package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.Property;
import javax.jcr.PropertyIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/acl/AcReadWriteTest.class */
public class AcReadWriteTest extends AbstractEvaluationTest {
    protected String path;
    protected String childNPath;
    protected String childNPath2;
    protected String childPPath;
    protected String childchildPPath;
    protected String siblingPath;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        Node addNode2 = addNode.addNode(this.nodeName2, this.testNodeType);
        Property property = addNode.setProperty(this.propertyName1, "anyValue");
        Node addNode3 = addNode.addNode(this.nodeName3, this.testNodeType);
        Property property2 = addNode2.setProperty(this.propertyName1, "childNodeProperty");
        Node addNode4 = this.testRootNode.addNode(this.nodeName2, this.testNodeType);
        this.superuser.save();
        this.path = addNode.getPath();
        this.childNPath = addNode2.getPath();
        this.childNPath2 = addNode3.getPath();
        this.childPPath = property.getPath();
        this.childchildPPath = property2.getPath();
        this.siblingPath = addNode4.getPath();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    protected boolean isExecutable() {
        return EvaluationUtil.isExecutable(this.acMgr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public JackrabbitAccessControlList getPolicy(AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        return EvaluationUtil.getPolicy(accessControlManager, str, principal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public Map<String, Value> getRestrictions(Session session, String str) {
        return Collections.emptyMap();
    }

    public void testAccessControlPrivileges() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        JackrabbitAccessControlList givePrivileges = givePrivileges(this.path, privilegesFromNames(new String[]{"{internal}write", "{http://www.jcp.org/jcr/1.0}readAccessControl", "{http://www.jcp.org/jcr/1.0}modifyAccessControl"}), getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        assertTrue(testSession.itemExists(givePrivileges.getPath() + "/rep:policy"));
        testACManager.getPolicies(givePrivileges.getPath());
        testACManager.removePolicy(givePrivileges.getPath(), givePrivileges);
    }

    public void testSetNewPolicy() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        givePrivileges(this.path, privilegesFromNames(new String[]{"{internal}write", "{http://www.jcp.org/jcr/1.0}readAccessControl", "{http://www.jcp.org/jcr/1.0}modifyAccessControl"}), getRestrictions(this.superuser, this.path));
        AccessControlManager testACManager = getTestACManager();
        AccessControlPolicyIterator applicablePolicies = testACManager.getApplicablePolicies(this.childNPath);
        while (applicablePolicies.hasNext()) {
            AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            testACManager.setPolicy(this.childNPath, nextAccessControlPolicy);
            testACManager.removePolicy(this.childNPath, nextAccessControlPolicy);
        }
    }

    public void testSetModifiedPolicy() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        givePrivileges(this.path, privilegesFromNames(new String[]{"{internal}write", "{http://www.jcp.org/jcr/1.0}readAccessControl", "{http://www.jcp.org/jcr/1.0}modifyAccessControl"}), getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        AccessControlList[] policies = testACManager.getPolicies(this.path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof AccessControlList);
        AccessControlList accessControlList = policies[0];
        if (accessControlList.addAccessControlEntry(this.testUser.getPrincipal(), new Privilege[]{testACManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}lockManagement")})) {
            testACManager.setPolicy(this.path, accessControlList);
            testSession.save();
        }
    }

    public void testRetrievePrivilegesOnAcNodes() throws NotExecutableException, RepositoryException {
        checkReadOnly(this.path);
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"});
        givePrivileges(this.path, privilegesFromNames, getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromNames));
        AccessControlPolicy[] policies = testACManager.getPolicies(this.path);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        String str = null;
        NodeIterator nodes = this.superuser.getNode(this.path).getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (nextNode.isNodeType("rep:Policy")) {
                str = nextNode.getPath();
            }
        }
        if (str == null) {
            fail("Expected node at " + this.path + " to have an ACL child node.");
        }
        assertTrue(testACManager.hasPrivileges(str, privilegesFromNames));
        assertTrue(testSession.hasPermission(str, "read"));
        NodeIterator nodes2 = this.superuser.getNode(str).getNodes();
        while (nodes2.hasNext()) {
            String path = nodes2.nextNode().getPath();
            assertTrue(testACManager.hasPrivileges(path, privilegesFromNames));
            assertTrue(testSession.hasPermission(path, "read"));
        }
    }

    public void testReadAccessControl() throws NotExecutableException, RepositoryException {
        checkReadOnly(this.path);
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"});
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), this.vf.createValue("/" + this.nodeName2));
        givePrivileges(this.path, privilegesFromNames, hashMap);
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromNames));
        try {
            testACManager.getPolicies(this.path);
            fail("AccessDeniedException expected");
        } catch (AccessDeniedException e) {
        }
        assertTrue(testACManager.hasPrivileges(this.childNPath, privilegesFromNames));
        assertEquals(0, testACManager.getPolicies(this.childNPath).length);
        String str = null;
        NodeIterator nodes = this.superuser.getNode(this.path).getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (nextNode.isNodeType("rep:Policy")) {
                str = nextNode.getPath();
            }
        }
        if (str == null) {
            fail("Expected node at " + this.path + " to have an ACL child node.");
        }
        assertFalse(testSession.nodeExists(str));
        NodeIterator nodes2 = this.superuser.getNode(str).getNodes();
        while (nodes2.hasNext()) {
            Node nextNode2 = nodes2.nextNode();
            assertFalse(testSession.nodeExists(nextNode2.getPath()));
            PropertyIterator properties = nextNode2.getProperties();
            while (properties.hasNext()) {
                assertFalse(testSession.propertyExists(properties.nextProperty().getPath()));
            }
        }
    }
}
