package org.apache.jackrabbit.core.security.authorization.acl;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Set;
import java.util.UUID;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.security.TestPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/acl/EntryCollectorTest.class */
public class EntryCollectorTest extends AbstractAccessControlTest {
    private Group testGroup;
    private User testUser;
    private String path;
    private String childNPath;
    private String childNPath2;
    private String childPPath;
    private String childchildPPath;
    private String siblingPath;

    protected void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        Node addNode2 = addNode.addNode(this.nodeName2, this.testNodeType);
        Property property = addNode.setProperty(this.propertyName1, "anyValue");
        Node addNode3 = addNode.addNode(this.nodeName3, this.testNodeType);
        Property property2 = addNode2.setProperty(this.propertyName1, "childNodeProperty");
        Node addNode4 = this.testRootNode.addNode(this.nodeName2, this.testNodeType);
        this.superuser.save();
        this.path = addNode.getPath();
        this.childNPath = addNode2.getPath();
        this.childNPath2 = addNode3.getPath();
        this.childPPath = property.getPath();
        this.childchildPPath = property2.getPath();
        this.siblingPath = addNode4.getPath();
        UserManager userManager = getUserManager(this.superuser);
        this.testGroup = userManager.createGroup(new TestPrincipal("testGroup" + UUID.randomUUID()));
        this.testUser = userManager.createUser("testUser" + UUID.randomUUID(), "pw");
        if (userManager.isAutoSave() || !this.superuser.hasPendingChanges()) {
            return;
        }
        this.superuser.save();
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testGroup != null) {
                this.testGroup.remove();
                if (!getUserManager(this.superuser).isAutoSave() && this.superuser.hasPendingChanges()) {
                    this.superuser.save();
                }
            }
            if (this.testUser != null) {
                this.testUser.remove();
                if (!getUserManager(this.superuser).isAutoSave() && this.superuser.hasPendingChanges()) {
                    this.superuser.save();
                }
            }
        } finally {
            super.tearDown();
        }
    }

    private static UserManager getUserManager(Session session) throws NotExecutableException {
        if (!(session instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        try {
            return ((JackrabbitSession) session).getUserManager();
        } catch (RepositoryException e) {
            throw new NotExecutableException();
        }
    }

    private ACLTemplate getPolicy(AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            ACLTemplate nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof ACLTemplate) {
                return nextAccessControlPolicy;
            }
        }
        for (ACLTemplate aCLTemplate : accessControlManager.getPolicies(str)) {
            if (aCLTemplate instanceof ACLTemplate) {
                return aCLTemplate;
            }
        }
        throw new NotExecutableException();
    }

    private ACLTemplate modifyPrivileges(String str, Principal principal, Privilege[] privilegeArr, boolean z) throws NotExecutableException, RepositoryException {
        ACLTemplate policy = getPolicy(this.acMgr, str, principal);
        policy.addEntry(principal, privilegeArr, z);
        this.acMgr.setPolicy(policy.getPath(), policy);
        this.superuser.save();
        return policy;
    }

    private static void verifyACEs(AccessControlPolicy[] accessControlPolicyArr, String str, int i) throws RepositoryException {
        JackrabbitAccessControlList jackrabbitAccessControlList = null;
        for (AccessControlPolicy accessControlPolicy : accessControlPolicyArr) {
            if ((accessControlPolicy instanceof JackrabbitAccessControlList) && str.equals(((JackrabbitAccessControlList) accessControlPolicy).getPath())) {
                jackrabbitAccessControlList = (JackrabbitAccessControlList) accessControlPolicy;
            }
        }
        if (jackrabbitAccessControlList == null) {
            fail("No Jackrabbit ACL found at " + str);
        } else {
            assertEquals(i, jackrabbitAccessControlList.getAccessControlEntries().length);
        }
    }

    public void testCache() throws Exception {
        modifyPrivileges(this.path, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), true);
        AccessControlPolicy[] effectivePolicies = this.acMgr.getEffectivePolicies(this.path);
        AccessControlPolicy[] effectivePolicies2 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertTrue(Arrays.equals(effectivePolicies, effectivePolicies2));
        verifyACEs(effectivePolicies2, this.path, 1);
        modifyPrivileges(this.path, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}write"), false);
        AccessControlPolicy[] effectivePolicies3 = this.acMgr.getEffectivePolicies(this.path);
        AccessControlPolicy[] effectivePolicies4 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertTrue(Arrays.equals(effectivePolicies3, effectivePolicies4));
        verifyACEs(effectivePolicies4, this.path, 2);
        modifyPrivileges(this.childNPath, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), true);
        AccessControlPolicy[] effectivePolicies5 = this.acMgr.getEffectivePolicies(this.path);
        AccessControlPolicy[] effectivePolicies6 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertFalse(Arrays.equals(effectivePolicies5, effectivePolicies6));
        verifyACEs(effectivePolicies6, this.path, 2);
        verifyACEs(effectivePolicies6, this.childNPath, 1);
        modifyPrivileges(this.childNPath, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), true);
        AccessControlPolicy[] effectivePolicies7 = this.acMgr.getEffectivePolicies(this.path);
        JackrabbitAccessControlList[] effectivePolicies8 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertFalse(Arrays.equals(effectivePolicies7, effectivePolicies8));
        verifyACEs(effectivePolicies8, this.path, 2);
        verifyACEs(effectivePolicies8, this.childNPath, 1);
        AccessControlList accessControlList = null;
        for (JackrabbitAccessControlList jackrabbitAccessControlList : effectivePolicies8) {
            if ((jackrabbitAccessControlList instanceof JackrabbitAccessControlList) && this.childNPath.equals(jackrabbitAccessControlList.getPath())) {
                accessControlList = (AccessControlList) jackrabbitAccessControlList;
            }
        }
        assertEquals(privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}removeChildNodes"}), accessControlList.getAccessControlEntries()[0].getPrivileges());
        this.acMgr.removePolicy(this.childNPath, this.acMgr.getPolicies(this.childNPath)[0]);
        this.superuser.save();
        AccessControlPolicy[] effectivePolicies9 = this.acMgr.getEffectivePolicies(this.path);
        JackrabbitAccessControlList[] effectivePolicies10 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertTrue(Arrays.equals(effectivePolicies9, effectivePolicies10));
        assertFalse(Arrays.equals(effectivePolicies8, effectivePolicies10));
        for (JackrabbitAccessControlList jackrabbitAccessControlList2 : effectivePolicies10) {
            if ((jackrabbitAccessControlList2 instanceof JackrabbitAccessControlList) && this.childNPath.equals(jackrabbitAccessControlList2.getPath())) {
                fail("Policy at path has been removed.");
            }
        }
        verifyACEs(effectivePolicies9, this.path, 2);
    }

    private void assertEquals(Privilege[] privilegeArr, Privilege[] privilegeArr2) {
        assertEquals(getPrivilegeNames(privilegeArr), getPrivilegeNames(privilegeArr2));
    }

    private Set<String> getPrivilegeNames(Privilege[] privilegeArr) {
        HashSet hashSet = new HashSet();
        for (Privilege privilege : privilegeArr) {
            hashSet.add(privilege.getName());
        }
        return hashSet;
    }

    public void testEntriesAreCached() throws Exception {
        modifyPrivileges(this.path, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), true);
        AccessControlList[] effectivePolicies = this.acMgr.getEffectivePolicies(this.path);
        AccessControlList[] effectivePolicies2 = this.acMgr.getEffectivePolicies(this.childNPath);
        assertTrue(Arrays.equals(effectivePolicies, effectivePolicies2));
        assertEquals(effectivePolicies.length, effectivePolicies2.length);
        for (int i = 0; i < effectivePolicies.length; i++) {
            if (effectivePolicies[i] instanceof AccessControlList) {
                assertTrue(effectivePolicies2[i] instanceof AccessControlList);
                AccessControlEntry[] accessControlEntries = effectivePolicies[0].getAccessControlEntries();
                AccessControlEntry[] accessControlEntries2 = effectivePolicies2[0].getAccessControlEntries();
                for (int i2 = 0; i2 < accessControlEntries.length; i2++) {
                    assertTrue(accessControlEntries[i2] == accessControlEntries2[i2]);
                }
            } else {
                assertEquals(effectivePolicies[i].getClass(), effectivePolicies2[i].getClass());
            }
        }
        AccessControlList[] effectivePolicies3 = this.acMgr.getEffectivePolicies(this.path);
        for (int i3 = 0; i3 < effectivePolicies.length; i3++) {
            if (effectivePolicies[i3] instanceof AccessControlList) {
                assertTrue(effectivePolicies3[i3] instanceof AccessControlList);
                AccessControlEntry[] accessControlEntries3 = effectivePolicies[0].getAccessControlEntries();
                AccessControlEntry[] accessControlEntries4 = effectivePolicies3[0].getAccessControlEntries();
                for (int i4 = 0; i4 < accessControlEntries3.length; i4++) {
                    assertTrue(accessControlEntries3[i4] == accessControlEntries4[i4]);
                }
            } else {
                assertEquals(effectivePolicies[i3].getClass(), effectivePolicies2[i3].getClass());
            }
        }
    }

    public void testPermissions() throws Exception {
        Session superuserSession = getHelper().getSuperuserSession();
        try {
            JackrabbitAccessControlManager jackrabbitAccessControlManager = this.acMgr;
            JackrabbitAccessControlManager accessControlManager = superuserSession.getAccessControlManager();
            Set singleton = Collections.singleton(this.testGroup.getPrincipal());
            Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}lockManagement");
            modifyPrivileges(this.path, this.testGroup.getPrincipal(), privilegesFromName, true);
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.path, singleton, privilegesFromName));
            assertTrue(accessControlManager.hasPrivileges(this.path, singleton, privilegesFromName));
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromName));
            assertTrue(accessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromName));
            modifyPrivileges(this.path, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}write"), true);
            Privilege[] privilegesFromNames = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}write"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames));
            assertTrue(accessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames));
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames));
            assertTrue(accessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames));
            modifyPrivileges(this.childNPath, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}addChildNodes"), false);
            Privilege[] privilegesFromNames2 = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}write"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames2));
            assertTrue(accessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames2));
            Privilege[] privilegesFromNames3 = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}modifyProperties", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "{http://www.jcp.org/jcr/1.0}removeNode"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames3));
            assertTrue(accessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames3));
            modifyPrivileges(this.childNPath, this.testGroup.getPrincipal(), privilegesFromName("{http://www.jcp.org/jcr/1.0}removeChildNodes"), false);
            Privilege[] privilegesFromNames4 = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}write"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames4));
            assertTrue(accessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames4));
            Privilege[] privilegesFromNames5 = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}modifyProperties", "{http://www.jcp.org/jcr/1.0}removeNode"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames5));
            assertTrue(accessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames5));
            this.acMgr.removePolicy(this.childNPath, this.acMgr.getPolicies(this.childNPath)[0]);
            this.superuser.save();
            Privilege[] privilegesFromNames6 = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}lockManagement", "{http://www.jcp.org/jcr/1.0}write"});
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames6));
            assertTrue(accessControlManager.hasPrivileges(this.path, singleton, privilegesFromNames6));
            assertTrue(jackrabbitAccessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames6));
            assertTrue(accessControlManager.hasPrivileges(this.childNPath, singleton, privilegesFromNames6));
        } finally {
            superuserSession.logout();
        }
    }
}
