package org.apache.jackrabbit.core.security.authorization;

import java.util.Arrays;
import java.util.Collections;
import java.util.Set;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.Workspace;
import javax.jcr.nodetype.NodeTypeManager;
import javax.jcr.nodetype.NodeTypeTemplate;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/AbstractRepositoryOperationTest.class */
public abstract class AbstractRepositoryOperationTest extends AbstractEvaluationTest {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void tearDown() throws Exception {
        try {
            for (AccessControlPolicy accessControlPolicy : this.acMgr.getPolicies((String) null)) {
                this.acMgr.removePolicy((String) null, accessControlPolicy);
            }
            this.superuser.save();
            super.tearDown();
        } catch (Throwable th) {
            super.tearDown();
            throw th;
        }
    }

    private Workspace getTestWorkspace() throws RepositoryException {
        return getTestSession().getWorkspace();
    }

    private void assertDefaultPrivileges(Name name) throws Exception {
        Privilege[] privilegesFromName = privilegesFromName(name.toString());
        assertTrue(this.superuser.getAccessControlManager().hasPrivileges((String) null, privilegesFromName));
        assertFalse(getTestACManager().hasPrivileges((String) null, privilegesFromName));
    }

    private void assertPrivilege(Name name, boolean z) throws Exception {
        assertEquals(z, getTestACManager().hasPrivileges((String) null, privilegesFromName(name.toString())));
    }

    private void assertPermission(int i, boolean z) throws Exception {
        try {
            getTestSession().getAccessManager().checkRepositoryPermission(i);
            if (!z) {
                fail();
            }
        } catch (AccessDeniedException e) {
            if (z) {
                fail();
            }
        }
    }

    private String getNewWorkspaceName(Workspace workspace) throws RepositoryException {
        String str = "new";
        int i = 0;
        while (Arrays.asList(workspace.getAccessibleWorkspaceNames()).contains(str)) {
            int i2 = i;
            i++;
            str = "new_" + i2;
        }
        return str;
    }

    private String getNewNamespacePrefix(Workspace workspace) throws RepositoryException {
        String str = "prefix";
        int i = 0;
        while (Arrays.asList(workspace.getNamespaceRegistry().getPrefixes()).contains(str)) {
            int i2 = i;
            i++;
            str = "prefix" + i2;
        }
        return str;
    }

    private String getNewNamespaceURI(Workspace workspace) throws RepositoryException {
        String str = "http://jackrabbit.apache.org/uri";
        int i = 0;
        while (Arrays.asList(workspace.getNamespaceRegistry().getURIs()).contains(str)) {
            int i2 = i;
            i++;
            str = "http://jackrabbit.apache.org/uri_" + i2;
        }
        return str;
    }

    private String getNewPrivilegeName(Workspace workspace) throws RepositoryException, NotExecutableException {
        String str = null;
        AccessControlManager accessControlManager = workspace.getSession().getAccessControlManager();
        for (int i = 0; i < 100; i++) {
            try {
                accessControlManager.privilegeFromName(str);
                str = "privilege-" + i;
            } catch (Exception e) {
            }
        }
        if (str == null) {
            throw new NotExecutableException("failed to define new privilege name.");
        }
        return str;
    }

    public void testWorkspaceCreation() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
        try {
            getTestWorkspace().createWorkspace(getNewWorkspaceName(this.superuser.getWorkspace()));
            fail("Workspace creation should be denied.");
        } catch (AccessDeniedException e) {
        }
        String newWorkspaceName = getNewWorkspaceName(this.superuser.getWorkspace());
        try {
            Workspace testWorkspace = getTestWorkspace();
            testWorkspace.createWorkspace(newWorkspaceName, testWorkspace.getName());
            fail("Workspace creation should be denied.");
        } catch (AccessDeniedException e2) {
        }
    }

    public void testWorkspaceCreationWithPrivilege() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
        assertPermission(32768, false);
        modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), true);
        assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, true);
        assertPermission(32768, true);
        try {
            getTestWorkspace().createWorkspace(getNewWorkspaceName(this.superuser.getWorkspace()));
            modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false);
            assertPrivilege(NameConstants.JCR_WORKSPACE_MANAGEMENT, false);
            assertPermission(32768, false);
        } catch (Throwable th) {
            modifyPrivileges(null, NameConstants.JCR_WORKSPACE_MANAGEMENT.toString(), false);
            throw th;
        }
    }

    public void testWorkspaceDeletion() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_WORKSPACE_MANAGEMENT);
        assertPermission(32768, false);
        Workspace workspace = this.superuser.getWorkspace();
        String newWorkspaceName = getNewWorkspaceName(workspace);
        workspace.createWorkspace(newWorkspaceName);
        try {
            Workspace testWorkspace = getTestWorkspace();
            if (Arrays.asList(testWorkspace.getAccessibleWorkspaceNames()).contains(newWorkspaceName)) {
                testWorkspace.deleteWorkspace(newWorkspaceName);
                fail("Workspace deletion should be denied.");
            }
            try {
                this.superuser.getWorkspace().deleteWorkspace(newWorkspaceName);
            } catch (Exception e) {
            }
        } catch (AccessDeniedException e2) {
            try {
                this.superuser.getWorkspace().deleteWorkspace(newWorkspaceName);
            } catch (Exception e3) {
            }
        } catch (Throwable th) {
            try {
                this.superuser.getWorkspace().deleteWorkspace(newWorkspaceName);
            } catch (Exception e4) {
            }
            throw th;
        }
    }

    public void testRegisterNodeType() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
        assertPermission(8192, false);
        NodeTypeManager nodeTypeManager = getTestWorkspace().getNodeTypeManager();
        NodeTypeTemplate createNodeTypeTemplate = nodeTypeManager.createNodeTypeTemplate();
        createNodeTypeTemplate.setName("testNodeType");
        createNodeTypeTemplate.setMixin(true);
        try {
            nodeTypeManager.registerNodeType(createNodeTypeTemplate, true);
            fail("Node type registration should be denied.");
        } catch (AccessDeniedException e) {
        }
        try {
            nodeTypeManager.registerNodeType(createNodeTypeTemplate, false);
            fail("Node type registration should be denied.");
        } catch (AccessDeniedException e2) {
        }
        NodeTypeTemplate[] nodeTypeTemplateArr = {createNodeTypeTemplate, nodeTypeManager.createNodeTypeTemplate()};
        nodeTypeTemplateArr[1].setName("anotherNodeType");
        nodeTypeTemplateArr[1].setDeclaredSuperTypeNames(new String[]{"nt:file"});
        try {
            nodeTypeManager.registerNodeTypes(nodeTypeTemplateArr, true);
            fail("Node type registration should be denied.");
        } catch (AccessDeniedException e3) {
        }
        try {
            nodeTypeManager.registerNodeTypes(nodeTypeTemplateArr, false);
            fail("Node type registration should be denied.");
        } catch (AccessDeniedException e4) {
        }
    }

    public void testRegisterNodeTypeWithPrivilege() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
        assertPermission(8192, false);
        modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), true);
        assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, true);
        assertPermission(8192, true);
        try {
            NodeTypeManager nodeTypeManager = getTestWorkspace().getNodeTypeManager();
            NodeTypeTemplate createNodeTypeTemplate = nodeTypeManager.createNodeTypeTemplate();
            createNodeTypeTemplate.setName("testNodeType");
            createNodeTypeTemplate.setMixin(true);
            nodeTypeManager.registerNodeType(createNodeTypeTemplate, true);
            NodeTypeTemplate[] nodeTypeTemplateArr = {createNodeTypeTemplate, nodeTypeManager.createNodeTypeTemplate()};
            nodeTypeTemplateArr[1].setName("anotherNodeType");
            nodeTypeTemplateArr[1].setDeclaredSuperTypeNames(new String[]{"nt:file"});
            nodeTypeManager.registerNodeTypes(nodeTypeTemplateArr, true);
            modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
            assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
            assertPermission(8192, false);
        } catch (Throwable th) {
            modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
            throw th;
        }
    }

    public void testUnRegisterNodeType() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT);
        assertPermission(8192, false);
        NodeTypeManager nodeTypeManager = this.superuser.getWorkspace().getNodeTypeManager();
        NodeTypeTemplate createNodeTypeTemplate = nodeTypeManager.createNodeTypeTemplate();
        createNodeTypeTemplate.setName("testNodeType");
        createNodeTypeTemplate.setMixin(true);
        nodeTypeManager.registerNodeType(createNodeTypeTemplate, true);
        Workspace testWorkspace = getTestWorkspace();
        try {
            try {
                testWorkspace.getNodeTypeManager().unregisterNodeType(createNodeTypeTemplate.getName());
                fail("Namespace unregistration should be denied.");
            } finally {
                try {
                    nodeTypeManager.unregisterNodeType(createNodeTypeTemplate.getName());
                } catch (Exception e) {
                }
            }
        } catch (AccessDeniedException e2) {
        }
        try {
            testWorkspace.getNodeTypeManager().unregisterNodeTypes(new String[]{createNodeTypeTemplate.getName()});
            fail("Namespace unregistration should be denied.");
        } catch (AccessDeniedException e3) {
        }
    }

    public void testRegisterNamespace() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
        assertPermission(8192, false);
        try {
            Workspace testWorkspace = getTestWorkspace();
            testWorkspace.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWorkspace), getNewNamespaceURI(testWorkspace));
            fail("Namespace registration should be denied.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRegisterNamespaceWithPrivilege() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
        assertPermission(16384, false);
        modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
        assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
        assertPermission(16384, true);
        try {
            Workspace testWorkspace = getTestWorkspace();
            testWorkspace.getNamespaceRegistry().registerNamespace(getNewNamespacePrefix(testWorkspace), getNewNamespaceURI(testWorkspace));
            modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), false);
            assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
            assertPermission(16384, false);
        } catch (Throwable th) {
            modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), false);
            throw th;
        }
    }

    public void testUnregisterNamespace() throws Exception {
        assertDefaultPrivileges(NameConstants.JCR_NAMESPACE_MANAGEMENT);
        assertPermission(16384, false);
        Workspace workspace = this.superuser.getWorkspace();
        String newNamespacePrefix = getNewNamespacePrefix(workspace);
        workspace.getNamespaceRegistry().registerNamespace(newNamespacePrefix, getNewNamespaceURI(workspace));
        try {
            getTestWorkspace().getNamespaceRegistry().unregisterNamespace(newNamespacePrefix);
            fail("Namespace unregistration should be denied.");
            try {
                this.superuser.getWorkspace().getNamespaceRegistry().unregisterNamespace(newNamespacePrefix);
            } catch (Exception e) {
            }
        } catch (AccessDeniedException e2) {
            try {
                this.superuser.getWorkspace().getNamespaceRegistry().unregisterNamespace(newNamespacePrefix);
            } catch (Exception e3) {
            }
        } catch (Throwable th) {
            try {
                this.superuser.getWorkspace().getNamespaceRegistry().unregisterNamespace(newNamespacePrefix);
            } catch (Exception e4) {
            }
            throw th;
        }
    }

    public void testRegisterPrivilege() throws Exception {
        assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
        assertPermission(65536, false);
        try {
            JackrabbitWorkspace testWorkspace = getTestWorkspace();
            testWorkspace.getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWorkspace), false, new String[0]);
            fail("Privilege registration should be denied.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRegisterPrivilegeWithPrivilege() throws Exception {
        assertDefaultPrivileges(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME);
        assertPermission(65536, false);
        modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(), true);
        assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, true);
        assertPermission(65536, true);
        try {
            JackrabbitWorkspace testWorkspace = getTestWorkspace();
            testWorkspace.getPrivilegeManager().registerPrivilege(getNewPrivilegeName(testWorkspace), false, new String[0]);
            modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(), false);
            assertPrivilege(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME, false);
            assertPermission(65536, false);
        } catch (Throwable th) {
            modifyPrivileges(null, PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME.toString(), false);
            throw th;
        }
    }

    public void testRepoPolicyAPI() throws Exception {
        try {
            try {
                AccessControlPolicy[] policies = this.acMgr.getPolicies((String) null);
                assertNotNull(policies);
                assertEquals(0, policies.length);
                AccessControlPolicy[] effectivePolicies = this.acMgr.getEffectivePolicies((String) null);
                assertNotNull(effectivePolicies);
                assertEquals(0, effectivePolicies.length);
                AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies((String) null);
                assertNotNull(applicablePolicies);
                assertTrue(applicablePolicies.hasNext());
                AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
                assertNotNull(nextAccessControlPolicy);
                assertTrue(nextAccessControlPolicy instanceof JackrabbitAccessControlPolicy);
                modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
                modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
                AccessControlList[] policies2 = this.acMgr.getPolicies((String) null);
                assertNotNull(policies2);
                assertEquals(1, policies2.length);
                assertTrue(policies2[0] instanceof AccessControlList);
                AccessControlEntry[] accessControlEntries = policies2[0].getAccessControlEntries();
                assertNotNull(accessControlEntries);
                assertEquals(2, accessControlEntries.length);
                assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, true);
                assertPermission(16384, true);
                assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
                assertPermission(8192, false);
                AccessControlList[] effectivePolicies2 = this.acMgr.getEffectivePolicies((String) null);
                assertNotNull(effectivePolicies2);
                assertEquals(1, effectivePolicies2.length);
                assertTrue(effectivePolicies2[0] instanceof AccessControlList);
                AccessControlEntry[] accessControlEntries2 = effectivePolicies2[0].getAccessControlEntries();
                assertNotNull(accessControlEntries2);
                assertEquals(2, accessControlEntries2.length);
                AccessControlList accessControlList = this.acMgr.getPolicies((String) null)[0];
                accessControlList.removeAccessControlEntry(accessControlList.getAccessControlEntries()[1]);
                this.acMgr.setPolicy((String) null, accessControlList);
                this.superuser.save();
                AccessControlEntry[] accessControlEntries3 = this.acMgr.getPolicies((String) null)[0].getAccessControlEntries();
                assertNotNull(accessControlEntries3);
                assertEquals(1, accessControlEntries3.length);
                assertPrivilege(NameConstants.JCR_NAMESPACE_MANAGEMENT, false);
                assertPermission(16384, false);
                assertPrivilege(NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT, false);
                assertPermission(8192, false);
                for (AccessControlPolicy accessControlPolicy : this.acMgr.getPolicies((String) null)) {
                    this.acMgr.removePolicy((String) null, accessControlPolicy);
                }
                this.superuser.save();
                AccessControlPolicy[] policies3 = this.acMgr.getPolicies((String) null);
                assertNotNull(policies3);
                assertEquals(0, policies3.length);
                AccessControlPolicy[] effectivePolicies3 = this.acMgr.getEffectivePolicies((String) null);
                assertNotNull(effectivePolicies3);
                assertEquals(0, effectivePolicies3.length);
                AccessControlPolicyIterator applicablePolicies2 = this.acMgr.getApplicablePolicies((String) null);
                assertNotNull(applicablePolicies2);
                assertTrue(applicablePolicies2.hasNext());
                AccessControlPolicy nextAccessControlPolicy2 = applicablePolicies2.nextAccessControlPolicy();
                assertNotNull(nextAccessControlPolicy2);
                assertTrue(nextAccessControlPolicy2 instanceof JackrabbitAccessControlPolicy);
            } catch (UnsupportedRepositoryOperationException e) {
                throw new NotExecutableException();
            }
        } catch (Throwable th) {
            for (AccessControlPolicy accessControlPolicy2 : this.acMgr.getPolicies((String) null)) {
                this.acMgr.removePolicy((String) null, accessControlPolicy2);
            }
            this.superuser.save();
            AccessControlPolicy[] policies4 = this.acMgr.getPolicies((String) null);
            assertNotNull(policies4);
            assertEquals(0, policies4.length);
            AccessControlPolicy[] effectivePolicies4 = this.acMgr.getEffectivePolicies((String) null);
            assertNotNull(effectivePolicies4);
            assertEquals(0, effectivePolicies4.length);
            AccessControlPolicyIterator applicablePolicies3 = this.acMgr.getApplicablePolicies((String) null);
            assertNotNull(applicablePolicies3);
            assertTrue(applicablePolicies3.hasNext());
            AccessControlPolicy nextAccessControlPolicy3 = applicablePolicies3.nextAccessControlPolicy();
            assertNotNull(nextAccessControlPolicy3);
            assertTrue(nextAccessControlPolicy3 instanceof JackrabbitAccessControlPolicy);
            throw th;
        }
    }

    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        if (!(this.acMgr instanceof JackrabbitAccessControlManager)) {
            throw new NotExecutableException();
        }
        JackrabbitAccessControlManager jackrabbitAccessControlManager = this.acMgr;
        Set singleton = Collections.singleton(this.testUser.getPrincipal());
        try {
            try {
                AccessControlPolicy[] policies = this.acMgr.getPolicies((String) null);
                assertNotNull(policies);
                assertEquals(0, policies.length);
                AccessControlPolicy[] effectivePolicies = jackrabbitAccessControlManager.getEffectivePolicies(singleton);
                assertNotNull(effectivePolicies);
                assertEquals(0, effectivePolicies.length);
                assertTrue(this.acMgr.getApplicablePolicies((String) null).hasNext());
                modifyPrivileges(null, NameConstants.JCR_NODE_TYPE_DEFINITION_MANAGEMENT.toString(), false);
                modifyPrivileges(null, NameConstants.JCR_NAMESPACE_MANAGEMENT.toString(), true);
                AccessControlList[] effectivePolicies2 = jackrabbitAccessControlManager.getEffectivePolicies(singleton);
                assertNotNull(effectivePolicies2);
                assertEquals(1, effectivePolicies2.length);
                assertTrue(effectivePolicies2[0] instanceof AccessControlList);
                AccessControlEntry[] accessControlEntries = effectivePolicies2[0].getAccessControlEntries();
                assertNotNull(accessControlEntries);
                assertEquals(2, accessControlEntries.length);
                for (AccessControlEntry accessControlEntry : accessControlEntries) {
                    assertEquals(this.testUser.getPrincipal(), accessControlEntry.getPrincipal());
                }
            } catch (UnsupportedRepositoryOperationException e) {
                throw new NotExecutableException();
            }
        } finally {
            for (AccessControlPolicy accessControlPolicy : this.acMgr.getPolicies((String) null)) {
                this.acMgr.removePolicy((String) null, accessControlPolicy);
            }
            this.superuser.save();
            AccessControlPolicy[] policies2 = this.acMgr.getPolicies((String) null);
            assertNotNull(policies2);
            assertEquals(0, policies2.length);
        }
    }
}
