package org.apache.jackrabbit.oak.exercise.security.authorization.advanced;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.GuestCredentials;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.exercise.security.authorization.models.predefined.Editor;
import org.apache.jackrabbit.oak.exercise.security.authorization.models.predefined.PredefinedAuthorizationConfiguration;
import org.apache.jackrabbit.oak.exercise.security.authorization.models.predefined.Reader;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authentication.AuthenticationConfigurationImpl;
import org.apache.jackrabbit.oak.security.authentication.token.TokenConfigurationImpl;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.security.principal.PrincipalConfigurationImpl;
import org.apache.jackrabbit.oak.security.privilege.PrivilegeConfigurationImpl;
import org.apache.jackrabbit.oak.security.user.UserConfigurationImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L5_CustomPermissionEvaluationTest.class */
public class L5_CustomPermissionEvaluationTest extends AbstractSecurityTest {
    private static final String[] ACTION_NAMES = {"read", "add_node", "set_property", "remove"};
    private List<Tree> trees;
    private PropertyState prop;

    protected SecurityProvider initSecurityProvider() {
        return SecurityProviderBuilder.newBuilder().with(new AuthenticationConfigurationImpl(), ConfigurationParameters.EMPTY, new PrivilegeConfigurationImpl(), ConfigurationParameters.EMPTY, new UserConfigurationImpl(), ConfigurationParameters.EMPTY, new PredefinedAuthorizationConfiguration(), ConfigurationParameters.EMPTY, new PrincipalConfigurationImpl(), ConfigurationParameters.EMPTY, new TokenConfigurationImpl(), ConfigurationParameters.EMPTY).with(getSecurityConfigParameters()).withRootProvider(getRootProvider()).withTreeProvider(getTreeProvider()).build();
    }

    public void before() throws Exception {
        super.before();
        this.prop = PropertyStates.createProperty("prop", "value");
        Tree addChild = TreeUtil.addChild(this.root.getTree("/"), "contentA", "oak:Unstructured");
        Tree addChild2 = TreeUtil.addChild(addChild, "a", "oak:Unstructured");
        addChild2.setProperty(this.prop);
        Tree addChild3 = TreeUtil.addChild(addChild2, "a", "oak:Unstructured");
        addChild3.setProperty(this.prop);
        Tree addChild4 = TreeUtil.addChild(this.root.getTree("/"), "contentB", "oak:Unstructured");
        addChild4.setProperty(this.prop);
        Tree addChild5 = TreeUtil.addChild(addChild4, "b", "oak:Unstructured");
        addChild5.setProperty(this.prop);
        Tree addChild6 = TreeUtil.addChild(this.root.getTree("/"), "contentC", "oak:Unstructured");
        addChild6.setProperty(this.prop);
        Tree addChild7 = TreeUtil.addChild(addChild6, "c", "oak:Unstructured");
        addChild7.setProperty(this.prop);
        this.root.commit();
        this.trees = ImmutableList.builder().add(this.root.getTree("/")).add(addChild).add(addChild2).add(addChild3).add(addChild4).add(addChild5).add(addChild6).add(addChild7).build();
    }

    private PermissionProvider getPermissionProvider(@NotNull Set<Principal> set) {
        return ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(this.root, this.adminSession.getWorkspaceName(), set);
    }

    private Iterable<String> getTreePaths() {
        return Iterables.transform(this.trees, (v0) -> {
            return v0.getPath();
        });
    }

    private Set<Principal> getGuestPrincipals() throws Exception {
        ContentSession login = login(new GuestCredentials());
        Throwable th = null;
        try {
            Set<Principal> principals = login.getAuthInfo().getPrincipals();
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    login.close();
                }
            }
            return principals;
        } catch (Throwable th3) {
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    login.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAdministrativeAccess() {
        Iterator<String> it = getTreePaths().iterator();
        while (it.hasNext()) {
            Assert.assertFalse(this.root.getTree(it.next()).exists());
        }
        PermissionProvider permissionProvider = getPermissionProvider(this.adminSession.getAuthInfo().getPrincipals());
        for (Tree tree : this.trees) {
            permissionProvider.getPrivileges(tree).contains("jcr:all");
            Assert.assertTrue(permissionProvider.isGranted(tree, (PropertyState) null, 2097151L));
            Assert.assertTrue(permissionProvider.isGranted(tree, this.prop, 2097151L));
            String path = tree.getPath();
            String implode = Text.implode(ACTION_NAMES, ",");
            Assert.assertTrue(permissionProvider.isGranted(path, implode));
            Assert.assertTrue(permissionProvider.isGranted(PathUtils.concat(path, this.prop.getName()), implode));
        }
    }

    @Test
    public void testGuestAccess() throws Exception {
        ContentSession login = login(new GuestCredentials());
        Throwable th = null;
        try {
            Root latestRoot = login.getLatestRoot();
            Iterator<String> it = getTreePaths().iterator();
            while (it.hasNext()) {
                Assert.assertFalse(latestRoot.getTree(it.next()).exists());
            }
            PermissionProvider permissionProvider = getPermissionProvider(login.getAuthInfo().getPrincipals());
            for (Tree tree : this.trees) {
                permissionProvider.getPrivileges(tree).isEmpty();
                Iterator it2 = Permissions.aggregates(2097151L).iterator();
                while (it2.hasNext()) {
                    long longValue = ((Long) it2.next()).longValue();
                    Assert.assertFalse(permissionProvider.isGranted(tree, (PropertyState) null, longValue));
                    Assert.assertFalse(permissionProvider.isGranted(tree, this.prop, longValue));
                }
                for (String str : ACTION_NAMES) {
                    String path = tree.getPath();
                    Assert.assertFalse(permissionProvider.isGranted(path, str));
                    Assert.assertFalse(permissionProvider.isGranted(PathUtils.concat(path, this.prop.getName()), str));
                }
            }
            if (login != null) {
                if (0 == 0) {
                    login.close();
                    return;
                }
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    login.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testWriteAccess() throws Exception {
        Iterator it = ImmutableList.of(ImmutableSet.of(new Editor("ida")), ImmutableSet.of(EveryonePrincipal.getInstance(), new Editor("amanda")), ImmutableSet.of(getTestUser().getPrincipal(), new Editor("susi")), ImmutableSet.builder().addAll(getGuestPrincipals()).add(new Editor("naima")).build()).iterator();
        while (it.hasNext()) {
            PermissionProvider permissionProvider = getPermissionProvider((Set) it.next());
            for (Tree tree : this.trees) {
                Assert.assertTrue(permissionProvider.hasPrivileges(tree, new String[]{"jcr:read", "jcr:write"}));
                Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{"jcr:write", "jcr:nodeTypeManagement"}));
                Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl", "jcr:modifyAccessControl", "rep:userManagement"}));
                Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{"jcr:all"}));
                Assert.assertTrue(permissionProvider.isGranted(tree, (PropertyState) null, 127L));
                Assert.assertTrue(permissionProvider.isGranted(tree, this.prop, 127L));
                Assert.assertFalse(permissionProvider.isGranted(tree, (PropertyState) null, 2097151L));
                Assert.assertFalse(permissionProvider.isGranted(tree, this.prop, 2097151L));
                Assert.assertFalse(permissionProvider.isGranted(tree, (PropertyState) null, 524672L));
                Assert.assertFalse(permissionProvider.isGranted(tree, this.prop, 524672L));
                for (String str : ACTION_NAMES) {
                    String path = tree.getPath();
                    Assert.assertTrue(permissionProvider.isGranted(path, str));
                    Assert.assertTrue(permissionProvider.isGranted(PathUtils.concat(path, this.prop.getName()), str));
                }
                Assert.assertFalse(permissionProvider.isGranted(tree.getPath(), Text.implode(new String[]{"modify_access_control", "read_access_control", "user_management"}, ",")));
            }
        }
    }

    @Test
    public void testReadAccess() throws Exception {
        ImmutableList of = ImmutableList.of(ImmutableSet.of(new Reader("ida")), ImmutableSet.of(EveryonePrincipal.getInstance(), new Reader("fairuz")), ImmutableSet.of(getTestUser().getPrincipal(), new Editor("juni")), ImmutableSet.builder().addAll(getGuestPrincipals()).add(new Editor("ale")).build());
        Privilege privilege = getPrivilegeManager(this.root).getPrivilege("jcr:all");
        ImmutableSet of2 = ImmutableSet.of("jcr:read", "rep:readNodes", "rep:readProperties");
        Iterator it = of.iterator();
        while (it.hasNext()) {
            PermissionProvider permissionProvider = getPermissionProvider((Set) it.next());
            for (Tree tree : this.trees) {
                Assert.assertTrue(permissionProvider.hasPrivileges(tree, (String[]) of2.toArray(new String[of2.size()])));
                for (Privilege privilege2 : privilege.getAggregatePrivileges()) {
                    String name = privilege2.getName();
                    if (of2.contains(name)) {
                        Assert.assertTrue(permissionProvider.hasPrivileges(tree, new String[]{name}));
                    } else {
                        Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{name}));
                    }
                }
                Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{"jcr:all", "jcr:read"}));
                Assert.assertTrue(permissionProvider.isGranted(tree, (PropertyState) null, 3L));
                Assert.assertTrue(permissionProvider.isGranted(tree, (PropertyState) null, 1L));
                Assert.assertTrue(permissionProvider.isGranted(tree, this.prop, 2L));
                Assert.assertFalse(permissionProvider.isGranted(tree, (PropertyState) null, 2097151L));
                Assert.assertFalse(permissionProvider.isGranted(tree, this.prop, 2097151L));
                Assert.assertFalse(permissionProvider.isGranted(tree, (PropertyState) null, 1276L));
                Assert.assertFalse(permissionProvider.isGranted(tree, this.prop, 1180L));
                String path = tree.getPath();
                Assert.assertTrue(permissionProvider.isGranted(path, "read"));
                Assert.assertTrue(permissionProvider.isGranted(PathUtils.concat(path, this.prop.getName()), "read"));
                Assert.assertFalse(permissionProvider.isGranted(tree.getPath(), Text.implode(new String[]{"add_node", "set_property", "remove", "read_access_control"}, ",")));
            }
            Assert.assertTrue(permissionProvider.isGranted("/path/to/nonexisting/item", "read"));
            Assert.assertFalse(permissionProvider.isGranted("/path/to/nonexisting/item", "set_property"));
        }
    }
}
