package org.apache.jackrabbit.core.xml;

import java.io.ByteArrayInputStream;
import java.util.Collections;
import java.util.List;
import javax.jcr.NodeIterator;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.xml.ParsingContentHandler;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.config.ImportConfig;
import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.core.security.authorization.AccessControlConstants;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.core.security.principal.PrincipalImpl;
import org.apache.jackrabbit.core.util.ReferenceChangeTracker;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.xml.sax.SAXException;

/* loaded from: input_file:org/apache/jackrabbit/core/xml/AccessControlImporterTest.class */
public class AccessControlImporterTest extends AbstractJCRTest {
    private static final String XML_POLICY_TREE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property><sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\"><sv:value>rep:AccessControllable</sv:value><sv:value>mix:versionable</sv:value></sv:property><sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0a0ca2e9-ab98-4433-a12b-d57283765207</sv:value></sv:property><sv:property sv:name=\"jcr:baseVersion\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property sv:name=\"jcr:isCheckedOut\" sv:type=\"Boolean\"><sv:value>true</sv:value></sv:property><sv:property sv:name=\"jcr:predecessors\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property sv:name=\"jcr:versionHistory\" sv:type=\"Reference\"><sv:value>428c9ef2-78e5-4f1c-95d3-16b4ce72d815</sv:value></sv:property><sv:node sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node></sv:node>";
    private static final String XML_POLICY_TREE_2 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
    private static final String XML_POLICY_TREE_3 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>everyone</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node><sv:node sv:name=\"allow0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
    private static final String XML_POLICY_TREE_4 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>unknownprincipal</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node><sv:node sv:name=\"allow0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
    private static final String XML_POLICY_TREE_5 = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:policy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:write</sv:value></sv:property></sv:node></sv:node>";
    private static final String XML_REPO_POLICY_TREE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:repoPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"allow\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>admin</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:workspaceManagement</sv:value></sv:property></sv:node></sv:node>";
    private static final String XML_AC_TREE = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:security\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:crx=\"http://www.day.com/crx/1.0\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:repl=\"http://www.day.com/crx/replication/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node sv:name=\"rep:authorizables\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node sv:name=\"rep:groups\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node sv:name=\"administrators\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property><sv:node sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property><sv:node sv:name=\"entry\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:GrantACE</sv:value></sv:property><sv:property sv:name=\"rep:glob\" sv:type=\"String\"><sv:value>*</sv:value></sv:property><sv:property sv:name=\"rep:nodePath\" sv:type=\"Path\"><sv:value>/</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>administrators</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:all</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node><sv:node sv:name=\"rep:users\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node sv:name=\"admin\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:AccessControl</sv:value></sv:property><sv:node sv:name=\"t\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node><sv:node sv:name=\"a\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node></sv:node><sv:node sv:name=\"anonymous\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalAccessControl</sv:value></sv:property></sv:node></sv:node></sv:node></sv:node>";
    private static final String XML_POLICY_ONLY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"test\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>nt:unstructured</sv:value></sv:property><sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\"><sv:value>rep:AccessControllable</sv:value><sv:value>mix:versionable</sv:value></sv:property><sv:property sv:name=\"jcr:uuid\" sv:type=\"String\"><sv:value>0a0ca2e9-ab98-4433-a12b-d57283765207</sv:value></sv:property><sv:property sv:name=\"jcr:baseVersion\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property sv:name=\"jcr:isCheckedOut\" sv:type=\"Boolean\"><sv:value>true</sv:value></sv:property><sv:property sv:name=\"jcr:predecessors\" sv:type=\"Reference\"><sv:value>35d0d137-a3a4-4af3-8cdd-ce565ea6bdc9</sv:value></sv:property><sv:property sv:name=\"jcr:versionHistory\" sv:type=\"Reference\"><sv:value>428c9ef2-78e5-4f1c-95d3-16b4ce72d815</sv:value></sv:property><sv:node sv:name=\"rep:policy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:ACL</sv:value></sv:property></sv:node></sv:node>";
    private SessionImpl sImpl;

    /* loaded from: input_file:org/apache/jackrabbit/core/xml/AccessControlImporterTest$PseudoConfig.class */
    private final class PseudoConfig extends ImportConfig {
        private final ProtectedNodeImporter aci;

        private PseudoConfig() {
            this.aci = AccessControlImporterTest.access$100();
        }

        public List<? extends ProtectedNodeImporter> getProtectedItemImporters() {
            return Collections.singletonList(this.aci);
        }
    }

    protected void setUp() throws Exception {
        super.setUp();
        if (!(this.superuser instanceof SessionImpl)) {
            throw new NotExecutableException("SessionImpl expected");
        }
        this.sImpl = this.superuser;
        if (this.sImpl.getAccessControlManager().getApplicablePolicies("/").hasNext()) {
            return;
        }
        AccessControlPolicy[] policies = this.sImpl.getAccessControlManager().getPolicies("/");
        if (policies == null || policies.length == 0) {
            throw new NotExecutableException();
        }
    }

    private NodeImpl createPolicyNode(NodeImpl nodeImpl) throws Exception {
        try {
            try {
                new ParsingContentHandler(new ImportHandler(new SessionImporter(nodeImpl, this.sImpl, 3), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8")));
                NodeImpl node = nodeImpl.getNode("test/rep:policy");
                this.superuser.refresh(false);
                if (this.superuser.nodeExists("/test")) {
                    NodeIterator nodes = this.superuser.getRootNode().getNodes("test");
                    while (nodes.hasNext()) {
                        nodes.nextNode().remove();
                    }
                }
                this.superuser.save();
                return node;
            } catch (Exception e) {
                e.printStackTrace();
                throw e;
            }
        } catch (Throwable th) {
            this.superuser.refresh(false);
            if (this.superuser.nodeExists("/test")) {
                NodeIterator nodes2 = this.superuser.getRootNode().getNodes("test");
                while (nodes2.hasNext()) {
                    nodes2.nextNode().remove();
                }
            }
            this.superuser.save();
            throw th;
        }
    }

    private static ProtectedNodeImporter createImporter() {
        return new AccessControlImporter();
    }

    public void testWorkspaceImport() throws Exception {
        AccessControlImporter accessControlImporter = new AccessControlImporter();
        accessControlImporter.init(this.sImpl, this.sImpl, true, 3, (ReferenceChangeTracker) null);
        assertFalse(accessControlImporter.start(createPolicyNode((NodeImpl) this.testRootNode)));
    }

    public void testNonProtectedNode() throws Exception {
        if (this.testRootNode.getDefinition().isProtected()) {
            throw new NotExecutableException();
        }
        ProtectedNodeImporter createImporter = createImporter();
        createImporter.init(this.sImpl, this.sImpl, false, 3, (ReferenceChangeTracker) null);
        assertFalse(createImporter.start(this.testRootNode));
    }

    public void testUnsupportedProtectedNode() throws Exception {
        NodeImpl addNode = this.testRootNode.addNode(this.nodeName1);
        addNode.addMixin(this.mixVersionable);
        ProtectedNodeImporter createImporter = createImporter();
        createImporter.init(this.sImpl, this.sImpl, false, 3, (ReferenceChangeTracker) null);
        assertFalse(createImporter.start(addNode));
    }

    public void testImportACL() throws Exception {
        NodeImpl nodeImpl = this.testRootNode;
        try {
            new ParsingContentHandler(new ImportHandler(new SessionImporter(nodeImpl, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8")));
            assertTrue(nodeImpl.hasNode("test"));
            String path = nodeImpl.getNode("test").getPath();
            AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(path);
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            JackrabbitAccessControlEntry[] accessControlEntries = policies[0].getAccessControlEntries();
            assertEquals(1, accessControlEntries.length);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[0];
            assertEquals("everyone", jackrabbitAccessControlEntry.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry.getPrivileges()[0]);
            if (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) {
                assertTrue(jackrabbitAccessControlEntry.isAllow());
            }
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testImportACLOnly() throws Exception {
        try {
            NodeImpl addNode = this.testRootNode.addNode(this.nodeName1);
            addNode.addMixin("rep:AccessControllable");
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE_3.getBytes("UTF-8")));
            String path = addNode.getPath();
            AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(path);
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            JackrabbitAccessControlEntry[] accessControlEntries = policies[0].getAccessControlEntries();
            assertEquals(2, accessControlEntries.length);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[0];
            assertEquals("everyone", jackrabbitAccessControlEntry.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry.getPrivileges()[0]);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = accessControlEntries[1];
            assertEquals("admin", jackrabbitAccessControlEntry2.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry2.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry2.getPrivileges()[0]);
            if (jackrabbitAccessControlEntry2 instanceof JackrabbitAccessControlEntry) {
                assertTrue(jackrabbitAccessControlEntry2.isAllow());
            }
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testImportACLRemoveACE() throws Exception {
        try {
            NodeImpl addNode = this.testRootNode.addNode(this.nodeName1);
            addNode.addMixin("rep:AccessControllable");
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE_3.getBytes("UTF-8")));
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE_5.getBytes("UTF-8")));
            String path = addNode.getPath();
            AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(path);
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            JackrabbitAccessControlEntry[] accessControlEntries = policies[0].getAccessControlEntries();
            assertEquals(1, accessControlEntries.length);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[0];
            assertEquals("admin", jackrabbitAccessControlEntry.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry.getPrivileges()[0]);
            if (jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry) {
                assertTrue(jackrabbitAccessControlEntry.isAllow());
            }
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testImportACLUnknown() throws Exception {
        try {
            NodeImpl addNode = this.testRootNode.addNode(this.nodeName1);
            addNode.addMixin("rep:AccessControllable");
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE_4.getBytes("UTF-8")));
            String path = addNode.getPath();
            AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(path);
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            JackrabbitAccessControlEntry[] accessControlEntries = policies[0].getAccessControlEntries();
            assertEquals(2, accessControlEntries.length);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry = accessControlEntries[0];
            assertEquals("unknownprincipal", jackrabbitAccessControlEntry.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry.getPrivileges()[0]);
            JackrabbitAccessControlEntry jackrabbitAccessControlEntry2 = accessControlEntries[1];
            assertEquals("admin", jackrabbitAccessControlEntry2.getPrincipal().getName());
            assertEquals(1, jackrabbitAccessControlEntry2.getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}write"), jackrabbitAccessControlEntry2.getPrivileges()[0]);
            if (jackrabbitAccessControlEntry2 instanceof JackrabbitAccessControlEntry) {
                assertTrue(jackrabbitAccessControlEntry2.isAllow());
            }
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testImportPolicyExists() throws Exception {
    }

    public void testImportEmptyExistingPolicy() throws Exception {
        NodeImpl addNode = this.testRootNode.addNode("test", "test:sameNameSibsFalseChildNodeDefinition");
        AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(addNode.getPath());
        while (applicablePolicies.hasNext()) {
            AccessControlPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof AccessControlList) {
                accessControlManager.setPolicy(addNode.getPath(), nextAccessControlPolicy);
            }
        }
        try {
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 0, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_ONLY.getBytes("UTF-8")));
            JackrabbitAccessControlList[] policies = accessControlManager.getPolicies(addNode.getPath());
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            assertEquals(0, policies[0].getAccessControlEntries().length);
            this.superuser.refresh(false);
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    public void testImportRepoACLAtRoot() throws Exception {
        NodeImpl rootNode = this.sImpl.getRootNode();
        AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
        try {
            rootNode.addMixin("rep:RepoAccessControllable");
            new ParsingContentHandler(new ImportHandler(new SessionImporter(rootNode, this.sImpl, 0, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8")));
            AccessControlPolicy[] policies = accessControlManager.getPolicies((String) null);
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            AccessControlEntry[] accessControlEntries = ((JackrabbitAccessControlList) policies[0]).getAccessControlEntries();
            assertEquals(1, accessControlEntries.length);
            assertEquals(1, accessControlEntries[0].getPrivileges().length);
            assertEquals(accessControlManager.privilegeFromName("jcr:workspaceManagement"), accessControlEntries[0].getPrivileges()[0]);
            assertTrue(rootNode.hasNode("rep:repoPolicy"));
            assertTrue(rootNode.hasNode("rep:repoPolicy/allow"));
            accessControlManager.removePolicy((String) null, policies[0]);
            assertFalse(rootNode.hasNode("rep:repoPolicy"));
            assertFalse(rootNode.hasNode("rep:repoPolicy/allow"));
            this.superuser.refresh(false);
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    public void testImportRepoACLAtTestNode() throws Exception {
        NodeImpl addNode = this.testRootNode.addNode("test");
        addNode.addMixin("rep:RepoAccessControllable");
        AccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
        try {
            new ParsingContentHandler(new ImportHandler(new SessionImporter(addNode, this.sImpl, 0, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_REPO_POLICY_TREE.getBytes("UTF-8")));
            assertEquals(0, accessControlManager.getPolicies((String) null).length);
            assertTrue(addNode.hasNode("rep:repoPolicy"));
            assertFalse(addNode.hasNode("rep:repoPolicy/allow0"));
            assertEquals("rep:RepoAccessControllable", addNode.getNode("rep:repoPolicy").getDefinition().getDeclaringNodeType().getName());
            this.superuser.refresh(false);
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    public void testImportPrincipalBasedACL() throws Exception {
        NodeImpl node;
        JackrabbitAccessControlManager accessControlManager = this.sImpl.getAccessControlManager();
        if (accessControlManager.getApplicablePolicies(EveryonePrincipal.getInstance()).length > 0 || accessControlManager.getPolicies(EveryonePrincipal.getInstance()).length > 0) {
            throw new NotExecutableException();
        }
        PrincipalManager principalManager = this.sImpl.getPrincipalManager();
        if (!principalManager.hasPrincipal("administrators")) {
            UserManager userManager = this.sImpl.getUserManager();
            userManager.createGroup(new PrincipalImpl("administrators"));
            if (!userManager.isAutoSave()) {
                this.sImpl.save();
            }
            if (principalManager.hasPrincipal("administrators")) {
                throw new NotExecutableException();
            }
        }
        NodeImpl rootNode = this.sImpl.getRootNode();
        if (rootNode.hasNode(AccessControlConstants.N_ACCESSCONTROL)) {
            node = rootNode.getNode(AccessControlConstants.N_ACCESSCONTROL);
            if (!node.isNodeType(AccessControlConstants.NT_REP_ACCESS_CONTROL)) {
                node.setPrimaryType(this.sImpl.getJCRName(AccessControlConstants.NT_REP_ACCESS_CONTROL));
            }
        } else {
            node = rootNode.addNode(AccessControlConstants.N_ACCESSCONTROL, AccessControlConstants.NT_REP_ACCESS_CONTROL, (NodeId) null);
        }
        try {
            try {
                new ParsingContentHandler(new ImportHandler(new SessionImporter(node, this.sImpl, 3, new PseudoConfig()), this.sImpl)).parse(new ByteArrayInputStream(XML_AC_TREE.getBytes("UTF-8")));
                fail("Default config only allows resource-based ACL -> protected import must fail");
                this.superuser.refresh(false);
            } catch (SAXException e) {
                if (!(e.getException() instanceof ConstraintViolationException)) {
                    throw e;
                }
                this.superuser.refresh(false);
            }
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    public void testImportWithDefaultImporter() throws Exception {
        NodeImpl nodeImpl = this.testRootNode;
        try {
            new ParsingContentHandler(new ImportHandler(new SessionImporter(nodeImpl, this.sImpl, 3, (ImportConfig) null), this.sImpl)).parse(new ByteArrayInputStream(XML_POLICY_TREE.getBytes("UTF-8")));
            assertTrue(nodeImpl.hasNode("test"));
            JackrabbitAccessControlList[] policies = this.sImpl.getAccessControlManager().getPolicies(nodeImpl.getNode("test").getPath());
            assertEquals(1, policies.length);
            assertTrue(policies[0] instanceof JackrabbitAccessControlList);
            assertEquals(0, policies[0].getAccessControlEntries().length);
            this.superuser.refresh(false);
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    static /* synthetic */ ProtectedNodeImporter access$100() {
        return createImporter();
    }
}
