package org.apache.jackrabbit.oak.security.authorization.permission;

import java.util.Collections;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.nodetype.TypePredicate;
import org.apache.jackrabbit.oak.security.authorization.ProviderCtx;
import org.apache.jackrabbit.oak.security.authorization.monitor.AuthorizationMonitor;
import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreEditorTest.class */
public class PermissionStoreEditorTest extends AbstractSecurityTest {
    private static final String PRINCIPAL_NAME = "principalName";
    private PrivilegeBitsProvider bitsProvider;
    private RestrictionProvider restrictionProvider;
    private final AuthorizationMonitor monitor = (AuthorizationMonitor) Mockito.mock(AuthorizationMonitor.class);
    private TypePredicate isACE;
    private TypePredicate isGrantACE;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.bitsProvider = new PrivilegeBitsProvider(this.root);
        this.restrictionProvider = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider();
        NodeState asNodeState = getTreeProvider().asNodeState(this.root.getTree(IdentifierManagerTest.ID_ROOT));
        this.isACE = (TypePredicate) Mockito.spy(new TypePredicate(asNodeState, "rep:ACE"));
        this.isGrantACE = (TypePredicate) Mockito.spy(new TypePredicate(asNodeState, "rep:GrantACE"));
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() {
        Mockito.clearInvocations(new AuthorizationMonitor[]{this.monitor});
    }

    @NotNull
    private static NodeState mockACE(@NotNull String str) {
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        Mockito.when(nodeState.getName("jcr:primaryType")).thenReturn("rep:DenyACE");
        Mockito.when(nodeState.getNames("rep:privileges")).thenReturn(ImmutableSet.of("jcr:read"));
        Mockito.when(nodeState.getString("rep:principalName")).thenReturn(str);
        return nodeState;
    }

    @NotNull
    private static NodeState mockNodeState(@NotNull NodeState nodeState) {
        NodeState nodeState2 = (NodeState) Mockito.mock(NodeState.class);
        Mockito.when(nodeState2.getNames(":childOrder")).thenReturn(ImmutableSet.of("c1"));
        Mockito.when(Long.valueOf(nodeState2.getChildNodeCount(ArgumentMatchers.anyLong()))).thenReturn(1L);
        Mockito.when(nodeState2.getChildNodeNames()).thenReturn(ImmutableSet.of("c1"));
        Mockito.when(nodeState2.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeState);
        return nodeState2;
    }

    @NotNull
    private ProviderCtx getProviderCtx() {
        ProviderCtx providerCtx = (ProviderCtx) Mockito.mock(ProviderCtx.class);
        Mockito.when(providerCtx.getMountInfoProvider()).thenReturn((MountInfoProvider) Mockito.mock(MountInfoProvider.class));
        Mockito.when(providerCtx.getRootProvider()).thenReturn(getRootProvider());
        Mockito.when(providerCtx.getTreeProvider()).thenReturn(getTreeProvider());
        Mockito.when(providerCtx.getMonitor()).thenReturn(this.monitor);
        return providerCtx;
    }

    @NotNull
    private PermissionStoreEditor createPermissionStoreEditor(@NotNull NodeState nodeState, @NotNull NodeBuilder nodeBuilder) {
        return new PermissionStoreEditor("", "rep:repoPolicy", nodeState, nodeBuilder, this.isACE, this.isGrantACE, this.bitsProvider, this.restrictionProvider, getProviderCtx());
    }

    @Test
    public void testCreateWithNonAceChildren() {
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        Mockito.when(nodeState.getNames(":childOrder")).thenReturn(ImmutableSet.of("c1", "c2", "c3"));
        Mockito.when(nodeState.getName("jcr:primaryType")).thenReturn("oak:Unstructured");
        Mockito.when(nodeState.getNames("jcr:mixinTypes")).thenReturn(Collections.emptySet());
        Mockito.when(nodeState.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeState);
        new PermissionStoreEditor("/test", "rep:policy", nodeState, (NodeBuilder) Mockito.mock(NodeBuilder.class), this.isACE, this.isGrantACE, this.bitsProvider, this.restrictionProvider, getProviderCtx());
        ((NodeState) Mockito.verify(nodeState, Mockito.times(3))).getChildNode(ArgumentMatchers.anyString());
        ((TypePredicate) Mockito.verify(this.isACE, Mockito.times(3))).test(nodeState);
        ((TypePredicate) Mockito.verify(this.isGrantACE, Mockito.never())).test(nodeState);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testCreateWithIncompleteChildOrder() {
        NodeState mockACE = mockACE(PRINCIPAL_NAME);
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        Mockito.when(nodeState.getNames(":childOrder")).thenReturn(ImmutableSet.of("c1", "c2"));
        Mockito.when(Long.valueOf(nodeState.getChildNodeCount(ArgumentMatchers.anyLong()))).thenReturn(3L);
        Mockito.when(nodeState.getChildNodeNames()).thenReturn(ImmutableSet.of("c1", "c2", "c3"));
        Mockito.when(nodeState.getChildNode(ArgumentMatchers.anyString())).thenReturn(mockACE);
        createPermissionStoreEditor(nodeState, (NodeBuilder) Mockito.mock(NodeBuilder.class));
        ((NodeState) Mockito.verify(nodeState, Mockito.times(3))).getChildNode(ArgumentMatchers.anyString());
        ((TypePredicate) Mockito.verify(this.isACE, Mockito.times(3))).test(mockACE);
        ((TypePredicate) Mockito.verify(this.isGrantACE, Mockito.times(3))).test(mockACE);
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testRemovePermissionEntriesUnknownPrincipalName() {
        NodeState mockNodeState = mockNodeState(mockACE("unknownPrincipal"));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        createPermissionStoreEditor(mockNodeState, nodeBuilder).removePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).hasChildNode("unknownPrincipal");
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.never())).getChildNode("unknownPrincipal");
        ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionError();
    }

    @Test
    public void testRemovePermissionEntriesNonExistingParent() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.when(Boolean.valueOf(((NodeBuilder) Mockito.mock(NodeBuilder.class)).exists())).thenReturn(false).getMock();
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder).getMock();
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(Boolean.valueOf(nodeBuilder3.hasChildNode(PRINCIPAL_NAME))).thenReturn(true);
        Mockito.when(nodeBuilder3.getChildNode(PRINCIPAL_NAME)).thenReturn(nodeBuilder2);
        createPermissionStoreEditor(mockNodeState, nodeBuilder3).removePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder3, Mockito.times(1))).hasChildNode(PRINCIPAL_NAME);
        ((NodeBuilder) Mockito.verify(nodeBuilder3, Mockito.times(1))).getChildNode(PRINCIPAL_NAME);
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.times(1))).getChildNode(ArgumentMatchers.anyString());
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).exists();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.never())).getProperty(ArgumentMatchers.anyString());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testRemovePermissionEntriesNoMatchingEntry() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        PropertyState createProperty = PropertyStates.createProperty("rep:accessControlledPath", "/noMatch");
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.when(Boolean.valueOf(((NodeBuilder) Mockito.mock(NodeBuilder.class)).exists())).thenReturn(true).getMock();
        Mockito.when(nodeBuilder.getProperty("rep:accessControlledPath")).thenReturn(createProperty);
        Mockito.when(nodeBuilder.getChildNodeNames()).thenReturn(ImmutableSet.of("collision"));
        Mockito.when(nodeBuilder.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder).getMock();
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(Boolean.valueOf(nodeBuilder3.hasChildNode(PRINCIPAL_NAME))).thenReturn(true);
        Mockito.when(nodeBuilder3.getChildNode(PRINCIPAL_NAME)).thenReturn(nodeBuilder2);
        createPermissionStoreEditor(mockNodeState, nodeBuilder3).removePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).exists();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).getChildNodeNames();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).getChildNode("collision");
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(2))).getProperty("rep:accessControlledPath");
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.never())).remove();
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testUpdateNumEntriesPrincipalRootExisted() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.when(Boolean.valueOf(((NodeBuilder) Mockito.mock(NodeBuilder.class)).exists())).thenReturn(true).getMock();
        Mockito.when(Boolean.valueOf(nodeBuilder.remove())).thenReturn(true);
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder).getMock();
        Mockito.when(Boolean.valueOf(nodeBuilder2.isNew())).thenReturn(false);
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(Boolean.valueOf(nodeBuilder3.hasChildNode(PRINCIPAL_NAME))).thenReturn(true);
        Mockito.when(nodeBuilder3.getChildNode(PRINCIPAL_NAME)).thenReturn(nodeBuilder2);
        PermissionStoreEditor createPermissionStoreEditor = createPermissionStoreEditor(mockNodeState, nodeBuilder3);
        Mockito.when(nodeBuilder.getProperty("rep:accessControlledPath")).thenReturn(PropertyStates.createProperty("rep:accessControlledPath", createPermissionStoreEditor.getPath()));
        createPermissionStoreEditor.removePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).remove();
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.times(1))).getProperty("rep:numPermissions");
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.never())).removeProperty("rep:numPermissions");
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.never())).setProperty(ArgumentMatchers.anyString(), Long.valueOf(ArgumentMatchers.anyLong()), (Type) ArgumentMatchers.any(Type.class));
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testUpdateNumEntriesTurnsNegativ() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.when(Boolean.valueOf(((NodeBuilder) Mockito.mock(NodeBuilder.class)).exists())).thenReturn(true).getMock();
        Mockito.when(Boolean.valueOf(nodeBuilder.remove())).thenReturn(true);
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder).getMock();
        Mockito.when(Boolean.valueOf(nodeBuilder2.isNew())).thenReturn(true);
        Mockito.when(nodeBuilder2.getProperty("rep:numPermissions")).thenReturn(PropertyStates.createProperty("rep:numPermissions", 0L, Type.LONG));
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(Boolean.valueOf(nodeBuilder3.hasChildNode(PRINCIPAL_NAME))).thenReturn(true);
        Mockito.when(nodeBuilder3.getChildNode(PRINCIPAL_NAME)).thenReturn(nodeBuilder2);
        PermissionStoreEditor createPermissionStoreEditor = createPermissionStoreEditor(mockNodeState, nodeBuilder3);
        Mockito.when(nodeBuilder.getProperty("rep:accessControlledPath")).thenReturn(PropertyStates.createProperty("rep:accessControlledPath", createPermissionStoreEditor.getPath()));
        createPermissionStoreEditor.removePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).remove();
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.times(1))).getProperty("rep:numPermissions");
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.times(1))).removeProperty("rep:numPermissions");
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.never())).setProperty(ArgumentMatchers.anyString(), Long.valueOf(ArgumentMatchers.anyLong()), (Type) ArgumentMatchers.any(Type.class));
        ((AuthorizationMonitor) Mockito.verify(this.monitor)).permissionError();
    }

    @Test
    public void testUpdatePermissionEntriesWhenCollisionChildMatches() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(nodeBuilder.child(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        Mockito.when(nodeBuilder.setProperty(ArgumentMatchers.anyString(), ArgumentMatchers.any())).thenReturn(nodeBuilder);
        Mockito.when(nodeBuilder.setProperty(ArgumentMatchers.anyString(), ArgumentMatchers.any(), (Type) ArgumentMatchers.any(Type.class))).thenReturn(nodeBuilder);
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(Boolean.valueOf(nodeBuilder2.hasProperty("rep:accessControlledPath"))).thenReturn(true);
        Mockito.when(nodeBuilder2.getProperty("rep:accessControlledPath")).thenReturn(PropertyStates.createProperty("rep:accessControlledPath", "/noMatch"));
        Mockito.when(nodeBuilder2.getChildNodeNames()).thenReturn(ImmutableSet.of("collision"));
        Mockito.when(nodeBuilder2.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        Mockito.when(nodeBuilder2.child(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).child(ArgumentMatchers.anyString())).thenReturn(nodeBuilder2).getMock();
        NodeBuilder nodeBuilder4 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(nodeBuilder4.child(PRINCIPAL_NAME)).thenReturn(nodeBuilder3);
        PermissionStoreEditor createPermissionStoreEditor = createPermissionStoreEditor(mockNodeState, nodeBuilder4);
        Mockito.when(nodeBuilder.getProperty("rep:accessControlledPath")).thenReturn(PropertyStates.createProperty("rep:accessControlledPath", createPermissionStoreEditor.getPath()));
        createPermissionStoreEditor.updatePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.never())).setProperty("rep:accessControlledPath", createPermissionStoreEditor.getPath());
        ((NodeBuilder) Mockito.verify(nodeBuilder2, Mockito.never())).child(ArgumentMatchers.anyString());
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).setProperty("rep:accessControlledPath", createPermissionStoreEditor.getPath());
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).child(ArgumentMatchers.anyString());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testUpdatePermissionEntriesDoesNotRemoveCollisions() {
        NodeState mockNodeState = mockNodeState(mockACE(PRINCIPAL_NAME));
        NodeBuilder nodeBuilder = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(nodeBuilder.setProperty(ArgumentMatchers.anyString(), ArgumentMatchers.any())).thenReturn(nodeBuilder);
        Mockito.when(nodeBuilder.setProperty(ArgumentMatchers.anyString(), ArgumentMatchers.any(), (Type) ArgumentMatchers.any(Type.class))).thenReturn(nodeBuilder);
        NodeBuilder nodeBuilder2 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(nodeBuilder2.getChildNodeNames()).thenReturn(ImmutableSet.of("collision", "entry"));
        Mockito.when(nodeBuilder2.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        Mockito.when(nodeBuilder2.child(ArgumentMatchers.anyString())).thenReturn(nodeBuilder);
        NodeBuilder nodeBuilder3 = (NodeBuilder) Mockito.when(((NodeBuilder) Mockito.mock(NodeBuilder.class)).child(ArgumentMatchers.anyString())).thenReturn(nodeBuilder2).getMock();
        NodeBuilder nodeBuilder4 = (NodeBuilder) Mockito.mock(NodeBuilder.class);
        Mockito.when(nodeBuilder4.child(PRINCIPAL_NAME)).thenReturn(nodeBuilder3);
        createPermissionStoreEditor(mockNodeState, nodeBuilder4).updatePermissionEntries();
        ((NodeBuilder) Mockito.verify(nodeBuilder, Mockito.times(1))).remove();
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }
}
