package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import java.util.Collections;
import java.util.Set;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/EffectivePoliciesByPrincipalsAndPathsTest.class */
public class EffectivePoliciesByPrincipalsAndPathsTest extends AbstractAccessControlTest {
    private static final String EXISTING_CHILD_PATH = "/testPath/child";
    private static final String NON_EXISTING_CHILD_PATH = "/testPath/child2";
    private AccessControlManagerImpl acMgr;

    @Override // org.apache.jackrabbit.oak.security.authorization.accesscontrol.AbstractAccessControlTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.acMgr = new AccessControlManagerImpl(this.root, NamePathMapper.DEFAULT, getSecurityProvider());
        this.testPrivileges = privilegesFromNames("jcr:read");
        this.testPrincipal = getTestUser().getPrincipal();
        Tree tree = this.root.getTree("/testPath");
        TreeUtil.addChild(tree, "child", "nt:unstructured");
        ValueFactory valueFactory = getValueFactory(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, tree.getPath());
        accessControlList.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.emptyMap(), Collections.singletonMap("rep:subtrees", new Value[]{valueFactory.createValue("child"), valueFactory.createValue("child2")}));
        accessControlList.addEntry(EveryonePrincipal.getInstance(), this.testPrivileges, false);
        this.acMgr.setPolicy(accessControlList.getPath(), accessControlList);
        JackrabbitAccessControlList accessControlList2 = AccessControlUtils.getAccessControlList(this.acMgr, (String) null);
        accessControlList2.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames("jcr:namespaceManagement"), false);
        this.acMgr.setPolicy(accessControlList2.getPath(), accessControlList2);
        this.root.commit();
    }

    @Override // org.apache.jackrabbit.oak.security.authorization.accesscontrol.AbstractAccessControlTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            this.root.refresh();
            this.root.getTree("/testPath").remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    @Test
    public void testGetPoliciesEmptyPrincipalSet() throws Exception {
        Assert.assertFalse(this.acMgr.getEffectivePolicies(Collections.emptySet(), new String[]{"/testPath"}).hasNext());
    }

    @Test(expected = AccessControlException.class)
    public void testGetPoliciesInvalidPrincipal() throws Exception {
        this.acMgr.getEffectivePolicies(Collections.singleton(() -> {
            return "non-existing";
        }), new String[]{"/testPath"});
    }

    @Test
    public void testMissingPaths() throws Exception {
        Assert.assertArrayEquals(this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal)), Iterators.toArray(this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal), new String[0]), AccessControlPolicy.class));
    }

    @Test
    public void testNullPath() throws Exception {
        Assert.assertFalse(this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal), new String[]{null}).hasNext());
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{null})));
    }

    @Test
    public void testIncludingNullPath() throws Exception {
        Assert.assertEquals(2L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{null, "/testPath"})));
    }

    @Test
    public void testNonExistingMatchingNodePath() throws Exception {
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal), new String[]{NON_EXISTING_CHILD_PATH})));
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{NON_EXISTING_CHILD_PATH})));
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(ImmutableSet.of(EveryonePrincipal.getInstance(), this.testPrincipal), new String[]{NON_EXISTING_CHILD_PATH})));
    }

    @Test
    public void testNonExistingNotMatchingNodePath() throws Exception {
        Assert.assertFalse(this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal), new String[]{"/any/path"}).hasNext());
        Assert.assertFalse(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{"/any/path"}).hasNext());
    }

    @Test
    public void testNodePaths() throws Exception {
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{"/testPath"})));
    }

    @Test
    public void testPropertyPath() throws Exception {
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(Collections.singleton(EveryonePrincipal.getInstance()), new String[]{PathUtils.concat("/testPath", "jcr:primaryType")})));
        this.acMgr.getEffectivePolicies(Collections.singleton(this.testPrincipal), new String[]{PathUtils.concat("/testPath", "jcr:primaryType")});
    }

    @Test
    public void testRestrictions() throws Exception {
        Set singleton = Collections.singleton(this.testPrincipal);
        Assert.assertFalse(this.acMgr.getEffectivePolicies(singleton, new String[]{"/testPath"}).hasNext());
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(singleton, new String[]{EXISTING_CHILD_PATH})));
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(singleton, new String[]{NON_EXISTING_CHILD_PATH})));
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(singleton, new String[]{PathUtils.concat(EXISTING_CHILD_PATH, "jcr:primaryType")})));
        Assert.assertFalse(this.acMgr.getEffectivePolicies(singleton, new String[]{"/testPath/non-matching"}).hasNext());
    }

    @Test
    public void testReadablePaths() throws Exception {
        Assert.assertEquals(1L, Iterators.size(this.acMgr.getEffectivePolicies(ImmutableSet.of(this.testPrincipal, EveryonePrincipal.getInstance()), new String[]{"/jcr:system/jcr:nodeTypes", "/jcr:system/rep:namespaces"})));
    }
}
