package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AccessControlProvider;
import org.apache.jackrabbit.core.security.authorization.CompiledPermissions;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserAccessControlProviderTest.class */
public class UserAccessControlProviderTest extends AbstractUserTest {
    private Session s;
    private AccessControlProvider provider;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.api.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        this.s = getHelper().getSuperuserSession(this.superuser.getRepository().getConfig().getSecurityConfig().getSecurityManagerConfig().getWorkspaceName());
        this.provider = new UserAccessControlProvider();
        this.provider.init(this.s, Collections.emptyMap());
    }

    protected void cleanUp() throws Exception {
        if (this.provider != null) {
            this.provider.close();
        }
        if (this.s != null) {
            this.s.logout();
        }
        super.cleanUp();
    }

    private Set<Principal> getAnonymousPrincipals() throws RepositoryException {
        SessionImpl login = getHelper().getRepository().login(new SimpleCredentials("anonymous", "".toCharArray()));
        try {
            HashSet hashSet = new HashSet(login.getSubject().getPrincipals());
            login.logout();
            return hashSet;
        } catch (Throwable th) {
            login.logout();
            throw th;
        }
    }

    public void testNoNodeForPrincipal() throws RepositoryException {
        final String str;
        final Principal testPrincipal = getTestPrincipal();
        String str2 = "/home/users/t/" + testPrincipal.getName();
        while (true) {
            str = str2;
            if (!this.s.nodeExists(str)) {
                break;
            } else {
                str2 = str + "_";
            }
        }
        ArrayList arrayList = new ArrayList();
        arrayList.add(Collections.singleton(testPrincipal));
        arrayList.add(Collections.singleton(new ItemBasedPrincipal() { // from class: org.apache.jackrabbit.core.security.user.UserAccessControlProviderTest.1
            public String getPath() {
                return str;
            }

            public String getName() {
                return testPrincipal.getName();
            }
        }));
        Path qPath = this.s.getQPath("/");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            CompiledPermissions compilePermissions = this.provider.compilePermissions((Set) it.next());
            assertFalse(compilePermissions.canReadAll());
            assertFalse(compilePermissions.grants(qPath, 1));
            assertTrue(compilePermissions.getPrivilegeSet(qPath).isEmpty());
            assertSame(CompiledPermissions.NO_PERMISSION, compilePermissions);
        }
    }

    public void testNodeRemovedForPrincipal() throws RepositoryException, NotExecutableException {
        User createUser = getUserManager(this.superuser).createUser(getTestPrincipal().getName(), "pw");
        save(this.superuser);
        Path qPath = this.s.getQPath("/");
        CompiledPermissions compiledPermissions = null;
        try {
            compiledPermissions = this.provider.compilePermissions(Collections.singleton(createUser.getPrincipal()));
            assertTrue(compiledPermissions.canReadAll());
            assertTrue(compiledPermissions.grants(qPath, 1));
            assertNotSame(CompiledPermissions.NO_PERMISSION, compiledPermissions);
            createUser.remove();
            save(this.superuser);
            if (compiledPermissions != null) {
                assertFalse(compiledPermissions.canReadAll());
                assertFalse(compiledPermissions.grants(qPath, 1));
                assertTrue(compiledPermissions.getPrivilegeSet(qPath).isEmpty());
            }
        } catch (Throwable th) {
            createUser.remove();
            save(this.superuser);
            if (compiledPermissions != null) {
                assertFalse(compiledPermissions.canReadAll());
                assertFalse(compiledPermissions.grants(qPath, 1));
                assertTrue(compiledPermissions.getPrivilegeSet(qPath).isEmpty());
            }
            throw th;
        }
    }

    public void testAnonymousDefaultAccess() throws Exception {
        Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
        assertTrue(this.provider.canAccessRoot(anonymousPrincipals));
        CompiledPermissions compilePermissions = this.provider.compilePermissions(anonymousPrincipals);
        assertTrue(compilePermissions.canReadAll());
        assertFalse(CompiledPermissions.NO_PERMISSION.equals(compilePermissions));
    }

    public void testAnonymousAccessDenied() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("anonymousAccess", "false");
        UserAccessControlProvider userAccessControlProvider = new UserAccessControlProvider();
        try {
            userAccessControlProvider.init(this.s, hashMap);
            Set<Principal> anonymousPrincipals = getAnonymousPrincipals();
            assertFalse(userAccessControlProvider.canAccessRoot(anonymousPrincipals));
            CompiledPermissions compilePermissions = userAccessControlProvider.compilePermissions(anonymousPrincipals);
            try {
                assertEquals(CompiledPermissions.NO_PERMISSION, compilePermissions);
                assertFalse(compilePermissions.canReadAll());
                assertFalse(compilePermissions.grants(this.s.getRootNode().getPrimaryPath(), 1));
                compilePermissions.close();
            } catch (Throwable th) {
                compilePermissions.close();
                throw th;
            }
        } finally {
            userAccessControlProvider.close();
        }
    }

    public void testAnonymousAccessDenied2() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("anonymousAccess", "false");
        hashMap.put("anonymousId", "abc");
        UserAccessControlProvider userAccessControlProvider = new UserAccessControlProvider();
        try {
            userAccessControlProvider.init(this.s, hashMap);
            Set singleton = Collections.singleton(new Principal() { // from class: org.apache.jackrabbit.core.security.user.UserAccessControlProviderTest.2
                @Override // java.security.Principal
                public String getName() {
                    return "abc";
                }
            });
            assertFalse(userAccessControlProvider.canAccessRoot(singleton));
            CompiledPermissions compilePermissions = userAccessControlProvider.compilePermissions(singleton);
            try {
                assertEquals(CompiledPermissions.NO_PERMISSION, compilePermissions);
                assertFalse(compilePermissions.canReadAll());
                assertFalse(compilePermissions.grants(this.s.getRootNode().getPrimaryPath(), 1));
                compilePermissions.close();
            } catch (Throwable th) {
                compilePermissions.close();
                throw th;
            }
        } finally {
            userAccessControlProvider.close();
        }
    }
}
