package org.apache.jackrabbit.core.security.authorization;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/JackrabbitAccessControlListTest.class */
public class JackrabbitAccessControlListTest extends AbstractAccessControlTest {
    private JackrabbitAccessControlList templ;
    private PrivilegeManagerImpl privilegeMgr;

    protected void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        this.superuser.save();
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(addNode.getPath());
        while (applicablePolicies.hasNext() && this.templ == null) {
            JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                this.templ = nextAccessControlPolicy;
            }
        }
        if (this.templ == null) {
            this.superuser.logout();
            throw new NotExecutableException("No JackrabbitAccessControlList to test.");
        }
        this.privilegeMgr = this.superuser.getWorkspace().getPrivilegeManager();
    }

    protected void tearDown() throws Exception {
        this.superuser.refresh(false);
        super.tearDown();
    }

    private Principal getValidPrincipal() throws NotExecutableException, RepositoryException {
        if (!(this.superuser instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        PrincipalIterator principals = this.superuser.getPrincipalManager().getPrincipals(1);
        if (principals.hasNext()) {
            return principals.nextPrincipal();
        }
        throw new NotExecutableException();
    }

    public void testGetRestrictionNames() throws RepositoryException {
        assertNotNull(this.templ.getRestrictionNames());
    }

    public void testGetRestrictionType() throws RepositoryException {
        for (String str : this.templ.getRestrictionNames()) {
            assertTrue(this.templ.getRestrictionType(str) > 0);
        }
    }

    public void testIsEmpty() throws RepositoryException {
        if (this.templ.isEmpty()) {
            assertEquals(0, this.templ.getAccessControlEntries().length);
        } else {
            assertTrue(this.templ.getAccessControlEntries().length > 0);
        }
    }

    public void testSize() {
        if (this.templ.isEmpty()) {
            assertEquals(0, this.templ.size());
        } else {
            assertTrue(this.templ.size() > 0);
        }
    }

    public void testAddEntry() throws NotExecutableException, RepositoryException {
        Principal validPrincipal = getValidPrincipal();
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}all");
        List asList = Arrays.asList(this.templ.getAccessControlEntries());
        if (!this.templ.addEntry(validPrincipal, privilegesFromName, true, Collections.emptyMap())) {
            assertEquals("Grant ALL not successful -> entries must not have changed.", asList, Arrays.asList(this.templ.getAccessControlEntries()));
            return;
        }
        JackrabbitAccessControlEntry[] accessControlEntries = this.templ.getAccessControlEntries();
        if (accessControlEntries.length == 0) {
            fail("GrantPrivileges was successful -> at least 1 entry for principal.");
        }
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : accessControlEntries) {
            PrivilegeBits bits = this.privilegeMgr.getBits(jackrabbitAccessControlEntry.getPrivileges());
            if ((jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) && jackrabbitAccessControlEntry.isAllow()) {
                privilegeBits.add(bits);
            }
        }
        assertEquals(this.privilegeMgr.getBits(privilegesFromName), privilegeBits);
    }

    public void testAddEntry2() throws NotExecutableException, RepositoryException {
        Principal validPrincipal = getValidPrincipal();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        this.templ.addEntry(validPrincipal, privilegesFromName, true, Collections.emptyMap());
        JackrabbitAccessControlEntry[] accessControlEntries = this.templ.getAccessControlEntries();
        assertTrue("GrantPrivileges was successful -> at least 1 entry for principal.", accessControlEntries.length > 0);
        PrivilegeBits privilegeBits = PrivilegeBits.getInstance();
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : accessControlEntries) {
            PrivilegeBits bits = this.privilegeMgr.getBits(jackrabbitAccessControlEntry.getPrivileges());
            if ((jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) && jackrabbitAccessControlEntry.isAllow()) {
                privilegeBits.add(bits);
            }
        }
        assertTrue("After successfully granting WRITE, the entries must reflect this", privilegeBits.includes(this.privilegeMgr.getBits(privilegesFromName)));
    }

    public void testAllowWriteDenyRemove() throws NotExecutableException, RepositoryException {
        Principal validPrincipal = getValidPrincipal();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes");
        this.templ.addEntry(validPrincipal, privilegesFromName, true, Collections.emptyMap());
        this.templ.addEntry(validPrincipal, privilegesFromName2, false, Collections.emptyMap());
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : this.templ.getAccessControlEntries()) {
            if (validPrincipal.equals(jackrabbitAccessControlEntry.getPrincipal()) && (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry)) {
                JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = jackrabbitAccessControlEntry;
                Privilege[] privileges = jackrabbitAccessControlEntry2.getPrivileges();
                if (jackrabbitAccessControlEntry2.isAllow()) {
                    hashSet.addAll(Arrays.asList(privileges));
                } else {
                    hashSet2.addAll(Arrays.asList(privileges));
                }
            }
        }
        String[] strArr = {"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}modifyProperties", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"};
        assertEquals(strArr.length, hashSet.size());
        for (String str : strArr) {
            assertTrue(hashSet.contains(this.acMgr.privilegeFromName(str)));
        }
        assertEquals(1, hashSet2.size());
        assertEquals(this.acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), hashSet2.iterator().next());
    }

    public void testRemoveEntry() throws NotExecutableException, RepositoryException {
        this.templ.addEntry(getValidPrincipal(), privilegesFromName("{internal}write"), true, Collections.emptyMap());
        AccessControlEntry[] accessControlEntries = this.templ.getAccessControlEntries();
        int length = accessControlEntries.length;
        assertTrue("Grant was both successful -> at least 1 entry.", length > 0);
        for (AccessControlEntry accessControlEntry : accessControlEntries) {
            this.templ.removeAccessControlEntry(accessControlEntry);
            length--;
            assertEquals(length, this.templ.size());
            assertEquals(length, this.templ.getAccessControlEntries().length);
        }
        assertTrue(this.templ.isEmpty());
        assertEquals(0, this.templ.size());
        assertEquals(0, this.templ.getAccessControlEntries().length);
    }
}
