package org.apache.jackrabbit.oak.security.authorization.permission;

import java.lang.reflect.Method;
import java.security.Principal;
import java.util.Collection;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionConstants;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/PermissionStoreImplTest.class */
public class PermissionStoreImplTest extends AbstractSecurityTest implements PermissionConstants {
    private PermissionStoreImpl permissionStore;
    private Principal testPrincipal;
    private String testPath = "/testPath";
    private String childPath = "/testPath/childNode";

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.testPrincipal = getTestUser().getPrincipal();
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT), this.namePathMapper).addChild("testPath", "nt:unstructured").addChild("childNode", "nt:unstructured");
        addAcl(this.testPath, EveryonePrincipal.getInstance());
        addAcl(this.childPath, EveryonePrincipal.getInstance());
        this.root.commit();
        this.permissionStore = new PermissionStoreImpl(this.root, this.root.getContentSession().getWorkspaceName(), ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider());
    }

    private void addAcl(@NotNull String str, @NotNull Principal principal) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames("jcr:read"));
        accessControlManager.setPolicy(str, accessControlList);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
            accessControlManager.removePolicy(this.testPath, AccessControlUtils.getAccessControlList(accessControlManager, this.testPath));
            this.root.commit();
        } finally {
            super.after();
        }
    }

    @Test
    public void testLoad() {
        PrincipalPermissionEntries load = this.permissionStore.load("everyone");
        Assert.assertNotNull(load);
        Assert.assertTrue(load.isFullyLoaded());
        Assert.assertEquals(2L, load.getSize());
    }

    @Test
    public void testLoadMissingPrincipalRoot() {
        PrincipalPermissionEntries load = this.permissionStore.load(this.testPrincipal.getName());
        Assert.assertNotNull(load);
        Assert.assertTrue(load.isFullyLoaded());
        Assert.assertEquals(0L, load.getSize());
    }

    @Test
    public void testLoadWithNesting() throws Exception {
        try {
            Tree permissionRoot = getPermissionRoot("everyone");
            permissionRoot.removeProperty("rep:numPermissions");
            Iterator it = permissionRoot.getChildren().iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                Tree tree = (Tree) it.next();
                if (tree.hasProperty("rep:accessControlledPath")) {
                    tree.getName();
                    Tree addChild = TreeUtil.addChild(tree, "c_" + tree.getName(), "rep:PermissionStore");
                    addChild.setProperty("rep:accessControlledPath", "/another/path");
                    Tree addChild2 = TreeUtil.addChild(addChild, "1", "rep:Permissions");
                    addChild2.setProperty("rep:privileges", -1L);
                    addChild2.setProperty("rep:isAllow", false);
                    break;
                }
            }
            PrincipalPermissionEntries load = this.permissionStore.load("everyone");
            Assert.assertNotNull(load);
            Assert.assertTrue(load.isFullyLoaded());
            Assert.assertEquals(3L, load.getSize());
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testLoadByPath() {
        Collection load = this.permissionStore.load("everyone", this.testPath);
        Assert.assertNotNull(load);
        Assert.assertFalse(load.isEmpty());
    }

    @Test
    public void testLoadByPathWithoutEntries() {
        Assert.assertNull(this.permissionStore.load("everyone", this.testPath + "/notAccessControlled"));
    }

    @Test
    public void testLoadByPathMissingPrincipalRoot() {
        Assert.assertNull(this.permissionStore.load(this.testPrincipal.getName(), this.testPath));
    }

    @Test
    public void testGetNumEntries() {
        Assert.assertEquals(NumEntries.valueOf(2L, true), this.permissionStore.getNumEntries("everyone", Long.MAX_VALUE));
    }

    @Test
    public void testGetNumEntriesMissingPrincipalRoot() {
        Assert.assertEquals(NumEntries.valueOf(0L, true), this.permissionStore.getNumEntries(this.testPrincipal.getName(), Long.MAX_VALUE));
    }

    @Test
    public void testGetNumEntriesMissingProperty() throws Exception {
        try {
            getPermissionRoot("everyone").removeProperty("rep:numPermissions");
            Assert.assertEquals(NumEntries.valueOf(2L, false), this.permissionStore.getNumEntries("everyone", Long.MAX_VALUE));
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testGetNumEntriesMissingPropertyThreshold() throws Exception {
        try {
            Tree permissionRoot = getPermissionRoot("everyone");
            permissionRoot.removeProperty("rep:numPermissions");
            Assert.assertEquals(NumEntries.valueOf(permissionRoot.getChildrenCount(1L), false), this.permissionStore.getNumEntries("everyone", 1L));
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Nullable
    private Tree getPermissionRoot(@NotNull String str) throws Exception {
        Method declaredMethod = PermissionStoreImpl.class.getDeclaredMethod("getPrincipalRoot", String.class);
        declaredMethod.setAccessible(true);
        return (Tree) declaredMethod.invoke(this.permissionStore, str);
    }
}
