package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.value.StringValue;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/acl/RestrictionTest.class */
public class RestrictionTest extends AbstractEvaluationTest {
    private String path_root;
    private String path_a;
    private String path_b;
    private String path_c;
    private String path_d;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode("a", this.testNodeType);
        Node addNode2 = addNode.addNode("b", this.testNodeType);
        Node addNode3 = addNode2.addNode("c", this.testNodeType);
        Node addNode4 = addNode3.addNode("d", this.testNodeType);
        this.superuser.save();
        this.path_root = this.testRootNode.getPath();
        this.path_a = addNode.getPath();
        this.path_b = addNode2.getPath();
        this.path_c = addNode3.getPath();
        this.path_d = addNode4.getPath();
    }

    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    protected boolean isExecutable() {
        return EvaluationUtil.isExecutable(this.acMgr);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public JackrabbitAccessControlList getPolicy(AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        return EvaluationUtil.getPolicy(accessControlManager, str, principal);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public Map<String, Value> getRestrictions(Session session, String str) {
        return Collections.emptyMap();
    }

    private void addEntry(String str, boolean z, String str2, String... strArr) throws Exception {
        if (str2.length() <= 0) {
            modifyPrivileges(str, this.testUser.getPrincipal(), AccessControlUtils.privilegesFromNames(this.acMgr, strArr), z, Collections.emptyMap());
            return;
        }
        HashMap hashMap = new HashMap();
        hashMap.put("rep:glob", new StringValue(str2));
        modifyPrivileges(str, this.testUser.getPrincipal(), AccessControlUtils.privilegesFromNames(this.acMgr, strArr), z, hashMap);
    }

    public void testHasPermissionWithRestrictions() throws Exception {
        addEntry(this.path_root, true, "", "{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}write");
        addEntry(this.path_a, false, "*/c", "{http://www.jcp.org/jcr/1.0}removeNode");
        addEntry(this.path_a, true, "*/b", "{http://www.jcp.org/jcr/1.0}removeNode");
        addEntry(this.path_a, true, "*/c/*", "{http://www.jcp.org/jcr/1.0}removeNode");
        Session testSession = getTestSession();
        try {
            AccessControlManager accessControlManager = getAccessControlManager(testSession);
            assertFalse("user should not have remove node on /a/b/c", accessControlManager.hasPrivileges(this.path_c, AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"{http://www.jcp.org/jcr/1.0}removeNode"})));
            assertTrue("user should have remove node on /a/b", accessControlManager.hasPrivileges(this.path_b, AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"{http://www.jcp.org/jcr/1.0}removeNode"})));
            assertTrue("user should have remove node on /a/b/c/d", accessControlManager.hasPrivileges(this.path_d, AccessControlUtils.privilegesFromNames(accessControlManager, new String[]{"{http://www.jcp.org/jcr/1.0}removeNode"})));
            testSession.getNode(this.path_d).remove();
            testSession.save();
            try {
                testSession.getNode(this.path_c).remove();
                testSession.save();
                fail("removing node on /a/b/c should fail");
            } catch (RepositoryException e) {
            }
        } finally {
            testSession.logout();
        }
    }
}
