package org.apache.jackrabbit.core.security.authorization.principalbased;

import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.authorization.AbstractEffectivePolicyTest;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/principalbased/EffectivePolicyTest.class */
public class EffectivePolicyTest extends AbstractEffectivePolicyTest {
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    protected boolean isExecutable() {
        return EvaluationUtil.isExecutable(this.superuser, this.acMgr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public JackrabbitAccessControlList getPolicy(AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        return EvaluationUtil.getPolicy(accessControlManager, str, principal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public Map<String, Value> getRestrictions(Session session, String str) throws RepositoryException, NotExecutableException {
        return EvaluationUtil.getRestrictions(session, str);
    }

    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"});
        JackrabbitAccessControlManager jackrabbitAccessControlManager = this.acMgr;
        Principal everyone = this.superuser.getPrincipalManager().getEveryone();
        JackrabbitAccessControlPolicy[] effectivePolicies = jackrabbitAccessControlManager.getEffectivePolicies(Collections.singleton(everyone));
        assertNotNull(effectivePolicies);
        assertEquals(1, effectivePolicies.length);
        assertTrue(effectivePolicies[0] instanceof JackrabbitAccessControlPolicy);
        JackrabbitAccessControlPolicy jackrabbitAccessControlPolicy = effectivePolicies[0];
        assertFalse(jackrabbitAccessControlManager.hasPrivileges(jackrabbitAccessControlPolicy.getPath(), Collections.singleton(this.testUser.getPrincipal()), privilegesFromNames));
        assertFalse(jackrabbitAccessControlManager.hasPrivileges(jackrabbitAccessControlPolicy.getPath(), Collections.singleton(everyone), privilegesFromNames));
        JackrabbitAccessControlPolicy[] applicablePolicies = jackrabbitAccessControlManager.getApplicablePolicies(this.testUser.getPrincipal());
        if (applicablePolicies.length == 0) {
            applicablePolicies = jackrabbitAccessControlManager.getPolicies(this.testUser.getPrincipal());
        }
        assertNotNull(applicablePolicies);
        assertEquals(1, applicablePolicies.length);
        assertTrue(applicablePolicies[0] instanceof JackrabbitAccessControlList);
        JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) applicablePolicies[0];
        jackrabbitAccessControlList.addEntry(this.testUser.getPrincipal(), privilegesFromNames, true, getRestrictions(this.superuser, jackrabbitAccessControlList.getPath()));
        jackrabbitAccessControlManager.setPolicy(jackrabbitAccessControlList.getPath(), jackrabbitAccessControlList);
        this.superuser.save();
        SessionImpl testSession = getTestSession();
        JackrabbitAccessControlManager testACManager = getTestACManager();
        testACManager.getEffectivePolicies(Collections.singleton(this.testUser.getPrincipal()));
        try {
            testACManager.getEffectivePolicies(testSession.getSubject().getPrincipals());
            fail();
        } catch (AccessDeniedException e) {
        }
    }

    public void testEffectivePoliciesByPath() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"});
        givePrivileges(this.path, privilegesFromNames, getRestrictions(this.superuser, this.path));
        getTestSession();
        AccessControlManager testACManager = getTestACManager();
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromNames));
        AccessControlPolicy[] policies = testACManager.getPolicies(this.path);
        assertNotNull(policies);
        assertEquals(0, policies.length);
        try {
            testACManager.getEffectivePolicies(this.path);
            fail();
        } catch (AccessDeniedException e) {
        }
    }
}
