package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityConfiguration;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
import org.apache.jackrabbit.oak.util.NodeUtil;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.class */
public class AbstractCugTest extends AbstractSecurityTest implements CugConstants {
    static final String UNSUPPORTED_PATH = "/testNode";
    static final String INVALID_PATH = "/path/to/non/existing/tree";
    static final String SUPPORTED_PATH = "/content";
    static final String SUPPORTED_PATH2 = "/content2";
    static final ConfigurationParameters CUG_CONFIG = ConfigurationParameters.of("cugSupportedPaths", new String[]{SUPPORTED_PATH, SUPPORTED_PATH2}, "cugEnabled", true);

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest$CugSecurityProvider.class */
    final class CugSecurityProvider implements SecurityProvider {
        private final SecurityProvider base;
        private final CugConfiguration cugConfiguration;

        private CugSecurityProvider(@Nonnull SecurityProvider securityProvider) {
            this.base = securityProvider;
            this.cugConfiguration = new CugConfiguration(this);
        }

        @Nonnull
        public ConfigurationParameters getParameters(@Nullable String str) {
            return this.base.getParameters(str);
        }

        @Nonnull
        public Iterable<? extends SecurityConfiguration> getConfigurations() {
            Set set = (Set) this.base.getConfigurations();
            CompositeAuthorizationConfiguration compositeAuthorizationConfiguration = new CompositeAuthorizationConfiguration(this);
            Iterator it = set.iterator();
            while (it.hasNext()) {
                AuthorizationConfiguration authorizationConfiguration = (SecurityConfiguration) it.next();
                if (authorizationConfiguration instanceof AuthorizationConfiguration) {
                    compositeAuthorizationConfiguration.addConfiguration(authorizationConfiguration);
                    it.remove();
                }
            }
            compositeAuthorizationConfiguration.addConfiguration(this.cugConfiguration);
            set.add(compositeAuthorizationConfiguration);
            return set;
        }

        /* JADX WARN: Type inference failed for: r0v5, types: [org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration, T] */
        @Nonnull
        public <T> T getConfiguration(@Nonnull Class<T> cls) {
            T t = (T) this.base.getConfiguration(cls);
            if (AuthorizationConfiguration.class != cls) {
                return t;
            }
            ?? r0 = (T) new CompositeAuthorizationConfiguration(this);
            r0.addConfiguration(this.cugConfiguration);
            r0.addConfiguration((AuthorizationConfiguration) t);
            return r0;
        }
    }

    public void before() throws Exception {
        super.before();
        NodeUtil nodeUtil = new NodeUtil(this.root.getTree("/"));
        nodeUtil.addChild("content", "oak:Unstructured").addChild("subtree", "oak:Unstructured");
        nodeUtil.addChild("content2", "oak:Unstructured");
        nodeUtil.addChild("testNode", "oak:Unstructured");
        this.root.commit();
    }

    public void after() throws Exception {
        try {
            this.root.getTree(SUPPORTED_PATH).remove();
            this.root.getTree(UNSUPPORTED_PATH).remove();
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityProvider getSecurityProvider() {
        if (this.securityProvider == null) {
            this.securityProvider = new CugSecurityProvider(super.getSecurityProvider());
        }
        return this.securityProvider;
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.authorization", CUG_CONFIG));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createCug(@Nonnull String str, @Nonnull Principal principal) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            CugPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof CugPolicy) {
                nextAccessControlPolicy.addPrincipals(new Principal[]{principal});
                accessControlManager.setPolicy(str, nextAccessControlPolicy);
                return;
            }
        }
        throw new IllegalStateException("Unable to create CUG at " + str);
    }
}
