package org.nuxeo.ecm.core.api.security;

import java.util.Collections;
import java.util.HashSet;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.nuxeo.ecm.core.api.security.impl.ACLImpl;
import org.nuxeo.ecm.core.api.security.impl.ACPImpl;
import org.nuxeo.runtime.mockito.MockitoFeature;
import org.nuxeo.runtime.mockito.RuntimeService;
import org.nuxeo.runtime.test.runner.Features;
import org.nuxeo.runtime.test.runner.FeaturesRunner;
import org.nuxeo.runtime.test.runner.RuntimeFeature;

@RunWith(FeaturesRunner.class)
@Features({RuntimeFeature.class, MockitoFeature.class})
/* loaded from: input_file:org/nuxeo/ecm/core/api/security/TestACP.class */
public class TestACP {

    @Mock
    @RuntimeService
    protected AdministratorGroupsProvider administratorGroupsProvider;
    private ACP acp;

    @Before
    public void doBefore() throws Exception {
        Mockito.when(this.administratorGroupsProvider.getAdministratorsGroups()).thenReturn(Collections.singletonList("administrators"));
    }

    @Before
    public void setUp() {
        this.acp = new ACPImpl();
    }

    @After
    public void tearDown() {
        this.acp = null;
    }

    @Test
    public void testGetACLs() {
        Assert.assertEquals(0L, this.acp.getACLs().length);
    }

    @Test
    public void testAddAndRemoveACL() {
        ACLImpl aCLImpl = new ACLImpl("acl1");
        ACLImpl aCLImpl2 = new ACLImpl("acl2");
        this.acp.addACL(aCLImpl);
        Assert.assertEquals(1L, this.acp.getACLs().length);
        Assert.assertEquals(aCLImpl, this.acp.getACLs()[0]);
        this.acp.addACL(aCLImpl2);
        this.acp.removeACL("acl1");
        this.acp.removeACL("acl2");
        Assert.assertEquals(0L, this.acp.getACLs().length);
        this.acp.addACL(aCLImpl);
        this.acp.addACL(aCLImpl2);
        this.acp.removeACL("acl1");
        this.acp.removeACL("acl2");
        Assert.assertEquals(0L, this.acp.getACLs().length);
        this.acp.addACL(aCLImpl2);
        this.acp.addACL(aCLImpl);
        this.acp.removeACL("acl1");
        this.acp.removeACL("acl2");
        Assert.assertEquals(0L, this.acp.getACLs().length);
        Assert.assertNull(this.acp.removeACL("acl1"));
    }

    @Test
    public void testCheckAccess() {
        ACLImpl aCLImpl = new ACLImpl("acl1");
        aCLImpl.add(new ACE("joe", "Everything", true));
        this.acp.addACL(aCLImpl);
        Assert.assertSame(Access.GRANT, this.acp.getAccess("joe", "Read"));
        Assert.assertSame(Access.UNKNOWN, this.acp.getAccess("joe", "RestrictedRead"));
        Assert.assertSame(Access.UNKNOWN, this.acp.getAccess("jack", "Read"));
    }

    @Test
    public void testCheckAccessNullACE() {
        ACLImpl aCLImpl = new ACLImpl("acl1");
        aCLImpl.add(new ACE());
        aCLImpl.add(new ACE((String) null, "Everything", true));
        aCLImpl.add(new ACE("Everyone", (String) null, true));
        this.acp.addACL(aCLImpl);
        Assert.assertSame(Access.UNKNOWN, this.acp.getAccess("joe", "Read"));
        Assert.assertSame(Access.UNKNOWN, this.acp.getAccess("joe", "RestrictedRead"));
        Assert.assertSame(Access.UNKNOWN, this.acp.getAccess("jack", "Read"));
    }

    @Test
    public void testPermissionsAPI() {
        ACLImpl aCLImpl = new ACLImpl("acl1");
        ACE ace = new ACE("bart", "Everything", true);
        ACE ace2 = new ACE("notbart", "Everything", false);
        ACE ace3 = new ACE("homer", "Browse", true);
        ACE ace4 = new ACE("lisa", "Browse", true);
        aCLImpl.add(ace);
        aCLImpl.add(ace2);
        aCLImpl.add(ace3);
        aCLImpl.add(ace4);
        this.acp.addACL(aCLImpl);
        HashSet hashSet = new HashSet(3);
        hashSet.add("Browse");
        hashSet.add("Read");
        hashSet.add("Write");
        Assert.assertEquals(2L, this.acp.listUsernamesForAnyPermission(hashSet).length);
    }

    @Test
    public void testGetOrCreateAcl() {
        ACL orCreateACL = this.acp.getOrCreateACL();
        orCreateACL.add(new ACE("john", "Sing", true));
        orCreateACL.add(new ACE("anne", "Joke", false));
        Assert.assertTrue(this.acp.getAccess("john", "Sing").toBoolean());
        Assert.assertFalse(this.acp.getAccess("anne", "Joke").toBoolean());
        ACL orCreateACL2 = this.acp.getOrCreateACL();
        Assert.assertEquals(orCreateACL, orCreateACL2);
        Assert.assertTrue(this.acp.getAccess("john", "Sing").toBoolean());
        Assert.assertFalse(this.acp.getAccess("anne", "Joke").toBoolean());
        this.acp.addACL(orCreateACL2);
        Assert.assertEquals(orCreateACL, orCreateACL2);
        Assert.assertTrue(this.acp.getAccess("john", "Sing").toBoolean());
        Assert.assertFalse(this.acp.getAccess("anne", "Joke").toBoolean());
        this.acp.addACL(new ACLImpl("local"));
        Assert.assertFalse(this.acp.getAccess("john", "Sing").toBoolean());
    }

    @Test
    public void itCanAddExistingPermission() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
        Assert.assertEquals(1L, inheritedReadWriteACP.getACL("local").getACEs().length);
        Assert.assertEquals(ACE.builder("john", "ReadWrite").creator("john").build(), inheritedReadWriteACP.getACL("local").getACEs()[0]);
    }

    @Test
    public void itCanAddPermission() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        Assert.assertEquals(Access.UNKNOWN, inheritedReadWriteACP.getAccess("john", "comment"));
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "comment").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "comment"));
        Assert.assertEquals(1L, inheritedReadWriteACP.getACL("local").getACEs().length);
        Assert.assertEquals(ACE.builder("john", "comment").creator("john").build(), inheritedReadWriteACP.getACL("local").getACEs()[0]);
    }

    @Test
    public void itShouldNotAddPermissionTwice() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        Assert.assertTrue(inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").build()));
        Assert.assertFalse(inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").build()));
        Assert.assertEquals(1L, inheritedReadWriteACP.getACL("local").getACEs().length);
    }

    @Test
    public void itCanBlockInheritance() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        inheritedReadWriteACP.blockInheritance("local", "john");
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
        Assert.assertEquals(Access.DENY, inheritedReadWriteACP.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("administrators", "ReadWrite"));
        inheritedReadWriteACP.unblockInheritance("local");
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("jack", "ReadWrite"));
    }

    @Test(expected = NullPointerException.class)
    public void blockingInheritanceNeedsACurrentPrincipal() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        inheritedReadWriteACP.blockInheritance("local", (String) null);
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").build());
    }

    @Test
    public void itShouldAddInheritanceEvenIfItAlreadyHasPermission() throws Exception {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        inheritedReadWriteACP.getOrCreateACL("local").add(new ACE("john", "ReadWrite", true));
        inheritedReadWriteACP.blockInheritance("local", "john");
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
    }

    @Test
    public void itCanRemovePermissionsToAUser() throws Exception {
        ACPImpl aCPImpl = new ACPImpl();
        ACL orCreateACL = aCPImpl.getOrCreateACL("local");
        orCreateACL.add(new ACE("john", "ReadWrite", true));
        orCreateACL.add(new ACE("jack", "ReadWrite", true));
        orCreateACL.add(new ACE("jack", "comment", true));
        orCreateACL.add(new ACE("jerry", "ReadWrite", true));
        Assert.assertEquals(Access.GRANT, aCPImpl.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(4L, aCPImpl.getACL("local").getACEs().length);
        Assert.assertTrue(aCPImpl.removeACEsByUsername("local", "jack"));
        Assert.assertEquals(Access.UNKNOWN, aCPImpl.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.UNKNOWN, aCPImpl.getAccess("jack", "comment"));
        Assert.assertEquals(2L, aCPImpl.getACL("local").getACEs().length);
    }

    @Test
    public void itDoesNotChangeSecurityWhenRemovingNonExistentUser() throws Exception {
        ACPImpl aCPImpl = new ACPImpl();
        Assert.assertEquals(Access.UNKNOWN, aCPImpl.getAccess("jack", "ReadWrite"));
        Assert.assertFalse(aCPImpl.removeACEsByUsername("local", "jack"));
        Assert.assertEquals(Access.UNKNOWN, aCPImpl.getAccess("jack", "ReadWrite"));
    }

    @Test
    public void itCanRemovePermissionGivenItsId() throws Exception {
        ACPImpl aCPImpl = new ACPImpl();
        ACL orCreateACL = aCPImpl.getOrCreateACL("local");
        orCreateACL.add(new ACE("john", "ReadWrite", true));
        orCreateACL.add(new ACE("jack", "ReadWrite", true));
        orCreateACL.add(new ACE("jack", "comment", true));
        ACE ace = new ACE("jerry", "ReadWrite", true);
        orCreateACL.add(ace);
        Assert.assertEquals(Access.GRANT, aCPImpl.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, aCPImpl.getAccess("jerry", "ReadWrite"));
        Assert.assertEquals(4L, aCPImpl.getACL("local").getACEs().length);
        Assert.assertTrue(aCPImpl.removeACE("local", ace));
        Assert.assertEquals(Access.GRANT, aCPImpl.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, aCPImpl.getAccess("jack", "comment"));
        Assert.assertEquals(Access.UNKNOWN, aCPImpl.getAccess("jerry", "ReadWrite"));
        Assert.assertEquals(3L, aCPImpl.getACL("local").getACEs().length);
    }

    @Test
    public void testMultipleNewPermissionsWithBlockInheritance() {
        ACP inheritedReadWriteACP = getInheritedReadWriteACP();
        Assert.assertEquals(Access.UNKNOWN, inheritedReadWriteACP.getAccess("john", "comment"));
        inheritedReadWriteACP.blockInheritance("local", "john");
        inheritedReadWriteACP.addACE("local", ACE.builder("john", "ReadWrite").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
        Assert.assertEquals(Access.DENY, inheritedReadWriteACP.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.DENY, inheritedReadWriteACP.getAccess("jerry", "ReadWrite"));
        inheritedReadWriteACP.addACE("local", ACE.builder("jack", "ReadWrite").creator("john").build());
        inheritedReadWriteACP.addACE("local", ACE.builder("jerry", "ReadWrite").creator("john").build());
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("john", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("jack", "ReadWrite"));
        Assert.assertEquals(Access.GRANT, inheritedReadWriteACP.getAccess("jerry", "ReadWrite"));
    }

    private ACP getInheritedReadWriteACP() {
        ACPImpl aCPImpl = new ACPImpl();
        aCPImpl.getOrCreateACL("local");
        aCPImpl.getOrCreateACL("inherited").add(new ACE("Everyone", "ReadWrite", true));
        return aCPImpl;
    }
}
