package org.apache.jackrabbit.oak.security.authorization.composite;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Sets;
import java.util.Collection;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.AggregatedPermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/composite/CompositeProviderScopeTest.class */
public class CompositeProviderScopeTest extends AbstractCompositeProviderTest {
    private static List<String> PATH_OUTSIDE_SCOPE = ImmutableList.of(IdentifierManagerTest.ID_ROOT, "/test", "/test/child");
    private CompositePermissionProvider cppTestUser;
    private CompositePermissionProvider cppAdminUser;
    private LimitedScopeProvider testProvider;
    private PrivilegeBitsProvider pbp;
    private PrivilegeBits denied;

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.cppTestUser = createPermissionProvider(getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
        this.cppAdminUser = createPermissionProvider(this.root.getContentSession().getAuthInfo().getPrincipals());
        this.pbp = new PrivilegeBitsProvider(this.readOnlyRoot);
        this.denied = this.pbp.getBits(new String[]{"jcr:addChildNodes", "rep:addProperties"});
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.composite.AbstractCompositeProviderTest
    protected AggregatedPermissionProvider getTestPermissionProvider() {
        if (this.testProvider == null) {
            this.testProvider = new LimitedScopeProvider(this.readOnlyRoot);
        }
        return this.testProvider;
    }

    @Test
    public void testGetPrivileges() throws Exception {
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.readOnlyRoot);
        for (String str : this.defPrivileges.keySet()) {
            Tree tree = this.readOnlyRoot.getTree(str);
            Set<String> set = this.defPrivileges.get(str);
            Set privileges = this.cppTestUser.getPrivileges(tree);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertEquals(privilegeBitsProvider.getBits(set).modifiable().diff(this.denied).unmodifiable(), privilegeBitsProvider.getBits(privileges));
            } else {
                Assert.assertEquals(str, set, privileges);
            }
        }
    }

    @Test
    public void testGetPrivilegesAdmin() throws Exception {
        for (String str : NODE_PATHS) {
            Set privileges = this.cppAdminUser.getPrivileges(this.readOnlyRoot.getTree(str));
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertEquals(this.pbp.getBits(new String[]{"jcr:all"}).modifiable().diff(this.denied).unmodifiable(), this.pbp.getBits(privileges));
            } else {
                Assert.assertEquals(str, ImmutableSet.of("jcr:all"), privileges);
            }
        }
    }

    @Test
    public void testGetPrivilegesOnRepo() throws Exception {
        Assert.assertEquals(ImmutableSet.of("jcr:nodeTypeDefinitionManagement"), this.cppTestUser.getPrivileges((Tree) null));
    }

    @Test
    public void testGetPrivilegesOnRepoAdmin() throws Exception {
        Assert.assertEquals(this.pbp.getBits(new String[]{"jcr:all"}).modifiable().diff(this.pbp.getBits(new String[]{"jcr:namespaceManagement"})).unmodifiable(), this.pbp.getBits(this.cppAdminUser.getPrivileges((Tree) null)));
    }

    @Test
    public void testHasPrivileges() throws Exception {
        for (String str : this.defPrivileges.keySet()) {
            Set<String> set = this.defPrivileges.get(str);
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Set privilegeNames = this.pbp.getPrivilegeNames(this.pbp.getBits(set).modifiable().diff(this.denied));
                Assert.assertTrue(str, this.cppTestUser.hasPrivileges(tree, (String[]) privilegeNames.toArray(new String[privilegeNames.size()])));
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, new String[]{"jcr:addChildNodes"}));
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, new String[]{"rep:addProperties"}));
                Assert.assertFalse(str, this.cppTestUser.hasPrivileges(tree, new String[]{"jcr:modifyProperties"}));
            } else {
                Assert.assertTrue(str, this.cppTestUser.hasPrivileges(tree, (String[]) set.toArray(new String[set.size()])));
            }
        }
    }

    @Test
    public void testHasPrivilegesAdmin() throws Exception {
        Set privilegeNames = this.pbp.getPrivilegeNames(this.pbp.getBits(new String[]{"jcr:all"}).modifiable().diff(this.pbp.getBits(new String[]{"jcr:addChildNodes", "rep:addProperties"})));
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppAdminUser.hasPrivileges(tree, (String[]) privilegeNames.toArray(new String[privilegeNames.size()])));
                Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:addChildNodes"}));
                Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"rep:addProperties"}));
                Assert.assertFalse(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:write"}));
            } else {
                Assert.assertTrue(this.cppAdminUser.hasPrivileges(tree, new String[]{"jcr:all"}));
            }
        }
    }

    @Test
    public void testHasPrivilegesOnRepo() throws Exception {
        Assert.assertFalse(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement"}));
        Assert.assertFalse(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertFalse(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[]{"jcr:nodeTypeDefinitionManagement"}));
        Assert.assertTrue(this.cppTestUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testHasPrivilegeOnRepoAdmin() throws Exception {
        Assert.assertFalse(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement"}));
        Assert.assertFalse(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:namespaceManagement", "jcr:nodeTypeDefinitionManagement"}));
        Assert.assertFalse(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:all"}));
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[]{"jcr:nodeTypeDefinitionManagement"}));
        Set privilegeNames = this.pbp.getPrivilegeNames(this.pbp.getBits(new String[]{"jcr:all"}).modifiable().diff(this.pbp.getBits(new String[]{"jcr:namespaceManagement"})));
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, (String[]) privilegeNames.toArray(new String[privilegeNames.size()])));
        Assert.assertTrue(this.cppAdminUser.hasPrivileges((Tree) null, new String[0]));
    }

    @Test
    public void testIsGranted() throws Exception {
        for (String str : this.defPermissions.keySet()) {
            long longValue = this.defPermissions.get(str).longValue();
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppTestUser.isGranted(tree, (PropertyState) null, Permissions.diff(longValue, 36L)));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, (PropertyState) null, 32L));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, (PropertyState) null, 4L));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, (PropertyState) null, 28L));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, (PropertyState) null, 124L));
            } else {
                Assert.assertTrue(this.cppTestUser.isGranted(tree, (PropertyState) null, longValue));
            }
        }
    }

    @Test
    public void testIsGrantedAdmin() throws Exception {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppAdminUser.isGranted(tree, (PropertyState) null, Permissions.diff(2097151L, 36L)));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, (PropertyState) null, 32L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, (PropertyState) null, 4L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, (PropertyState) null, 36L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, (PropertyState) null, 124L));
            } else {
                Assert.assertTrue(this.cppAdminUser.isGranted(tree, (PropertyState) null, 2097151L));
            }
        }
    }

    @Test
    public void testIsGrantedProperty() throws Exception {
        for (String str : this.defPermissions.keySet()) {
            long longValue = this.defPermissions.get(str).longValue();
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppTestUser.isGranted(tree, PROPERTY_STATE, Permissions.diff(longValue, 36L)));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, PROPERTY_STATE, 4L));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, PROPERTY_STATE, 28L));
                Assert.assertFalse(this.cppTestUser.isGranted(tree, PROPERTY_STATE, 124L));
            } else {
                Assert.assertTrue(this.cppTestUser.isGranted(tree, PROPERTY_STATE, longValue));
            }
        }
    }

    @Test
    public void testIsGrantedPropertyAdmin() throws Exception {
        for (String str : NODE_PATHS) {
            Tree tree = this.readOnlyRoot.getTree(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, Permissions.diff(2097151L, 36L)));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 32L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 4L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 36L));
                Assert.assertFalse(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 124L));
            } else {
                Assert.assertTrue(this.cppAdminUser.isGranted(tree, PROPERTY_STATE, 2097151L));
            }
        }
    }

    @Test
    public void testIsGrantedAction() throws Exception {
        Collection<?> of = ImmutableSet.of("add_node", "add_property");
        for (String str : this.defActionsGranted.keySet()) {
            String[] strArr = this.defActionsGranted.get(str);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                HashSet newHashSet = Sets.newHashSet(strArr);
                newHashSet.removeAll(of);
                boolean z = TreeLocation.create(this.readOnlyRoot, str).getProperty() != null;
                if (!z) {
                    newHashSet.remove("set_property");
                }
                Assert.assertTrue(str, this.cppTestUser.isGranted(str, getActionString((String[]) newHashSet.toArray(new String[newHashSet.size()]))));
                Assert.assertEquals(str, Boolean.valueOf(z), Boolean.valueOf(this.cppTestUser.isGranted(str, "set_property")));
                Assert.assertFalse(str, this.cppTestUser.isGranted(str, "add_node"));
                Assert.assertFalse(str, this.cppTestUser.isGranted(str, "add_property"));
            } else {
                Assert.assertTrue(str, this.cppTestUser.isGranted(str, getActionString(strArr)));
            }
        }
    }

    @Test
    public void testIsGrantedActionAdmin() throws Exception {
        String[] strArr = {"read", "remove_node", "modify_property", "remove_property", "remove", "read_access_control", "modify_access_control", "locking", "node_type_management", "versioning", "user_management"};
        for (String str : NODE_PATHS) {
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(this.cppAdminUser.isGranted(str, getActionString(strArr)));
                Assert.assertFalse(this.cppAdminUser.isGranted(str, "add_node"));
                Assert.assertFalse(this.cppAdminUser.isGranted(str, "set_property"));
                Assert.assertFalse(this.cppAdminUser.isGranted(str, "add_property"));
            } else {
                Assert.assertTrue(this.cppAdminUser.isGranted(str, Permissions.getString(2097151L)));
                Assert.assertTrue(this.cppAdminUser.isGranted(str, getActionString(ALL_ACTIONS)));
            }
        }
    }

    @Test
    public void testRepositoryPermissionIsGranted() throws Exception {
        RepositoryPermission repositoryPermission = this.cppTestUser.getRepositoryPermission();
        Assert.assertFalse(repositoryPermission.isGranted(65536L));
        Assert.assertFalse(repositoryPermission.isGranted(98304L));
        Assert.assertFalse(repositoryPermission.isGranted(327680L));
        Assert.assertTrue(repositoryPermission.isGranted(32768L));
        Assert.assertFalse(repositoryPermission.isGranted(262144L));
        Assert.assertFalse(repositoryPermission.isGranted(425984L));
        Assert.assertFalse(repositoryPermission.isGranted(2097151L));
    }

    @Test
    public void testRepositoryPermissionIsGrantedAdmin() throws Exception {
        RepositoryPermission repositoryPermission = this.cppAdminUser.getRepositoryPermission();
        Assert.assertFalse(repositoryPermission.isGranted(65536L));
        Assert.assertFalse(repositoryPermission.isGranted(98304L));
        Assert.assertFalse(repositoryPermission.isGranted(327680L));
        Assert.assertTrue(repositoryPermission.isGranted(32768L));
        Assert.assertTrue(repositoryPermission.isGranted(262144L));
        Assert.assertTrue(repositoryPermission.isGranted(425984L));
        Assert.assertFalse(repositoryPermission.isGranted(2097151L));
    }

    @Test
    public void testTreePermissionIsGranted() throws Exception {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                LimitedScopeProvider limitedScopeProvider = this.testProvider;
                if (LimitedScopeProvider.isSupported(str)) {
                    Assert.assertTrue(treePermission2.isGranted(Permissions.diff(l.longValue(), 36L)));
                    Assert.assertFalse(treePermission2.isGranted(36L));
                } else {
                    Assert.assertTrue(treePermission2.isGranted(l.longValue()));
                }
            }
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionIsGrantedAdmin() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            LimitedScopeProvider limitedScopeProvider = this.testProvider;
            if (LimitedScopeProvider.isSupported(str)) {
                Assert.assertTrue(str, treePermission2.isGranted(Permissions.diff(2097151L, 36L)));
                Assert.assertFalse(str, treePermission2.isGranted(36L));
                Assert.assertFalse(str, treePermission2.isGranted(2097151L));
            } else {
                Assert.assertTrue(str, treePermission2.isGranted(2097151L));
            }
            treePermission = treePermission2;
        }
        TreePermission treePermission3 = TreePermission.EMPTY;
        for (String str2 : PATH_OUTSIDE_SCOPE) {
            TreePermission treePermission4 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str2), treePermission3);
            Assert.assertTrue(str2, treePermission4.isGranted(2097151L));
            treePermission3 = treePermission4;
        }
    }

    @Test
    public void testTreePermissionIsGrantedProperty() throws Exception {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Long l = this.defPermissions.containsKey(str) ? this.defPermissions.get(str) : this.defPermissions.get(PathUtils.getAncestorPath(str, 1));
            if (l != null) {
                LimitedScopeProvider limitedScopeProvider = this.testProvider;
                if (LimitedScopeProvider.isSupported(str)) {
                    Assert.assertTrue(treePermission2.isGranted(Permissions.diff(l.longValue(), 36L), PROPERTY_STATE));
                    Assert.assertFalse(treePermission2.isGranted(4L, PROPERTY_STATE));
                } else {
                    Assert.assertTrue(treePermission2.isGranted(l.longValue(), PROPERTY_STATE));
                }
            }
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanRead() throws Exception {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, false).put("/test", true).put("/test/a", true).put("/test/a/b", true).put("/test/a/b/c", false).put("/test/a/b/c/nonexisting", false).build();
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : build.keySet()) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertEquals(str, Boolean.valueOf(((Boolean) build.get(str)).booleanValue()), Boolean.valueOf(treePermission2.canRead()));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanReadProperty() throws Exception {
        ImmutableMap build = ImmutableMap.builder().put(IdentifierManagerTest.ID_ROOT, false).put("/test", true).put("/test/a", true).put("/test/a/b", true).put("/test/a/b/c", true).put("/test/a/b/c/nonexisting", true).build();
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : build.keySet()) {
            TreePermission treePermission2 = this.cppTestUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertEquals(str, build.get(str), Boolean.valueOf(treePermission2.canRead(PROPERTY_STATE)));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanReadAdmin() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertTrue(str, treePermission2.canRead());
            Assert.assertTrue(str, treePermission2.canRead(PROPERTY_STATE));
            treePermission = treePermission2;
        }
    }

    @Test
    public void testTreePermissionCanReadAllAdmin() {
        TreePermission treePermission = TreePermission.EMPTY;
        for (String str : TP_PATHS) {
            TreePermission treePermission2 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str), treePermission);
            Assert.assertFalse(str, treePermission2.canReadAll());
            Assert.assertTrue(str, treePermission2.canReadProperties());
            treePermission = treePermission2;
        }
        TreePermission treePermission3 = TreePermission.EMPTY;
        for (String str2 : PATH_OUTSIDE_SCOPE) {
            TreePermission treePermission4 = this.cppAdminUser.getTreePermission(this.readOnlyRoot.getTree(str2), treePermission3);
            Assert.assertFalse(str2, treePermission4.canReadAll());
            Assert.assertTrue(str2, treePermission4.canReadProperties());
            treePermission3 = treePermission4;
        }
    }
}
