package org.apache.jackrabbit.core.security.authorization;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashMap;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.ValueFactory;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.observation.Event;
import javax.jcr.observation.ObservationManager;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.core.UserTransactionImpl;
import org.apache.jackrabbit.test.JUnitTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.observation.EventResult;
import org.apache.jackrabbit.util.Text;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/AbstractWriteTest.class */
public abstract class AbstractWriteTest extends AbstractEvaluationTest {
    protected static final long DEFAULT_WAIT_TIMEOUT = 5000;
    protected String path;
    protected String childNPath;
    protected String childNPath2;
    protected String childPPath;
    protected String childchildPPath;
    protected String siblingPath;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        Node addNode2 = addNode.addNode(this.nodeName2, this.testNodeType);
        Property property = addNode.setProperty(this.propertyName1, "anyValue");
        Node addNode3 = addNode.addNode(this.nodeName3, this.testNodeType);
        Property property2 = addNode2.setProperty(this.propertyName1, "childNodeProperty");
        Node addNode4 = this.testRootNode.addNode(this.nodeName2, this.testNodeType);
        this.superuser.save();
        this.path = addNode.getPath();
        this.childNPath = addNode2.getPath();
        this.childNPath2 = addNode3.getPath();
        this.childPPath = property.getPath();
        this.childchildPPath = property2.getPath();
        this.siblingPath = addNode4.getPath();
    }

    public void testGrantedPermissions() throws RepositoryException, AccessDeniedException, NotExecutableException {
        checkReadOnly(this.path);
        givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}modifyProperties"}), getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        String str = this.path + "/anyItem";
        assertTrue(testSession.hasPermission(str, "read,add_node,set_property"));
        assertFalse(testSession.hasPermission(str, "remove"));
        Node node = testSession.getNode(this.path);
        node.addNode(this.nodeName3);
        testSession.save();
        testSession.getProperty(this.childPPath).remove();
        testSession.save();
        node.setProperty(Text.getName(this.childPPath), "othervalue");
        testSession.save();
        try {
            testSession.getNode(this.childNPath).remove();
            testSession.save();
            fail("test-user is not allowed to remove a node below " + this.path);
        } catch (AccessDeniedException e) {
        }
        assertTrue(testSession.hasPermission(this.path, "read"));
        assertFalse(testSession.hasPermission(this.path, "add_node,set_property,remove"));
        checkReadOnly(this.siblingPath);
    }

    public void testDeniedPermission() throws RepositoryException, NotExecutableException, InterruptedException {
        checkReadOnly(this.path);
        withdrawPrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), getRestrictions(this.superuser, this.childNPath));
        Session testSession = getTestSession();
        assertTrue(testSession.hasPermission(this.path, "read"));
        Node node = testSession.getNode(this.path);
        testSession.getNode(this.childNPath2);
        assertTrue(node.getProperties().hasNext());
        assertFalse(testSession.itemExists(this.childNPath));
        try {
            testSession.getNode(this.childNPath);
            fail("Read access has been denied -> cannot retrieve child node.");
        } catch (PathNotFoundException e) {
        }
        assertFalse(testSession.itemExists(this.childchildPPath));
        try {
            testSession.getItem(this.childchildPPath);
            fail("Read access has been denied -> cannot retrieve prop below child node.");
        } catch (PathNotFoundException e2) {
        }
    }

    public void testAccessControlRead() throws NotExecutableException, RepositoryException {
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        JackrabbitAccessControlList givePrivileges = givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), getRestrictions(this.superuser, this.path));
        assertTrue(this.superuser.itemExists(givePrivileges.getPath() + "/rep:policy"));
        Session testSession = getTestSession();
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}readAccessControl")));
        assertFalse(testSession.itemExists(this.path + "/rep:policy"));
        Node node = testSession.getNode(givePrivileges.getPath());
        assertFalse(node.hasNode("rep:policy"));
        try {
            node.getNode("rep:policy");
            fail("Accessing the rep:policy node must throw PathNotFoundException.");
        } catch (PathNotFoundException e) {
        }
        try {
            testACManager.removePolicy(this.path, new AccessControlPolicy() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractWriteTest.1
            });
            fail("Test user must not be allowed to remove the access control policy.");
        } catch (AccessDeniedException e2) {
        }
    }

    public void testAccessControlModification() throws RepositoryException, NotExecutableException {
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        Session testSession = getTestSession();
        JackrabbitAccessControlList givePrivileges = givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}modifyProperties"}), getRestrictions(this.superuser, this.path));
        assertTrue(this.superuser.itemExists(givePrivileges.getPath() + "/rep:policy"));
        assertFalse(testSession.itemExists(givePrivileges.getPath() + "/rep:policy"));
        try {
            testACManager.getPolicies(givePrivileges.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e) {
        }
        try {
            testACManager.getEffectivePolicies(givePrivileges.getPath());
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e2) {
        }
        try {
            testACManager.getEffectivePolicies(this.path);
            fail("test user must not have READ_AC privilege.");
        } catch (AccessDeniedException e3) {
        }
        try {
            testACManager.removePolicy(givePrivileges.getPath(), new AccessControlPolicy() { // from class: org.apache.jackrabbit.core.security.authorization.AbstractWriteTest.2
            });
            fail("test user must not have MODIFY_AC privilege.");
        } catch (AccessDeniedException e4) {
        }
    }

    public void testWithDrawRead() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        givePrivileges(this.path, privilegesFromName("{internal}write"), getRestrictions(this.superuser, this.path));
        withdrawPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), getRestrictions(this.superuser, this.path));
        Session session = null;
        try {
            session = getHelper().getRepository().login(this.creds);
            assertFalse(session.itemExists(this.path));
            if (session != null) {
                session.logout();
            }
        } catch (Throwable th) {
            if (session != null) {
                session.logout();
            }
            throw th;
        }
    }

    public void testEventGeneration() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        Session testSession = getTestSession();
        withdrawPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), getRestrictions(this.superuser, this.path));
        ObservationManager observationManager = testSession.getWorkspace().getObservationManager();
        EventResult eventResult = new EventResult(((JUnitTest) this).log);
        try {
            observationManager.addEventListener(eventResult, 2, this.path, true, new String[0], new String[0], true);
            this.superuser.getItem(this.childNPath).remove();
            this.superuser.save();
            observationManager.removeEventListener(eventResult);
            for (Event event : eventResult.getEvents(DEFAULT_WAIT_TIMEOUT)) {
                if (event.getType() == 2 && event.getPath().equals(this.childNPath)) {
                    fail("TestUser does not have READ permission below " + this.path + " -> events below must not show up.");
                }
            }
        } finally {
            observationManager.removeEventListener(eventResult);
        }
    }

    public void testInheritance() throws RepositoryException, NotExecutableException {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}modifyProperties"}), getRestrictions(this.superuser, this.path));
        givePrivileges(this.childNPath, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes"}), getRestrictions(this.superuser, this.childNPath));
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}modifyProperties"});
        assertTrue(testACManager.hasPrivileges(this.childNPath, privilegesFromNames));
        assertTrue(testSession.hasPermission(this.childNPath, "set_property,read"));
        assertFalse(testSession.hasPermission(this.childNPath, "remove,add_node"));
        assertTrue(testSession.hasPermission(this.childNPath + "/anyItem", "set_property,read,remove,add_node"));
        String path = testSession.getNode(this.childNPath).addNode(this.nodeName2).getPath();
        assertTrue(testACManager.hasPrivileges(path, privilegesFromNames));
        testSession.save();
        assertTrue(testACManager.hasPrivileges(path, privilegesFromNames));
    }

    public void testRemovePermission() throws NotExecutableException, RepositoryException {
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Session testSession = getTestSession();
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), getRestrictions(this.superuser, this.path));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
    }

    public void testRemovePermission2() throws NotExecutableException, RepositoryException {
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Session testSession = getTestSession();
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode"), getRestrictions(this.superuser, this.path));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
    }

    public void testRemovePermission3() throws NotExecutableException, RepositoryException {
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Session testSession = getTestSession();
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode"});
        givePrivileges(this.path, privilegesFromNames, getRestrictions(this.superuser, this.path));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertTrue(testSession.hasPermission(this.childNPath, "remove"));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromNames));
        assertTrue(testACManager.hasPrivileges(this.childNPath, privilegesFromNames));
    }

    public void testRemovePermission4() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        givePrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        givePrivileges(this.childNPath, privilegesFromName2, getRestrictions(this.superuser, this.childNPath));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertTrue(testSession.hasPermission(this.childNPath, "remove"));
        assertTrue(testACManager.hasPrivileges(this.childNPath, new Privilege[]{privilegesFromName[0], privilegesFromName2[0]}));
    }

    public void testRemovePermission5() throws NotExecutableException, RepositoryException {
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        givePrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode"), getRestrictions(this.superuser, this.childNPath));
        assertFalse(getTestSession().hasPermission(this.childNPath, "remove"));
    }

    public void testRemovePermission6() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode"});
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        givePrivileges(this.path, privilegesFromNames, getRestrictions(this.superuser, this.path));
        withdrawPrivileges(this.childNPath, privilegesFromName, getRestrictions(this.superuser, this.childNPath));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
        assertTrue(testACManager.hasPrivileges(this.childNPath, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}removeChildNodes"})));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode")));
    }

    public void testRemovePermission7() throws NotExecutableException, RepositoryException {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        withdrawPrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        givePrivileges(this.childNPath, privilegesFromName2, getRestrictions(this.superuser, this.childNPath));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
        givePrivileges(this.childNPath, privilegesFromName, getRestrictions(this.superuser, this.childNPath));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
        assertTrue(testACManager.hasPrivileges(this.childNPath, new Privilege[]{privilegesFromName[0], privilegesFromName2[0]}));
    }

    public void testRemovePermission8() throws NotExecutableException, RepositoryException {
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        givePrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        withdrawPrivileges(this.path, privilegesFromName2, getRestrictions(this.superuser, this.path));
        givePrivileges(this.childNPath, privilegesFromName2, getRestrictions(this.superuser, this.childNPath));
        assertTrue(getTestSession().hasPermission(this.childNPath, "remove"));
        assertTrue(testACManager.hasPrivileges(this.childNPath, new Privilege[]{privilegesFromName[0], privilegesFromName2[0]}));
    }

    public void testSessionMove() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Session testSession = getTestSession();
        String str = this.path + "/" + this.nodeName1;
        givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"}), getRestrictions(this.superuser, this.path));
        try {
            testSession.move(this.childNPath, str);
            testSession.save();
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e) {
        }
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), getRestrictions(this.superuser, this.path));
        try {
            testSession.move(this.childNPath, str);
            testSession.save();
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e2) {
        }
        givePrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode"), getRestrictions(this.superuser, this.childNPath));
        testSession.move(this.childNPath, str);
        testSession.save();
        withdrawPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), getRestrictions(this.superuser, this.path));
        try {
            testSession.move(str, this.childNPath);
            testSession.save();
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e3) {
        }
    }

    public void testWorkspaceMove() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Session testSession = getTestSession();
        String str = this.path + "/" + this.nodeName1;
        givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"}), getRestrictions(this.superuser, this.path));
        try {
            testSession.getWorkspace().move(this.childNPath, str);
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e) {
        }
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), getRestrictions(this.superuser, this.path));
        try {
            testSession.getWorkspace().move(this.childNPath, str);
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e2) {
        }
        givePrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode"), getRestrictions(this.superuser, this.childNPath));
        testSession.getWorkspace().move(this.childNPath, str);
        withdrawPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), getRestrictions(this.superuser, this.path));
        try {
            testSession.getWorkspace().move(str, this.childNPath);
            fail("Move requires add and remove permission.");
        } catch (AccessDeniedException e3) {
        }
    }

    public void testGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        givePrivileges(this.path, testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties"), getRestrictions(this.superuser, this.path));
        assertTrue(getTestSession().hasPermission(this.path, "set_property,read"));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties")));
    }

    public void testMixedUserGroupPermissions() throws NotExecutableException, RepositoryException {
        Group testGroup = getTestGroup();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        withdrawPrivileges(this.path, this.testUser.getPrincipal(), privilegesFromName, getRestrictions(this.superuser, this.path));
        givePrivileges(this.path, testGroup.getPrincipal(), privilegesFromName, getRestrictions(this.superuser, this.path));
        assertFalse(getTestSession().hasPermission(this.path, "set_property"));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties")));
    }

    public void testInheritanceAndMixedUserGroupPermissions() throws RepositoryException, NotExecutableException {
        Group testGroup = getTestGroup();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        givePrivileges(this.path, testGroup.getPrincipal(), privilegesFromName, getRestrictions(this.superuser, this.path));
        withdrawPrivileges(this.path, this.testUser.getPrincipal(), privilegesFromName, getRestrictions(this.superuser, this.path));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties")));
        givePrivileges(this.childNPath, testGroup.getPrincipal(), privilegesFromName, getRestrictions(this.superuser, this.path));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties")));
    }

    public void testNewNodes() throws RepositoryException, NotExecutableException {
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        Node node = this.superuser.getNode(this.path);
        for (int i = 0; i < 5; i++) {
            node = node.addNode(this.nodeName2, this.testNodeType);
        }
        this.superuser.save();
        String path = node.getPath();
        assertEquals(PrivilegeRegistry.getBits(privilegesFromName("{http://www.jcp.org/jcr/1.0}read")), PrivilegeRegistry.getBits(testACManager.getPrivileges(path)));
        getTestSession().checkPermission(path, "read");
    }

    public void testNonExistingItem() throws RepositoryException, NotExecutableException {
        Session testSession = getTestSession();
        String path = testSession.getRootNode().getPath();
        checkReadOnly(path);
        testSession.checkPermission(path + "nonExistingItem", "read");
    }

    public void testACItemsAreProtected() throws NotExecutableException, RepositoryException {
        Node findPolicyNode = findPolicyNode(this.superuser.getRootNode());
        if (findPolicyNode == null) {
            throw new NotExecutableException("no policy node found.");
        }
        assertTrue("The rep:Policy node must be protected", findPolicyNode.getDefinition().isProtected());
        try {
            findPolicyNode.remove();
            fail("rep:Policy node must be protected.");
        } catch (ConstraintViolationException e) {
        }
        NodeIterator nodes = findPolicyNode.getNodes();
        while (nodes.hasNext()) {
            Node nextNode = nodes.nextNode();
            if (nextNode.isNodeType("rep:ACE")) {
                try {
                    nextNode.remove();
                    fail("ACE node must be protected.");
                    break;
                } catch (ConstraintViolationException e2) {
                }
            }
        }
        try {
            findPolicyNode.setProperty("test", "anyvalue");
            fail("rep:policy node must be protected.");
        } catch (ConstraintViolationException e3) {
        }
        try {
            findPolicyNode.addNode("test", "rep:ACE");
            fail("rep:policy node must be protected.");
        } catch (ConstraintViolationException e4) {
        }
    }

    public void testAddChildNodePrivilege() throws RepositoryException, NotExecutableException {
        checkReadOnly(this.path);
        Node addNode = this.superuser.getNode(this.path).addNode(this.nodeName2, this.testNodeType);
        this.superuser.save();
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        assertFalse(testSession.hasPermission(this.path, "add_node"));
        assertTrue(testSession.hasPermission(this.path + "/anychild", "add_node"));
        assertTrue(testSession.hasPermission(addNode.getPath(), "add_node"));
    }

    public void testAclReferingToRemovedPrincipal() throws NotExecutableException, RepositoryException {
        String path = givePrivileges(this.path, privilegesFromName("{internal}write"), getRestrictions(this.superuser, this.path)).getPath();
        this.testUser.remove();
        if (!getUserManager(this.superuser).isAutoSave() && this.superuser.hasPendingChanges()) {
            this.superuser.save();
        }
        this.testUser = null;
        Session superuserSession = getHelper().getSuperuserSession();
        try {
            getAccessControlManager(superuserSession).getPolicies(path);
            superuserSession.logout();
        } catch (Throwable th) {
            superuserSession.logout();
            throw th;
        }
    }

    public void testSingleDenyAfterAllAllowed() throws NotExecutableException, RepositoryException {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}all");
        givePrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}lockManagement");
        withdrawPrivileges(this.path, privilegesFromName2, getRestrictions(this.superuser, this.path));
        AccessControlManager accessControlManager = getTestSession().getAccessControlManager();
        assertFalse(accessControlManager.hasPrivileges(this.path, privilegesFromName));
        assertFalse(accessControlManager.hasPrivileges(this.path, privilegesFromName2));
        ArrayList arrayList = new ArrayList(Arrays.asList(privilegesFromName[0].getAggregatePrivileges()));
        arrayList.remove(privilegesFromName2[0]);
        assertTrue(accessControlManager.hasPrivileges(this.path, (Privilege[]) arrayList.toArray(new Privilege[arrayList.size()])));
    }

    public void testReorder() throws RepositoryException, NotExecutableException {
        Session testSession = getTestSession();
        Node node = testSession.getNode(this.path);
        if (!node.getPrimaryNodeType().hasOrderableChildNodes()) {
            throw new NotExecutableException("Reordering child nodes is not supported..");
        }
        node.orderBefore(Text.getName(this.childNPath), Text.getName(this.childNPath2));
        testSession.save();
        fail("test session must not be allowed to reorder nodes.");
        givePrivileges(this.path, privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}nodeTypeManagement"}), getRestrictions(this.superuser, this.path));
        try {
            node.orderBefore(Text.getName(this.childNPath), Text.getName(this.childNPath2));
            testSession.save();
            fail("test session must not be allowed to reorder nodes.");
        } catch (AccessDeniedException e) {
        }
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), getRestrictions(this.superuser, this.path));
        try {
            node.orderBefore(Text.getName(this.childNPath), Text.getName(this.childNPath2));
            testSession.save();
            fail("test session must not be allowed to reorder nodes.");
        } catch (AccessDeniedException e2) {
        }
        givePrivileges(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode"), getRestrictions(this.superuser, this.childNPath));
        node.orderBefore(Text.getName(this.childNPath), Text.getName(this.childNPath2));
        testSession.save();
    }

    public void testRemovalJCR242() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}all"});
        givePrivileges(this.path, this.testUser.getPrincipal(), privilegesFromNames, getRestrictions(this.superuser, this.path));
        givePrivileges(this.childNPath, this.testUser.getPrincipal(), privilegesFromNames, getRestrictions(this.superuser, this.childNPath));
        Session testSession = getTestSession();
        AccessControlManager accessControlManager = testSession.getAccessControlManager();
        assertTrue(accessControlManager.hasPrivileges(this.path, privilegesFromNames));
        assertTrue(accessControlManager.hasPrivileges(this.childNPath, privilegesFromNames));
        assertTrue(testSession.hasPermission(this.childNPath, "remove"));
        testSession.getNode(this.childNPath).remove();
        testSession.save();
    }

    public void testGlobRestriction() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        ValueFactory valueFactory = this.superuser.getValueFactory();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Node addNode = this.superuser.getNode(this.childNPath).addNode(this.nodeName3);
        this.superuser.save();
        String path = addNode.getPath();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), valueFactory.createValue("/*" + this.nodeName3));
        givePrivileges(this.path, privilegesFromName, hashMap);
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName));
        assertFalse(testSession.hasPermission(this.path, "set_property"));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName));
        assertFalse(testSession.hasPermission(this.childNPath, "set_property"));
        assertTrue(testACManager.hasPrivileges(this.childNPath2, privilegesFromName));
        assertTrue(testSession.hasPermission(this.childNPath2, "set_property"));
        assertFalse(testSession.hasPermission(this.childNPath2, "add_node,remove,set_property"));
        assertTrue(testACManager.hasPrivileges(path, privilegesFromName));
    }

    public void testGlobRestriction2() throws Exception {
        getTestSession();
        AccessControlManager testACManager = getTestACManager();
        ValueFactory valueFactory = this.superuser.getValueFactory();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Node addNode = this.superuser.getNode(this.childNPath).addNode(this.nodeName3);
        this.superuser.save();
        String path = addNode.getPath();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        Privilege[] privilegesFromName3 = privilegesFromName("{http://www.jcp.org/jcr/1.0}removeNode");
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), valueFactory.createValue("/*/" + this.nodeName3));
        givePrivileges(this.path, privilegesFromName, hashMap);
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName3));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName2));
        assertFalse(testACManager.hasPrivileges(this.childNPath2, privilegesFromName));
        assertTrue(testACManager.hasPrivileges(path, privilegesFromName));
    }

    public void testGlobRestriction3() throws Exception {
        getTestSession();
        AccessControlManager testACManager = getTestACManager();
        ValueFactory valueFactory = this.superuser.getValueFactory();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Node addNode = this.superuser.getNode(this.childNPath).addNode(this.nodeName3);
        this.superuser.save();
        String path = addNode.getPath();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), valueFactory.createValue("/*/" + this.nodeName3));
        givePrivileges(this.path, privilegesFromName, hashMap);
        givePrivileges(this.path, privilegesFromName2, getRestrictions(this.superuser, this.path));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName2));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName));
        assertTrue(testACManager.hasPrivileges(this.childNPath, privilegesFromName2));
        assertFalse(testACManager.hasPrivileges(this.childNPath2, privilegesFromName));
        assertTrue(testACManager.hasPrivileges(path, privilegesFromName));
    }

    public void testGlobRestriction4() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        ValueFactory valueFactory = this.superuser.getValueFactory();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Node addNode = this.superuser.getNode(this.childNPath).addNode(this.nodeName3);
        this.superuser.save();
        String path = addNode.getPath();
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        Privilege[] privilegesFromName2 = privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), valueFactory.createValue("/*" + this.nodeName3));
        givePrivileges(this.path, privilegesFromName, hashMap);
        withdrawPrivileges(this.childNPath2, privilegesFromName2, getRestrictions(this.superuser, this.childNPath2));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName));
        assertFalse(testSession.hasPermission(this.path, "remove"));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName));
        assertFalse(testSession.hasPermission(this.childNPath, "remove"));
        assertFalse(testACManager.hasPrivileges(this.childNPath2, privilegesFromName));
        assertTrue(testACManager.hasPrivileges(path, privilegesFromName));
    }

    public void testCancelInheritanceRestriction() throws Exception {
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        ValueFactory valueFactory = this.superuser.getValueFactory();
        checkReadOnly(this.path);
        checkReadOnly(this.childNPath);
        Privilege[] privilegesFromName = privilegesFromName("{internal}write");
        privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes");
        HashMap hashMap = new HashMap(getRestrictions(this.superuser, this.path));
        hashMap.put(AccessControlConstants.P_GLOB.toString(), valueFactory.createValue(""));
        givePrivileges(this.path, privilegesFromName, hashMap);
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName));
        assertTrue(testSession.hasPermission(this.path, "set_property"));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName));
        assertFalse(testSession.hasPermission(this.childNPath, "set_property"));
        assertFalse(testACManager.hasPrivileges(this.childNPath2, privilegesFromName));
        assertFalse(testSession.hasPermission(this.childNPath2, "set_property"));
    }

    public void testTransaction() throws Exception {
        givePrivileges(this.path, privilegesFromName("{http://www.jcp.org/jcr/1.0}all"), getRestrictions(this.superuser, this.path));
        Session testSession = getTestSession();
        UserTransactionImpl userTransactionImpl = new UserTransactionImpl(testSession);
        userTransactionImpl.begin();
        Node node = testSession.getNode(this.childNPath);
        if (node.hasNode(this.nodeName1)) {
            node.getNode(this.nodeName1).remove();
            testSession.save();
        }
        Node addNode = node.addNode(this.nodeName1);
        testSession.save();
        Node addNode2 = addNode.addNode(this.nodeName2);
        testSession.save();
        addNode2.remove();
        addNode.remove();
        Node addNode3 = node.addNode(this.nodeName1);
        testSession.save();
        addNode3.setProperty(this.propertyName1, "testSetProperty");
        testSession.save();
        userTransactionImpl.commit();
    }

    private static Node findPolicyNode(Node node) throws RepositoryException {
        Node node2 = null;
        if (node.isNodeType("rep:Policy")) {
            node2 = node;
        }
        NodeIterator nodes = node.getNodes();
        while (nodes.hasNext() && node2 == null) {
            Node nextNode = nodes.nextNode();
            if (!"jcr:system".equals(nextNode.getName())) {
                node2 = findPolicyNode(nextNode);
            }
        }
        return node2;
    }
}
