package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import com.google.common.collect.Iterators;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.Principal;
import java.util.List;
import java.util.UUID;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.JackrabbitRepository;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.PrincipalPolicyImpl;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/ImportBaseTest.class */
public abstract class ImportBaseTest extends AbstractPrincipalBasedTest {
    private Repository repo;
    private JackrabbitSession adminSession;
    private String testPath;
    private String uid;
    private Principal testPrincipal;
    private String testPrincipalName;

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @Before
    public void before() throws Exception {
        super.before();
        Jcr jcr = new Jcr();
        jcr.with(getSecurityProvider());
        jcr.with(getQueryEngineSettings());
        this.repo = jcr.createRepository();
        this.adminSession = this.repo.login(new SimpleCredentials("admin", "admin".toCharArray()));
        User createSystemUser = getUserManager().createSystemUser("testSystemUser" + UUID.randomUUID(), getNamePathMapper().getJcrPath("system/test"));
        this.adminSession.save();
        this.uid = createSystemUser.getID();
        this.testPath = createSystemUser.getPath();
        this.testPrincipal = createSystemUser.getPrincipal();
        this.testPrincipalName = this.testPrincipal.getName();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl.AbstractPrincipalBasedTest
    @After
    public void after() throws Exception {
        try {
            this.adminSession.refresh(false);
            User authorizable = getUserManager().getAuthorizable(this.uid, User.class);
            if (authorizable != null) {
                authorizable.remove();
            }
            this.adminSession.removeItem(SUPPORTED_PATH);
            this.adminSession.save();
        } finally {
            this.adminSession.logout();
            if (this.repo instanceof JackrabbitRepository) {
                this.repo.shutdown();
            }
            super.after();
        }
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("importBehavior", getImportBehavior()));
    }

    abstract String getImportBehavior();

    /* JADX INFO: Access modifiers changed from: package-private */
    public UserManager getUserManager() throws RepositoryException {
        return this.adminSession.getUserManager();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JackrabbitSession getSession() {
        return this.adminSession;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public JackrabbitAccessControlManager getAccessControlManager() throws RepositoryException {
        return this.adminSession.getAccessControlManager();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void doImport(String str, String str2) throws Exception {
        doImport(this.adminSession, str, str2, 3);
    }

    void doImport(Session session, String str, String str2, int i) throws Exception {
        InputStream byteArrayInputStream = str2.charAt(0) == '<' ? new ByteArrayInputStream(str2.getBytes()) : getClass().getResourceAsStream(str2);
        try {
            session.importXML(str, byteArrayInputStream, i);
            byteArrayInputStream.close();
        } catch (Throwable th) {
            byteArrayInputStream.close();
            throw th;
        }
    }

    @Test(expected = ConstraintViolationException.class)
    public void testPolicyWithoutPrincipalName() throws Exception {
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property></sv:node>");
        Assert.assertTrue(this.adminSession.getNode(this.testPath).hasNode("rep:principalPolicy"));
        this.adminSession.save();
    }

    @Test
    public void testEmptyPolicyMissingMixinType() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property></sv:node>");
        Assert.assertTrue(this.adminSession.getNode(this.testPath).isNodeType("rep:PrincipalBasedMixin"));
        Assert.assertTrue(this.adminSession.getNode(this.testPath).hasNode("rep:principalPolicy"));
        this.adminSession.save();
    }

    @Test
    public void testEmptyPolicy() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
        Assert.assertTrue(getPrincipalPolicyImpl(this.testPrincipal, getAccessControlManager()).isEmpty());
        this.adminSession.save();
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEmptyPolicyWithInvalidNodeName() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"someOtherNode\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
        this.adminSession.save();
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEmptyPolicyPrincipalNameTypeMismatch() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"Name\"><sv:value>" + getTestUser().getPrincipal().getName() + "</sv:value></sv:property></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEmptyPolicyPrincipalNameMultiple() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
    }

    @Test(expected = ConstraintViolationException.class)
    public void testNestedPolicy() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property></sv:node></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEmptyPolicyWithInvalidPrincipalName() throws Exception {
        String str = "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + getTestUser().getPrincipal().getName() + "</sv:value></sv:property></sv:node>";
        this.adminSession.getNode(this.testPath).addMixin("rep:PrincipalBasedMixin");
        doImport(this.testPath, str);
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEntryWithMissingEffectivePath() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEntryWithEffectivePathTypeMismatch() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"String\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
    }

    @Test(expected = RepositoryException.class)
    public void testEntryWithEffectivePathMV() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\" sv:multiple=\"true\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEntryWithMissingPrivileges() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property></sv:node></sv:node>");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEntryWithPrivilegesTypeMismatch() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"String\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
    }

    @Test
    public void testEntryWithPrivilegesSingleValue() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
        this.adminSession.save();
        Node node = (Node) Iterators.getOnlyElement(this.adminSession.getNode(PathUtils.concat(this.testPath, "rep:principalPolicy")).getNodes());
        Assert.assertTrue(node.isNodeType("rep:PrincipalEntry"));
        Assert.assertTrue(node.getProperty("rep:privileges").isMultiple());
    }

    @Test
    public void testTwoIdenticalEntries() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node><sv:node sv:name=\"entry1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
        this.adminSession.save();
        Assert.assertEquals(1L, getPrincipalPolicyImpl(this.testPrincipal, getAccessControlManager()).size());
    }

    @Test
    public void testTwoDifferentEntries() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node><sv:node sv:name=\"entry1\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value></sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:namespaceManagement</sv:value></sv:property></sv:node></sv:node>");
        this.adminSession.save();
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(this.testPrincipal, getAccessControlManager());
        Assert.assertEquals(2L, principalPolicyImpl.size());
        List entries = principalPolicyImpl.getEntries();
        Assert.assertEquals("/content", ((PrincipalPolicyImpl.EntryImpl) entries.get(0)).getEffectivePath());
        Assert.assertNull(((PrincipalPolicyImpl.EntryImpl) entries.get(1)).getEffectivePath());
    }

    @Test
    public void testEffectivePathInRestriction() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property><sv:node sv:name=\"rep:restrictions\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Restrictions</sv:value></sv:property><sv:property sv:name=\"rep:nodePath\" sv:type=\"String\"><sv:value>/content</sv:value></sv:property></sv:node></sv:node></sv:node>");
        this.adminSession.save();
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(this.testPrincipal, getAccessControlManager());
        Assert.assertEquals(1L, principalPolicyImpl.size());
        PrincipalPolicyImpl.EntryImpl entryImpl = (PrincipalPolicyImpl.EntryImpl) principalPolicyImpl.getEntries().get(0);
        Assert.assertEquals("/content", entryImpl.getOakPath());
        Assert.assertTrue(entryImpl.getRestrictions().isEmpty());
    }

    @Test(expected = ConstraintViolationException.class)
    public void testUnsupportedPath() throws Exception {
        String concat = PathUtils.concat(PathUtils.getAncestorPath(this.testPath, 2), PathUtils.getName(this.testPath));
        this.adminSession.move(this.testPath, concat);
        this.adminSession.save();
        doImport(concat, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property></sv:node></sv:node>");
        this.adminSession.save();
    }

    @Test
    public void testEntryWithRestriction() throws Exception {
        doImport(this.testPath, "<?xml version=\"1.0\" encoding=\"UTF-8\"?><sv:node sv:name=\"rep:principalPolicy\" xmlns:mix=\"http://www.jcp.org/jcr/mix/1.0\" xmlns:nt=\"http://www.jcp.org/jcr/nt/1.0\" xmlns:fn_old=\"http://www.w3.org/2004/10/xpath-functions\" xmlns:fn=\"http://www.w3.org/2005/xpath-functions\" xmlns:xs=\"http://www.w3.org/2001/XMLSchema\" xmlns:sv=\"http://www.jcp.org/jcr/sv/1.0\" xmlns:rep=\"internal\" xmlns:jcr=\"http://www.jcp.org/jcr/1.0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalPolicy</sv:value></sv:property><sv:property sv:name=\"rep:principalName\" sv:type=\"String\"><sv:value>" + this.testPrincipalName + "</sv:value></sv:property><sv:node sv:name=\"entry0\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:PrincipalEntry</sv:value></sv:property><sv:property sv:name=\"rep:effectivePath\" sv:type=\"Path\"><sv:value>/content</sv:value></sv:property><sv:property sv:name=\"rep:privileges\" sv:type=\"Name\" sv:multiple=\"true\"><sv:value>jcr:read</sv:value></sv:property><sv:node sv:name=\"rep:restrictions\"><sv:property sv:name=\"jcr:primaryType\" sv:type=\"Name\"><sv:value>rep:Restrictions</sv:value></sv:property><sv:property sv:name=\"rep:glob\" sv:type=\"String\"><sv:value>*</sv:value></sv:property></sv:node></sv:node></sv:node>");
        this.adminSession.save();
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(this.testPrincipal, getAccessControlManager());
        Assert.assertEquals(1L, principalPolicyImpl.size());
        Assert.assertEquals("*", ((PrincipalPolicyImpl.EntryImpl) principalPolicyImpl.getEntries().get(0)).getRestriction("rep:glob").getString());
    }
}
