package org.apache.jackrabbit.oak.security.authorization.permission;

import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.AuthorizationConfigurationImpl;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionProviderImplTest.class */
public class PermissionProviderImplTest extends AbstractSecurityTest implements AccessControlConstants {
    private static final Set<String> READ_PATHS = ImmutableSet.of("/jcr:system/rep:namespaces", "/jcr:system/jcr:nodeTypes", "/jcr:system/rep:privileges", "/test");
    private ContentSession testSession;
    private PermissionProviderImpl pp;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "test", "nt:unstructured");
        this.root.commit();
        this.testSession = createTestSession();
        this.pp = createPermissionProvider(this.testSession);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.testSession.close();
            this.root.getTree("/test").remove();
            if (this.root.hasPendingChanges()) {
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("readPaths", READ_PATHS)));
    }

    private PermissionProviderImpl createPermissionProvider(ContentSession contentSession) {
        CompositeAuthorizationConfiguration compositeAuthorizationConfiguration = (AuthorizationConfiguration) getSecurityProvider().getConfiguration(AuthorizationConfiguration.class);
        Assert.assertTrue(compositeAuthorizationConfiguration instanceof CompositeAuthorizationConfiguration);
        AuthorizationConfigurationImpl authorizationConfigurationImpl = (AuthorizationConfiguration) compositeAuthorizationConfiguration.getDefaultConfig();
        Assert.assertTrue(authorizationConfigurationImpl instanceof AuthorizationConfigurationImpl);
        return new PermissionProviderImpl(contentSession.getLatestRoot(), contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), compositeAuthorizationConfiguration.getRestrictionProvider(), compositeAuthorizationConfiguration.getParameters(), compositeAuthorizationConfiguration.getContext(), authorizationConfigurationImpl);
    }

    @Test
    public void testHasPrivileges() {
        Assert.assertTrue(this.pp.hasPrivileges((Tree) null, new String[0]));
        Assert.assertTrue(this.pp.hasPrivileges((Tree) null, new String[0]));
        Assert.assertFalse(this.pp.hasPrivileges((Tree) null, new String[]{"jcr:workspaceManagement"}));
    }

    @Test
    public void testTreePermissionsForReadPaths() {
        Root latestRoot = this.testSession.getLatestRoot();
        Tree tree = latestRoot.getTree(IdentifierManagerTest.ID_ROOT);
        Assert.assertFalse(tree.exists());
        Assert.assertFalse(this.pp.getTreePermission(tree, TreePermission.EMPTY).canRead());
        Iterator<String> it = READ_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree2 = latestRoot.getTree(it.next());
            Assert.assertTrue(tree2.exists());
            Assert.assertTrue(this.pp.getTreePermission(tree2, TreePermission.EMPTY).canRead());
        }
    }

    @Test
    public void testIsGrantedPathForReadPaths() {
        for (String str : READ_PATHS) {
            Assert.assertTrue(this.pp.isGranted(str, Permissions.getString(3L)));
            Assert.assertTrue(this.pp.isGranted(str, Permissions.getString(1L)));
            Assert.assertTrue(this.pp.isGranted(str + "/jcr:primaryType", Permissions.getString(2L)));
            Assert.assertFalse(this.pp.isGranted(str, Permissions.getString(128L)));
        }
    }

    @Test
    public void testIsGrantedTreeForReadPaths() {
        Iterator<String> it = READ_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            Assert.assertTrue(this.pp.isGranted(tree, (PropertyState) null, 3L));
            Assert.assertTrue(this.pp.isGranted(tree, (PropertyState) null, 1L));
            Assert.assertTrue(this.pp.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
            Assert.assertFalse(this.pp.isGranted(tree, (PropertyState) null, 128L));
        }
    }

    @Test
    public void testRepositoryPermissions() {
        RepositoryPermission repositoryPermission = this.pp.getRepositoryPermission();
        Assert.assertFalse(repositoryPermission.isGranted(3L));
        Assert.assertFalse(repositoryPermission.isGranted(1L));
        Assert.assertFalse(repositoryPermission.isGranted(2L));
        Assert.assertFalse(repositoryPermission.isGranted(128L));
    }

    @Test
    public void testGetPrivilegesForReadPaths() {
        Iterator<String> it = READ_PATHS.iterator();
        while (it.hasNext()) {
            Assert.assertEquals(Collections.singleton("jcr:read"), this.pp.getPrivileges(this.root.getTree(it.next())));
        }
        Assert.assertEquals(Collections.emptySet(), this.pp.getPrivileges((Tree) null));
    }

    @Test
    public void testHasPrivilegesForReadPaths() {
        Iterator<String> it = READ_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            Assert.assertTrue(this.pp.hasPrivileges(tree, new String[]{"jcr:read"}));
            Assert.assertTrue(this.pp.hasPrivileges(tree, new String[]{"rep:readNodes"}));
            Assert.assertTrue(this.pp.hasPrivileges(tree, new String[]{"rep:readProperties"}));
            Assert.assertFalse(this.pp.hasPrivileges(tree, new String[]{"jcr:readAccessControl"}));
        }
        Assert.assertFalse(this.pp.hasPrivileges((Tree) null, new String[]{"jcr:read"}));
    }

    @Test
    public void testIsGrantedNonExistingLocation() {
        Assert.assertTrue(this.pp.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/test/non/existing/tree"), 3L));
        Assert.assertFalse(this.pp.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/non/existing/tree"), 3L));
    }

    @Test
    public void testIsGrantedNonExistingVersionStoreLocation() {
        Assert.assertFalse(this.pp.isGranted(TreeLocation.create(this.testSession.getLatestRoot(), "/jcr:system/jcr:versionStorage/non/existing/tree"), 3L));
    }

    @Test
    public void testAdministrativePrincipalSet() {
        PermissionProviderImpl createPermissionProvider = createPermissionProvider(this.adminSession);
        Assert.assertSame(TreePermission.ALL, createPermissionProvider.getTreePermission(this.root.getTree(IdentifierManagerTest.ID_ROOT), TreePermission.EMPTY));
        Assert.assertSame(RepositoryPermission.ALL, createPermissionProvider.getRepositoryPermission());
    }
}
