package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.GuestCredentials;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.ReadOnly;
import org.apache.jackrabbit.oak.plugins.tree.TreeLocation;
import org.apache.jackrabbit.oak.plugins.tree.TreeType;
import org.apache.jackrabbit.oak.plugins.tree.TreeTypeAware;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.RepositoryPermission;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.TreePermission;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugPermissionProviderTest.class */
public class CugPermissionProviderTest extends AbstractCugTest implements NodeTypeConstants {
    private static final Map<String, Boolean> PATH_INCUG_MAP = new HashMap();
    private static final List<String> READABLE_PATHS;
    private static final List<String> NOT_READABLE_PATHS;
    private Principal testGroupPrincipal;
    private CugPermissionProvider cugPermProvider;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    @Before
    public void before() throws Exception {
        super.before();
        this.testGroupPrincipal = getTestGroupPrincipal();
        Tree tree = this.root.getTree("/content");
        createTrees(tree, "oak:Unstructured", "a", "b", "c");
        createTrees(tree, "oak:Unstructured", "aa", "bb", "cc");
        createTrees(tree, "oak:Unstructured", "no", "cug", "in", "subtree");
        createCug("/content/a", this.testGroupPrincipal);
        createCug("/content/a/b/c", EveryonePrincipal.getInstance());
        createCug("/content/aa/bb", this.testGroupPrincipal);
        this.root.commit();
        this.cugPermProvider = createCugPermissionProvider(ImmutableSet.of("/content"), getTestUser().getPrincipal(), EveryonePrincipal.getInstance());
    }

    @Test
    public void testSupportedPrivileges() {
        PrivilegeBits privilegeBits = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:read");
        PrivilegeBits privilegeBits2 = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("rep:readNodes");
        PrivilegeBits privilegeBits3 = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("rep:readProperties");
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
        for (String str : PATH_INCUG_MAP.keySet()) {
            boolean booleanValue = PATH_INCUG_MAP.get(str).booleanValue();
            Tree tree = this.root.getTree(str);
            if (booleanValue) {
                assertPrivilegeBits(privilegeBits, this.cugPermProvider.supportedPrivileges(tree, privilegeBits));
                assertPrivilegeBits(privilegeBits2, this.cugPermProvider.supportedPrivileges(tree, privilegeBits2));
                assertPrivilegeBits(privilegeBits3, this.cugPermProvider.supportedPrivileges(tree, privilegeBits3));
                assertPrivilegeBits(privilegeBits, this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"jcr:all"})));
                assertPrivilegeBits(privilegeBits2, this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"rep:readNodes", "jcr:readAccessControl"})));
            } else {
                Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBits).isEmpty());
                Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBits2).isEmpty());
                Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBits3).isEmpty());
                Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"jcr:all"})).isEmpty());
                Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"rep:readNodes", "jcr:readAccessControl"})).isEmpty());
            }
            Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"rep:write"})).isEmpty());
            Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"jcr:addChildNodes", "jcr:removeChildNodes", "jcr:removeNode"})).isEmpty());
            Assert.assertTrue(this.cugPermProvider.supportedPrivileges(tree, privilegeBitsProvider.getBits(new String[]{"jcr:readAccessControl"})).isEmpty());
        }
    }

    private static void assertPrivilegeBits(@NotNull PrivilegeBits privilegeBits, @NotNull PrivilegeBits privilegeBits2) {
        Assert.assertEquals(privilegeBits, privilegeBits2.unmodifiable());
    }

    @Test
    public void testSupportedPrivilegesForNullTree() {
        PrivilegeBits privilegeBits = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("jcr:read");
        PrivilegeBits privilegeBits2 = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("rep:readNodes");
        PrivilegeBits privilegeBits3 = (PrivilegeBits) PrivilegeBits.BUILT_IN.get("rep:readProperties");
        PrivilegeBitsProvider privilegeBitsProvider = new PrivilegeBitsProvider(this.root);
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBits).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBits2).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBits3).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBitsProvider.getBits(new String[]{"jcr:all"})).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBitsProvider.getBits(new String[]{"rep:readNodes", "jcr:readAccessControl"})).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBitsProvider.getBits(new String[]{"rep:write"})).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBitsProvider.getBits(new String[]{"jcr:addChildNodes", "jcr:removeChildNodes", "jcr:removeNode"})).isEmpty());
        Assert.assertTrue(this.cugPermProvider.supportedPrivileges((Tree) null, privilegeBitsProvider.getBits(new String[]{"jcr:readAccessControl"})).isEmpty());
    }

    @Test
    public void testSupportedPermissionsByTree() {
        for (String str : PATH_INCUG_MAP.keySet()) {
            boolean booleanValue = PATH_INCUG_MAP.get(str).booleanValue();
            Tree tree = this.root.getTree(str);
            if (booleanValue) {
                Assert.assertEquals(3L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 3L));
                Assert.assertEquals(1L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 1L));
                Assert.assertEquals(2L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 2L));
                Assert.assertEquals(3L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 2097151L));
                Assert.assertEquals(1L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 129L));
            } else {
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 3L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 1L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 2L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 2097151L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 129L));
            }
            Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 124L));
            Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 112L));
            Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(tree, (PropertyState) null, 128L));
        }
    }

    @Test
    public void testSupportedPermissionsByNullTree() {
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 3L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 1L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 2L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 2097151L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 129L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 124L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 112L));
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions((Tree) null, (PropertyState) null, 128L));
    }

    @Test
    public void testSupportedPermissionsByNonExistingVersionTree() {
        TreeTypeAware treeTypeAware = (Tree) Mockito.mock(Tree.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeTypeAware.class, ReadOnly.class}));
        Mockito.when(Boolean.valueOf(treeTypeAware.exists())).thenReturn(false);
        Mockito.when(treeTypeAware.getPath()).thenReturn("/jcr:system/jcr:versionStorage/some/version");
        Mockito.when(treeTypeAware.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "nt:version", Type.NAME));
        Mockito.when(treeTypeAware.getType()).thenReturn(TreeType.VERSION);
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treeTypeAware, (PropertyState) null, 3L));
    }

    @Test
    public void testSupportedPermissionsByLocation() {
        for (String str : PATH_INCUG_MAP.keySet()) {
            boolean booleanValue = PATH_INCUG_MAP.get(str).booleanValue();
            TreeLocation create = TreeLocation.create(this.root, str);
            if (booleanValue) {
                Assert.assertEquals(str, 3L, this.cugPermProvider.supportedPermissions(create, 3L));
                Assert.assertEquals(str, 1L, this.cugPermProvider.supportedPermissions(create, 1L));
                Assert.assertEquals(str, 2L, this.cugPermProvider.supportedPermissions(create, 2L));
                Assert.assertEquals(str, 3L, this.cugPermProvider.supportedPermissions(create, 2097151L));
                Assert.assertEquals(str, 1L, this.cugPermProvider.supportedPermissions(create, 129L));
            } else {
                Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 3L));
                Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 1L));
                Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 2L));
                Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 2097151L));
                Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 129L));
            }
            Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 128L));
            Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 256L));
            Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 32L));
            Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(create, 124L));
            Assert.assertEquals(str, 0L, this.cugPermProvider.supportedPermissions(TreeLocation.create(this.root, "/path/to/no-existing/tree"), 3L));
        }
    }

    @Test
    public void testSupportedPermissionsByNullLocation() {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree.getPath()).thenReturn("/");
        Mockito.when(Boolean.valueOf(tree.exists())).thenReturn(false);
        TreeLocation create = TreeLocation.create(tree);
        Assert.assertNull(create.getTree());
        Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(create, 3L));
    }

    @Test
    public void testSupportedPermissionsByTreePermission() {
        TreePermission treePermission = this.cugPermProvider.getTreePermission(this.root.getTree("/"), TreePermission.EMPTY);
        HashMap hashMap = new HashMap();
        TreePermission treePermission2 = this.cugPermProvider.getTreePermission(this.root.getTree("/content"), treePermission);
        hashMap.put(treePermission2, false);
        TreePermission treePermission3 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/a"), treePermission2);
        hashMap.put(treePermission3, true);
        hashMap.put(this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/rep:cugPolicy"), treePermission3), true);
        TreePermission treePermission4 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/b"), treePermission3);
        hashMap.put(treePermission4, true);
        hashMap.put(this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/b/c"), treePermission4), true);
        TreePermission treePermission5 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa"), treePermission2);
        hashMap.put(treePermission5, false);
        hashMap.put(this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa/bb/cc"), this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa/bb"), treePermission5)), true);
        hashMap.put(this.cugPermProvider.getTreePermission(this.root.getTree("/jcr:system"), treePermission), false);
        hashMap.put(treePermission, false);
        hashMap.put(this.cugPermProvider.getTreePermission(this.root.getTree("/testNode"), treePermission), false);
        for (TreePermission treePermission6 : hashMap.keySet()) {
            if (((Boolean) hashMap.get(treePermission6)).booleanValue()) {
                Assert.assertEquals(3L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 3L));
                Assert.assertEquals(1L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 1L));
                Assert.assertEquals(2L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 2L));
                Assert.assertEquals(3L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 2097151L));
                Assert.assertEquals(1L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 129L));
            } else {
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 3L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 1L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 2L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 2097151L));
                Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 129L));
            }
            Assert.assertEquals(0L, this.cugPermProvider.supportedPermissions(treePermission6, (PropertyState) null, 112L));
        }
    }

    @Test
    public void testIsGrantedByLocation() {
        Iterator<String> it = NOT_READABLE_PATHS.iterator();
        while (it.hasNext()) {
            TreeLocation create = TreeLocation.create(this.root, it.next());
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 3L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 1L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 2L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 2097151L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 32L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create, 128L));
        }
        Iterator<String> it2 = READABLE_PATHS.iterator();
        while (it2.hasNext()) {
            TreeLocation create2 = TreeLocation.create(this.root, it2.next());
            Assert.assertTrue(this.cugPermProvider.isGranted(create2, 3L));
            Assert.assertTrue(this.cugPermProvider.isGranted(create2, 1L));
            Assert.assertTrue(this.cugPermProvider.isGranted(create2, 2L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create2, 2097151L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create2, 32L));
            Assert.assertFalse(this.cugPermProvider.isGranted(create2, 128L));
        }
    }

    @Test
    public void testIsGrantedNonExistingLocation() throws Exception {
        ContentSession login = login(new GuestCredentials());
        try {
            for (Root root : new Root[]{login.getLatestRoot(), this.root}) {
                TreeLocation create = TreeLocation.create(root, "/path/to/non/existing/tree");
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 3L));
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 1L));
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 2L));
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 2097151L));
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 32L));
                Assert.assertFalse(this.cugPermProvider.isGranted(create, 128L));
            }
        } finally {
            login.close();
        }
    }

    @Test
    public void getPrivileges() {
        for (String str : NOT_READABLE_PATHS) {
            if (this.root.getTree(str).exists()) {
                Assert.assertTrue(this.cugPermProvider.getPrivileges(this.root.getTree(str)).isEmpty());
            }
        }
    }

    @Test
    public void testGetPrivilegesAtCug() {
        ImmutableSet of = ImmutableSet.of("jcr:read", "rep:readNodes", "rep:readProperties");
        Iterator<String> it = READABLE_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            if (tree.exists()) {
                Assert.assertEquals(of, this.cugPermProvider.getPrivileges(tree));
            }
        }
    }

    @Test
    public void testGetPrivilegesAtCug2() {
        CugPermissionProvider createCugPermissionProvider = createCugPermissionProvider(ImmutableSet.of("/content"), this.testGroupPrincipal);
        ImmutableSet of = ImmutableSet.of("jcr:read", "rep:readNodes", "rep:readProperties");
        Assert.assertEquals(of, createCugPermissionProvider.getPrivileges(this.root.getTree("/content/a")));
        Assert.assertEquals(of, createCugPermissionProvider.getPrivileges(this.root.getTree("/content/aa/bb")));
        Assert.assertTrue(createCugPermissionProvider.getPrivileges(this.root.getTree("/content/a/b/c")).isEmpty());
    }

    @Test
    public void testGetPrivilegesNullPath() {
        Assert.assertTrue(this.cugPermProvider.getPrivileges((Tree) null).isEmpty());
    }

    @Test
    public void testGetPrivilegesWithInvalidCugTree() {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "oak:Unstructured", Type.NAME));
        TreeTypeAware treeTypeAware = (Tree) Mockito.mock(Tree.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeTypeAware.class, ReadOnly.class}));
        Mockito.when(Boolean.valueOf(treeTypeAware.exists())).thenReturn(true);
        Mockito.when(treeTypeAware.getPath()).thenReturn("/content");
        Mockito.when(treeTypeAware.getType()).thenReturn(TreeType.DEFAULT);
        Mockito.when(Boolean.valueOf(treeTypeAware.hasChild("rep:cugPolicy"))).thenReturn(true);
        Mockito.when(treeTypeAware.getChild("rep:cugPolicy")).thenReturn(tree);
        Assert.assertTrue(this.cugPermProvider.getPrivileges(treeTypeAware).isEmpty());
    }

    @Test
    public void testHasReadPrivileges() {
        Iterator<String> it = NOT_READABLE_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            if (tree.exists()) {
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:read"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readNodes"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readProperties"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readNodes", "rep:readProperties"}));
            }
        }
    }

    @Test
    public void testHasReadPrivilegesAtCug() {
        Iterator<String> it = READABLE_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            if (tree.exists()) {
                Assert.assertTrue(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:read"}));
                Assert.assertTrue(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readNodes"}));
                Assert.assertTrue(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readProperties"}));
                Assert.assertTrue(this.cugPermProvider.hasPrivileges(tree, new String[]{"rep:readNodes", "rep:readProperties"}));
            }
        }
    }

    @Test
    public void testHasNonReadPrivileges() {
        Iterator it = Iterables.concat(READABLE_PATHS, NOT_READABLE_PATHS).iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree((String) it.next());
            if (tree.exists()) {
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:write"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:lifecycleManagement"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:read", "jcr:lifecycleManagement"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl"}));
                Assert.assertFalse(this.cugPermProvider.hasPrivileges(tree, new String[]{"jcr:all"}));
            }
        }
    }

    @Test
    public void testHasPrivilegesNullPath() {
        Assert.assertFalse(this.cugPermProvider.hasPrivileges((Tree) null, new String[]{"jcr:read"}));
    }

    @Test
    public void testHasPrivilegesNonExistingVersionTree() {
        TreeTypeAware treeTypeAware = (Tree) Mockito.mock(Tree.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeTypeAware.class, ReadOnly.class}));
        Mockito.when(Boolean.valueOf(treeTypeAware.exists())).thenReturn(false);
        Mockito.when(treeTypeAware.getPath()).thenReturn("/jcr:system/jcr:versionStorage/some/version");
        Mockito.when(treeTypeAware.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "nt:version", Type.NAME));
        Mockito.when(treeTypeAware.getType()).thenReturn(TreeType.VERSION);
        Assert.assertFalse(this.cugPermProvider.hasPrivileges(treeTypeAware, new String[]{"jcr:read"}));
    }

    @Test
    public void testGetRepositoryPermissions() {
        Assert.assertSame(RepositoryPermission.EMPTY, this.cugPermProvider.getRepositoryPermission());
    }

    @Test
    public void testGetTreePermissions() throws AccessDeniedException {
        TreePermission treePermission = this.cugPermProvider.getTreePermission(this.root.getTree("/"), TreePermission.EMPTY);
        Assert.assertTrue(treePermission instanceof EmptyCugTreePermission);
        TreePermission treePermission2 = this.cugPermProvider.getTreePermission(this.root.getTree("/content"), treePermission);
        Assert.assertTrue(treePermission2 instanceof CugTreePermission);
        TreePermission treePermission3 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/a"), treePermission2);
        Assert.assertTrue(treePermission3 instanceof CugTreePermission);
        TreePermission treePermission4 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/b"), treePermission3);
        Assert.assertTrue(treePermission4 instanceof CugTreePermission);
        Assert.assertTrue(this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/b/c"), treePermission4) instanceof CugTreePermission);
        TreePermission treePermission5 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa"), treePermission2);
        Assert.assertTrue(treePermission5 instanceof CugTreePermission);
        TreePermission treePermission6 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa/bb"), treePermission5);
        Assert.assertTrue(treePermission6 instanceof CugTreePermission);
        Assert.assertTrue(this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa/bb/cc"), treePermission6) instanceof CugTreePermission);
        TreeUtil.addChild(this.root.getTree("/content/aa"), "rep:cugPolicy", "oak:Unstructured");
        TreePermission treePermission7 = this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa"), treePermission2);
        Assert.assertTrue(treePermission7 instanceof CugTreePermission);
        Assert.assertNotSame(TreePermission.EMPTY, this.cugPermProvider.getTreePermission(this.root.getTree("/content/aa/rep:cugPolicy"), treePermission7));
        Assert.assertSame(TreePermission.NO_RECOURSE, this.cugPermProvider.getTreePermission(this.root.getTree("/content/a/rep:cugPolicy"), treePermission3));
        TreePermission treePermission8 = this.cugPermProvider.getTreePermission(this.root.getTree("/jcr:system"), treePermission);
        Assert.assertTrue(treePermission8 instanceof EmptyCugTreePermission);
        Assert.assertSame(TreePermission.NO_RECOURSE, this.cugPermProvider.getTreePermission(this.root.getTree("/jcr:system/jcr:nodeTypes"), treePermission8));
        TreePermission treePermission9 = this.cugPermProvider.getTreePermission(this.root.getTree("/testNode"), treePermission);
        Assert.assertSame(TreePermission.NO_RECOURSE, treePermission9);
        try {
            this.cugPermProvider.getTreePermission(this.root.getTree("/testNode/child"), treePermission9);
            Assert.fail();
        } catch (IllegalStateException e) {
        }
    }

    @Test
    public void testGetTreePermissionNonExistingVersionTree() {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree.exists())).thenReturn(false);
        Mockito.when(tree.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "nt:version", Type.NAME));
        Assert.assertSame(TreePermission.NO_RECOURSE, this.cugPermProvider.getTreePermission(tree, TreeType.VERSION, (TreePermission) Mockito.mock(TreePermission.class)));
    }

    @Test
    public void testIsGrantedNonRead() {
        Iterator it = Iterables.concat(READABLE_PATHS, NOT_READABLE_PATHS).iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree((String) it.next());
            if (tree.exists()) {
                Assert.assertFalse(this.cugPermProvider.isGranted(tree, (PropertyState) null, 2097151L));
                Assert.assertFalse(this.cugPermProvider.isGranted(tree, (PropertyState) null, 131L));
                Assert.assertFalse(this.cugPermProvider.isGranted(tree, (PropertyState) null, 64L));
            }
        }
    }

    @Test
    public void testIsGrantedRead() {
        Iterator<String> it = NOT_READABLE_PATHS.iterator();
        while (it.hasNext()) {
            Tree tree = this.root.getTree(it.next());
            if (tree.exists()) {
                Assert.assertFalse(this.cugPermProvider.isGranted(tree, (PropertyState) null, 3L));
                Assert.assertFalse(this.cugPermProvider.isGranted(tree, tree.getProperty("jcr:primaryType"), 2L));
            }
        }
        Iterator<String> it2 = READABLE_PATHS.iterator();
        while (it2.hasNext()) {
            Tree tree2 = this.root.getTree(it2.next());
            if (tree2.exists()) {
                Assert.assertTrue(this.cugPermProvider.isGranted(tree2, (PropertyState) null, 3L));
                Assert.assertTrue(this.cugPermProvider.isGranted(tree2, (PropertyState) null, 1L));
                Assert.assertTrue(this.cugPermProvider.isGranted(tree2, tree2.getProperty("jcr:primaryType"), 2L));
            }
        }
    }

    @Test
    public void testIsGrantedJcrActions() {
        for (String str : NOT_READABLE_PATHS) {
            Assert.assertFalse(this.cugPermProvider.isGranted(str, "read"));
            Assert.assertFalse(this.cugPermProvider.isGranted(str, "add_node"));
            Assert.assertFalse(this.cugPermProvider.isGranted(str, "read,add_node"));
        }
        for (String str2 : READABLE_PATHS) {
            Assert.assertTrue(this.cugPermProvider.isGranted(str2, "read"));
            Assert.assertFalse(this.cugPermProvider.isGranted(str2, "add_node"));
            Assert.assertFalse(this.cugPermProvider.isGranted(str2, "read,add_node"));
        }
    }

    @Test
    public void testIsGrantedJcrActionsNonExistingPath() {
        Assert.assertFalse(this.cugPermProvider.isGranted("/path/to/non/existing/tree", "read"));
        Assert.assertFalse(this.cugPermProvider.isGranted("/path/to/non/existing/tree", Permissions.getString(1L)));
        Assert.assertFalse(this.cugPermProvider.isGranted("/path/to/non/existing/tree", Permissions.getString(2L)));
        Assert.assertFalse(this.cugPermProvider.isGranted("/path/to/non/existing/tree", "add_node"));
        Assert.assertFalse(this.cugPermProvider.isGranted("/path/to/non/existing/tree", "read,add_node"));
    }

    @Test
    public void testIsAllowMissingPrincipalNames() {
        Tree child = this.root.getTree("/content/a").getChild("rep:cugPolicy");
        child.removeProperty("rep:principalNames");
        Assert.assertFalse(this.cugPermProvider.isAllow(child));
    }

    static {
        PATH_INCUG_MAP.put("/content", false);
        PATH_INCUG_MAP.put("/content/a", true);
        PATH_INCUG_MAP.put("/content/a/rep:cugPolicy", false);
        PATH_INCUG_MAP.put("/content/a/b", true);
        PATH_INCUG_MAP.put("/content/a/b/c/jcr:primaryType", true);
        PATH_INCUG_MAP.put("/content/aa", false);
        PATH_INCUG_MAP.put("/content/aa/bb/cc", true);
        PATH_INCUG_MAP.put("/content/no", false);
        PATH_INCUG_MAP.put("/content/no/cug", false);
        PATH_INCUG_MAP.put("/content/no/cug/in", false);
        PATH_INCUG_MAP.put("/content/no/cug/in/subtree", false);
        PATH_INCUG_MAP.put("/jcr:system/jcr:nodeTypes", false);
        PATH_INCUG_MAP.put("/", false);
        PATH_INCUG_MAP.put("/testNode", false);
        PATH_INCUG_MAP.put("/path/to/non/existing/tree", false);
        READABLE_PATHS = ImmutableList.of("/content/a/b/c", "/content/a/b/c/jcr:primaryType", "/content/a/b/c/nonExisting", "/content/a/b/c/nonExisting/jcr:primaryType");
        NOT_READABLE_PATHS = ImmutableList.of("/", "/jcr:primaryType", "/testNode", "/testNode/jcr:primaryType", "/content", "/content/jcr:primaryType", "/content/a", "/content/a/jcr:primaryType", "/content/a/b", "/content/a/b/jcr:primaryType", "/content/a/b/c/rep:cugPolicy", "/content/a/b/c/rep:cugPolicy/jcr:primaryType", new String[]{"/content/a/b/c/rep:cugPolicy/rep:principalNames", "/content/a/b/c/rep:cugPolicy/nonExisting", "/content/a/b/c/rep:cugPolicy/nonExisting/jcr:primaryType", "/content/aa", "/content/aa/jcr:primaryType", "/content/bb", "/content/bb/jcr:primaryType", "/content/aa/bb/rep:cugPolicy", "/content/aa/bb/rep:cugPolicy/jcr:primaryType", "/content/aa/bb/rep:cugPolicy/rep:principalNames", "/content/nonExisting", "/content/nonExisting/jcr:primaryType", "/content/no", "/content/no/cug", "/content/no/cug/in", "/content/no/cug/in/subtree"});
    }
}
