<String> it = TP_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.readOnlyRoot.getTree(it.next());
            TreePermission treePermission2 = createPermissionProviderOR.getTreePermission(tree, treePermission);
            assertCompositeTreePermission(tree.isRoot(), treePermission2);
            treePermission = treePermission2;
        }
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    @Test
    public void testGetTreePermissionInstanceOR() {
        CompositePermissionProvider createPermissionProviderOR = createPermissionProviderOR(new Principal[0]);
        TreePermission treePermission = TreePermission.EMPTY;
        Iterator<String> it = TP_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.readOnlyRoot.getTree(it.next());
            TreePermission treePermission2 = createPermissionProviderOR.getTreePermission(tree, treePermission);
            assertCompositeTreePermission(tree.isRoot(), treePermission2);
            treePermission = treePermission2;
        }
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    @Test
    public void testTreePermissionGetChild() {
        ImmutableList<String> of = ImmutableList.of("test", "a", "b", "c", "nonexisting");
        Tree tree = this.readOnlyRoot.getTree(IdentifierManagerTest.ID_ROOT);
        NodeState asNodeState = getTreeProvider().asNodeState(tree);
        TreePermission treePermission = createPermissionProvider(new Principal[0]).getTreePermission(tree, TreePermission.EMPTY);
        assertCompositeTreePermission(treePermission);
        for (String str : of) {
            asNodeState = asNodeState.getChildNode(str);
            treePermission = treePermission.getChildPermission(str, asNodeState);
            assertCompositeTreePermission(false, treePermission);
        }
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    @Test
    public void testTreePermissionGetChildOR() {
        ImmutableList<String> of = ImmutableList.of("test", "a", "b", "c", "nonexisting");
        Tree tree = this.readOnlyRoot.getTree(IdentifierManagerTest.ID_ROOT);
        NodeState asNodeState = getTreeProvider().asNodeState(tree);
        TreePermission treePermission = createPermissionProviderOR(new Principal[0]).getTreePermission(tree, TreePermission.EMPTY);
        assertCompositeTreePermission(treePermission);
        for (String str : of) {
            asNodeState = asNodeState.getChildNode(str);
            treePermission = treePermission.getChildPermission(str, asNodeState);
            assertCompositeTreePermission(false, treePermission);
        }
    }

    @Test
    public void testGetPrivileges() {
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertEquals(str, set, this.cppTestUser.getPrivileges(tree));
            Assert.assertEquals(str, this.defTestUser.getPrivileges(tree), this.cppTestUser.getPrivileges(tree));
        }
    }

    @Test
    public void testGetPrivilegesOr() throws Exception {
        ImmutableSet of = ImmutableSet.of(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
        CompositePermissionProvider createPermissionProviderOR = createPermissionProviderOR((Set<Principal>) of);
        PermissionProvider permissionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), of);
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertEquals(str, set, createPermissionProviderOR.getPrivileges(tree));
            Assert.assertEquals(str, permissionProvider.getPrivileges(tree), createPermissionProviderOR.getPrivileges(tree));
        }
    }

    @Test
    public void testGetPrivilegesAdmin() {
        ImmutableSet of = ImmutableSet.of("jcr:all");
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertEquals(str, of, this.cppAdminUser.getPrivileges(tree));
            Assert.assertEquals(str, this.defAdminUser.getPrivileges(tree), this.cppAdminUser.getPrivileges(tree));
        }
    }

    @Test
    public void testGetPrivilegesOnRepo() {
        Assert.assertEquals(ImmutableSet.of("jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"), this.cppTestUser.getPrivileges((Tree) null));
        Assert.assertEquals(this.defTestUser.getPrivileges((Tree) null), this.cppTestUser.getPrivileges((Tree) null));
    }

    @Test
    public void testGetPrivilegesOnRepoAdmin() {
        Assert.assertEquals(ImmutableSet.of("jcr:all"), this.cppAdminUser.getPrivileges((Tree) null));
        Assert.assertEquals(this.defAdminUser.getPrivileges((Tree) null), this.cppAdminUser.getPrivileges((Tree) null));
    }

    @Test
    public void testHasPrivileges() {
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            Tree tree = this.readOnlyRoot.getTree(str);
            String[] strArr = (String[]) set.toArray(new String[set.size()]);
            Assert.assertTrue(str, this.cppTestUser.hasPrivileges(tree, strArr));
            Assert.assertEquals(str, Boolean.valueOf(this.defTestUser.hasPrivileges(tree, strArr)), Boolean.valueOf(this.cppTestUser.hasPrivileges(tree, strArr)));
        }
    }

    @Test
    public void testHasPrivilegesAdmin() {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:all"}));
            Assert.assertTrue(str, this.defAdminUser.hasPrivileges(tree, new String[]{"jcr:all"}));
        }
    }

    @Test
    public void testHasPrivilegesOnRepo() {
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertTrue(this.defTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[0]));
        Assert.assertTrue(this.defTestUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testHasPrivilegeOnRepoAdminUser() {
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.defAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[0]));
        Assert.assertTrue(this.defAdminUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testIsGranted() {
        for (String str : this.defPermissions.keySet()) {
            long longValue = this.defPermissions.get(str).longValue();
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppTestUser.isGranted(tree, (PropertyState) null, longValue));
            Assert.assertTrue(str, this.defTestUser.isGranted(tree, (PropertyState) null, longValue));
        }
    }

    @Test
    public void testIsGrantedAdmin() {
        for (String str : this.defPermissions.keySet()) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppAdminUser.isGranted(tree, (PropertyState) null, 2097151L));
            Assert.assertTrue(str, this.defAdminUser.isGranted(tree, (PropertyState) null, 2097151L));
        }
    }

    @Test
    public void testIsGrantedProperty() {
        for (String str : this.defPermissions.keySet()) {
            long longValue = this.defPermissions.get(str).longValue();
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppTestUser.isGranted(tree, PROPERTY_STATE, longValue));
            Assert.assertTrue(str, this.defTestUser.isGranted(tree, PROPERTY_STATE, longValue));
        }
    }

    @Test
    public void testIsGrantedPropertyAdmin() {
        for (String str : this.defPermissions.keySet()) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 2097151L));
            Assert.assertTrue(str, this.defAdminUser.isGranted(tree, PROPERTY_STATE, 2097151L));
        }
    }

    @Test
    public void testIsGrantedAction() {
        for (String str : this.defActionsGranted.keySet()) {
            String actionString = getActionString(this.defActionsGranted.get(str));
            Assert.assertTrue(str + " : " + actionString, this.cppTestUser.isGranted(str, actionString));
            Assert.assertTrue(str + " : " + actionString, this.defTestUser.isGranted(str, actionString));
        }
    }

    @Test
    public void testIsGrantedAction2() {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, new String[]{"read"}).put("/jcr:primaryType", new String[]{"read", "set_property"}).put("/nonexisting", new String[]{"read", "add_node"}).put("/test2", new String[]{"read", "remove"}).put("/test2/jcr:primaryType", new String[]{"read", "set_property"}).put("/test/a/b/c", new String[]{"read", "remove"}).put("/test/a/b/c/noneExisting", new String[]{"read", "remove_node"}).put("/test/a/b/c/jcr:primaryType", new String[]{"remove_property"}).build();
        for (String str : build.keySet()) {
            String actionString = getActionString((String[]) build.get(str));
            Assert.assertFalse(str, this.cppTestUser.isGranted(str, actionString));
            Assert.assertFalse(str, this.defTestUser.isGranted(str, actionString));
        }
    }

    @Test
    public void testIsGrantedActionAdmin() {
        String actionString = getActionString(ALL_ACTIONS);
        for (String str : this.defActionsGranted.keySet()) {
            Assert.assertTrue(str + " : " + actionString, this.cppAdminUser.isGranted(str, actionString));
            Assert.assertTrue(str + " : " + actionString, this.defAdminUser.isGranted(str, actionString));
        }
    }

    @Test
    public void testRepositoryPermissionIsGranted() {
        RepositoryPermission repositoryPermission = this.cppTestUser.getRepositoryPermission();
        Assert.assertTrue(repositoryPermission.isGranted(65536L));
        Assert.assertTrue(repositoryPermission.isGranted(32768L));
        Assert.assertTrue(repositoryPermission.isGranted(98304L));
    }

    @Test
    public void testRepositoryPermissionIsGrantedAdminUser() {
        Assert.assertTrue(this.cppAdminUser.getRepositoryPermission().isGranted(2097151L));
    }

    @Test
    public void testTreePermissionIsGranted() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                Assert.assertTrue(treePermission2.isGranted(l.longValue()));
            }
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionIsGrantedProperty() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                Assert.assertTrue(treePermission2.isGranted(l.longValue(), PROPERTY_STATE));
            }
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanRead() {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, false).put("/test", true).put("/test/a", true).put("/test/a/b", true).put("/test/a/b/c", false).put("/test/a/b/c/nonexisting", false).build();
        TreePermission treePermission = TreePermission.EMPTY;
        TreePermission treePermission2 = TreePermission.EMPTY;
        for (String str : build.keySet()) {
            Tree tree = this.readOnlyRoot.getTree(str);
            TreePermission treePermission3 = this.cppTestUser.getTreePermission(tree, treePermission);
            TreePermission treePermission4 = this.defTestUser.getTreePermission(tree, treePermission2);
            boolean booleanValue = ((Boolean) build.get(str)).booleanValue();
            Assert.assertEquals(str, Boolean.valueOf(booleanValue), Boolean.valueOf(treePermission3.canRead()));
            Assert.assertEquals(str + "(default)", Boolean.valueOf(booleanValue), Boolean.valueOf(treePermission4.canRead()));
            treePermission = treePermission3;
            treePermission2 = treePermission4;
        }
    }

    @Test
    public void testTreePermissionCanReadProperty() {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, false).put("/test", true).put("/test/a", true).put("/test/a/b", true).put("/test/a/b/c", true).put("/test/a/b/c/nonexisting", true).build();
        TreePermission treePermission = TreePermission.EMPTY;
        TreePermission treePermission2 = TreePermission.EMPTY;
        for (String str : build.keySet()) {
            Tree tree = this.readOnlyRoot.getTree(str);
            TreePermission treePermission3 = this.cppTestUser.getTreePermission(tree, treePermission);
            TreePermission treePermission4 = this.defTestUser.getTreePermission(tree, treePermission2);
            boolean booleanValue = ((Boolean) build.get(str)).booleanValue();
            Assert.assertEquals(str, Boolean.valueOf(booleanValue), Boolean.valueOf(treePermission3.canRead(PROPERTY_STATE)));
            Assert.assertEquals(str + "(default)", Boolean.valueOf(booleanValue), Boolean.valueOf(treePermission4.canRead(PROPERTY_STATE)));
            treePermission = treePermission3;
            treePermission2 = treePermission4;
        }
    }

    @Test
    public void testTreePermissionCanReadAdmin() {
        TreePermission treePermission = TreePermission.EMPTY;
        TreePermission treePermission2 = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            TreePermission treePermission3 = this.cppAdminUser.getTreePermission(tree, treePermission);
            TreePermission treePermission4 = this.defAdminUser.getTreePermission(tree, treePermission2);
            Assert.assertTrue(str, treePermission3.canRead());
            Assert.assertTrue(str, treePermission3.canRead(PROPERTY_STATE));
            Assert.assertTrue(str + "(default)", treePermission4.canRead());
            Assert.assertTrue(str + "(default)", treePermission4.canRead(PROPERTY_STATE));
            treePermission = treePermission3;
            treePermission2 = treePermission4;
        }
    }

    @Test
    public void testTreePermissionSize() throws Exception {
        CompositeTreePermission.class.getDeclaredField("treePermissions").setAccessible(true);
        Tree tree = this.readOnlyRoot.getTree(IdentifierManagerTest.ID_ROOT);
        NodeState asNodeState = getTreeProvider().asNodeState(tree);
        TreePermission treePermission = this.cppTestUser.getTreePermission(tree, TreePermission.EMPTY);
        Assert.assertEquals(2L, ((TreePermission[]) r0.get(treePermission)).length);
        for (String str : ImmutableList.of("test", "a", "b", "c", "nonexisting")) {
            asNodeState = asNodeState.getChildNode(str);
            treePermission = treePermission.getChildPermission(str, asNodeState);
            assertCompositeTreePermission(false, treePermission);
        }
    }
}
