package org.apache.jackrabbit.core.security.authorization;

import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.core.fs.FileSystem;
import org.apache.jackrabbit.core.fs.FileSystemException;
import org.apache.jackrabbit.core.fs.FileSystemResource;
import org.apache.jackrabbit.spi.Name;
import org.apache.jackrabbit.spi.NameFactory;
import org.apache.jackrabbit.spi.PrivilegeDefinition;
import org.apache.jackrabbit.spi.commons.conversion.IllegalNameException;
import org.apache.jackrabbit.spi.commons.conversion.NameResolver;
import org.apache.jackrabbit.spi.commons.name.NameConstants;
import org.apache.jackrabbit.spi.commons.name.NameFactoryImpl;
import org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionImpl;
import org.apache.jackrabbit.spi.commons.privilege.PrivilegeDefinitionWriter;
import org.apache.jackrabbit.test.AbstractJCRTest;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/CustomPrivilegeTest.class */
public class CustomPrivilegeTest extends AbstractJCRTest {
    private NameResolver resolver;
    private FileSystem fs;
    private PrivilegeRegistry privilegeRegistry;

    protected void setUp() throws Exception {
        super.setUp();
        this.resolver = this.superuser;
        this.fs = this.superuser.getRepository().getConfig().getFileSystem();
        FileSystemResource fileSystemResource = new FileSystemResource(this.fs, "/privileges/custom_privileges.xml");
        if (!fileSystemResource.exists()) {
            fileSystemResource.makeParentDirs();
        }
        this.privilegeRegistry = new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), this.fs);
    }

    protected void tearDown() throws Exception {
        try {
            if (this.fs.exists("/privileges") && this.fs.isFolder("/privileges")) {
                this.fs.deleteFolder("/privileges");
            }
        } finally {
            super.tearDown();
        }
    }

    private static void assertPrivilege(PrivilegeRegistry privilegeRegistry, NameResolver nameResolver, PrivilegeDefinition privilegeDefinition) throws RepositoryException {
        Privilege privilege = new PrivilegeManagerImpl(privilegeRegistry, nameResolver).getPrivilege(nameResolver.getJCRName(privilegeDefinition.getName()));
        assertNotNull(privilege);
        assertEquals(privilegeDefinition.isAbstract(), privilege.isAbstract());
        Set declaredAggregateNames = privilegeDefinition.getDeclaredAggregateNames();
        assertEquals(declaredAggregateNames.size() > 0, privilege.isAggregate());
        assertEquals(declaredAggregateNames.size(), privilege.getDeclaredAggregatePrivileges().length);
    }

    private static Set<Name> createNameSet(Name... nameArr) {
        HashSet hashSet = new HashSet();
        hashSet.addAll(Arrays.asList(nameArr));
        return hashSet;
    }

    public void testInvalidCustomDefinitions() throws RepositoryException, FileSystemException, IOException {
        FileSystem fileSystem = this.superuser.getRepository().getConfig().getFileSystem();
        FileSystemResource fileSystemResource = new FileSystemResource(fileSystem, "/privileges/custom_privileges.xml");
        if (!fileSystemResource.exists()) {
            fileSystemResource.makeParentDirs();
        }
        OutputStreamWriter outputStreamWriter = new OutputStreamWriter(fileSystemResource.getOutputStream(), "utf-8");
        outputStreamWriter.write("<?xml version=\"1.0\" encoding=\"UTF-8\"?><privileges><privilege isAbstract=\"false\" name=\"test\"><contains name=\"test2\"/></privilege></privileges>");
        outputStreamWriter.flush();
        outputStreamWriter.close();
        try {
            new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), fileSystem);
            fail("Invalid names must be detected upon registry startup.");
            fileSystem.deleteFolder("/privileges");
        } catch (RepositoryException e) {
            fileSystem.deleteFolder("/privileges");
        } catch (Throwable th) {
            fileSystem.deleteFolder("/privileges");
            throw th;
        }
    }

    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException, FileSystemException, IOException {
        FileSystem fileSystem = this.superuser.getRepository().getConfig().getFileSystem();
        FileSystemResource fileSystemResource = new FileSystemResource(fileSystem, "/privileges/custom_privileges.xml");
        if (!fileSystemResource.exists()) {
            fileSystemResource.makeParentDirs();
        }
        NameFactory nameFactoryImpl = NameFactoryImpl.getInstance();
        Name create = nameFactoryImpl.create("", "test");
        Name create2 = nameFactoryImpl.create("", "test2");
        Name create3 = nameFactoryImpl.create("", "test3");
        Name create4 = nameFactoryImpl.create("", "test4");
        Name create5 = nameFactoryImpl.create("", "test5");
        OutputStream outputStream = fileSystemResource.getOutputStream();
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new PrivilegeDefinitionImpl(create, false, Collections.singleton(create2)));
            arrayList.add(new PrivilegeDefinitionImpl(create4, true, Collections.singleton(create5)));
            arrayList.add(new PrivilegeDefinitionImpl(create5, false, Collections.singleton(create3)));
            arrayList.add(new PrivilegeDefinitionImpl(create3, false, Collections.singleton(create)));
            arrayList.add(new PrivilegeDefinitionImpl(create2, false, Collections.singleton(create4)));
            new PrivilegeDefinitionWriter("text/xml").writeDefinitions(outputStream, (PrivilegeDefinition[]) arrayList.toArray(new PrivilegeDefinition[arrayList.size()]), Collections.emptyMap());
            new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), fileSystem);
            fail("Cyclic definitions must be detected upon registry startup.");
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
        } catch (RepositoryException e) {
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
        } catch (Throwable th) {
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
            throw th;
        }
    }

    public void testCustomEquivalentDefinitions() throws RepositoryException, FileSystemException, IOException {
        FileSystem fileSystem = this.superuser.getRepository().getConfig().getFileSystem();
        FileSystemResource fileSystemResource = new FileSystemResource(fileSystem, "/privileges/custom_privileges.xml");
        if (!fileSystemResource.exists()) {
            fileSystemResource.makeParentDirs();
        }
        NameFactory nameFactoryImpl = NameFactoryImpl.getInstance();
        Name create = nameFactoryImpl.create("", "test");
        Name create2 = nameFactoryImpl.create("", "test2");
        Name create3 = nameFactoryImpl.create("", "test3");
        Name create4 = nameFactoryImpl.create("", "test4");
        Name create5 = nameFactoryImpl.create("", "test5");
        Name create6 = nameFactoryImpl.create("", "test6");
        OutputStream outputStream = fileSystemResource.getOutputStream();
        try {
            ArrayList arrayList = new ArrayList();
            arrayList.add(new PrivilegeDefinitionImpl(create, false, createNameSet(create2, create3)));
            arrayList.add(new PrivilegeDefinitionImpl(create2, true, Collections.singleton(create4)));
            arrayList.add(new PrivilegeDefinitionImpl(create3, true, Collections.singleton(create5)));
            arrayList.add(new PrivilegeDefinitionImpl(create4, true, Collections.emptySet()));
            arrayList.add(new PrivilegeDefinitionImpl(create5, true, Collections.emptySet()));
            arrayList.add(new PrivilegeDefinitionImpl(create6, false, createNameSet(create2, create5)));
            new PrivilegeDefinitionWriter("text/xml").writeDefinitions(outputStream, (PrivilegeDefinition[]) arrayList.toArray(new PrivilegeDefinition[arrayList.size()]), Collections.emptyMap());
            new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), fileSystem);
            fail("Equivalent definitions must be detected upon registry startup.");
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
        } catch (RepositoryException e) {
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
        } catch (Throwable th) {
            outputStream.close();
            fileSystem.deleteFolder("/privileges");
            throw th;
        }
    }

    public void testRegisterBuiltInPrivilege() throws RepositoryException, IllegalNameException, FileSystemException {
        HashMap hashMap = new HashMap();
        hashMap.put(NameConstants.JCR_READ, Collections.emptySet());
        hashMap.put(NameConstants.JCR_LIFECYCLE_MANAGEMENT, Collections.singleton(NameConstants.JCR_ADD_CHILD_NODES));
        hashMap.put(PrivilegeRegistry.REP_WRITE_NAME, Collections.emptySet());
        hashMap.put(NameConstants.JCR_ALL, Collections.emptySet());
        for (Name name : hashMap.keySet()) {
            try {
                this.privilegeRegistry.registerDefinition(name, false, (Set) hashMap.get(name));
                fail("Privilege name already in use -> Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    public void testRegisterInvalidNewAggregate() throws RepositoryException, IllegalNameException, FileSystemException {
        HashMap hashMap = new HashMap();
        hashMap.put(this.resolver.getQName("jcr:newAggregate"), Collections.singleton(NameConstants.JCR_READ));
        hashMap.put(this.resolver.getQName("jcr:newAggregate"), createNameSet(NameConstants.JCR_READ, this.resolver.getQName("unknownPrivilege")));
        hashMap.put(this.resolver.getQName("newAggregate"), createNameSet(this.resolver.getQName("unknownPrivilege")));
        hashMap.put(this.resolver.getQName("newAggregate"), createNameSet(this.resolver.getQName("newAggregate")));
        hashMap.put(this.resolver.getQName("repWriteAggregate"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_ADD_CHILD_NODES, NameConstants.JCR_NODE_TYPE_MANAGEMENT, NameConstants.JCR_REMOVE_CHILD_NODES, NameConstants.JCR_REMOVE_NODE));
        hashMap.put(this.resolver.getQName("newAggregate"), createNameSet(NameConstants.JCR_READ, this.resolver.getQName("unknownPrivilege")));
        for (Name name : hashMap.keySet()) {
            try {
                this.privilegeRegistry.registerDefinition(name, true, (Set) hashMap.get(name));
                fail("New aggregate referring to unknown Privilege  -> Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    public void testRegisterInvalidNewAggregate2() throws RepositoryException, FileSystemException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put(this.resolver.getQName("new"), Collections.emptySet());
        linkedHashMap.put(this.resolver.getQName("new2"), Collections.emptySet());
        HashSet hashSet = new HashSet();
        hashSet.add(this.resolver.getQName("new"));
        hashSet.add(this.resolver.getQName("new2"));
        linkedHashMap.put(this.resolver.getQName("new3"), hashSet);
        for (Name name : linkedHashMap.keySet()) {
            this.privilegeRegistry.registerDefinition(name, true, (Set) linkedHashMap.get(name));
        }
        HashMap hashMap = new HashMap();
        hashMap.put(this.resolver.getQName("newA2"), Collections.singleton(this.resolver.getQName("new")));
        hashMap.put(this.resolver.getQName("newA3"), Collections.singleton(this.resolver.getQName("new2")));
        for (Name name2 : hashMap.keySet()) {
            try {
                this.privilegeRegistry.registerDefinition(name2, false, (Set) hashMap.get(name2));
                fail("Invalid aggregation in definition '" + name2.toString() + "' : Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    public void testRegisterCustomPrivileges() throws RepositoryException, FileSystemException {
        HashMap hashMap = new HashMap();
        hashMap.put(this.resolver.getQName("new"), Collections.emptySet());
        hashMap.put(this.resolver.getQName("test:new"), Collections.emptySet());
        for (Name name : hashMap.keySet()) {
            Set set = (Set) hashMap.get(name);
            this.privilegeRegistry.registerDefinition(name, true, set);
            PrivilegeDefinition privilegeDefinition = this.privilegeRegistry.get(name);
            assertNotNull(privilegeDefinition);
            assertEquals(name, privilegeDefinition.getName());
            assertTrue(privilegeDefinition.isAbstract());
            assertTrue(privilegeDefinition.getDeclaredAggregateNames().isEmpty());
            assertEquals(set.size(), privilegeDefinition.getDeclaredAggregateNames().size());
            Iterator it = set.iterator();
            while (it.hasNext()) {
                assertTrue(privilegeDefinition.getDeclaredAggregateNames().contains((Name) it.next()));
            }
            assertTrue(this.privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames().contains(name));
            PrivilegeDefinition privilegeDefinition2 = new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), this.fs).get(name);
            assertEquals(true, privilegeDefinition2.isAbstract());
            assertEquals(set.size(), privilegeDefinition2.getDeclaredAggregateNames().size());
            Iterator it2 = set.iterator();
            while (it2.hasNext()) {
                assertTrue(privilegeDefinition2.getDeclaredAggregateNames().contains((Name) it2.next()));
            }
            assertPrivilege(this.privilegeRegistry, this.superuser, privilegeDefinition);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put(this.resolver.getQName("newA2"), createNameSet(this.resolver.getQName("test:new"), this.resolver.getQName("new")));
        hashMap2.put(this.resolver.getQName("newA1"), createNameSet(this.resolver.getQName("new"), NameConstants.JCR_READ));
        hashMap2.put(this.resolver.getQName("aggrBuiltIn"), createNameSet(NameConstants.JCR_MODIFY_PROPERTIES, NameConstants.JCR_READ));
        for (Name name2 : hashMap2.keySet()) {
            Set set2 = (Set) hashMap2.get(name2);
            this.privilegeRegistry.registerDefinition(name2, false, set2);
            PrivilegeDefinition privilegeDefinition3 = this.privilegeRegistry.get(name2);
            assertNotNull(privilegeDefinition3);
            assertEquals(name2, privilegeDefinition3.getName());
            assertFalse(privilegeDefinition3.isAbstract());
            assertFalse(privilegeDefinition3.getDeclaredAggregateNames().isEmpty());
            assertEquals(set2.size(), privilegeDefinition3.getDeclaredAggregateNames().size());
            Iterator it3 = set2.iterator();
            while (it3.hasNext()) {
                assertTrue(privilegeDefinition3.getDeclaredAggregateNames().contains((Name) it3.next()));
            }
            assertTrue(this.privilegeRegistry.get(NameConstants.JCR_ALL).getDeclaredAggregateNames().contains(name2));
            PrivilegeRegistry privilegeRegistry = new PrivilegeRegistry(this.superuser.getWorkspace().getNamespaceRegistry(), this.fs);
            PrivilegeDefinition privilegeDefinition4 = privilegeRegistry.get(name2);
            assertEquals(false, privilegeDefinition4.isAbstract());
            assertEquals(false, privilegeDefinition4.isAbstract());
            assertEquals(set2.size(), privilegeDefinition4.getDeclaredAggregateNames().size());
            Iterator it4 = set2.iterator();
            while (it4.hasNext()) {
                assertTrue(privilegeDefinition4.getDeclaredAggregateNames().contains((Name) it4.next()));
            }
            assertPrivilege(privilegeRegistry, this.superuser, privilegeDefinition4);
        }
    }

    public void testCustomPrivilege() throws RepositoryException, FileSystemException {
        Name qName = this.superuser.getQName("test");
        this.privilegeRegistry.registerDefinition(qName, false, Collections.emptySet());
        PrivilegeManagerImpl privilegeManagerImpl = new PrivilegeManagerImpl(this.privilegeRegistry, this.resolver);
        String jCRName = this.resolver.getJCRName(qName);
        Privilege privilege = privilegeManagerImpl.getPrivilege(jCRName);
        assertEquals(jCRName, privilege.getName());
        assertEquals(false, privilege.isAbstract());
        assertFalse(privilege.isAggregate());
        assertFalse(privilegeManagerImpl.getBits(new Privilege[]{privilege}).isEmpty());
        Privilege privilege2 = privilegeManagerImpl.getPrivilege("{http://www.jcp.org/jcr/1.0}write");
        assertFalse(privilegeManagerImpl.getBits(new Privilege[]{privilege2}).equals(privilegeManagerImpl.getBits(new Privilege[]{privilege, privilege2})));
    }

    public void testRegister100CustomPrivileges() throws RepositoryException, FileSystemException {
        PrivilegeBits unmodifiable = this.privilegeRegistry.getBits(new PrivilegeDefinition[]{this.privilegeRegistry.get(PrivilegeRegistry.REP_PRIVILEGE_MANAGEMENT_NAME)}).unmodifiable();
        for (int i = 0; i < 100; i++) {
            Name qName = this.superuser.getQName("test" + i);
            this.privilegeRegistry.registerDefinition(qName, true, Collections.emptySet());
            PrivilegeDefinition privilegeDefinition = this.privilegeRegistry.get(qName);
            assertNotNull(privilegeDefinition);
            assertEquals(qName, privilegeDefinition.getName());
            PrivilegeBits bits = this.privilegeRegistry.getBits(new PrivilegeDefinition[]{privilegeDefinition});
            PrivilegeBits unmodifiable2 = bits.unmodifiable();
            assertNotNull(unmodifiable2);
            assertFalse(unmodifiable2.isEmpty());
            assertEquals(bits, unmodifiable2);
            assertFalse(unmodifiable.equals(unmodifiable2));
            assertEquals(unmodifiable.nextBits(), unmodifiable2);
            PrivilegeDefinition privilegeDefinition2 = this.privilegeRegistry.get(NameConstants.JCR_ALL);
            assertTrue(privilegeDefinition2.getDeclaredAggregateNames().contains(qName));
            assertTrue(this.privilegeRegistry.getBits(new PrivilegeDefinition[]{privilegeDefinition2}).includes(unmodifiable2));
            unmodifiable = unmodifiable2;
        }
    }
}
