package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import com.google.common.collect.Lists;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlWithUnknownPrincipalTest.class */
public class AccessControlWithUnknownPrincipalTest extends AbstractAccessControlTest {
    private final int importBehavior;
    private final String importBehaviorName;
    private AccessControlManagerImpl acMgr;
    private ValueFactory valueFactory;

    @Parameterized.Parameters(name = "ImportBehavior={1}")
    public static Collection<Object[]> parameters() {
        return Lists.newArrayList(new Object[]{new Object[]{1, "ignore"}, new Object[]{2, "besteffort"}, new Object[]{3, "abort"}});
    }

    public AccessControlWithUnknownPrincipalTest(int i, String str) {
        this.importBehavior = i;
        this.importBehaviorName = str;
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.accesscontrol.AbstractAccessControlTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.acMgr = new AccessControlManagerImpl(this.root, getNamePathMapper(), getSecurityProvider());
        this.valueFactory = getValueFactory(this.root);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("importBehavior", this.importBehaviorName));
    }

    @NotNull
    private String getUnknownPrincipalName() {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        return "unknown0";
    }

    private void assertImportBehavior(String str) {
        if (this.importBehavior != 3) {
            Assert.fail(str);
        }
    }

    @Test
    public void testGetApplicablePoliciesInvalidPrincipal() throws Exception {
        try {
            JackrabbitAccessControlPolicy[] applicablePolicies = this.acMgr.getApplicablePolicies(new InvalidTestPrincipal(getUnknownPrincipalName()));
            switch (this.importBehavior) {
                case 1:
                    Assert.assertEquals(0L, applicablePolicies.length);
                    break;
                case 2:
                    Assert.assertEquals(1L, applicablePolicies.length);
                    break;
                case 3:
                default:
                    Assert.fail("Getting applicable policies for unknown principal should fail");
                    break;
            }
        } catch (AccessControlException e) {
            assertImportBehavior("Getting applicable policies for unknown principal with importBehavior " + this.importBehaviorName + " must not throw AccessControlException");
        }
    }

    @Test
    public void testGetApplicablePoliciesInternalPrincipal() throws Exception {
        assertPolicies(this.acMgr.getApplicablePolicies(new PrincipalImpl(getUnknownPrincipalName())), 1L);
    }

    @Test
    public void testGetPoliciesInvalidPrincipal() throws Exception {
        assertGetPolicies(new InvalidTestPrincipal(getUnknownPrincipalName()), 0);
    }

    @Test
    public void testGetPoliciesRemovedPrincipal() throws Exception {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, "/testPath");
        Assert.assertNotNull(accessControlList);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
        this.acMgr.setPolicy("/testPath", accessControlList);
        Principal principal = () -> {
            return this.testPrincipal.getName();
        };
        removeTestUser();
        assertGetPolicies(principal, 1);
    }

    private void assertGetPolicies(@NotNull Principal principal, int i) throws Exception {
        try {
            JackrabbitAccessControlPolicy[] policies = this.acMgr.getPolicies(principal);
            switch (this.importBehavior) {
                case 1:
                    Assert.assertEquals(0L, policies.length);
                    break;
                case 2:
                    Assert.assertEquals(i, policies.length);
                    break;
                case 3:
                default:
                    Assert.fail("Getting applicable policies for unknown principal should fail");
                    break;
            }
        } catch (AccessControlException e) {
            assertImportBehavior("Getting policies for unknown principal with importBehavior " + this.importBehaviorName + " must not throw AccessControlException");
        }
    }

    @Test
    public void testGetPoliciesInternalPrincipal() throws Exception {
        assertPolicies(this.acMgr.getPolicies(new PrincipalImpl(getUnknownPrincipalName())), 0L);
    }

    @Test
    public void testGetEffectivePoliciesInvalidPrincipal() throws Exception {
        try {
            AccessControlPolicy[] effectivePolicies = this.acMgr.getEffectivePolicies(Collections.singleton(new InvalidTestPrincipal(getUnknownPrincipalName())));
            switch (this.importBehavior) {
                case 1:
                case 2:
                    Assert.assertEquals(0L, effectivePolicies.length);
                    break;
                case 3:
                default:
                    Assert.fail("Getting effective policies for unknown principal should fail");
                    break;
            }
        } catch (AccessControlException e) {
            assertImportBehavior("Getting effective policies for unknown principal with importBehavior " + this.importBehaviorName + " must not throw AccessControlException");
        }
    }

    @Test
    public void testGetEffectivePoliciesInternalPrincipal() throws Exception {
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies(Collections.singleton(new PrincipalImpl(getUnknownPrincipalName()))).length);
    }

    @Test
    public void testAddEntryInvalidPrincipal() throws Exception {
        try {
            boolean addAccessControlEntry = AccessControlUtils.getAccessControlList(this.acMgr, "/testPath").addAccessControlEntry(new InvalidTestPrincipal("unknown"), privilegesFromNames("jcr:read"));
            switch (this.importBehavior) {
                case 1:
                    Assert.assertFalse(addAccessControlEntry);
                    break;
                case 2:
                    Assert.assertTrue(addAccessControlEntry);
                    break;
                case 3:
                default:
                    Assert.fail("Adding an ACE with an unknown principal should fail");
                    break;
            }
        } catch (AccessControlException e) {
            assertImportBehavior("Adding entry for unknown principal with importBehavior " + this.importBehaviorName + " must not throw AccessControlException");
        }
    }

    @Test
    public void testAddEntryInternalPrincipal() throws RepositoryException {
        Assert.assertTrue(AccessControlUtils.getAccessControlList(this.acMgr, "/testPath").addAccessControlEntry(new PrincipalImpl("unknown"), privilegesFromNames("jcr:read")));
    }

    @Test(expected = AccessControlException.class)
    public void testNullPrincipal() throws Exception {
        AccessControlUtils.getAccessControlList(this.acMgr, "/testPath").addAccessControlEntry((Principal) null, privilegesFromNames("jcr:read"));
    }

    @Test(expected = AccessControlException.class)
    public void testEmptyPrincipal() throws Exception {
        AccessControlUtils.getAccessControlList(this.acMgr, "/testPath").addAccessControlEntry(new PrincipalImpl(""), privilegesFromNames("jcr:read"));
    }
}
