package org.apache.jackrabbit.oak.security.authorization.permission;

import java.security.Principal;
import java.util.Iterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.mount.Mount;
import org.apache.jackrabbit.oak.spi.mount.MountInfoProvider;
import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/MountPermissionProviderTest.class */
public class MountPermissionProviderTest extends AbstractSecurityTest implements AccessControlConstants, PrivilegeConstants, PermissionConstants {
    private MountInfoProvider mountInfoProvider;
    private String testNode = "MultiplexingProviderTest";
    private String testPath = IdentifierManagerTest.ID_ROOT + this.testNode;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        this.mountInfoProvider = Mounts.newBuilder().mount("testMount", new String[]{this.testPath}).build();
        super.before();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            this.root.refresh();
            Tree tree = this.root.getTree(this.testPath);
            if (tree.exists()) {
                tree.remove();
            }
            this.root.commit();
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public SecurityProvider initSecurityProvider() {
        SecurityProvider initSecurityProvider = super.initSecurityProvider();
        CompositeAuthorizationConfiguration compositeAuthorizationConfiguration = (AuthorizationConfiguration) initSecurityProvider.getConfiguration(AuthorizationConfiguration.class);
        Assert.assertTrue(compositeAuthorizationConfiguration instanceof CompositeAuthorizationConfiguration);
        compositeAuthorizationConfiguration.getDefaultConfig().bindMountInfoProvider(this.mountInfoProvider);
        return initSecurityProvider;
    }

    @Test
    public void multiplexingProvider() throws Exception {
        Tree tree = this.root.getTree("/jcr:system/rep:permissionStore");
        String workspaceName = this.adminSession.getWorkspaceName();
        Assert.assertTrue(tree.hasChild(workspaceName));
        Iterator it = this.mountInfoProvider.getNonDefaultMounts().iterator();
        while (it.hasNext()) {
            Assert.assertTrue(tree.hasChild(MountPermissionProvider.getPermissionRootName((Mount) it.next(), workspaceName)));
        }
        Tree addChild = TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), this.testNode, "nt:unstructured");
        Tree addChild2 = TreeUtil.addChild(addChild, "content", "nt:unstructured");
        this.root.commit();
        Principal principal = getTestUser().getPrincipal();
        setPrivileges(principal, addChild.getPath(), true, "jcr:read");
        setPrivileges(principal, addChild2.getPath(), false, "jcr:read");
        Tree tree2 = this.root.getTree("/jcr:system/rep:permissionStore");
        Assert.assertFalse(tree2.getChild(workspaceName).hasChild(principal.getName()));
        Iterator it2 = this.mountInfoProvider.getNonDefaultMounts().iterator();
        while (it2.hasNext()) {
            Assert.assertTrue(tree2.getChild(MountPermissionProvider.getPermissionRootName((Mount) it2.next(), workspaceName)).hasChild(principal.getName()));
        }
        ContentSession createTestSession = createTestSession();
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            Assert.assertFalse(latestRoot.getTree(IdentifierManagerTest.ID_ROOT).exists());
            Assert.assertTrue(latestRoot.getTree(addChild.getPath()).exists());
            Assert.assertFalse(latestRoot.getTree(addChild2.getPath()).exists());
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void multiplexingProviderOpen() throws Exception {
        Tree addChild = TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), this.testNode, "nt:unstructured");
        Tree addChild2 = TreeUtil.addChild(addChild, "content", "nt:unstructured");
        this.root.commit();
        Principal principal = getTestUser().getPrincipal();
        setPrivileges(principal, IdentifierManagerTest.ID_ROOT, true, "jcr:read");
        setPrivileges(principal, addChild.getPath(), false, "jcr:read");
        setPrivileges(principal, addChild2.getPath(), true, "jcr:read");
        ContentSession createTestSession = createTestSession();
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            Assert.assertTrue(latestRoot.getTree(IdentifierManagerTest.ID_ROOT).exists());
            Assert.assertFalse(addChild.getPath(), latestRoot.getTree(addChild.getPath()).exists());
            Assert.assertTrue(latestRoot.getTree(addChild2.getPath()).exists());
            createTestSession.close();
        } catch (Throwable th) {
            createTestSession.close();
            throw th;
        }
    }

    @Test
    public void testPermissionProviderName() {
        Assert.assertEquals("oak.default", MountPermissionProvider.getPermissionRootName(this.mountInfoProvider.getDefaultMount(), "oak.default"));
        Assert.assertEquals("oak:mount-testMount-oak.default", MountPermissionProvider.getPermissionRootName(this.mountInfoProvider.getMountByName("testMount"), "oak.default"));
    }

    private void setPrivileges(Principal principal, String str, boolean z, String... strArr) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        accessControlList.addEntry(principal, privilegesFromNames(strArr), z);
        accessControlManager.setPolicy(str, accessControlList);
        this.root.commit();
    }
}
