package org.apache.jackrabbit.oak.spi.security.authorization.cug.impl;

import java.security.Principal;
import java.util.UUID;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/cug/impl/RestoreParentNestedCugTest.class */
public class RestoreParentNestedCugTest extends AbstractCugTest {
    private static final String TEST_GROUP2_ID = "testGroup2" + UUID.randomUUID();
    private static final String TEST_GROUP3_ID = "testGroup3" + UUID.randomUUID();
    private static final String TEST_USER1_ID = "testUser1" + UUID.randomUUID();

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    public void before() throws Exception {
        super.before();
        setupNestedCugsAndAcls();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.AbstractCugTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(TEST_GROUP2_ID);
            if (authorizable != null) {
                authorizable.remove();
            }
            Authorizable authorizable2 = getUserManager(this.root).getAuthorizable(TEST_GROUP3_ID);
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            Authorizable authorizable3 = getUserManager(this.root).getAuthorizable(TEST_USER1_ID);
            if (authorizable3 != null) {
                authorizable3.remove();
            }
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    private void setupNestedCugsAndAcls() throws Exception {
        UserManager userManager = getUserManager(this.root);
        Principal testGroupPrincipal = getTestGroupPrincipal();
        Principal testGroupPrincipal2 = getTestGroupPrincipal(TEST_GROUP2_ID);
        Principal testGroupPrincipal3 = getTestGroupPrincipal(TEST_GROUP3_ID);
        User createUser = userManager.createUser(TEST_USER1_ID, TEST_USER1_ID);
        userManager.getAuthorizable(testGroupPrincipal).addMember(createUser);
        User createUser2 = userManager.createUser(TEST_USER2_ID, TEST_USER2_ID);
        userManager.getAuthorizable(testGroupPrincipal2).addMember(createUser2);
        userManager.getAuthorizable(testGroupPrincipal3).addMember(createUser);
        userManager.getAuthorizable(testGroupPrincipal3).addMember(createUser2);
        Tree tree = this.root.getTree("/content");
        createTrees(tree, "a", "b1");
        createTrees(tree, "a", "b2");
        createCug("/content/a", testGroupPrincipal3);
        createCug("/content/a/b1", testGroupPrincipal);
        createCug("/content/a/b2", testGroupPrincipal2);
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/content");
        accessControlList.addAccessControlEntry(createUser.getPrincipal(), privilegesFromNames(new String[]{"jcr:read"}));
        accessControlList.addAccessControlEntry(createUser2.getPrincipal(), privilegesFromNames(new String[]{"jcr:read"}));
        accessControlManager.setPolicy("/content", accessControlList);
        this.root.commit();
    }

    private void removeParentCug() throws Exception {
        this.root.getTree("/content/a/rep:cugPolicy").removeProperty(":nestedCugs");
        PropertyState createProperty = PropertyStates.createProperty("rep:principalNames", ImmutableSet.of(TEST_GROUP_ID), Type.STRINGS);
        PropertyState createProperty2 = PropertyStates.createProperty("rep:principalNames", ImmutableSet.of(TEST_GROUP2_ID), Type.STRINGS);
        this.root.getTree("/content/a/b1/rep:cugPolicy").setProperty(createProperty);
        this.root.getTree("/content/a/b2/rep:cugPolicy").setProperty(createProperty2);
        this.root.commit();
    }

    private Principal getTestGroupPrincipal(String str) throws Exception {
        UserManager userManager = getUserManager(this.root);
        Group authorizable = userManager.getAuthorizable(str, Group.class);
        if (authorizable == null) {
            authorizable = userManager.createGroup(str);
            this.root.commit();
        }
        return authorizable.getPrincipal();
    }

    @Test
    public void testParentNestedCugRestored() throws Exception {
        assertNestedCugs(this.root, getRootProvider(), "/", false, "/content/a");
        assertNestedCugs(this.root, getRootProvider(), "/content/a", true, "/content/a/b1", "/content/a/b2");
        removeParentCug();
        assertNestedCugs(this.root, getRootProvider(), "/content/a", true, "/content/a/b1", "/content/a/b2");
    }

    @Test
    public void testUserPermission() throws Exception {
        removeParentCug();
        ContentSession createTestSession2 = createTestSession2();
        try {
            Tree tree = createTestSession2.getLatestRoot().getTree("/content/a");
            Assert.assertTrue(tree.exists());
            Assert.assertFalse(tree.getChild("b1").exists());
            Assert.assertTrue(tree.getChild("b2").exists());
            createTestSession2.close();
        } catch (Throwable th) {
            createTestSession2.close();
            throw th;
        }
    }
}
