package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableSet;
import java.lang.reflect.Field;
import java.util.Iterator;
import javax.annotation.Nonnull;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.plugins.tree.impl.ImmutableTree;
import org.apache.jackrabbit.oak.plugins.version.ReadOnlyVersionManager;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/VersionTreePermissionTest.class */
public class VersionTreePermissionTest extends AbstractSecurityTest implements NodeTypeConstants {
    private ReadOnlyVersionManager vMgr;
    private PermissionProvider pp;
    private Tree testTree;
    private Field vpField;
    private Field tpImplTree;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        NodeUtil addChild = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, "oak:Unstructured");
        addChild.addChild("a", "oak:Unstructured").addChild("b", "oak:Unstructured").addChild("c", "oak:Unstructured");
        TreeUtil.addMixin(addChild.getTree(), "mix:versionable", this.root.getTree("/jcr:system/jcr:nodeTypes"), (String) null);
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/test");
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"jcr:read"}));
        accessControlManager.setPolicy("/test", accessControlList);
        this.root.commit();
        addChild.setBoolean("jcr:isCheckedOut", false);
        this.root.commit();
        addChild.setBoolean("jcr:isCheckedOut", true);
        this.root.commit();
        this.testTree = addChild.getTree();
        this.vMgr = ReadOnlyVersionManager.getInstance(this.root, NamePathMapper.DEFAULT);
        this.pp = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), ImmutableSet.of(EveryonePrincipal.getInstance()));
        Assert.assertTrue(this.pp instanceof PermissionProviderImpl);
        this.vpField = VersionTreePermission.class.getDeclaredField("versionablePermission");
        this.vpField.setAccessible(true);
        this.tpImplTree = Class.forName(CompiledPermissionImpl.class.getName() + "$TreePermissionImpl").getDeclaredField("tree");
        this.tpImplTree.setAccessible(true);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Tree tree = this.root.getTree("/test");
            if (tree.exists()) {
                tree.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    private static TreePermission getVersionPermission(Root root, PermissionProvider permissionProvider, String str) {
        Tree tree = root.getTree(IdentifierManagerTest.ID_ROOT);
        TreePermission treePermission = permissionProvider.getTreePermission(tree, TreePermission.EMPTY);
        Iterator it = PathUtils.elements(str).iterator();
        while (it.hasNext()) {
            tree = tree.getChild((String) it.next());
            treePermission = permissionProvider.getTreePermission(tree, treePermission);
        }
        return treePermission;
    }

    private void assertVersionPermission(@Nonnull TreePermission treePermission, @Nonnull String str, boolean z) throws Exception {
        Assert.assertTrue(treePermission instanceof VersionTreePermission);
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(treePermission.canRead()));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(treePermission.canRead(PropertyStates.createProperty("any", "Value"))));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(treePermission.isGranted(3L)));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(treePermission.isGranted(3L, PropertyStates.createProperty("any", "Value"))));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(treePermission.canReadProperties()));
        Assert.assertFalse(treePermission.canReadAll());
        Assert.assertEquals(str, ((Tree) this.tpImplTree.get((TreePermission) this.vpField.get((VersionTreePermission) treePermission))).getPath());
    }

    @Test
    public void testGetTreePermission() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.vMgr.getVersionHistory(this.testTree));
        String str = "/test";
        TreePermission versionPermission = getVersionPermission(this.root, this.pp, tree.getPath());
        assertVersionPermission(versionPermission, str, true);
        Tree child = tree.getChild("1.0");
        Assert.assertTrue(child.exists());
        TreePermission treePermission = this.pp.getTreePermission(child, versionPermission);
        assertVersionPermission(treePermission, str, true);
        Tree child2 = child.getChild("jcr:frozenNode");
        Assert.assertTrue(child2.exists());
        TreePermission treePermission2 = this.pp.getTreePermission(child2, treePermission);
        assertVersionPermission(treePermission2, str, true);
        Tree tree2 = child2;
        for (String str2 : new String[]{"a", "b", "c"}) {
            tree2 = tree2.getChild(str2);
            str = PathUtils.concat(str, str2);
            treePermission2 = this.pp.getTreePermission(tree2, treePermission2);
            assertVersionPermission(treePermission2, str, true);
        }
    }

    @Test
    public void testGetChild() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.vMgr.getVersionHistory(this.testTree));
        ImmutableTree tree2 = getRootProvider().createReadOnlyRoot(this.root).getTree(IdentifierManagerTest.ID_ROOT);
        TreePermission treePermission = this.pp.getTreePermission(tree2, TreePermission.EMPTY);
        for (String str : PathUtils.elements(tree.getPath())) {
            tree2 = tree2.getChild(str);
            treePermission = treePermission.getChildPermission(str, tree2.getNodeState());
        }
        String str2 = "/test";
        assertVersionPermission(treePermission, "/test", true);
        NodeState nodeState = tree2.getChild("1.0").getNodeState();
        TreePermission childPermission = treePermission.getChildPermission("1.0", nodeState);
        assertVersionPermission(childPermission, "/test", true);
        NodeState childNode = nodeState.getChildNode("jcr:frozenNode");
        TreePermission childPermission2 = childPermission.getChildPermission("jcr:frozenNode", childNode);
        assertVersionPermission(childPermission2, "/test", true);
        for (String str3 : new String[]{"a", "b", "c"}) {
            childNode = childNode.getChildNode(str3);
            str2 = PathUtils.concat(str2, str3);
            childPermission2 = childPermission2.getChildPermission(str3, childNode);
            assertVersionPermission(childPermission2, str2, true);
        }
    }

    @Test
    public void testVersionableRemoved() throws Exception {
        Tree tree = (Tree) Preconditions.checkNotNull(this.vMgr.getVersionHistory(this.testTree));
        this.testTree.remove();
        this.root.commit();
        this.pp.refresh();
        TreePermission versionPermission = getVersionPermission(this.root, this.pp, tree.getPath());
        assertVersionPermission(versionPermission, IdentifierManagerTest.ID_ROOT, false);
        Tree child = tree.getChild("1.0");
        TreePermission treePermission = this.pp.getTreePermission(child, versionPermission);
        assertVersionPermission(treePermission, IdentifierManagerTest.ID_ROOT, false);
        Tree child2 = child.getChild("jcr:frozenNode");
        Assert.assertTrue(child2.exists());
        TreePermission treePermission2 = this.pp.getTreePermission(child2, treePermission);
        assertVersionPermission(treePermission2, IdentifierManagerTest.ID_ROOT, false);
        Tree tree2 = child2;
        String str = IdentifierManagerTest.ID_ROOT;
        for (String str2 : new String[]{"a", "b", "c"}) {
            tree2 = tree2.getChild(str2);
            str = PathUtils.concat(str, str2);
            treePermission2 = this.pp.getTreePermission(tree2, treePermission2);
            assertVersionPermission(treePermission2, str, false);
        }
    }

    @Test
    public void testVersionableChildRemoved() throws Exception {
        this.root.getTree("/test/a/b/c").remove();
        this.root.commit();
        this.pp.refresh();
        String concat = PathUtils.concat(((Tree) Preconditions.checkNotNull(this.vMgr.getVersionHistory(this.testTree))).getPath(), new String[]{"1.0", "jcr:frozenNode", "a/b/c"});
        assertVersionPermission(getVersionPermission(this.root, this.pp, concat), "/test/a/b/c", true);
        this.root.getTree("/test/a").remove();
        this.root.commit();
        this.pp.refresh();
        assertVersionPermission(getVersionPermission(this.root, this.pp, concat), "/test/a/b/c", true);
    }

    @Test
    public void testVersionableChildRemoved2() throws Exception {
        this.root.getTree("/test/a/b").remove();
        this.root.commit();
        this.pp.refresh();
        String concat = PathUtils.concat(((Tree) Preconditions.checkNotNull(this.vMgr.getVersionHistory(this.testTree))).getPath(), new String[]{"1.0", "jcr:frozenNode", "a"});
        TreePermission versionPermission = getVersionPermission(this.root, this.pp, concat);
        assertVersionPermission(versionPermission, "/test/a", true);
        Tree child = this.root.getTree(concat).getChild("b");
        TreePermission treePermission = this.pp.getTreePermission(child, versionPermission);
        assertVersionPermission(treePermission, "/test/a/b", true);
        assertVersionPermission(this.pp.getTreePermission(child.getChild("c"), treePermission), "/test/a/b/c", true);
    }
}
