package org.apache.jackrabbit.oak.security.authorization.composite;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderFullScopeTest.class */
public class CompositeProviderFullScopeTest extends AbstractCompositeProviderTest {
    private CompositePermissionProvider cppTestUser;
    private CompositePermissionProvider cppAdminUser;

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.cppTestUser = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
        this.cppAdminUser = createPermissionProvider(this.root.getContentSession().getAuthInfo().getPrincipals());
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    protected AggregatedPermissionProvider getTestPermissionProvider() {
        return new FullScopeProvider(this.readOnlyRoot);
    }

    @Test
    public void testGetPrivileges() throws Exception {
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.readOnlyRoot);
        PrivilegeBits bits = privilegeBitsProvider.getBits(new String[]{"rep:readNodes"});
        ImmutableSet of = ImmutableSet.of("rep:readNodes");
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            Set privileges = this.cppTestUser.getPrivileges(this.readOnlyRoot.getTree(str));
            if (privilegeBitsProvider.getBits(set).includes(bits)) {
                Assert.assertEquals(of, privileges);
            } else {
                Assert.assertTrue(privileges.isEmpty());
            }
        }
    }

    @Test
    public void testGetPrivilegesAdmin() throws Exception {
        ImmutableSet of = ImmutableSet.of("rep:readNodes");
        Iterator<String> it = NODE_PATHS.iterator();
        while (it.hasNext()) {
            Assert.assertEquals(of, this.cppAdminUser.getPrivileges(this.readOnlyRoot.getTree(it.next())));
        }
    }

    @Test
    public void testGetPrivilegesOnRepo() throws Exception {
        Assert.assertEquals(ImmutableSet.of("jcr:namespaceManagement"), this.cppTestUser.getPrivileges((Tree) null));
    }

    @Test
    public void testGetPrivilegesOnRepoAdmin() throws Exception {
        Assert.assertEquals(ImmutableSet.of("jcr:namespaceManagement"), this.cppAdminUser.getPrivileges((Tree) null));
    }

    @Test
    public void testHasPrivileges() throws Exception {
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.readOnlyRoot);
        PrivilegeBits bits = privilegeBitsProvider.getBits(new String[]{"rep:readNodes"});
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            PrivilegeBits bits2 = privilegeBitsProvider.getBits(set);
            Tree tree = this.readOnlyRoot.getTree(str);
            if (set.isEmpty()) {
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, new String[]{"rep:readNodes"}));
            } else if (bits2.includes(bits)) {
                Assert.assertTrue(str, this.cppTestUser.hasPrivileges(tree, new String[]{"rep:readNodes"}));
                if (!bits.equals(bits2)) {
                    Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, (String[]) set.toArray(new String[set.size()])));
                }
            } else {
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, new String[]{"rep:readNodes"}));
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, (String[]) set.toArray(new String[set.size()])));
            }
        }
    }

    @Test
    public void testHasPrivilegesAdmin() throws Exception {
        Iterator<String> it = NODE_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.readOnlyRoot.getTree(it.next());
            Assert.assertTrue(this.cppAdminUser.hasPrivileges(tree, new String[]{"rep:readNodes"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:read"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:all"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:write"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"rep:readNodes", "rep:readProperties"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:modifyProperties"}));
            Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:lockManagement"}));
        }
    }

    @Test
    public void testHasPrivilegesOnRepo() throws Exception {
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement"}));
        Assert.assertFalse(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertFalse(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testHasPrivilegeOnRepoAdmin() throws Exception {
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement"}));
        Assert.assertFalse(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertFalse(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testIsGranted() throws Exception {
        for (String str : this.defPermissions.keySet()) {
            long longValue = this.defPermissions.get(str).longValue();
            Tree tree = this.readOnlyRoot.getTree(str);
            if (1 != longValue) {
                Assert.assertFalse(str, this.cppTestUser.isGranted(tree, (PropertyState) null, longValue));
            }
            Assert.assertEquals(str, Boolean.valueOf(Permissions.includes(longValue, 1L)), Boolean.valueOf(this.cppTestUser.isGranted(tree, (PropertyState) null, 1L)));
        }
    }

    @Test
    public void testIsGrantedAdmin() throws Exception {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertTrue(str, this.cppAdminUser.isGranted(tree, (PropertyState) null, 1L));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, (PropertyState) null, 3L));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, (PropertyState) null, 124L));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, (PropertyState) null, 2097151L));
        }
    }

    @Test
    public void testIsGrantedProperty() throws Exception {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertFalse(str, this.cppTestUser.isGranted(tree, PROPERTY_STATE, 2L));
            Assert.assertFalse(str, this.cppTestUser.isGranted(tree, PROPERTY_STATE, 28L));
        }
    }

    @Test
    public void testIsGrantedPropertyAdmin() throws Exception {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 2L));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 28L));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 2097151L));
        }
    }

    @Test
    public void testIsGrantedAction() throws Exception {
        for (String str : this.defActionsGranted.keySet()) {
            String[] strArr = this.defActionsGranted.get(str);
            if (ImmutableList.copyOf(strArr).contains("read")) {
                Assert.assertEquals(str, Boolean.valueOf(TreeLocation.create(this.readOnlyRoot, str).getTree() != null), Boolean.valueOf(this.cppTestUser.isGranted(str, "read")));
            } else {
                Assert.assertFalse(str, this.cppTestUser.isGranted(str, "read"));
            }
            if (strArr.length > 1) {
                Assert.assertFalse(str, this.cppTestUser.isGranted(str, getActionString(strArr)));
            }
        }
    }

    @Test
    public void testIsGrantedAction2() throws Exception {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, new String[]{"read"}).put("/jcr:primaryType", new String[]{"read", "set_property"}).put("/nonexisting", new String[]{"read", "add_node"}).put("/test2", new String[]{"read", "remove"}).put("/test2/jcr:primaryType", new String[]{"read", "set_property"}).put("/test/a/b/c", new String[]{"read", "remove"}).put("/test/a/b/c/noneExisting", new String[]{"read", "remove_node"}).put("/test/a/b/c/jcr:primaryType", new String[]{"remove_property"}).build();
        for (String str : build.keySet()) {
            Assert.assertFalse(str, this.cppTestUser.isGranted(str, getActionString((String[]) build.get(str))));
        }
    }

    @Test
    public void testIsGrantedActionAdmin() throws Exception {
        for (String str : this.defActionsGranted.keySet()) {
            Assert.assertEquals(str, Boolean.valueOf(this.readOnlyRoot.getTree(str).exists()), Boolean.valueOf(this.cppAdminUser.isGranted(str, "read")));
            Assert.assertFalse(str, this.cppAdminUser.isGranted(str, getActionString(ALL_ACTIONS)));
        }
    }

    @Test
    public void testRepositoryPermissionIsGranted() throws Exception {
        RepositoryPermission repositoryPermission = this.cppTestUser.getRepositoryPermission();
        Assert.assertTrue(repositoryPermission.isGranted(65536L));
        Assert.assertFalse(repositoryPermission.isGranted(32768L));
        Assert.assertFalse(repositoryPermission.isGranted(98304L));
    }

    @Test
    public void testRepositoryPermissionIsGrantedAdminUser() throws Exception {
        RepositoryPermission repositoryPermission = this.cppAdminUser.getRepositoryPermission();
        Assert.assertTrue(repositoryPermission.isGranted(65536L));
        Assert.assertFalse(repositoryPermission.isGranted(32768L));
        Assert.assertFalse(repositoryPermission.isGranted(98304L));
        Assert.assertFalse(repositoryPermission.isGranted(262144L));
        Assert.assertFalse(repositoryPermission.isGranted(327680L));
        Assert.assertFalse(repositoryPermission.isGranted(2097151L));
    }

    @Test
    public void testTreePermissionIsGranted() throws Exception {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                if (1 == l.longValue()) {
                    Assert.assertTrue(str, treePermission2.isGranted(l.longValue()));
                } else {
                    Assert.assertEquals(str, Boolean.valueOf(Permissions.includes(l.longValue(), 1L)), Boolean.valueOf(treePermission2.isGranted(1L)));
                    Assert.assertFalse(str, treePermission2.isGranted(l.longValue()));
                }
            }
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionIsGrantedProperty() throws Exception {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                Assert.assertEquals(str, Boolean.valueOf(l.longValue() == 1), Boolean.valueOf(treePermission2.isGranted(l.longValue(), PROPERTY_STATE)));
            }
            Assert.assertFalse(treePermission2.isGranted(2L, PROPERTY_STATE));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanRead() throws Exception {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, false).put("/test", true).put("/test/a", true).put("/test/a/b", true).put("/test/a/b/c", false).put("/test/a/b/c/nonexisting", false).build();
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : build.keySet()) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertEquals(str, Boolean.valueOf(((Boolean) build.get(str)).booleanValue()), Boolean.valueOf(treePermission2.canRead()));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanReadProperty() throws Exception {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertFalse(str, treePermission2.canRead(PROPERTY_STATE));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanReadAdmin() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertTrue(str, treePermission2.canRead());
            Assert.assertFalse(str, treePermission2.canRead(PROPERTY_STATE));
            treePermission = treePermission2;
        }
    }
}
