package org.apache.jackrabbit.core.security.authorization;

import java.security.Principal;
import java.util.Collections;
import java.util.Map;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/AbstractACLTemplateTest.class */
public abstract class AbstractACLTemplateTest extends AbstractAccessControlTest {
    protected Principal testPrincipal;
    protected PrincipalManager pMgr;

    protected void setUp() throws Exception {
        super.setUp();
        if (!(this.superuser instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        this.pMgr = this.superuser.getPrincipalManager();
        PrincipalIterator principals = this.pMgr.getPrincipals(1);
        if (!principals.hasNext()) {
            throw new NotExecutableException();
        }
        this.testPrincipal = principals.nextPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void assertSamePrivileges(Privilege[] privilegeArr, Privilege[] privilegeArr2) throws AccessControlException {
        assertEquals(PrivilegeRegistry.getBits(privilegeArr), PrivilegeRegistry.getBits(privilegeArr2));
    }

    protected abstract String getTestPath();

    protected abstract JackrabbitAccessControlList createEmptyTemplate(String str) throws RepositoryException;

    protected abstract Principal getSecondPrincipal() throws Exception;

    public void testEmptyTemplate() throws RepositoryException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        assertNotNull(createEmptyTemplate.getAccessControlEntries());
        assertTrue(createEmptyTemplate.getAccessControlEntries().length == 0);
        assertTrue(createEmptyTemplate.size() == createEmptyTemplate.getAccessControlEntries().length);
        assertTrue(createEmptyTemplate.isEmpty());
    }

    public void testGetPath() throws RepositoryException {
        assertEquals(getTestPath(), createEmptyTemplate(getTestPath()).getPath());
    }

    public void testAddInvalidEntry() throws RepositoryException, NotExecutableException {
        if (this.pMgr.hasPrincipal("an unknown principal")) {
            throw new NotExecutableException();
        }
        TestPrincipal testPrincipal = new TestPrincipal("an unknown principal");
        try {
            createEmptyTemplate(getTestPath()).addAccessControlEntry(testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"));
            fail("Adding an ACE with an unknown principal should fail");
        } catch (AccessControlException e) {
        }
    }

    public void testAddInvalidEntry2() throws RepositoryException {
        try {
            createEmptyTemplate(getTestPath()).addAccessControlEntry(this.testPrincipal, new Privilege[0]);
            fail("Adding an ACE with invalid privileges should fail");
        } catch (AccessControlException e) {
        }
    }

    public void testRemoveInvalidEntry() throws RepositoryException {
        try {
            createEmptyTemplate(getTestPath()).removeAccessControlEntry(new JackrabbitAccessControlEntry() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest.1
                public boolean isAllow() {
                    return false;
                }

                public int getPrivilegeBits() throws RepositoryException, NotExecutableException {
                    return PrivilegeRegistry.getBits(AbstractACLTemplateTest.this.privilegesFromName("{http://www.jcp.org/jcr/1.0}read"));
                }

                public String[] getRestrictionNames() {
                    return new String[0];
                }

                public Value getRestriction(String str) {
                    return null;
                }

                public Principal getPrincipal() {
                    return AbstractACLTemplateTest.this.testPrincipal;
                }

                public Privilege[] getPrivileges() {
                    try {
                        return AbstractACLTemplateTest.this.privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
                    } catch (Exception e) {
                        return new Privilege[0];
                    }
                }
            });
            fail("Passing an unknown ACE should fail");
        } catch (AccessControlException e) {
        }
    }

    public void testRemoveInvalidEntry2() throws RepositoryException {
        try {
            createEmptyTemplate(getTestPath()).removeAccessControlEntry(new JackrabbitAccessControlEntry() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest.2
                public boolean isAllow() {
                    return false;
                }

                public int getPrivilegeBits() {
                    return 0;
                }

                public String[] getRestrictionNames() {
                    return new String[0];
                }

                public Value getRestriction(String str) {
                    return null;
                }

                public Principal getPrincipal() {
                    return AbstractACLTemplateTest.this.testPrincipal;
                }

                public Privilege[] getPrivileges() {
                    return new Privilege[0];
                }
            });
            fail("Passing a ACE with invalid privileges should fail");
        } catch (AccessControlException e) {
        }
    }

    public void testAddEntry() throws RepositoryException, NotExecutableException {
        assertTrue(createEmptyTemplate(getTestPath()).addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), true, Collections.emptyMap()));
    }

    public void testAddEntryTwice() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, Collections.emptyMap());
        assertFalse(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName, true, Collections.emptyMap()));
    }

    public void testEffect() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName);
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false, (Map) null));
        int i = 0;
        int i2 = 0;
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : createEmptyTemplate.getAccessControlEntries()) {
            if (this.testPrincipal.equals(jackrabbitAccessControlEntry.getPrincipal()) && (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry)) {
                int bits = PrivilegeRegistry.getBits(jackrabbitAccessControlEntry.getPrivileges());
                if (jackrabbitAccessControlEntry.isAllow()) {
                    i |= Permission.diff(bits, i2);
                } else {
                    i2 |= Permission.diff(bits, i);
                }
            }
        }
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName), i);
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName2), i2);
    }

    public void testEffect2() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), true, Collections.emptyMap());
        assertTrue(createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), false, Collections.emptyMap()));
        int i = 0;
        int i2 = 0;
        for (JackrabbitAccessControlEntry jackrabbitAccessControlEntry : createEmptyTemplate.getAccessControlEntries()) {
            if (this.testPrincipal.equals(jackrabbitAccessControlEntry.getPrincipal()) && (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry)) {
                int bits = PrivilegeRegistry.getBits(jackrabbitAccessControlEntry.getPrivileges());
                if (jackrabbitAccessControlEntry.isAllow()) {
                    i |= Permission.diff(bits, i2);
                } else {
                    i2 |= Permission.diff(bits, i);
                }
            }
        }
        assertEquals(0, i);
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName("{http://www.jcp.org/jcr/1.0}read")), i2);
    }

    public void testRemoveEntry() throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"));
        createEmptyTemplate.removeAccessControlEntry(createEmptyTemplate.getAccessControlEntries()[0]);
    }

    public void testRemoveNonExisting() throws RepositoryException {
        try {
            createEmptyTemplate(getTestPath()).removeAccessControlEntry(new AccessControlEntry() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractACLTemplateTest.3
                public Principal getPrincipal() {
                    return AbstractACLTemplateTest.this.testPrincipal;
                }

                public Privilege[] getPrivileges() {
                    return new Privilege[0];
                }
            });
            fail("Attemt to remove a non-existing, custom ACE must throw AccessControlException.");
        } catch (AccessControlException e) {
        }
    }

    public void testReorder() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Principal secondPrincipal = getSecondPrincipal();
        AbstractACLTemplate createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName);
        createEmptyTemplate.addEntry(this.testPrincipal, privilegesFromName2, false);
        createEmptyTemplate.addAccessControlEntry(secondPrincipal, privilegesFromName2);
        AccessControlEntry[] accessControlEntries = createEmptyTemplate.getAccessControlEntries();
        assertEquals(3, accessControlEntries.length);
        AccessControlEntry accessControlEntry = accessControlEntries[0];
        AccessControlEntry accessControlEntry2 = accessControlEntries[1];
        AccessControlEntry accessControlEntry3 = accessControlEntries[2];
        createEmptyTemplate.orderBefore(accessControlEntry3, accessControlEntry);
        assertEquals(0, createEmptyTemplate.getEntries().indexOf(accessControlEntry3));
        assertEquals(1, createEmptyTemplate.getEntries().indexOf(accessControlEntry));
        assertEquals(2, createEmptyTemplate.getEntries().indexOf(accessControlEntry2));
        createEmptyTemplate.orderBefore(accessControlEntry, (AccessControlEntry) null);
        assertEquals(0, createEmptyTemplate.getEntries().indexOf(accessControlEntry3));
        assertEquals(1, createEmptyTemplate.getEntries().indexOf(accessControlEntry2));
        assertEquals(2, createEmptyTemplate.getEntries().indexOf(accessControlEntry));
    }

    public void testReorderInvalidElements() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}write");
        Principal secondPrincipal = getSecondPrincipal();
        AbstractACLTemplate createEmptyTemplate = createEmptyTemplate(getTestPath());
        createEmptyTemplate.addAccessControlEntry(this.testPrincipal, privilegesFromName);
        createEmptyTemplate.addAccessControlEntry(secondPrincipal, privilegesFromName2);
        AbstractACLTemplate createEmptyTemplate2 = createEmptyTemplate(getTestPath());
        createEmptyTemplate2.addEntry(this.testPrincipal, privilegesFromName2, false);
        AccessControlEntry accessControlEntry = (AccessControlEntry) createEmptyTemplate2.getEntries().get(0);
        try {
            createEmptyTemplate.orderBefore(accessControlEntry, (AccessControlEntry) createEmptyTemplate.getEntries().get(0));
            fail("src entry not contained in list -> reorder should fail.");
        } catch (AccessControlException e) {
        }
        try {
            createEmptyTemplate.orderBefore((AccessControlEntry) createEmptyTemplate.getEntries().get(0), accessControlEntry);
            fail("dest entry not contained in list -> reorder should fail.");
        } catch (AccessControlException e2) {
        }
    }
}
