package org.apache.jackrabbit.oak.security.authorization.composite;

import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProviderOrTest.class */
public class CompositePermissionProviderOrTest extends AbstractSecurityTest {
    private final boolean extraVerification;
    private CompositePermissionProvider pp;
    private Root readOnlyRoot;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositePermissionProviderOrTest$ReadNodeGrantedInSupportedTree.class */
    public final class ReadNodeGrantedInSupportedTree implements AggregatedPermissionProvider {
        private ReadNodeGrantedInSupportedTree() {
        }

        private boolean isSupportedPath(@NotNull String str) {
            return Text.isDescendantOrEqual("/test/a", str);
        }

        private boolean includesSupportedPermission(long j) {
            return Permissions.includes(j, 1L);
        }

        private boolean isGranted(@NotNull String str, long j) {
            return CompositePermissionProviderOrTest.this.extraVerification ? isSupportedPath(str) && j == 1 : isSupportedPath(str);
        }

        @NotNull
        public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
            throw new UnsupportedOperationException();
        }

        public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
            return tree == null ? Permissions.includes(j, 131072L) ? 131072L : 0L : (isSupportedPath(tree.getPath()) && includesSupportedPermission(j)) ? 1L : 0L;
        }

        public long supportedPermissions(@NotNull TreeLocation treeLocation, long j) {
            return (isSupportedPath(treeLocation.getPath()) && includesSupportedPermission(j)) ? 1L : 0L;
        }

        public long supportedPermissions(@NotNull TreePermission treePermission, @Nullable PropertyState propertyState, long j) {
            throw new UnsupportedOperationException();
        }

        public boolean isGranted(@NotNull TreeLocation treeLocation, long j) {
            return isGranted(treeLocation.getPath(), j);
        }

        @NotNull
        public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreeType treeType, @NotNull TreePermission treePermission) {
            throw new UnsupportedOperationException();
        }

        public void refresh() {
            throw new UnsupportedOperationException();
        }

        @NotNull
        public Set<String> getPrivileges(@Nullable Tree tree) {
            throw new UnsupportedOperationException();
        }

        public boolean hasPrivileges(@Nullable Tree tree, @NotNull String... strArr) {
            throw new UnsupportedOperationException();
        }

        @NotNull
        public RepositoryPermission getRepositoryPermission() {
            return j -> {
                return !CompositePermissionProviderOrTest.this.extraVerification || j == 131072;
            };
        }

        @NotNull
        public TreePermission getTreePermission(@NotNull Tree tree, @NotNull TreePermission treePermission) {
            throw new UnsupportedOperationException();
        }

        public boolean isGranted(@NotNull Tree tree, @Nullable PropertyState propertyState, long j) {
            return isGranted(tree.getPath(), j);
        }

        public boolean isGranted(@NotNull String str, @NotNull String str2) {
            return isGranted(str, Permissions.getPermissions(str2, TreeLocation.create(CompositePermissionProviderOrTest.this.readOnlyRoot, str), false));
        }
    }

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return Lists.newArrayList(new Object[]{new Object[]{true, "Extra verification of supported permissions in 'isGranted'"}, new Object[]{false, "No verification of supported permissions in 'isGranted'"}});
    }

    public CompositePermissionProviderOrTest(boolean z, @NotNull String str) {
        this.extraVerification = z;
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        AbstractCompositeProviderTest.setupTestContent(this.root);
        this.pp = createPermissionProviderOR(Collections.singleton(EveryonePrincipal.getInstance()));
        this.readOnlyRoot = getRootProvider().createReadOnlyRoot(this.root);
    }

    private CompositePermissionProvider createPermissionProviderOR(Set<Principal> set) {
        String workspaceName = this.root.getContentSession().getWorkspaceName();
        AuthorizationConfiguration authorizationConfiguration = (AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class);
        return new CompositePermissionProviderOr(this.root, ImmutableList.of(authorizationConfiguration.getPermissionProvider(this.root, workspaceName, set), new ReadNodeGrantedInSupportedTree()), authorizationConfiguration.getContext(), getRootProvider(), getTreeProvider());
    }

    private Tree getTree(@NotNull String str) {
        return this.readOnlyRoot.getTree(str);
    }

    private TreeLocation getTreeLocation(@NotNull String str) {
        return TreeLocation.create(this.readOnlyRoot, str);
    }

    @Test
    public void testIsGrantedTreeUnsupportedPath() {
        for (long j : new long[]{1, 3, 28, 32, 256, 2097151}) {
            Assert.assertFalse(this.pp.isGranted(getTree("/test"), (PropertyState) null, j));
            Assert.assertFalse(this.pp.isGranted(getTree(IdentifierManagerTest.ID_ROOT), (PropertyState) null, j));
            Assert.assertFalse(this.pp.isGranted(getTree("/test/child"), (PropertyState) null, j));
            Assert.assertFalse(this.pp.isGranted(getTree("/test2"), (PropertyState) null, j));
        }
    }

    @Test
    public void testIsGrantedTreeSupportedPath() {
        Assert.assertTrue(this.pp.isGranted(getTree("/test/a"), (PropertyState) null, 1L));
        Assert.assertTrue(this.pp.isGranted(getTree("/test/a/b/c"), (PropertyState) null, 1L));
        for (long j : new long[]{3, 28, 32, 256, 2097151}) {
            Assert.assertFalse(this.pp.isGranted(getTree("/test/a"), (PropertyState) null, j));
            Assert.assertFalse(this.pp.isGranted(getTree("/test/a/b/c"), (PropertyState) null, j));
        }
    }

    @Test
    public void testIsGrantedTreeLocationUnsupportedPath() {
        for (long j : new long[]{1, 3, 28, 32, 256, 2097151}) {
            Assert.assertFalse(this.pp.isGranted(getTreeLocation("/test"), j));
            Assert.assertFalse(this.pp.isGranted(getTreeLocation(IdentifierManagerTest.ID_ROOT), j));
            Assert.assertFalse(this.pp.isGranted(getTreeLocation("/test/child"), j));
            Assert.assertFalse(this.pp.isGranted(getTreeLocation("/test2"), j));
        }
    }

    @Test
    public void testIsGrantedTreeLocationSupportedPath() {
        Assert.assertTrue(this.pp.isGranted(getTreeLocation("/test/a"), 1L));
        Assert.assertTrue(this.pp.isGranted(getTreeLocation("/test/a/b/c"), 1L));
        for (long j : new long[]{3, 28, 32, 256, 2097151}) {
            Assert.assertFalse(this.pp.isGranted(getTreeLocation("/test/a"), j));
            Assert.assertFalse(this.pp.isGranted(getTreeLocation("/test/a/b/c"), j));
        }
    }

    @Test
    public void testRepositoryPermissions() {
        RepositoryPermission repositoryPermission = this.pp.getRepositoryPermission();
        Assert.assertTrue(repositoryPermission.isGranted(131072L));
        Assert.assertFalse(repositoryPermission.isGranted(2097151L));
        Assert.assertFalse(repositoryPermission.isGranted(163840L));
    }
}
