package org.springframework.security.taglibs.authz;

import javax.servlet.jsp.JspException;
import javax.servlet.jsp.PageContext;
import junit.framework.TestCase;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.StaticApplicationContext;
import org.springframework.security.Authentication;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.AclManager;
import org.springframework.security.acl.basic.AclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;

/* loaded from: input_file:spring-security-taglibs-2.0.8.RELEASE-tests.jar:org/springframework/security/taglibs/authz/AclTagTests.class */
public class AclTagTests extends TestCase {
    private final MyAclTag aclTag = new MyAclTag();

    /* loaded from: input_file:spring-security-taglibs-2.0.8.RELEASE-tests.jar:org/springframework/security/taglibs/authz/AclTagTests$MockAclEntry.class */
    private class MockAclEntry implements AclEntry {
        private MockAclEntry() {
        }
    }

    /* loaded from: input_file:spring-security-taglibs-2.0.8.RELEASE-tests.jar:org/springframework/security/taglibs/authz/AclTagTests$MockAclObjectIdentity.class */
    private static class MockAclObjectIdentity implements AclObjectIdentity {
        private MockAclObjectIdentity() {
        }
    }

    /* loaded from: input_file:spring-security-taglibs-2.0.8.RELEASE-tests.jar:org/springframework/security/taglibs/authz/AclTagTests$MyAclTag.class */
    private class MyAclTag extends AclTag {
        private MyAclTag() {
        }

        @Override // org.springframework.security.taglibs.authz.AclTag
        protected ApplicationContext getContext(PageContext pageContext) {
            StaticApplicationContext staticApplicationContext = new StaticApplicationContext();
            final AclEntry[] aclEntryArr = {new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ)};
            staticApplicationContext.getBeanFactory().registerSingleton("aclManager", new AclManager() { // from class: org.springframework.security.taglibs.authz.AclTagTests.MyAclTag.1
                String object = "object1";
                String principal = "rod";

                @Override // org.springframework.security.acl.AclManager
                public AclEntry[] getAcls(Object obj) {
                    if (obj.equals(this.object)) {
                        return aclEntryArr;
                    }
                    return null;
                }

                @Override // org.springframework.security.acl.AclManager
                public AclEntry[] getAcls(Object obj, Authentication authentication) {
                    if (obj.equals(this.object) && authentication.getPrincipal().equals(this.principal)) {
                        return aclEntryArr;
                    }
                    return null;
                }
            });
            return staticApplicationContext;
        }
    }

    protected void tearDown() throws Exception {
        SecurityContextHolder.clearContext();
    }

    public void testInclusionDeniedWhenAclManagerUnawareOfObject() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(new Long(SimpleAclEntry.ADMINISTRATION).toString());
        this.aclTag.setDomainObject(new Integer(54));
        assertEquals(0, this.aclTag.doStartTag());
    }

    public void testInclusionDeniedWhenNoListOfPermissionsGiven() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(null);
        this.aclTag.setDomainObject("object1");
        assertEquals(0, this.aclTag.doStartTag());
    }

    public void testInclusionDeniedWhenPrincipalDoesNotHoldAnyPermissions() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("john", "crow", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(new Integer(SimpleAclEntry.ADMINISTRATION) + "," + new Integer(SimpleAclEntry.READ));
        assertEquals(new Integer(SimpleAclEntry.ADMINISTRATION) + "," + new Integer(SimpleAclEntry.READ), this.aclTag.getHasPermission());
        this.aclTag.setDomainObject("object1");
        assertEquals("object1", this.aclTag.getDomainObject());
        assertEquals(0, this.aclTag.doStartTag());
    }

    public void testInclusionDeniedWhenPrincipalDoesNotHoldRequiredPermissions() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(new Integer(SimpleAclEntry.DELETE).toString());
        this.aclTag.setDomainObject("object1");
        assertEquals(0, this.aclTag.doStartTag());
    }

    public void testInclusionDeniedWhenSecurityContextEmpty() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(null);
        this.aclTag.setHasPermission(new Long(SimpleAclEntry.ADMINISTRATION).toString());
        this.aclTag.setDomainObject("object1");
        assertEquals(0, this.aclTag.doStartTag());
    }

    public void testInclusionPermittedWhenDomainObjectIsNull() throws JspException {
        this.aclTag.setHasPermission(new Integer(SimpleAclEntry.READ).toString());
        this.aclTag.setDomainObject(null);
        assertEquals(1, this.aclTag.doStartTag());
    }

    public void testJspExceptionThrownIfHasPermissionNotValidFormat() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("john", "crow", new GrantedAuthority[0]));
        this.aclTag.setHasPermission("0,5, 6");
        try {
            this.aclTag.doStartTag();
            fail("Should have thrown JspException");
        } catch (JspException e) {
            assertTrue(true);
        }
    }

    public void testOperationWhenPrincipalHoldsPermissionOfMultipleList() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(new Integer(SimpleAclEntry.ADMINISTRATION) + "," + new Integer(SimpleAclEntry.READ));
        this.aclTag.setDomainObject("object1");
        assertEquals(1, this.aclTag.doStartTag());
    }

    public void testOperationWhenPrincipalHoldsPermissionOfSingleList() throws JspException {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("rod", "koala", new GrantedAuthority[0]));
        this.aclTag.setHasPermission(new Integer(SimpleAclEntry.READ).toString());
        this.aclTag.setDomainObject("object1");
        assertEquals(1, this.aclTag.doStartTag());
    }
}
