package org.apache.jackrabbit.oak.security.authorization.composite;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest.class */
public class CompositeProviderCustomMixTest extends AbstractSecurityTest {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest$CustomProvider.class */
    public static class CustomProvider implements AggregatedPermissionProvider {
        private final PrivilegeBitsProvider pbp;
        private final Set<String> supported;
        private final Set<String> granted;
        private final Map<String, Long> grantMap;

        private CustomProvider(@Nonnull Root root, Set<String> set, Set<String> set2, Map<String, Long> map) {
            this.pbp = new PrivilegeBitsProvider(root);
            this.supported = set;
            this.granted = set2;
            this.grantMap = map;
        }

        private static PrivilegeBits toBits(Set<String> set, PrivilegeBitsProvider privilegeBitsProvider) {
            PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
            Iterator<String> it = set.iterator();
            while (it.hasNext()) {
                privilegeBits.add(privilegeBitsProvider.getBits(new String[]{it.next()}));
            }
            return privilegeBits;
        }

        @Nonnull
        public PrivilegeBits supportedPrivileges(@Nullable Tree tree, @Nullable PrivilegeBits privilegeBits) {
            return toBits(this.supported, this.pbp).retain(privilegeBits);
        }

        public boolean hasPrivileges(Tree tree, String... strArr) {
            return this.granted.containsAll(Sets.newHashSet(strArr));
        }

        private long supportedPermissions(long j) {
            return Permissions.diff(j, Permissions.diff(j, CompositeProviderCustomMixTest.mapToPermissions(this.supported, this.grantMap)));
        }

        public long supportedPermissions(@Nullable Tree tree, @Nullable PropertyState propertyState, long j) {
            return supportedPermissions(j);
        }

        public long supportedPermissions(TreeLocation treeLocation, long j) {
            return supportedPermissions(j);
        }

        public long supportedPermissions(TreePermission treePermission, PropertyState propertyState, long j) {
            return supportedPermissions(j);
        }

        public boolean isGranted(@Nonnull Tree tree, @Nullable PropertyState propertyState, long j) {
            return Permissions.includes(CompositeProviderCustomMixTest.mapToPermissions(this.granted, this.grantMap), j);
        }

        public boolean isGranted(TreeLocation treeLocation, long j) {
            return Permissions.includes(CompositeProviderCustomMixTest.mapToPermissions(this.granted, this.grantMap), j);
        }

        public RepositoryPermission getRepositoryPermission() {
            return new RepositoryPermission() { // from class: org.apache.jackrabbit.oak.security.authorization.composite.CompositeProviderCustomMixTest.CustomProvider.1
                public boolean isGranted(long j) {
                    return Permissions.includes(CompositeProviderCustomMixTest.mapToPermissions(CustomProvider.this.granted, CustomProvider.this.grantMap), j);
                }
            };
        }

        public TreePermission getTreePermission(Tree tree, TreeType treeType, TreePermission treePermission) {
            return new CustomTreePermission(this.granted, this.grantMap);
        }

        public void refresh() {
            Assert.fail("method should not be called");
        }

        public Set<String> getPrivileges(Tree tree) {
            Assert.fail("method should not be called");
            return null;
        }

        public TreePermission getTreePermission(Tree tree, TreePermission treePermission) {
            Assert.fail("method should not be called");
            return null;
        }

        public boolean isGranted(String str, String str2) {
            Assert.fail("method should not be called");
            return false;
        }

        public String toString() {
            return "CustomProvider [supported=" + this.supported + ", granted=" + this.granted + "]";
        }
    }

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderCustomMixTest$CustomTreePermission.class */
    private static class CustomTreePermission implements TreePermission {
        private final Set<String> granted;
        private final Map<String, Long> grantMap;

        public CustomTreePermission(Set<String> set, Map<String, Long> map) {
            this.granted = set;
            this.grantMap = map;
        }

        public TreePermission getChildPermission(String str, NodeState nodeState) {
            Assert.fail("method should not be called");
            return null;
        }

        public boolean canRead() {
            Assert.fail("method should not be called");
            return false;
        }

        public boolean canRead(PropertyState propertyState) {
            Assert.fail("method should not be called");
            return false;
        }

        public boolean canReadAll() {
            Assert.fail("method should not be called");
            return false;
        }

        public boolean canReadProperties() {
            Assert.fail("method should not be called");
            return false;
        }

        public boolean isGranted(long j) {
            return Permissions.includes(CompositeProviderCustomMixTest.mapToPermissions(this.granted, this.grantMap), j);
        }

        public boolean isGranted(long j, PropertyState propertyState) {
            Assert.fail("method should not be called");
            return false;
        }
    }

    @Test
    public void hasPrivilegesTest() throws Exception {
        ImmutableSet of = ImmutableSet.of("jcr:read", "jcr:namespaceManagement");
        ImmutableSet of2 = ImmutableSet.of("jcr:read", "jcr:write");
        Sets.SetView union = Sets.union(of, of2);
        for (CompositeAuthorizationConfiguration.CompositionType compositionType : CompositeAuthorizationConfiguration.CompositionType.values()) {
            for (Set<String> set : Sets.powerSet(of)) {
                for (Set<String> set2 : Sets.powerSet(of2)) {
                    for (Set<String> set3 : Sets.powerSet(union)) {
                        Assert.assertEquals("Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected(set3, of, set, of2, set2, compositionType, true)), Boolean.valueOf(buildCpp(of, set, of2, set2, compositionType, null).hasPrivileges((Tree) null, (String[]) set3.toArray(new String[0]))));
                    }
                }
            }
        }
    }

    @Test
    public void isGrantedTest() throws Exception {
        ImmutableSet of = ImmutableSet.of("jcr:read", "jcr:nodeTypeManagement");
        ImmutableSet of2 = ImmutableSet.of("jcr:read", "jcr:write");
        Sets.SetView union = Sets.union(of, of2);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("jcr:read", 3L);
        newHashMap.put("jcr:nodeTypeManagement", 512L);
        newHashMap.put("jcr:write", 124L);
        HashMap newHashMap2 = Maps.newHashMap();
        newHashMap2.put("jcr:read", "read");
        newHashMap2.put("jcr:nodeTypeManagement", "node_type_management");
        newHashMap2.put("jcr:write", "add_node");
        for (CompositeAuthorizationConfiguration.CompositionType compositionType : CompositeAuthorizationConfiguration.CompositionType.values()) {
            for (Set<String> set : Sets.powerSet(of)) {
                for (Set<String> set2 : Sets.powerSet(of2)) {
                    for (Set<String> set3 : Sets.powerSet(union)) {
                        CompositePermissionProvider buildCpp = buildCpp(of, set, of2, set2, compositionType, newHashMap);
                        boolean expected = expected(set3, of, set, of2, set2, compositionType, false);
                        Assert.assertEquals("[isGranted1] Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected), Boolean.valueOf(buildCpp.isGranted((Tree) null, (PropertyState) null, mapToPermissions(set3, newHashMap))));
                        Assert.assertEquals("[isGranted2] Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected), Boolean.valueOf(buildCpp.isGranted(IdentifierManagerTest.ID_ROOT, mapToActions(set3, newHashMap2))));
                        Assert.assertEquals("[isGranted3] Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected), Boolean.valueOf(buildCpp.isGranted("/doesnotexist", mapToActions(set3, newHashMap2))));
                    }
                }
            }
        }
    }

    @Test
    public void getRepositoryPermissionTest() throws Exception {
        ImmutableSet of = ImmutableSet.of("jcr:read", "jcr:nodeTypeManagement");
        ImmutableSet of2 = ImmutableSet.of("jcr:read", "jcr:write");
        Sets.SetView union = Sets.union(of, of2);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("jcr:read", 3L);
        newHashMap.put("jcr:nodeTypeManagement", 512L);
        newHashMap.put("jcr:write", 124L);
        for (CompositeAuthorizationConfiguration.CompositionType compositionType : CompositeAuthorizationConfiguration.CompositionType.values()) {
            for (Set<String> set : Sets.powerSet(of)) {
                for (Set<String> set2 : Sets.powerSet(of2)) {
                    for (Set<String> set3 : Sets.powerSet(union)) {
                        Assert.assertEquals("Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected(set3, of, set, of2, set2, compositionType, false)), Boolean.valueOf(buildCpp(of, set, of2, set2, compositionType, newHashMap).getRepositoryPermission().isGranted(mapToPermissions(set3, newHashMap))));
                    }
                }
            }
        }
    }

    @Test
    public void getTreePermissionTest() throws Exception {
        ImmutableSet of = ImmutableSet.of("jcr:read", "jcr:nodeTypeManagement");
        ImmutableSet of2 = ImmutableSet.of("jcr:read", "jcr:write");
        Sets.SetView union = Sets.union(of, of2);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("jcr:read", 3L);
        newHashMap.put("jcr:nodeTypeManagement", 512L);
        newHashMap.put("jcr:write", 124L);
        for (CompositeAuthorizationConfiguration.CompositionType compositionType : CompositeAuthorizationConfiguration.CompositionType.values()) {
            for (Set<String> set : Sets.powerSet(of)) {
                for (Set<String> set2 : Sets.powerSet(of2)) {
                    for (Set<String> set3 : Sets.powerSet(union)) {
                        Assert.assertEquals("Checking " + set3 + " in {supported: " + of + ", granted: " + set + "} " + compositionType + " {supported: " + of2 + ", granted: " + set2 + "}", Boolean.valueOf(expected(set3, of, set, of2, set2, compositionType, false)), Boolean.valueOf(buildCpp(of, set, of2, set2, compositionType, newHashMap).getTreePermission(this.root.getTree(IdentifierManagerTest.ID_ROOT), TreePermission.EMPTY).isGranted(mapToPermissions(set3, newHashMap))));
                    }
                }
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static long mapToPermissions(Set<String> set, Map<String, Long> map) {
        long j = 0;
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            j |= map.get(it.next()).longValue();
        }
        return j;
    }

    private static String mapToActions(Set<String> set, Map<String, String> map) {
        if (set.isEmpty()) {
            return "";
        }
        String str = "";
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            str = str + map.get(it.next()) + ",";
        }
        return str.substring(0, str.length() - 1);
    }

    private boolean expected(Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, Set<String> set5, CompositeAuthorizationConfiguration.CompositionType compositionType, boolean z) {
        if (set.isEmpty()) {
            return z;
        }
        if (compositionType == CompositeAuthorizationConfiguration.CompositionType.OR) {
            return Sets.difference(Sets.difference(set, set3), set5).isEmpty();
        }
        return set3.containsAll(Sets.intersection(set2, set)) && set5.containsAll(Sets.intersection(set4, set));
    }

    private CompositePermissionProvider buildCpp(Set<String> set, Set<String> set2, Set<String> set3, Set<String> set4, CompositeAuthorizationConfiguration.CompositionType compositionType, Map<String, Long> map) {
        CustomProvider customProvider = new CustomProvider(this.root, set, set2, map);
        CustomProvider customProvider2 = new CustomProvider(this.root, set3, set4, map);
        AuthorizationConfiguration authorizationConfiguration = (AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class);
        return new CompositePermissionProvider(this.root, ImmutableList.of(customProvider, customProvider2), authorizationConfiguration.getContext(), compositionType, getRootProvider());
    }
}
