package org.uberfire.security.impl.authz;

import java.util.Arrays;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.jboss.errai.security.shared.api.RoleImpl;
import org.jboss.errai.security.shared.api.identity.User;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mockito.Mock;
import org.mockito.Mockito;
import org.mockito.runners.MockitoJUnitRunner;
import org.uberfire.mvp.Command;
import org.uberfire.security.Resource;
import org.uberfire.security.ResourceRef;
import org.uberfire.security.ResourceType;
import org.uberfire.security.authz.AuthorizationPolicy;
import org.uberfire.security.authz.Permission;
import org.uberfire.security.authz.PermissionManager;
import org.uberfire.security.authz.PermissionType;
import org.uberfire.security.authz.PermissionTypeRegistry;
import org.uberfire.security.authz.RuntimeResource;
import org.uberfire.security.authz.VotingStrategy;

@RunWith(MockitoJUnitRunner.class)
/* loaded from: input_file:org/uberfire/security/impl/authz/AuthorizationManagerTest.class */
public class AuthorizationManagerTest {

    @Mock
    Resource perspective1;

    @Mock
    Resource perspective2;

    @Mock
    Resource perspective3;

    @Mock
    ResourceType perspectiveType;

    @Mock
    Resource resource1;

    @Mock
    RuntimeResource resource2;

    @Mock
    Resource menuPerspective1;

    @Mock
    Command onGranted;

    @Mock
    Command onDenied;

    @Mock
    Resource menuPerspective2;
    User user;
    DefaultAuthorizationManager authorizationManager;
    PermissionManager permissionManager;
    PermissionTypeRegistry permissionTypeRegistry;

    protected User createUserMock(String... strArr) {
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getRoles()).thenReturn((Set) Stream.of((Object[]) strArr).map(RoleImpl::new).collect(Collectors.toSet()));
        Mockito.when(user.getGroups()).thenReturn((Object) null);
        return user;
    }

    @Before
    public void setUp() {
        this.user = createUserMock("admin");
        Mockito.when(this.perspectiveType.getName()).thenReturn("perspective");
        Mockito.when(this.resource1.getDependencies()).thenReturn((Object) null);
        Mockito.when(this.resource2.getDependencies()).thenReturn((Object) null);
        Mockito.when(this.perspective1.getIdentifier()).thenReturn("p1");
        Mockito.when(this.perspective2.getIdentifier()).thenReturn("p2");
        Mockito.when(this.perspective1.getDependencies()).thenReturn((Object) null);
        Mockito.when(this.perspective2.getDependencies()).thenReturn((Object) null);
        Mockito.when(this.perspective3.getDependencies()).thenReturn((Object) null);
        Mockito.when(this.perspective1.getResourceType()).thenReturn(this.perspectiveType);
        Mockito.when(this.perspective2.getResourceType()).thenReturn(this.perspectiveType);
        Mockito.when(this.perspective3.getResourceType()).thenReturn(this.perspectiveType);
        Mockito.when(this.menuPerspective1.getDependencies()).thenReturn(Arrays.asList(this.perspective1));
        Mockito.when(this.menuPerspective2.getDependencies()).thenReturn(Arrays.asList(this.perspective2));
        this.permissionTypeRegistry = new DefaultPermissionTypeRegistry();
        this.permissionManager = (PermissionManager) Mockito.spy(new DefaultPermissionManager(this.permissionTypeRegistry));
        this.authorizationManager = new DefaultAuthorizationManager(this.permissionManager);
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("admin").priority(0).permission("perspective.read", true).permission("perspective.read.p2", false).permission("custom.resource2", true).role("manager").priority(0).permission("perspective.read", false).role("developer").priority(10).permission("perspective.read", true).build());
    }

    @Test(expected = IllegalStateException.class)
    public void avoidPermissionTypesCollision() {
        PermissionType permissionType = (PermissionType) Mockito.mock(PermissionType.class);
        Mockito.when(permissionType.getType()).thenReturn("type");
        this.permissionTypeRegistry.register(permissionType);
        this.permissionTypeRegistry.register(permissionType);
    }

    @Test
    public void testUnknownResource() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.resource1, this.user)), true);
    }

    @Test
    public void testNonManagedResource() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.resource2, this.user)), true);
        ((PermissionManager) Mockito.verify(this.permissionManager, Mockito.never())).checkPermission((Permission) Mockito.any(Permission.class), (User) Mockito.any(User.class));
    }

    @Test
    public void testCustomResourceAccess() {
        Mockito.when(this.resource2.getIdentifier()).thenReturn("custom.resource2");
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.resource2, this.user)), true);
        ((PermissionManager) Mockito.verify(this.permissionManager)).checkPermission((Permission) Mockito.any(Permission.class), (User) Mockito.any(User.class), (VotingStrategy) Mockito.eq((Object) null));
    }

    @Test
    public void testResourceTypeAccess() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.perspective3, createUserMock("manager"))), false);
    }

    @Test
    public void testPerspectiveAccessGranted() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.perspective1, this.user)), true);
        ((PermissionManager) Mockito.verify(this.permissionManager)).checkPermission((Permission) Mockito.any(Permission.class), (User) Mockito.any(User.class), (VotingStrategy) Mockito.eq((Object) null));
    }

    @Test
    public void testPerspectiveAccessDenied() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.perspective2, this.user)), false);
        ((PermissionManager) Mockito.verify(this.permissionManager)).checkPermission((Permission) Mockito.any(Permission.class), (User) Mockito.any(User.class), (VotingStrategy) Mockito.eq((Object) null));
    }

    @Test
    public void testMenuItemGranted() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.menuPerspective1, this.user)), true);
        ((PermissionManager) Mockito.verify(this.permissionManager)).checkPermission((Permission) Mockito.any(Permission.class), (User) Mockito.any(User.class), (VotingStrategy) Mockito.eq((Object) null));
    }

    @Test
    public void testMenuItemDenied() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.menuPerspective2, this.user)), false);
    }

    @Test
    public void testMenuItemAbstain() {
        this.permissionManager.setAuthorizationPolicy((AuthorizationPolicy) null);
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(this.menuPerspective1, this.user)), true);
    }

    @Test
    public void testMenuGroupGranted() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(new ResourceRef((String) null, (ResourceType) null, Arrays.asList(this.menuPerspective1, this.menuPerspective2)), this.user)), true);
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(new ResourceRef((String) null, (ResourceType) null, Arrays.asList(this.menuPerspective1)), this.user)), true);
    }

    @Test
    public void testMenuGroupDenied() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(new ResourceRef((String) null, (ResourceType) null, Arrays.asList(this.menuPerspective2)), this.user)), false);
    }

    @Test
    public void testEmptyMenuGranted() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize(new ResourceRef((String) null, (ResourceType) null, Arrays.asList(new Resource[0])), this.user)), true);
    }

    @Test
    public void testPermissionGranted() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize("perspective.read.p1", this.user)), true);
    }

    @Test
    public void testPermissionDenied() {
        Assert.assertEquals(Boolean.valueOf(this.authorizationManager.authorize("perspective.read.p2", this.user)), false);
    }

    @Test
    public void testGrantCommandInvoked() throws Exception {
        this.authorizationManager.check(this.perspective1, this.user).granted(this.onGranted);
        ((Command) Mockito.verify(this.onGranted)).execute();
        Mockito.reset(new Command[]{this.onGranted});
        this.authorizationManager.check(this.perspective1, this.user).granted(this.onGranted).denied(this.onDenied);
        ((Command) Mockito.verify(this.onGranted)).execute();
        ((Command) Mockito.verify(this.onDenied, Mockito.never())).execute();
    }

    @Test
    public void testGrantCommandNotInvoked() throws Exception {
        this.authorizationManager.check(this.perspective2, this.user).granted(this.onGranted);
        ((Command) Mockito.verify(this.onGranted, Mockito.never())).execute();
    }

    @Test
    public void testDenyCommandInvoked() throws Exception {
        this.authorizationManager.check(this.perspective2, this.user).denied(this.onDenied);
        ((Command) Mockito.verify(this.onDenied)).execute();
        Mockito.reset(new Command[]{this.onDenied});
        this.authorizationManager.check(this.perspective2, this.user).granted(this.onGranted).denied(this.onDenied);
        ((Command) Mockito.verify(this.onGranted, Mockito.never())).execute();
        ((Command) Mockito.verify(this.onDenied)).execute();
    }

    @Test
    public void testDenyCommandNotInvoked() throws Exception {
        this.authorizationManager.check(this.perspective1, this.user).denied(this.onDenied);
        ((Command) Mockito.verify(this.onDenied, Mockito.never())).execute();
    }

    @Test
    public void testPermissionCheck() throws Exception {
        this.authorizationManager.check("perspective.read.p1", this.user).granted(this.onGranted).denied(this.onDenied);
        ((Command) Mockito.verify(this.onGranted)).execute();
        ((Command) Mockito.verify(this.onDenied, Mockito.never())).execute();
    }

    @Test
    public void testVotingPriority() throws Exception {
        User createUserMock = createUserMock("admin", "developer");
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.PRIORITY);
        Assert.assertTrue(this.authorizationManager.authorize(this.perspective2, createUserMock));
    }

    @Test
    public void testSamePriorityVoting() {
        User createUserMock = createUserMock("role1", "role2");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").permission("perspective.read", false).permission("perspective.read.p1", true).permission("screen.read.s1", true).role("role2").permission("perspective.read", true).permission("perspective.read.p1", false).permission("screen.read", false).build());
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.PRIORITY);
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read.p1", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read.p2", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("screen.read", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("screen.read.s1", createUserMock));
    }

    @Test
    public void testHighPriorityVoting() {
        User createUserMock = createUserMock("role1", "role2");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").priority(10).permission("perspective.read", false).permission("perspective.read.p1", true).permission("screen.read.s1", true).role("role2").permission("perspective.read", true).permission("perspective.read.p1", false).permission("screen.read", false).build());
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.PRIORITY);
        Assert.assertFalse(this.authorizationManager.authorize("perspective.read", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read.p1", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("perspective.read.p2", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("screen.read", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("screen.read.s1", createUserMock));
    }

    @Test
    public void testLowPriorityVoting() {
        User createUserMock = createUserMock("role1", "role2");
        this.permissionManager.setAuthorizationPolicy(this.permissionManager.newAuthorizationPolicy().role("role1").permission("perspective.read", false).permission("perspective.read.p1", true).permission("screen.read.s1", true).role("role2").priority(10).permission("perspective.read", true).permission("perspective.read.p1", false).permission("screen.read", false).build());
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.PRIORITY);
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("perspective.read.p1", createUserMock));
        Assert.assertTrue(this.authorizationManager.authorize("perspective.read.p2", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("screen.read", createUserMock));
        Assert.assertFalse(this.authorizationManager.authorize("screen.read.s1", createUserMock));
    }

    @Test
    public void testVotingUnanimous() throws Exception {
        User createUserMock = createUserMock("admin", "manager");
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.UNANIMOUS);
        Assert.assertFalse(this.authorizationManager.authorize(this.perspective1, createUserMock));
        this.authorizationManager.check(this.perspective1, createUserMock).granted(this.onGranted).denied(this.onDenied);
        ((Command) Mockito.verify(this.onGranted, Mockito.never())).execute();
        ((Command) Mockito.verify(this.onDenied)).execute();
    }

    @Test
    public void testVotingAffirmative() throws Exception {
        User createUserMock = createUserMock("admin", "manager");
        this.permissionManager.setDefaultVotingStrategy(VotingStrategy.AFFIRMATIVE);
        Assert.assertTrue(this.authorizationManager.authorize(this.perspective1, createUserMock));
        this.authorizationManager.check(this.perspective1, createUserMock).granted(this.onGranted).denied(this.onDenied);
        ((Command) Mockito.verify(this.onDenied, Mockito.never())).execute();
        ((Command) Mockito.verify(this.onGranted)).execute();
    }
}
