package org.apache.jackrabbit.oak.security.authorization.evaluation;

import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/evaluation/RepoLevelPolicyTest.class */
public class RepoLevelPolicyTest extends AbstractOakCoreTest implements PrivilegeConstants {
    @Test(expected = PathNotFoundException.class)
    public void testGetApplicablePoliciesRootNotReadable() throws Exception {
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl");
        getAccessControlManager(getTestRoot()).getApplicablePolicies((String) null);
    }

    @Test(expected = PathNotFoundException.class)
    public void testGetApplicablePoliciesRootNotReadable2() throws Exception {
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:read", "jcr:readAccessControl");
        getAccessControlManager(getTestRoot()).getApplicablePolicies((String) null);
    }

    @Test(expected = AccessDeniedException.class)
    public void testGetApplicablePoliciesMissingAcPermission() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read");
        getAccessControlManager(getTestRoot()).getApplicablePolicies((String) null);
    }

    @Test(expected = AccessDeniedException.class)
    public void testGetApplicablePoliciesMissingAcPermission2() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read", "jcr:readAccessControl");
        getAccessControlManager(getTestRoot()).getApplicablePolicies((String) null);
    }

    @Test
    public void testGetApplicablePolicies() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read");
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl");
        getAccessControlManager(getTestRoot()).getApplicablePolicies((String) null);
    }

    @Test(expected = AccessDeniedException.class)
    public void testSetPolicyMissingAcPermission() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read");
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl");
        setupPermission(getTestRoot(), null, EveryonePrincipal.getInstance(), false, "jcr:namespaceManagement");
    }

    @Test(expected = AccessDeniedException.class)
    public void testSetPolicyMissingAcPermission2() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read", "jcr:readAccessControl", "jcr:modifyAccessControl");
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl");
        setupPermission(getTestRoot(), null, EveryonePrincipal.getInstance(), false, "jcr:namespaceManagement");
    }

    @Test
    public void testSetPolicy() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read");
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl", "jcr:modifyAccessControl");
        setupPermission(getTestRoot(), null, EveryonePrincipal.getInstance(), false, "jcr:namespaceManagement");
    }

    @Test
    public void testSetPolicy2() throws Exception {
        setupPermission(IdentifierManagerTest.ID_ROOT, getTestUser().getPrincipal(), true, "jcr:read", "jcr:readAccessControl", "jcr:modifyAccessControl");
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl", "jcr:modifyAccessControl");
        setupPermission(getTestRoot(), null, EveryonePrincipal.getInstance(), false, "jcr:namespaceManagement");
    }

    @Test
    public void testHasPrivilege() throws Exception {
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl", "jcr:namespaceManagement");
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(getTestRoot());
        Assert.assertTrue(accessControlManager.hasPrivileges((String) null, privilegesFromNames("jcr:namespaceManagement")));
        Assert.assertTrue(accessControlManager.hasPrivileges((String) null, privilegesFromNames("jcr:readAccessControl")));
        Assert.assertTrue(accessControlManager.hasPrivileges((String) null, privilegesFromNames("jcr:readAccessControl", "jcr:namespaceManagement")));
        Assert.assertFalse(accessControlManager.hasPrivileges((String) null, privilegesFromNames("jcr:readAccessControl", "jcr:modifyAccessControl")));
        Assert.assertFalse(accessControlManager.hasPrivileges((String) null, privilegesFromNames("jcr:all")));
    }

    @Test
    public void testGetPrivileges() throws Exception {
        setupPermission(null, getTestUser().getPrincipal(), true, "jcr:readAccessControl", "jcr:namespaceManagement");
        Assert.assertEquals(ImmutableSet.copyOf(privilegesFromNames("jcr:readAccessControl", "jcr:namespaceManagement")), ImmutableSet.copyOf(getAccessControlManager(getTestRoot()).getPrivileges((String) null)));
    }
}
