package org.apache.jackrabbit.oak.security.authorization;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeProvider;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest.class */
public class AuthorizationContextTest extends AbstractSecurityTest {

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/AuthorizationContextTest$TypeTest.class */
    private static final class TypeTest {
        private final String path;
        private final TreeType type;
        private final TreeType parentType;

        private TypeTest(@NotNull String str, TreeType treeType) {
            this(str, treeType, TreeType.DEFAULT);
        }

        private TypeTest(@NotNull String str, TreeType treeType, TreeType treeType2) {
            this.path = str;
            this.type = treeType;
            this.parentType = treeType2;
        }

        /* JADX INFO: Access modifiers changed from: private */
        public static List<TypeTest> createTests(@NotNull Root root) throws Exception {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy/rep:Policy", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:ACL/rep:residualChildNodeDefinitions/rep:ACE", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:GrantACE/rep:namedChildNodeDefinitions/rep:restrictions", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:RepoAccessControllable/rep:namedChildNodeDefinitions/rep:repoPolicy", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/jcr:nodeTypes/rep:PermissionStore", TreeType.DEFAULT));
            arrayList.add(new TypeTest("/jcr:system/rep:permissionStore", TreeType.INTERNAL));
            arrayList.add(new TypeTest("/jcr:system/rep:permissionStore/a/b/child", TreeType.INTERNAL, TreeType.INTERNAL));
            NodeUtil addChild = new NodeUtil(root.getTree(IdentifierManagerTest.ID_ROOT)).addChild(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, "oak:Unstructured");
            Iterator it = AccessControlConstants.POLICY_NODE_NAMES.iterator();
            while (it.hasNext()) {
                NodeUtil addChild2 = addChild.addChild((String) it.next(), "rep:ACL");
                arrayList.add(new TypeTest(addChild2.getTree().getPath(), TreeType.ACCESS_CONTROL));
                arrayList.add(new TypeTest(addChild2.addChild("ace", "rep:DenyACE").getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
                NodeUtil addChild3 = addChild2.addChild("ace2", "rep:GrantACE");
                arrayList.add(new TypeTest(addChild3.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
                NodeUtil addChild4 = addChild3.addChild("rep:restrictions", "rep:Restrictions");
                arrayList.add(new TypeTest(addChild4.getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
                arrayList.add(new TypeTest(addChild4.addChild(IdentifierManagerTest.ID_INVALID, "oak:Unstructured").getTree().getPath(), TreeType.ACCESS_CONTROL, TreeType.ACCESS_CONTROL));
            }
            return arrayList;
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
        } finally {
            super.after();
        }
    }

    private void createAcl(@Nullable String str, String... strArr) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        Assert.assertNotNull(accessControlList);
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(strArr));
        accessControlManager.setPolicy(str, accessControlList);
    }

    @Test
    public void testItemDefinitionsDefinesContextRoot() throws Exception {
        Iterator it = Lists.newArrayList(new String[]{"/jcr:system/jcr:nodeTypes/rep:AccessControllable/rep:namedChildNodeDefinitions/rep:policy", "/jcr:system/jcr:nodeTypes/rep:RepoAccessControllable/rep:namedChildNodeDefinitions/rep:repoPolicy"}).iterator();
        while (it.hasNext()) {
            Assert.assertFalse(AuthorizationContext.getInstance().definesContextRoot(this.root.getTree((String) it.next())));
        }
    }

    @Test
    public void testPolicyDefinesContextRoot() throws Exception {
        createAcl(IdentifierManagerTest.ID_ROOT, "jcr:read");
        Tree child = this.root.getTree(IdentifierManagerTest.ID_ROOT).getChild("rep:policy");
        Assert.assertTrue(child.exists());
        Assert.assertTrue(AuthorizationContext.getInstance().definesContextRoot(child));
    }

    @Test
    public void testRepoPolicyDefinesContextRoot() throws Exception {
        createAcl(null, "jcr:namespaceManagement");
        Tree child = this.root.getTree(IdentifierManagerTest.ID_ROOT).getChild("rep:repoPolicy");
        Assert.assertTrue(child.exists());
        Assert.assertTrue(AuthorizationContext.getInstance().definesContextRoot(child));
    }

    @Test
    public void testAceDefinesContextRoot() throws Exception {
        createAcl(IdentifierManagerTest.ID_ROOT, "jcr:read");
        Tree child = this.root.getTree(IdentifierManagerTest.ID_ROOT).getChild("rep:policy");
        Assert.assertTrue(child.exists());
        Iterator it = child.getChildren().iterator();
        while (it.hasNext()) {
            Assert.assertFalse(AuthorizationContext.getInstance().definesContextRoot((Tree) it.next()));
        }
    }

    @Test
    public void testLocation() throws Exception {
        createAcl(IdentifierManagerTest.ID_ROOT, "jcr:read");
        Context authorizationContext = AuthorizationContext.getInstance();
        Assert.assertTrue(authorizationContext.definesLocation(TreeLocation.create(this.root, "/rep:policy/allow")));
        Assert.assertTrue(authorizationContext.definesLocation(TreeLocation.create(this.root, "/rep:policy/allow/rep:principalName")));
        Assert.assertTrue(authorizationContext.definesLocation(TreeLocation.create(this.root, "/rep:policy/allow/rep:privileges")));
        for (String str : ImmutableList.of(IdentifierManagerTest.ID_ROOT, "/jcr:system")) {
            Assert.assertFalse(str, authorizationContext.definesLocation(TreeLocation.create(this.root, str)));
            Assert.assertFalse(str, authorizationContext.definesLocation(TreeLocation.create(this.root, PathUtils.concat(str, "jcr:primaryType"))));
        }
        for (String str2 : ImmutableList.of("/rep:repoPolicy", "/content/rep:policy", "/content/rep:privileges", "/content/rep:repoPolicy", "/jcr:system/rep:policy", "/jcr:system/rep:permissionStore/nonexisting")) {
            Assert.assertTrue(str2, authorizationContext.definesLocation(TreeLocation.create(this.root, str2)));
            Assert.assertTrue(str2, authorizationContext.definesLocation(TreeLocation.create(this.root, PathUtils.concat(str2, "rep:privileges"))));
        }
    }

    @Test
    public void testGetType() throws Exception {
        TreeTypeProvider treeTypeProvider = new TreeTypeProvider(AuthorizationContext.getInstance());
        for (TypeTest typeTest : TypeTest.createTests(this.root)) {
            Assert.assertEquals(typeTest.path, typeTest.type, treeTypeProvider.getType(this.root.getTree(typeTest.path)));
        }
    }

    @Test
    public void testGetTypeWithParentType() throws Exception {
        TreeTypeProvider treeTypeProvider = new TreeTypeProvider(AuthorizationContext.getInstance());
        for (TypeTest typeTest : TypeTest.createTests(this.root)) {
            Assert.assertEquals(typeTest.path, typeTest.type, treeTypeProvider.getType(this.root.getTree(typeTest.path), typeTest.parentType));
        }
    }

    @Test
    public void testGetTypeWithDefaultParentType() throws Exception {
        TreeTypeProvider treeTypeProvider = new TreeTypeProvider(AuthorizationContext.getInstance());
        for (TypeTest typeTest : TypeTest.createTests(this.root)) {
            TreeType type = treeTypeProvider.getType(this.root.getTree(typeTest.path), TreeType.DEFAULT);
            if (TreeType.DEFAULT == typeTest.parentType) {
                Assert.assertEquals(typeTest.path, typeTest.type, type);
            } else {
                Assert.assertNotEquals(typeTest.path, typeTest.type, type);
            }
        }
    }
}
