package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlException;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/CugImportBaseTest.class */
public abstract class CugImportBaseTest {
    static final String TEST_NODE_NAME = "testNode";
    static final String TEST_NODE_PATH = "/testNode";
    static final String TEST_GROUP_PRINCIPAL_NAME = "testPrincipal";
    static final String XML_CUG_POLICY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:cugPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>testPrincipal</sv:value><sv:value>everyone</sv:value></sv:property></sv:node>";
    static final String XML_CHILD_WITH_CUG = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"child\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>oak:Unstructured</sv:value></sv:property><sv:property sv:name=\"jcr:mixinTypes\" sv:type=\"Name\"><sv:value>rep:CugMixin</sv:value></sv:property><sv:node sv:name=\"rep:cugPolicy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>testPrincipal</sv:value><sv:value>everyone</sv:value></sv:property></sv:node></sv:node>";
    static final String XML_NESTED_CUG_POLICY = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:cugPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>everyone</sv:value></sv:property><sv:node sv:name=\"rep:cugPolicy\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>everyone</sv:value></sv:property></sv:node></sv:node>";
    private Repository repo;
    private Session adminSession;
    private Group testGroup;

    @Before
    public void before() throws Exception {
        CugSecurityProvider cugSecurityProvider = new CugSecurityProvider(getConfigurationParameters());
        Jcr jcr = new Jcr();
        jcr.with(cugSecurityProvider);
        this.repo = jcr.createRepository();
        this.adminSession = this.repo.login(new SimpleCredentials("admin", "admin".toCharArray()));
        this.adminSession.getRootNode().addNode(TEST_NODE_NAME, "oak:Unstructured");
        this.adminSession.save();
    }

    @After
    public void after() throws Exception {
        try {
            this.adminSession.refresh(false);
            this.adminSession.getNode(TEST_NODE_PATH).remove();
            if (this.testGroup != null) {
                this.testGroup.remove();
            }
            this.adminSession.save();
            this.adminSession.logout();
            if (this.repo instanceof JackrabbitRepository) {
                this.repo.shutdown();
            }
            this.repo = null;
        } catch (Throwable th) {
            this.adminSession.logout();
            if (this.repo instanceof JackrabbitRepository) {
                this.repo.shutdown();
            }
            this.repo = null;
            throw th;
        }
    }

    @Nonnull
    private ConfigurationParameters getConfigurationParameters() {
        return getImportBehavior() != null ? ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("importBehavior", getImportBehavior(), "cugSupportedPaths", new String[]{TEST_NODE_PATH})) : ConfigurationParameters.EMPTY;
    }

    abstract String getImportBehavior();

    /* JADX INFO: Access modifiers changed from: package-private */
    public String getTargetPath() {
        return TEST_NODE_PATH;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Session getImportSession() {
        return this.adminSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Node getTargetNode() throws RepositoryException {
        return getImportSession().getNode(getTargetPath());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doImport(String str, String str2) throws Exception {
        doImport(str, str2, 3);
    }

    void doImport(String str, String str2, int i) throws Exception {
        doImport(getImportSession(), str, str2, i);
    }

    void doImport(Session session, String str, String str2, int i) throws Exception {
        InputStream byteArrayInputStream = str2.charAt(0) == '<' ? new ByteArrayInputStream(str2.getBytes()) : getClass().getResourceAsStream(str2);
        try {
            session.importXML(str, byteArrayInputStream, i);
            byteArrayInputStream.close();
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void assertPrincipalNames(@Nonnull Set<String> set, @Nonnull Value[] valueArr) {
        Assert.assertEquals(set.size(), valueArr.length);
        Assert.assertEquals(set, ImmutableSet.copyOf(Iterables.transform(ImmutableSet.copyOf(valueArr), new Function<Value, String>() { // from class: org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugImportBaseTest.1
            @Nullable
            public String apply(@Nullable Value value) {
                if (value == null) {
                    return null;
                }
                try {
                    return value.getString();
                } catch (RepositoryException e) {
                    throw new IllegalStateException((Throwable) e);
                }
            }
        })));
    }

    @Test
    public void testCugValidPrincipals() throws Exception {
        this.testGroup = this.adminSession.getUserManager().createGroup(new PrincipalImpl(TEST_GROUP_PRINCIPAL_NAME));
        this.adminSession.save();
        getTargetNode().addMixin("rep:CugMixin");
        doImport(getTargetPath(), XML_CUG_POLICY);
        this.adminSession.save();
    }

    @Test
    public void testCugValidPrincipalsNoMixin() throws Exception {
        this.testGroup = this.adminSession.getUserManager().createGroup(new PrincipalImpl(TEST_GROUP_PRINCIPAL_NAME));
        this.adminSession.save();
        doImport(getTargetPath(), XML_CUG_POLICY);
        try {
            this.adminSession.save();
            Assert.fail();
        } catch (AccessControlException e) {
            CommitFailedException cause = e.getCause();
            Assert.assertTrue(cause instanceof CommitFailedException);
            Assert.assertTrue(cause.isAccessControlViolation());
            Assert.assertEquals(22L, cause.getCode());
        }
    }

    @Test
    public void testNodeWithCugValidPrincipals() throws Exception {
        this.testGroup = this.adminSession.getUserManager().createGroup(new PrincipalImpl(TEST_GROUP_PRINCIPAL_NAME));
        this.adminSession.save();
        doImport(getTargetPath(), XML_CHILD_WITH_CUG);
        this.adminSession.save();
    }

    @Test
    public void testCugWithoutPrincipalNames() throws Exception {
        doImport(getTargetPath(), "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:cugPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property></sv:node>");
        Assert.assertFalse(getTargetNode().hasNode("rep:cugPolicy"));
        getImportSession().save();
    }

    @Test
    public void testCugWithEmptyPrincipalNames() throws Exception {
        getTargetNode().addMixin("rep:CugMixin");
        doImport(getTargetPath(), "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:cugPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"></sv:property></sv:node>");
        getImportSession().save();
        String str = getTargetPath() + "/rep:cugPolicy/rep:principalNames";
        Assert.assertTrue(getImportSession().propertyExists(str));
        Assert.assertArrayEquals(new Value[0], getImportSession().getProperty(str).getValues());
    }

    @Test
    public void testNestedCug() throws Exception {
        try {
            doImport(getTargetPath(), XML_NESTED_CUG_POLICY);
            Assert.fail();
            getImportSession().refresh(false);
        } catch (ConstraintViolationException e) {
            getImportSession().refresh(false);
        } catch (Throwable th) {
            getImportSession().refresh(false);
            throw th;
        }
    }

    @Test
    public void testNestedCugWithMixin() throws Exception {
        getTargetNode().addMixin("rep:CugMixin");
        doImport(getTargetPath(), XML_NESTED_CUG_POLICY);
        Assert.assertTrue(getTargetNode().hasNode("rep:cugPolicy"));
        Node node = getTargetNode().getNode("rep:cugPolicy");
        Assert.assertTrue(node.hasProperty("rep:principalNames"));
        Assert.assertFalse(node.hasNode("rep:cugPolicy"));
    }

    @Test
    public void testNestedCugSave() throws Exception {
        getTargetNode().addMixin("rep:CugMixin");
        doImport(getTargetPath(), XML_NESTED_CUG_POLICY);
        Assert.assertTrue(getTargetNode().hasNode("rep:cugPolicy"));
        Node node = getTargetNode().getNode("rep:cugPolicy");
        Assert.assertTrue(node.hasProperty("rep:principalNames"));
        Assert.assertFalse(node.hasNode("rep:cugPolicy"));
    }

    @Test
    public void testCugWithInvalidName() throws Exception {
        getTargetNode().addMixin("rep:CugMixin");
        doImport(getTargetPath(), "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"someOtherNode\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:CugPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalNames\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>everyone</sv:value></sv:property></sv:node>");
        try {
            getImportSession().save();
            Assert.fail();
            getImportSession().refresh(false);
        } catch (ConstraintViolationException e) {
            getImportSession().refresh(false);
        } catch (Throwable th) {
            getImportSession().refresh(false);
            throw th;
        }
    }

    @Test
    public void testCugAtUnsupportedPath() throws Exception {
        doImport("/", XML_CHILD_WITH_CUG);
        getImportSession().save();
        Assert.assertTrue(getImportSession().getRootNode().hasNode("child"));
        Assert.assertFalse(getImportSession().getRootNode().hasNode("child/rep:cugPolicy"));
    }
}
