package org.apache.jackrabbit.oak.spi.security.authorization.principalbased.impl;

import java.security.Principal;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterables;
import org.apache.jackrabbit.guava.common.collect.ObjectArrays;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.namepath.impl.LocalNameMapper;
import org.apache.jackrabbit.oak.namepath.impl.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderHelper;
import org.apache.jackrabbit.oak.spi.mount.Mounts;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ReadPolicy;
import org.apache.jackrabbit.oak.spi.security.authorization.principalbased.FilterProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authorization/principalbased/impl/AbstractPrincipalBasedTest.class */
public abstract class AbstractPrincipalBasedTest extends AbstractSecurityTest {
    static final String TEST_OAK_PATH = "/oak:content/child/grandchild/oak:subtree";
    private User testSystemUser;
    private PrincipalBasedAuthorizationConfiguration principalBasedAuthorizationConfiguration;
    String testJcrPath;
    String testContentJcrPath;
    static final String INTERMEDIATE_PATH = "system/test";
    static final String SUPPORTED_PATH = PathUtils.concat("/rep:security/rep:authorizables/rep:users", INTERMEDIATE_PATH);
    static final Map<String, String> LOCAL_NAME_MAPPINGS = ImmutableMap.of("a", "internal", "b", "http://www.jcp.org/jcr/1.0", "c", "http://jackrabbit.apache.org/oak/ns/1.0");

    @Before
    public void before() throws Exception {
        super.before();
        this.namePathMapper = new NamePathMapperImpl(new LocalNameMapper(this.root, LOCAL_NAME_MAPPINGS));
        this.testJcrPath = getNamePathMapper().getJcrPath(TEST_OAK_PATH);
        this.testContentJcrPath = PathUtils.getAncestorPath(this.testJcrPath, 3);
    }

    public void after() throws Exception {
        try {
            this.root.refresh();
            if (this.testSystemUser != null) {
                getUserManager(this.root).getAuthorizable(this.testSystemUser.getID()).remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    @NotNull
    protected SecurityProvider initSecurityProvider() {
        SecurityProvider initSecurityProvider = super.initSecurityProvider();
        this.principalBasedAuthorizationConfiguration = new PrincipalBasedAuthorizationConfiguration();
        this.principalBasedAuthorizationConfiguration.bindFilterProvider(getFilterProvider());
        this.principalBasedAuthorizationConfiguration.bindMountInfoProvider(Mounts.defaultMountInfoProvider());
        SecurityProviderHelper.updateConfig(initSecurityProvider, this.principalBasedAuthorizationConfiguration, AuthorizationConfiguration.class);
        return initSecurityProvider;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public Privilege[] privilegesFromNames(@NotNull String... strArr) throws RepositoryException {
        return super.privilegesFromNames(Iterables.transform(ImmutableSet.copyOf(strArr), str -> {
            return getNamePathMapper().getJcrName(str);
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public User getTestSystemUser() throws Exception {
        if (this.testSystemUser == null) {
            this.testSystemUser = getUserManager(this.root).createSystemUser("testSystemUser" + UUID.randomUUID(), INTERMEDIATE_PATH);
            this.root.commit();
        }
        return this.testSystemUser;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupContentTrees(@NotNull String str) throws Exception {
        setupContentTrees("oak:Unstructured", str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void setupContentTrees(@NotNull String str, @NotNull String... strArr) throws Exception {
        Tree tree = this.root.getTree("/");
        for (String str2 : strArr) {
            Tree tree2 = tree;
            Iterator it = PathUtils.elements(str2).iterator();
            while (it.hasNext()) {
                tree2 = TreeUtil.getOrAddChild(tree2, (String) it.next(), str);
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrincipalPolicyImpl getPrincipalPolicyImpl(@NotNull Principal principal, @NotNull JackrabbitAccessControlManager jackrabbitAccessControlManager) throws Exception {
        for (PrincipalPolicyImpl principalPolicyImpl : (JackrabbitAccessControlPolicy[]) ObjectArrays.concat(jackrabbitAccessControlManager.getApplicablePolicies(principal), jackrabbitAccessControlManager.getPolicies(principal), JackrabbitAccessControlPolicy.class)) {
            if (principalPolicyImpl instanceof PrincipalPolicyImpl) {
                return principalPolicyImpl;
            }
        }
        throw new IllegalStateException("unable to obtain PrincipalPolicyImpl");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrincipalPolicyImpl setupPrincipalBasedAccessControl(@NotNull Principal principal, @Nullable String str, @NotNull String... strArr) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        PrincipalPolicyImpl principalPolicyImpl = getPrincipalPolicyImpl(principal, accessControlManager);
        principalPolicyImpl.addEntry(str, privilegesFromNames(strArr));
        accessControlManager.setPolicy(principalPolicyImpl.getPath(), principalPolicyImpl);
        return principalPolicyImpl;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addPrincipalBasedEntry(@NotNull PrincipalPolicyImpl principalPolicyImpl, @Nullable String str, @NotNull String... strArr) throws Exception {
        boolean addEntry = principalPolicyImpl.addEntry(str, privilegesFromNames(strArr));
        getAccessControlManager(this.root).setPolicy(principalPolicyImpl.getPath(), principalPolicyImpl);
        return addEntry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addDefaultEntry(@Nullable String str, @NotNull Principal principal, @NotNull String... strArr) throws Exception {
        return addDefaultEntry(str, principal, null, null, strArr);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean addDefaultEntry(@Nullable String str, @NotNull Principal principal, @Nullable Map<String, Value> map, @Nullable Map<String, Value[]> map2, @NotNull String... strArr) throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, str);
        Objects.requireNonNull(accessControlList);
        boolean addEntry = accessControlList.addEntry(principal, privilegesFromNames(strArr), true, map, map2);
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        return addEntry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrincipalBasedPermissionProvider createPermissionProvider(@NotNull Root root, @NotNull Principal... principalArr) {
        PrincipalBasedPermissionProvider permissionProvider = this.principalBasedAuthorizationConfiguration.getPermissionProvider(root, root.getContentSession().getWorkspaceName(), ImmutableSet.copyOf(principalArr));
        if (permissionProvider instanceof PrincipalBasedPermissionProvider) {
            return permissionProvider;
        }
        throw new IllegalStateException("not a PrincipalBasedPermissionProvider");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrincipalBasedAccessControlManager createAccessControlManager(@NotNull Root root) {
        PrincipalBasedAccessControlManager accessControlManager = this.principalBasedAuthorizationConfiguration.getAccessControlManager(root, getNamePathMapper());
        if (accessControlManager instanceof PrincipalBasedAccessControlManager) {
            return accessControlManager;
        }
        throw new IllegalStateException("not a PrincipalBasedAccessControlManager");
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public FilterProvider getFilterProvider() {
        return createFilterProviderImpl(SUPPORTED_PATH);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public static FilterProviderImpl createFilterProviderImpl(@NotNull String str) {
        return new FilterProviderImpl(str);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public MgrProvider getMgrProvider(Root root) {
        return new MgrProviderImpl(this.principalBasedAuthorizationConfiguration, root, getNamePathMapper());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrincipalBasedAuthorizationConfiguration getPrincipalBasedAuthorizationConfiguration() {
        return this.principalBasedAuthorizationConfiguration;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void assertEffectivePolicies(@NotNull AccessControlPolicy[] accessControlPolicyArr, int i, int i2, boolean z) {
        Assert.assertEquals(i, accessControlPolicyArr.length);
        if (i2 > -1) {
            Assert.assertTrue(accessControlPolicyArr[0] instanceof ImmutablePrincipalPolicy);
            Assert.assertEquals(i2, ((ImmutablePrincipalPolicy) accessControlPolicyArr[0]).size());
        }
        if (z) {
            Assert.assertTrue(accessControlPolicyArr[accessControlPolicyArr.length - 1] instanceof ReadPolicy);
        }
    }
}
