package org.springframework.security.vote;

import junit.framework.TestCase;
import junit.textui.TestRunner;
import org.aopalliance.intercept.MethodInvocation;
import org.aspectj.lang.JoinPoint;
import org.springframework.security.AuthorizationServiceException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAclManager;
import org.springframework.security.SecurityConfig;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/vote/BasicAclEntryVoterTests.class */
public class BasicAclEntryVoterTests extends TestCase {

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/vote/BasicAclEntryVoterTests$MockAclEntry.class */
    private class MockAclEntry implements AclEntry {
        private MockAclEntry() {
        }
    }

    public BasicAclEntryVoterTests() {
    }

    public BasicAclEntryVoterTests(String str) {
        super(str);
    }

    private MethodInvocation getMethodInvocation(SomeDomainObject someDomainObject) throws Exception {
        return new SimpleMethodInvocation(new SomeDomainObjectManager(), SomeDomainObjectManager.class.getMethod("someServiceMethod", SomeDomainObject.class), new Object[]{someDomainObject});
    }

    public static void main(String[] strArr) {
        TestRunner.run(BasicAclEntryVoterTests.class);
    }

    public final void setUp() throws Exception {
        super.setUp();
    }

    public void testNormalOperation() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject, "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        assertEquals(mockAclManager, basicAclEntryVoter.getAclManager());
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        assertEquals("FOO_ADMIN_OR_WRITE_ACCESS", basicAclEntryVoter.getProcessConfigAttribute());
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        assertEquals(2, basicAclEntryVoter.getRequirePermission().length);
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        assertEquals(SomeDomainObject.class, basicAclEntryVoter.getProcessDomainObjectClass());
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(1, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS")));
    }

    public void testOnlySupportsMethodInvocationAndJoinPoint() {
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        assertTrue(basicAclEntryVoter.supports(MethodInvocation.class));
        assertTrue(basicAclEntryVoter.supports(JoinPoint.class));
        assertFalse(basicAclEntryVoter.supports(String.class));
    }

    public void testStartupRejectsMissingAclManager() throws Exception {
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        try {
            basicAclEntryVoter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testStartupRejectsMissingProcessConfigAttribute() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("domain1", "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        try {
            basicAclEntryVoter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testStartupRejectsMissingProcessDomainObjectClass() throws Exception {
        try {
            new BasicAclEntryVoter().setProcessDomainObjectClass(null);
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testStartupRejectsMissingRequirePermission() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("domain1", "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        try {
            basicAclEntryVoter.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testSupportsConfigAttribute() {
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setProcessConfigAttribute("foobar");
        assertTrue(basicAclEntryVoter.supports(new SecurityConfig("foobar")));
    }

    public void testVoterAbstainsIfDomainObjectIsNull() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject, "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(0, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("A_DIFFERENT_ATTRIBUTE")));
    }

    public void testVoterAbstainsIfNotMatchingConfigAttribute() throws Exception {
        MockAclManager mockAclManager = new MockAclManager(null, "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(0, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(null), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS")));
    }

    public void testVoterCanDenyAccessBasedOnInternalMethodOfDomainObject() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject.getParent(), "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.setInternalMethod("getParent");
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(-1, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS")));
    }

    public void testVoterCanDenyAccessIfPrincipalHasNoPermissionsAtAllToDomainObject() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject, "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.setInternalMethod("getParent");
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(-1, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("scott", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS")));
    }

    public void testVoterCanGrantAccessBasedOnInternalMethodOfDomainObject() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject.getParent(), "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.setInternalMethod("getParent");
        assertEquals("getParent", basicAclEntryVoter.getInternalMethod());
        basicAclEntryVoter.afterPropertiesSet();
        assertEquals(1, basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS")));
    }

    public void testVoterThrowsExceptionIfInvalidInternalMethodOfDomainObject() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject.getParent(), "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.setInternalMethod("getNonExistentParentName");
        basicAclEntryVoter.afterPropertiesSet();
        try {
            basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), getMethodInvocation(someDomainObject), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS"));
            fail("Should have thrown AuthorizationServiceException");
        } catch (AuthorizationServiceException e) {
            assertTrue(true);
        }
    }

    public void testVoterThrowsExceptionIfProcessDomainObjectNotFound() throws Exception {
        SomeDomainObject someDomainObject = new SomeDomainObject("foo");
        MockAclManager mockAclManager = new MockAclManager(someDomainObject.getParent(), "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setAclManager(mockAclManager);
        basicAclEntryVoter.setProcessConfigAttribute("FOO_ADMIN_OR_WRITE_ACCESS");
        basicAclEntryVoter.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION, SimpleAclEntry.WRITE});
        basicAclEntryVoter.setProcessDomainObjectClass(SomeDomainObject.class);
        basicAclEntryVoter.afterPropertiesSet();
        try {
            basicAclEntryVoter.vote(new UsernamePasswordAuthenticationToken("rod", null), new SimpleMethodInvocation(new String(), String.class.getMethod("toString", new Class[0]), new Object[]{someDomainObject}), new ConfigAttributeDefinition("FOO_ADMIN_OR_WRITE_ACCESS"));
            fail("Should have thrown AuthorizationServiceException");
        } catch (AuthorizationServiceException e) {
            assertTrue(true);
        }
    }

    public void testSetRequirePermissionFromString() {
        assertPermission("NOTHING", 0);
        assertPermission("ADMINISTRATION", SimpleAclEntry.ADMINISTRATION);
        assertPermission("READ", SimpleAclEntry.READ);
        assertPermission("WRITE", SimpleAclEntry.WRITE);
        assertPermission("CREATE", SimpleAclEntry.CREATE);
        assertPermission("DELETE", SimpleAclEntry.DELETE);
        assertPermission(new String[]{"WRITE", "CREATE"}, new int[]{SimpleAclEntry.WRITE, SimpleAclEntry.CREATE});
    }

    public void testSetRequirePermissionFromStringWrongValues() {
        try {
            new BasicAclEntryVoter().setRequirePermissionFromString(new String[]{"X"});
            fail(IllegalArgumentException.class.getName() + " must have been thrown.");
        } catch (IllegalArgumentException e) {
        }
    }

    private void assertPermission(String str, int i) {
        assertPermission(new String[]{str}, new int[]{i});
    }

    private void assertPermission(String[] strArr, int[] iArr) {
        BasicAclEntryVoter basicAclEntryVoter = new BasicAclEntryVoter();
        basicAclEntryVoter.setRequirePermissionFromString(strArr);
        assertEquals("Test incorreclty coded", iArr.length, strArr.length);
        assertEquals(iArr.length, basicAclEntryVoter.getRequirePermission().length);
        for (int i = 0; i < iArr.length; i++) {
            assertEquals(iArr[i], basicAclEntryVoter.getRequirePermission()[i]);
        }
    }
}
