package org.springframework.security.afterinvocation;

import junit.framework.TestCase;
import org.springframework.security.AccessDeniedException;
import org.springframework.security.ConfigAttributeDefinition;
import org.springframework.security.MockAclManager;
import org.springframework.security.acl.AclEntry;
import org.springframework.security.acl.basic.MockAclObjectIdentity;
import org.springframework.security.acl.basic.SimpleAclEntry;
import org.springframework.security.providers.UsernamePasswordAuthenticationToken;
import org.springframework.security.util.SimpleMethodInvocation;

/* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests.class */
public class BasicAclEntryAfterInvocationProviderTests extends TestCase {

    /* loaded from: input_file:spring-security-core-2.0.8.RELEASE-tests.jar:org/springframework/security/afterinvocation/BasicAclEntryAfterInvocationProviderTests$MockAclEntry.class */
    private class MockAclEntry implements AclEntry {
        private MockAclEntry() {
        }
    }

    public void testCorrectOperationWhenPrincipalHasIncorrectPermissionToDomainObject() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("belmont", "scott", new AclEntry[]{new SimpleAclEntry("scott", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION)});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        try {
            basicAclEntryAfterInvocationProvider.decide(new UsernamePasswordAuthenticationToken("scott", "NOT_USED"), new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), "belmont");
            fail("Should have thrown AccessDeniedException");
        } catch (AccessDeniedException e) {
            assertTrue(true);
        }
    }

    public void testCorrectOperationWhenPrincipalHasNoPermissionToDomainObject() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("belmont", "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        try {
            basicAclEntryAfterInvocationProvider.decide(new UsernamePasswordAuthenticationToken("scott", "NOT_USED"), new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), "belmont");
            fail("Should have thrown AccessDeniedException");
        } catch (AccessDeniedException e) {
            assertTrue(true);
        }
    }

    public void testCorrectOperationWhenPrincipalIsAuthorised() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("belmont", "rod", new AclEntry[]{new MockAclEntry(), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE)});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        assertEquals(mockAclManager, basicAclEntryAfterInvocationProvider.getAclManager());
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        assertEquals("belmont", basicAclEntryAfterInvocationProvider.decide(new UsernamePasswordAuthenticationToken("rod", "NOT_USED"), new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), "belmont"));
    }

    public void testGrantsAccessIfReturnedObjectIsNull() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("belmont", "rod", new AclEntry[]{new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.DELETE), new MockAclEntry()});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        assertNull(basicAclEntryAfterInvocationProvider.decide(new UsernamePasswordAuthenticationToken("rod", "NOT_USED"), new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), null));
    }

    public void testRespectsModificationsToProcessConfigAttribute() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("sydney", "rod", new AclEntry[]{new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.READ), new MockAclEntry()});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        assertEquals("AFTER_ACL_READ", basicAclEntryAfterInvocationProvider.getProcessConfigAttribute());
        basicAclEntryAfterInvocationProvider.setProcessConfigAttribute("AFTER_ACL_ADMIN");
        assertEquals("AFTER_ACL_ADMIN", basicAclEntryAfterInvocationProvider.getProcessConfigAttribute());
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken("rod", "NOT_USED");
        assertEquals("sydney", basicAclEntryAfterInvocationProvider.decide(usernamePasswordAuthenticationToken, new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), "sydney"));
        assertEquals("sydney", basicAclEntryAfterInvocationProvider.decide(usernamePasswordAuthenticationToken, new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_ADMIN"), "sydney"));
    }

    public void testRespectsModificationsToRequirePermissions() throws Exception {
        MockAclManager mockAclManager = new MockAclManager("sydney", "rod", new AclEntry[]{new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new MockAclEntry()});
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(mockAclManager);
        assertEquals(SimpleAclEntry.READ, basicAclEntryAfterInvocationProvider.getRequirePermission()[0]);
        basicAclEntryAfterInvocationProvider.setRequirePermission(new int[]{SimpleAclEntry.ADMINISTRATION});
        assertEquals(SimpleAclEntry.ADMINISTRATION, basicAclEntryAfterInvocationProvider.getRequirePermission()[0]);
        basicAclEntryAfterInvocationProvider.afterPropertiesSet();
        assertEquals("sydney", basicAclEntryAfterInvocationProvider.decide(new UsernamePasswordAuthenticationToken("rod", "NOT_USED"), new SimpleMethodInvocation(), new ConfigAttributeDefinition("AFTER_ACL_READ"), "sydney"));
    }

    public void testStartupDetectsMissingAclManager() throws Exception {
        try {
            new BasicAclEntryAfterInvocationProvider().afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("An aclManager is mandatory", e.getMessage());
        }
    }

    public void testStartupDetectsMissingProcessConfigAttribute() throws Exception {
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(new MockAclManager("sydney", "rod", new AclEntry[]{new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new MockAclEntry()}));
        basicAclEntryAfterInvocationProvider.setProcessConfigAttribute(null);
        try {
            basicAclEntryAfterInvocationProvider.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("A processConfigAttribute is mandatory", e.getMessage());
        }
    }

    public void testStartupDetectsMissingRequirePermission() throws Exception {
        BasicAclEntryAfterInvocationProvider basicAclEntryAfterInvocationProvider = new BasicAclEntryAfterInvocationProvider();
        basicAclEntryAfterInvocationProvider.setAclManager(new MockAclManager("sydney", "rod", new AclEntry[]{new SimpleAclEntry("rod", new MockAclObjectIdentity(), null, SimpleAclEntry.ADMINISTRATION), new MockAclEntry()}));
        basicAclEntryAfterInvocationProvider.setRequirePermission(null);
        try {
            basicAclEntryAfterInvocationProvider.afterPropertiesSet();
            fail("Should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertEquals("One or more requirePermission entries is mandatory", e.getMessage());
        }
    }

    public void testSupportsAnything() {
        assertTrue(new BasicAclEntryAfterInvocationProvider().supports(String.class));
    }
}
