package org.uberfire.security.impl.authz;

import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.uberfire.security.ResourceAction;
import org.uberfire.security.ResourceRef;
import org.uberfire.security.ResourceType;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.AuthorizationResult;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.authz.VotingAlgorithm;
import org.uberfire.security.authz.VotingStrategy;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/uberfire/security/impl/authz/PermissionManagerTest.class */
public class PermissionManagerTest {
    PermissionManager permissionManager;
    DefaultAuthzResultCache authzResultCache;
    AuthorizationPolicy authorizationPolicy;
    Permission viewAll = new DotNamedPermission("resource.read", true);
    Permission denyAll = new DotNamedPermission("resource.read", false);
    Permission view1 = new DotNamedPermission("resource.read.1", true);
    Permission noView1 = new DotNamedPermission("resource.read.1", false);
    Permission view2 = new DotNamedPermission("resource.read.2", true);
    Permission view12 = new DotNamedPermission("resource.read.1.2", true);

    protected User createUserMock(String... strArr) {
        User user = (User) Mockito.mock(User.class);
        Set set = (Set) Stream.of((Object[]) strArr).map(RoleImpl::new).collect(Collectors.toSet());
        Mockito.when(user.getIdentifier()).thenReturn(Integer.toString(user.hashCode()));
        Mockito.when(user.getRoles()).thenReturn(set);
        Mockito.when(user.getGroups()).thenReturn((Object) null);
        return user;
    }

    @Before
    public void setUp() {
        this.authzResultCache = (DefaultAuthzResultCache) Mockito.spy(new DefaultAuthzResultCache());
        this.permissionManager = (PermissionManager) Mockito.spy(new DefaultPermissionManager(new DefaultPermissionTypeRegistry(), this.authzResultCache));
        PermissionManager permissionManager = this.permissionManager;
        AuthorizationPolicy authorizationPolicy = (AuthorizationPolicy) Mockito.spy(this.permissionManager.newAuthorizationPolicy().role("viewAll").permission("resource.read", true).role("noViewAll").permission("resource.read", false).role("onlyView1", 5).permission("resource.read", false).permission("resource.read.1", true).role("noView1").permission("resource.read.1", false).role("onlyView12").permission("resource.read.1.2", true).build());
        this.authorizationPolicy = authorizationPolicy;
        permissionManager.setAuthorizationPolicy(authorizationPolicy);
    }

    @Test
    public void testSetNullPolicy() {
        this.permissionManager.setAuthorizationPolicy((AuthorizationPolicy) null);
        AuthorizationPolicy authorizationPolicy = this.permissionManager.getAuthorizationPolicy();
        Assert.assertNotNull(authorizationPolicy);
        Assert.assertTrue(authorizationPolicy.getRoles().isEmpty());
        Assert.assertTrue(authorizationPolicy.getGroups().isEmpty());
    }

    @Test
    public void testCreateGlobalPermissions() {
        ResourceType resourceType = () -> {
            return "type";
        };
        Assert.assertEquals(this.permissionManager.createPermission(resourceType, (ResourceAction) null, true).getName(), "type.read");
        Assert.assertEquals(this.permissionManager.createPermission(resourceType, () -> {
            return "edit";
        }, true).getName(), "type.edit");
    }

    @Test
    public void testCreateTypedPermissions() {
        ResourceRef resourceRef = new ResourceRef("r1", () -> {
            return "type";
        }, (List) null);
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, (ResourceAction) null, true).getName(), "type.read.r1");
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, ResourceAction.READ, true).getName(), "type.read.r1");
    }

    @Test
    public void testUnknownTypePermissions() {
        ResourceRef resourceRef = new ResourceRef("r1", ResourceType.UNKNOWN, (List) null);
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, (ResourceAction) null, true).getName(), "r1");
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, ResourceAction.READ, true).getName(), "r1");
    }

    @Test
    public void testCreateNonTypedPermissions() {
        ResourceRef resourceRef = new ResourceRef("r1", (ResourceType) null, (List) null);
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, (ResourceAction) null, true).getName(), "r1");
        Assert.assertEquals(this.permissionManager.createPermission(resourceRef, ResourceAction.READ, true).getName(), "r1");
    }

    @Test
    public void testResolveResourceId() {
        Permission createPermission = this.permissionManager.createPermission(new ResourceRef("r1", () -> {
            return "type";
        }, (List) null), (ResourceAction) null, true);
        Assert.assertEquals(createPermission.getName(), "type.read.r1");
        Assert.assertEquals(this.permissionManager.resolveResourceId(createPermission), "r1");
    }

    @Test
    public void testResolveResourceNull() {
        Permission createPermission = this.permissionManager.createPermission("feature", true);
        Assert.assertEquals(createPermission.getName(), "feature");
        Assert.assertNull(this.permissionManager.resolveResourceId(createPermission));
    }

    @Test
    public void testCheckPermission1() {
        User createUserMock = createUserMock("viewAll");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission2() {
        User createUserMock = createUserMock("viewAll", "onlyView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission3() {
        User createUserMock = createUserMock("viewAll", "onlyView1", "noView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission4() {
        User createUserMock = createUserMock("viewAll", "noView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission5() {
        User createUserMock = createUserMock("onlyView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission6() {
        User createUserMock = createUserMock("noView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_ABSTAIN);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_ABSTAIN);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testCheckPermission7() {
        User createUserMock = createUserMock("onlyView1", "noView1");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_DENIED);
    }

    @Test
    public void testCheckPermission8() {
        User createUserMock = createUserMock("noView1", "onlyView12");
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock), AuthorizationResult.ACCESS_ABSTAIN);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view2, createUserMock), AuthorizationResult.ACCESS_ABSTAIN);
        Assert.assertEquals(this.permissionManager.checkPermission(this.view12, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.noView1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testCacheHits() {
        User createUserMock = createUserMock("viewAll");
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        ((PermissionManager) Mockito.verify(this.permissionManager, Mockito.times(1))).resolvePermissions(createUserMock, VotingStrategy.PRIORITY);
        ((DefaultAuthzResultCache) Mockito.verify(this.authzResultCache, Mockito.times(1))).put(createUserMock, this.viewAll, AuthorizationResult.ACCESS_GRANTED);
        ((DefaultAuthzResultCache) Mockito.verify(this.authzResultCache, Mockito.times(4))).get(createUserMock, this.viewAll);
        Assert.assertEquals(this.authzResultCache.size(createUserMock), 1L);
        Assert.assertEquals(this.authzResultCache.size(createUserMock(new String[0])), 0L);
        this.permissionManager.invalidate(createUserMock);
        Assert.assertEquals(this.authzResultCache.size(createUserMock), 0L);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        ((PermissionManager) Mockito.verify(this.permissionManager, Mockito.times(2))).resolvePermissions(createUserMock, VotingStrategy.PRIORITY);
        ((DefaultAuthzResultCache) Mockito.verify(this.authzResultCache, Mockito.times(2))).put(createUserMock, this.viewAll, AuthorizationResult.ACCESS_GRANTED);
        ((DefaultAuthzResultCache) Mockito.verify(this.authzResultCache, Mockito.times(5))).get(createUserMock, this.viewAll);
        Assert.assertEquals(this.authzResultCache.size(createUserMock), 1L);
        Assert.assertEquals(this.authzResultCache.size(createUserMock(new String[0])), 0L);
    }

    @Test
    public void testDefaultVotingStrategy() {
        User createUserMock = createUserMock("role1");
        Assert.assertEquals(this.permissionManager.getDefaultVotingStrategy(), VotingStrategy.PRIORITY);
        VotingAlgorithm votingAlgorithm = (VotingAlgorithm) Mockito.mock(VotingAlgorithm.class);
        Mockito.when(votingAlgorithm.vote((Iterable) Mockito.any())).thenReturn(AuthorizationResult.ACCESS_GRANTED);
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.UNANIMOUS);
        this.permissionManager.setVotingAlgorithm(VotingStrategy.UNANIMOUS, votingAlgorithm);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        ((VotingAlgorithm) Mockito.verify(votingAlgorithm)).vote((Iterable) Mockito.any());
        this.permissionManager.checkPermission(this.viewAll, createUserMock, (VotingStrategy) null);
        ((VotingAlgorithm) Mockito.verify(votingAlgorithm)).vote((Iterable) Mockito.any());
        VotingAlgorithm votingAlgorithm2 = (VotingAlgorithm) Mockito.mock(VotingAlgorithm.class);
        Mockito.when(votingAlgorithm2.vote((Iterable) Mockito.any())).thenReturn(AuthorizationResult.ACCESS_GRANTED);
        this.authzResultCache.clear();
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.AFFIRMATIVE);
        this.permissionManager.setVotingAlgorithm(VotingStrategy.AFFIRMATIVE, votingAlgorithm2);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        ((VotingAlgorithm) Mockito.verify(votingAlgorithm2)).vote((Iterable) Mockito.any());
        VotingAlgorithm votingAlgorithm3 = (VotingAlgorithm) Mockito.mock(VotingAlgorithm.class);
        Mockito.when(votingAlgorithm3.vote((Iterable) Mockito.any())).thenReturn(AuthorizationResult.ACCESS_GRANTED);
        this.authzResultCache.clear();
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.CONSENSUS);
        this.permissionManager.setVotingAlgorithm(VotingStrategy.CONSENSUS, votingAlgorithm3);
        this.permissionManager.checkPermission(this.viewAll, createUserMock);
        ((VotingAlgorithm) Mockito.verify(votingAlgorithm3)).vote((Iterable) Mockito.any());
    }

    @Test
    public void testPriorityVoting1() {
        User createUserMock = createUserMock("role1", "role2", "role3");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1", 1).permission("resource.read", true).role("role2", 2).permission("resource.read", false).role("role3", 3).permission("resource.read.1", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Collection collection = this.permissionManager.resolvePermissions(createUserMock, VotingStrategy.PRIORITY).collection();
        Assert.assertEquals(collection.size(), 2L);
        Assert.assertTrue(collection.contains(this.denyAll));
        Assert.assertTrue(collection.contains(this.view1));
    }

    @Test
    public void testPriorityVoting2() {
        User createUserMock = createUserMock("role1", "role2", "role3");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1", 3).permission("resource.read", true).role("role2", 2).permission("resource.read", false).role("role3", 1).permission("resource.read.1", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_GRANTED);
        Collection collection = this.permissionManager.resolvePermissions(createUserMock, VotingStrategy.PRIORITY).collection();
        Assert.assertEquals(collection.size(), 1L);
        Assert.assertTrue(collection.contains(this.viewAll));
    }

    @Test
    public void testPriorityVoting3() {
        User createUserMock = createUserMock("role1", "role2", "role3");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1", 1).permission("resource.read", true).role("role2", 2).permission("resource.read", false).role("role3", 1).permission("resource.read.1", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.view1, createUserMock), AuthorizationResult.ACCESS_DENIED);
        Collection collection = this.permissionManager.resolvePermissions(createUserMock, VotingStrategy.PRIORITY).collection();
        Assert.assertEquals(collection.size(), 1L);
        Assert.assertTrue(collection.contains(this.denyAll));
    }

    @Test
    public void testUnanimousVoting() {
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").permission("resource.read", true).role("role2").permission("resource.read", false).role("role3").permission("resource.read", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role2", "role3"), VotingStrategy.UNANIMOUS), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role3"), VotingStrategy.UNANIMOUS), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testConsensusVoting() {
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").permission("resource.read", true).role("role2").permission("resource.read", false).role("role3").permission("resource.read", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role2", "role3"), VotingStrategy.CONSENSUS), AuthorizationResult.ACCESS_DENIED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role3"), VotingStrategy.CONSENSUS), AuthorizationResult.ACCESS_GRANTED);
    }

    @Test
    public void testAffirmativeVoting() {
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").permission("resource.read", true).role("role2").permission("resource.read", false).role("role3").permission("resource.read", true).build());
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role2", "role3"), VotingStrategy.AFFIRMATIVE), AuthorizationResult.ACCESS_GRANTED);
        Assert.assertEquals(this.permissionManager.checkPermission(this.viewAll, createUserMock("role1", "role3"), VotingStrategy.AFFIRMATIVE), AuthorizationResult.ACCESS_GRANTED);
    }
}
