package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.Set;
import java.util.UUID;
import javax.annotation.Nonnull;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.jcr.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.plugins.nodetype.NodeTypeConstants;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.CugPolicy;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.util.NodeUtil;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/AbstractCugTest.class */
public class AbstractCugTest extends AbstractSecurityTest implements CugConstants, NodeTypeConstants {
    static final String UNSUPPORTED_PATH = "/testNode";
    static final String INVALID_PATH = "/path/to/non/existing/tree";
    static final String SUPPORTED_PATH = "/content";
    static final String SUPPORTED_PATH2 = "/content2";
    static final ConfigurationParameters CUG_CONFIG = ConfigurationParameters.of("cugSupportedPaths", new String[]{SUPPORTED_PATH, SUPPORTED_PATH2}, "cugEnabled", true);
    private static final String TEST_GROUP_ID = "testGroup" + UUID.randomUUID();
    private static final String TEST_USER2_ID = "testUser2" + UUID.randomUUID();

    public void before() throws Exception {
        super.before();
        NodeUtil nodeUtil = new NodeUtil(this.root.getTree("/"));
        nodeUtil.addChild("content", "oak:Unstructured").addChild("subtree", "oak:Unstructured");
        nodeUtil.addChild("content2", "oak:Unstructured");
        nodeUtil.addChild("testNode", "oak:Unstructured").addChild("child", "oak:Unstructured");
        this.root.commit();
    }

    public void after() throws Exception {
        try {
            this.root.refresh();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(TEST_GROUP_ID);
            if (authorizable != null) {
                authorizable.remove();
            }
            Authorizable authorizable2 = getUserManager(this.root).getAuthorizable(TEST_USER2_ID);
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            this.root.getTree(SUPPORTED_PATH).remove();
            this.root.getTree(SUPPORTED_PATH2).remove();
            this.root.getTree(UNSUPPORTED_PATH).remove();
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public SecurityProvider getSecurityProvider() {
        if (this.securityProvider == null) {
            this.securityProvider = new CugSecurityProvider(getSecurityConfigParameters());
        }
        return this.securityProvider;
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", CUG_CONFIG);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public CugPermissionProvider createCugPermissionProvider(@Nonnull Set<String> set, @Nonnull Principal... principalArr) {
        return new CugPermissionProvider(this.root, this.root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principalArr), set, ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getContext());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupCugsAndAcls() throws Exception {
        UserManager userManager = getUserManager(this.root);
        Principal testGroupPrincipal = getTestGroupPrincipal();
        userManager.getAuthorizable(testGroupPrincipal).addMember(userManager.createUser(TEST_USER2_ID, TEST_USER2_ID));
        this.root.commit();
        NodeUtil nodeUtil = new NodeUtil(this.root.getTree(SUPPORTED_PATH));
        nodeUtil.addChild("a", "oak:Unstructured").addChild("b", "oak:Unstructured").addChild("c", "oak:Unstructured");
        nodeUtil.addChild("aa", "oak:Unstructured").addChild("bb", "oak:Unstructured").addChild("cc", "oak:Unstructured");
        createCug("/content/a", testGroupPrincipal);
        createCug("/content/aa/bb", testGroupPrincipal);
        createCug("/content/a/b/c", EveryonePrincipal.getInstance());
        createCug(SUPPORTED_PATH2, EveryonePrincipal.getInstance());
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, SUPPORTED_PATH);
        accessControlList.addAccessControlEntry(getTestUser().getPrincipal(), privilegesFromNames(new String[]{"jcr:read"}));
        accessControlList.addAccessControlEntry(testGroupPrincipal, privilegesFromNames(new String[]{"jcr:read", "rep:write", "jcr:readAccessControl"}));
        accessControlManager.setPolicy(SUPPORTED_PATH, accessControlList);
        this.root.commit();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void createCug(@Nonnull String str, @Nonnull Principal principal) throws RepositoryException {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            CugPolicy nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof CugPolicy) {
                nextAccessControlPolicy.addPrincipals(new Principal[]{principal});
                accessControlManager.setPolicy(str, nextAccessControlPolicy);
                return;
            }
        }
        throw new IllegalStateException("Unable to create CUG at " + str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Principal getTestGroupPrincipal() throws Exception {
        UserManager userManager = getUserManager(this.root);
        Group authorizable = userManager.getAuthorizable(TEST_GROUP_ID, Group.class);
        if (authorizable == null) {
            authorizable = userManager.createGroup(TEST_GROUP_ID);
            this.root.commit();
        }
        return authorizable.getPrincipal();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ContentSession createTestSession2() throws Exception {
        return login(new SimpleCredentials(TEST_USER2_ID, TEST_USER2_ID.toCharArray()));
    }
}
