package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest;
import org.apache.jackrabbit.core.security.authorization.PrivilegeBits;
import org.apache.jackrabbit.core.security.authorization.acl.ACLTemplate;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/acl/ACLTemplateTest.class */
public class ACLTemplateTest extends AbstractACLTemplateTest {
    private Map<String, Value> emptyRestrictions = Collections.emptyMap();

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest
    protected String getTestPath() {
        return "/ab/c/d";
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest
    protected JackrabbitAccessControlList createEmptyTemplate(String str) throws RepositoryException {
        SessionImpl sessionImpl = this.superuser;
        return new ACLTemplate(str, this.principalMgr, this.privilegeMgr, sessionImpl.getValueFactory(), sessionImpl, false);
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest
    protected Principal getSecondPrincipal() throws Exception {
        return this.principalMgr.getEveryone();
    }

    public void testMultipleEntryEffect() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), true, this.emptyRestrictions);
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}addChildNodes"});
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromNames, true, this.emptyRestrictions));
        assertTrue(createEmptyTemplate.size() == 1);
        assertSamePrivileges(privilegesFromNames, createEmptyTemplate.getAccessControlEntries()[0].getPrivileges());
        assertFalse(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), true, this.emptyRestrictions));
        assertTrue(createEmptyTemplate.size() == 1);
        assertSamePrivileges(privilegesFromNames, createEmptyTemplate.getAccessControlEntries()[0].getPrivileges());
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), false, this.emptyRestrictions));
        assertTrue(createEmptyTemplate.size() == 2);
        assertSamePrivileges(privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), createEmptyTemplate.getAccessControlEntries()[0].getPrivileges());
        assertSamePrivileges(privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), createEmptyTemplate.getAccessControlEntries()[1].getPrivileges());
        createEmptyTemplate.removeAccessControlEntry(createEmptyTemplate.getAccessControlEntries()[1]);
        assertTrue(createEmptyTemplate.size() == 1);
        assertSamePrivileges(privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), createEmptyTemplate.getAccessControlEntries()[0].getPrivileges());
        createEmptyTemplate.removeAccessControlEntry(createEmptyTemplate.getAccessControlEntries()[0]);
        assertTrue(createEmptyTemplate.isEmpty());
    }

    public void testMultipleEntryEffect2() throws RepositoryException, NotExecutableException {
        Privilege privilegeFromName = getAccessControlManager(this.superuser).privilegeFromName("{internal}write");
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, new Privilege[]{privilegeFromName});
        Privilege privilegeFromName2 = getAccessControlManager(this.superuser).privilegeFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, new Privilege[]{privilegeFromName2}, false, (Map) null));
        assertTrue(createEmptyTemplate.size() == 2);
        for (ACLTemplate.Entry entry : createEmptyTemplate.getAccessControlEntries()) {
            PrivilegeBits privilegeBits = entry.getPrivilegeBits();
            if (entry.isAllow()) {
                assertEquals(privilegeBits, this.privilegeMgr.getBits(privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode"})));
            } else {
                assertEquals(privilegeBits, this.privilegeMgr.getBits(new Privilege[]{privilegeFromName2}));
            }
        }
    }

    public void testMultiplePrincipals() throws RepositoryException, NotExecutableException {
        PrincipalManager principalManager = this.superuser.getPrincipalManager();
        Principal everyone = principalManager.getEveryone();
        GroupPrincipal groupPrincipal = null;
        PrincipalIterator findPrincipals = principalManager.findPrincipals("", 2);
        while (findPrincipals.hasNext()) {
            GroupPrincipal nextPrincipal = findPrincipals.nextPrincipal();
            if (!everyone.equals(nextPrincipal)) {
                groupPrincipal = nextPrincipal;
            }
        }
        if (groupPrincipal == null || groupPrincipal.equals(everyone)) {
            throw new NotExecutableException();
        }
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName);
        assertFalse(createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName));
        assertTrue(createEmptyTemplate.addAccessControlEntry(everyone, privilegesFromName));
        assertTrue(createEmptyTemplate.getAccessControlEntries().length == 2);
    }

    public void testSetEntryForGroupPrincipal() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        GroupPrincipal everyone = this.principalMgr.getEveryone();
        assertTrue(createEmptyTemplate.addAccessControlEntry(everyone, privilegesFromName));
        createEmptyTemplate.addEntry(everyone, privilegesFromName, false, (Map) null);
    }

    public void testRevokeEffect() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false, this.emptyRestrictions));
        assertEquals(1, createEmptyTemplate.size());
        assertSamePrivileges(privilegesFromName, createEmptyTemplate.getAccessControlEntries()[0].getPrivileges());
    }

    public void testUpdateEntry() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Principal everyone = this.principalMgr.getEveryone();
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(everyone, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, this.emptyRestrictions);
        createEmptyTemplate.addEntry(everyone, privilegesFromName2, true, this.emptyRestrictions);
        JackrabbitAccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertEquals(3, accessControlEntries.length);
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[1];
        assertEquals(everyone, jackrabbitAccessControlEntry.getPrincipal());
        assertTrue(jackrabbitAccessControlEntry.isAllow());
        assertSamePrivileges(new Privilege[]{privilegesFromName[0], privilegesFromName2[0]}, jackrabbitAccessControlEntry.getPrivileges());
    }

    public void testUpdateComplementaryEntry() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Principal everyone = this.principalMgr.getEveryone();
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(everyone, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, this.emptyRestrictions);
        createEmptyTemplate.addEntry(everyone, privilegesFromName2, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false, this.emptyRestrictions);
        JackrabbitAccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertEquals(2, accessControlEntries.length);
        assertEquals(everyone, accessControlEntries[0].getPrincipal());
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[1];
        assertEquals(this.testPrincipal, jackrabbitAccessControlEntry.getPrincipal());
        assertFalse(jackrabbitAccessControlEntry.isAllow());
        assertSamePrivileges(new Privilege[]{privilegesFromName[0], privilegesFromName2[0]}, jackrabbitAccessControlEntry.getPrivileges());
    }

    public void testTwoEntriesPerPrincipal() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Privilege[] privilegesFromName3 = privilegesFromName("{http://www.jcp.org/jcr/1.0}readAccessControl");
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName3, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false, this.emptyRestrictions);
        createEmptyTemplate.addEntry(new PrincipalImpl(this.testPrincipal.getName()), privilegesFromName, false, this.emptyRestrictions);
        createEmptyTemplate.addEntry(new Principal() { // from class: org.apache.jackrabbit.core.security.authorization.acl.ACLTemplateTest.1
            @Override // java.security.Principal
            public String getName() {
                return ACLTemplateTest.this.testPrincipal.getName();
            }
        }, privilegesFromName, false, this.emptyRestrictions);
        assertEquals(2, createEmptyTemplate.getAccessControlEntries().length);
    }

    public void testNewEntriesAppendedAtEnd() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.principalMgr.getEveryone(), privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, this.emptyRestrictions);
        JackrabbitAccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertEquals(3, accessControlEntries.length);
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[2];
        assertEquals(this.testPrincipal, jackrabbitAccessControlEntry.getPrincipal());
        assertEquals(false, jackrabbitAccessControlEntry.isAllow());
        assertEquals(privilegesFromName2[0], jackrabbitAccessControlEntry.getPrivileges()[0]);
    }

    public void testRestrictions() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        String jCRName = this.superuser.getJCRName(ACLTemplate.P_GLOB);
        String[] restrictionNames = createEmptyTemplate.getRestrictionNames();
        assertNotNull(restrictionNames);
        assertEquals(1, restrictionNames.length);
        assertEquals(jCRName, restrictionNames[0]);
        assertEquals(1, createEmptyTemplate.getRestrictionType(restrictionNames[0]));
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        assertTrue(createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName));
        assertEquals(1, createEmptyTemplate.getAccessControlEntries().length);
        assertFalse(createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName));
        assertEquals(1, createEmptyTemplate.getAccessControlEntries().length);
        assertFalse(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true));
        assertEquals(1, createEmptyTemplate.getAccessControlEntries().length);
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false));
        assertEquals(1, createEmptyTemplate.getAccessControlEntries().length);
        Map singletonMap = Collections.singletonMap(jCRName, this.superuser.getValueFactory().createValue("/.*"));
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false, singletonMap));
        assertEquals(2, createEmptyTemplate.getAccessControlEntries().length);
        assertFalse(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, false, singletonMap));
        assertEquals(2, createEmptyTemplate.getAccessControlEntries().length);
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, singletonMap));
        assertEquals(2, createEmptyTemplate.getAccessControlEntries().length);
    }

    public void testInsertionOrder() throws Exception {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Privilege[] privilegesFromName3 = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        Map singletonMap = Collections.singletonMap(this.superuser.getJCRName(ACLTemplate.P_GLOB), this.superuser.getValueFactory().createValue("/.*"));
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName3, true, singletonMap);
        AccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertTrue(Arrays.equals(privilegesFromName, accessControlEntries[0].getPrivileges()));
        assertTrue(Arrays.equals(privilegesFromName2, accessControlEntries[1].getPrivileges()));
        assertTrue(Arrays.equals(privilegesFromName3, accessControlEntries[2].getPrivileges()));
    }

    public void testInsertionOrder2() throws Exception {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Privilege[] privilegesFromName3 = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        Map singletonMap = Collections.singletonMap(this.superuser.getJCRName(ACLTemplate.P_GLOB), this.superuser.getValueFactory().createValue("/.*"));
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, this.emptyRestrictions);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName3, true, singletonMap);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, this.emptyRestrictions);
        AccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertTrue(Arrays.equals(privilegesFromName, accessControlEntries[0].getPrivileges()));
        assertTrue(Arrays.equals(privilegesFromName3, accessControlEntries[1].getPrivileges()));
        assertTrue(Arrays.equals(privilegesFromName2, accessControlEntries[2].getPrivileges()));
    }
}
