oak-authorization-principalbased/src/test/java/org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AbstractEntryTest.java

/*
 * Licensed to the Apache Software Foundation (ASF) under one or more
 * contributor license agreements.  See the NOTICE file distributed with
 * this work for additional information regarding copyright ownership.
 * The ASF licenses this file to You under the Apache License, Version 2.0
 * (the "License"); you may not use this file except in compliance with
 * the License.  You may obtain a copy of the License at
 *
 *      http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.authorization.restriction.RestrictionProviderImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Before;
import org.junit.Test;

import javax.jcr.PropertyType;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import java.security.Principal;

import static org.apache.jackrabbit.oak.spi.nodetype.NodeTypeConstants.NT_OAK_UNSTRUCTURED;
import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_GLOB;
import static org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants.REP_NT_NAMES;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertNotEquals;

public class AbstractEntryTest extends AbstractPrincipalBasedTest {

    private PrivilegeBitsProvider bitsProvider;

    private AbstractEntry entryA;
    private AbstractEntry entryB;

    private Restriction restriction;

    @Before
    public void before() throws Exception {
        super.before();

        this.bitsProvider = new PrivilegeBitsProvider(root);

        ValueFactory vf = getValueFactory(root);
        RestrictionProvider rp = new RestrictionProviderImpl();
        Restriction r = rp.createRestriction(TEST_OAK_PATH, REP_NT_NAMES, vf.createValue(getNamePathMapper().getJcrName(NT_OAK_UNSTRUCTURED), PropertyType.NAME));

        Principal principal = getTestSystemUser().getPrincipal();
        entryA = new TestEntry(TEST_OAK_PATH, principal, bitsProvider.getBits(PrivilegeConstants.JCR_NODE_TYPE_MANAGEMENT, PrivilegeConstants.REP_WRITE), r);
        entryB = new TestEntry(null, principal, bitsProvider.getBits(PrivilegeConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT));

        restriction = rp.createRestriction(entryA.getOakPath(), REP_GLOB, vf.createValue("*"));
    }

    @Test
    public void testHashCode() throws Exception {
        assertNotEquals(entryA.hashCode(), entryB.hashCode());

        // same entry -> same hash
        assertEquals(entryA.hashCode(), entryA.hashCode());

        // equivalent entry -> same hash
        assertEquals(entryA.hashCode(), new TestEntry(entryA).hashCode());
        assertEquals(entryB.hashCode(), new TestEntry(entryB).hashCode());

        // different restrictions -> different hash
        AbstractEntry differentRestriction = new TestEntry(entryA.getOakPath(), entryA.getPrincipal(), entryA.getPrivilegeBits(), restriction);
        assertNotEquals(entryA.hashCode(), differentRestriction.hashCode());

        // different path -> different hash
        AbstractEntry differentPath = new TestEntry(PathUtils.ROOT_PATH, entryA.getPrincipal(), entryA.getPrivilegeBits(), entryA.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryA.hashCode(), differentPath.hashCode());

        // different principal -> different hash
        AbstractEntry differentPrincipal = new TestEntry(entryB.getOakPath(), EveryonePrincipal.getInstance(), entryB.getPrivilegeBits(), entryB.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryB.hashCode(), differentPrincipal.hashCode());

        // different path -> different hash
        AbstractEntry differentPrivs = new TestEntry(entryB.getOakPath(), entryB.getPrincipal(), bitsProvider.getBits(PrivilegeConstants.JCR_READ), entryB.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryB.hashCode(), differentPrivs.hashCode());
    }

    @Test
    public void testEquals() throws Exception {
        assertNotEquals(entryA, entryB);
        assertNotEquals(entryB, entryA);

        assertEquals(entryA, entryA);

        // equivalent entry -> equals
        assertEquals(entryA, new TestEntry(entryA));
        assertEquals(entryB, new TestEntry(entryB));

        // different restrictions -> different hash
        AbstractEntry differentRestriction = new TestEntry(entryA.getOakPath(), entryA.getPrincipal(), entryA.getPrivilegeBits(), restriction);
        assertNotEquals(entryA, differentRestriction);

        // different path -> different hash
        AbstractEntry differentPath = new TestEntry(PathUtils.ROOT_PATH, entryA.getPrincipal(), entryA.getPrivilegeBits(), entryA.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryA, differentPath);

        // different principal -> different hash
        AbstractEntry differentPrincipal = new TestEntry(entryB.getOakPath(), EveryonePrincipal.getInstance(), entryB.getPrivilegeBits(), entryB.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryB, differentPrincipal);

        // different path -> different hash
        AbstractEntry differentPrivs = new TestEntry(entryB.getOakPath(), entryB.getPrincipal(), bitsProvider.getBits(PrivilegeConstants.JCR_READ), entryB.getRestrictions().toArray(new Restriction[0]));
        assertNotEquals(entryB, differentPrivs);
    }

    private final class TestEntry extends AbstractEntry {

        TestEntry(@Nullable String oakPath, @NotNull Principal principal, @NotNull PrivilegeBits privilegeBits, @NotNull Restriction... restrictions) throws AccessControlException {
            super(oakPath, principal, privilegeBits, ImmutableSet.copyOf(restrictions), AbstractEntryTest.this.getNamePathMapper());
        }

        TestEntry(@NotNull AbstractEntry base) throws AccessControlException {
            super(base.getOakPath(), base.getPrincipal(), base.getPrivilegeBits(), base.getRestrictions(), AbstractEntryTest.this.getNamePathMapper());
        }

        @Override
        @NotNull NamePathMapper getNamePathMapper() {
            return AbstractEntryTest.this.getNamePathMapper();
        }

        @Override
        protected @NotNull PrivilegeBitsProvider getPrivilegeBitsProvider() {
            return bitsProvider;
        }
        
        @Override
        public Privilege[] getPrivileges() {
            try {
                return privilegesFromNames(bitsProvider.getPrivilegeNames(getPrivilegeBits()));
            } catch (RepositoryException e) {
                throw new RuntimeException(e);
            }
        }
    }
}