package org.apache.jackrabbit.oak.exercise.security.authorization.advanced;

import java.security.Principal;
import javax.jcr.GuestCredentials;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrincipalSetPolicy;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.authorization.composite.CompositeAuthorizationConfiguration;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderHelper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.cug.impl.CugConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/advanced/L3_UnderstandAggregationTest.class */
public class L3_UnderstandAggregationTest extends AbstractSecurityTest {
    private PropertyState prop;
    private AccessControlManager acMgr;

    public void before() throws Exception {
        super.before();
        this.prop = PropertyStates.createProperty("prop", "value");
        TreeUtil.addChild(this.root.getTree("/"), "var", "oak:Unstructured").setProperty(this.prop);
        Tree addChild = TreeUtil.addChild(this.root.getTree("/"), "content", "oak:Unstructured");
        addChild.setProperty(this.prop);
        Tree addChild2 = TreeUtil.addChild(addChild, "c1", "oak:Unstructured");
        addChild2.setProperty(this.prop);
        TreeUtil.addChild(addChild, "c2", "oak:Unstructured").setProperty(this.prop);
        this.acMgr = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, addChild.getPath());
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames(new String[]{"jcr:read"}));
        this.acMgr.setPolicy(addChild.getPath(), accessControlList);
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(addChild2.getPath());
        while (applicablePolicies.hasNext()) {
            JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof PrincipalSetPolicy) {
                PrincipalSetPolicy principalSetPolicy = (PrincipalSetPolicy) nextAccessControlPolicy;
                principalSetPolicy.addPrincipals(new Principal[]{getTestUser().getPrincipal()});
                this.acMgr.setPolicy(addChild2.getPath(), principalSetPolicy);
            } else if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                JackrabbitAccessControlList jackrabbitAccessControlList = nextAccessControlPolicy;
                jackrabbitAccessControlList.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames(new String[]{"rep:addProperties"}), true);
                this.acMgr.setPolicy(addChild2.getPath(), jackrabbitAccessControlList);
            }
        }
        this.root.commit();
    }

    public void after() throws Exception {
        try {
            this.root.getTree("/content").remove();
            this.root.getTree("/var").remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    protected SecurityProvider initSecurityProvider() {
        SecurityProvider initSecurityProvider = super.initSecurityProvider();
        CugConfiguration cugConfiguration = new CugConfiguration();
        cugConfiguration.setParameters(ConfigurationParameters.of("cugSupportedPaths", new String[]{"/content"}, "cugEnabled", true));
        SecurityProviderHelper.updateConfig(initSecurityProvider, cugConfiguration, AuthorizationConfiguration.class);
        return initSecurityProvider;
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("authorizationCompositionType", CompositeAuthorizationConfiguration.CompositionType.AND.toString());
    }

    @Test
    public void testTestUserReadPermissions() throws Exception {
        ContentSession createTestSession = createTestSession();
        Throwable th = null;
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            Assert.assertFalse(latestRoot.getTree("/").exists());
            Assert.assertFalse(latestRoot.getTree("/var").exists());
            Tree tree = latestRoot.getTree("/content");
            Assert.assertTrue(tree.exists());
            Assert.assertTrue(tree.hasProperty(this.prop.getName()));
            Tree tree2 = latestRoot.getTree("/content/c2");
            Assert.assertTrue(tree2.exists());
            Assert.assertTrue(tree2.hasProperty(this.prop.getName()));
            Tree tree3 = latestRoot.getTree("/content/c1");
            Assert.assertTrue(tree3.exists());
            Assert.assertTrue(tree3.hasProperty(this.prop.getName()));
            if (createTestSession != null) {
                if (0 == 0) {
                    createTestSession.close();
                    return;
                }
                try {
                    createTestSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createTestSession != null) {
                if (0 != 0) {
                    try {
                        createTestSession.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createTestSession.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTestUserWritePermissions() throws Exception {
        ContentSession createTestSession = createTestSession();
        Throwable th = null;
        try {
            Root latestRoot = createTestSession.getLatestRoot();
            latestRoot.getTree("/content/c1").setProperty("addingProperty", "value");
            this.root.commit();
            Assert.assertFalse(getAccessControlManager(latestRoot).hasPrivileges("/content/c1", privilegesFromNames(new String[]{"jcr:addChildNodes"})));
            Assert.assertFalse(getAccessControlManager(latestRoot).hasPrivileges("/content/c1", privilegesFromNames(new String[]{"jcr:removeChildNodes"})));
            Assert.assertFalse(getAccessControlManager(latestRoot).hasPrivileges("/content/c1", privilegesFromNames(new String[]{"rep:removeProperties"})));
            Assert.assertFalse(getAccessControlManager(latestRoot).hasPrivileges("/content/c1", privilegesFromNames(new String[]{"rep:alterProperties"})));
            if (createTestSession != null) {
                if (0 == 0) {
                    createTestSession.close();
                    return;
                }
                try {
                    createTestSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createTestSession != null) {
                if (0 != 0) {
                    try {
                        createTestSession.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createTestSession.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testGuestReadPermissions() throws Exception {
        ContentSession login = login(new GuestCredentials());
        Throwable th = null;
        try {
            Root latestRoot = login.getLatestRoot();
            Assert.assertFalse(latestRoot.getTree("/").exists());
            Assert.assertFalse(latestRoot.getTree("/var").exists());
            Tree tree = latestRoot.getTree("/content");
            Assert.assertTrue(tree.exists());
            Assert.assertTrue(tree.hasProperty(this.prop.getName()));
            Tree tree2 = latestRoot.getTree("/content/c2");
            Assert.assertTrue(tree2.exists());
            Assert.assertTrue(tree2.hasProperty(this.prop.getName()));
            Assert.assertFalse(latestRoot.getTree("/content/c1").exists());
            if (login != null) {
                if (0 == 0) {
                    login.close();
                    return;
                }
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    login.close();
                }
            }
            throw th3;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testGuestWritePermissions() throws Exception {
        ContentSession login = login(new GuestCredentials());
        Throwable th = null;
        try {
            Root latestRoot = login.getLatestRoot();
            Tree tree = latestRoot.getTree("/content");
            tree.setProperty("prop2", "value");
            tree.addChild("anotherChild");
            latestRoot.commit();
            if (login != null) {
                if (0 == 0) {
                    login.close();
                    return;
                }
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    login.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAdminReadPermissions() {
        Assert.assertTrue(this.root.getTree("/").exists());
        Assert.assertTrue(this.root.getTree("/var").exists());
        Tree tree = this.root.getTree("/content");
        Assert.assertTrue(tree.exists());
        Assert.assertTrue(tree.hasProperty(this.prop.getName()));
        Tree tree2 = this.root.getTree("/content/c2");
        Assert.assertTrue(tree2.exists());
        Assert.assertTrue(tree2.hasProperty(this.prop.getName()));
        Tree tree3 = this.root.getTree("/content/c1");
        Assert.assertTrue(tree3.exists());
        Assert.assertTrue(tree3.hasProperty(this.prop.getName()));
    }

    @Test
    public void testAdminWritePermissions() throws Exception {
        for (String str : new String[]{"/", "/var", "/content", "/content/c1", "/content/c2"}) {
            Assert.assertTrue(this.acMgr.hasPrivileges(str, privilegesFromNames(new String[]{"jcr:all"})));
        }
    }

    @Test
    public void testEffectivePolicies() throws Exception {
        Assert.assertEquals(3L, this.acMgr.getEffectivePolicies("/content/c1").length);
        Assert.assertEquals(1L, this.acMgr.getEffectivePolicies("/content/c2").length);
        Assert.assertEquals(0L, this.acMgr.getEffectivePolicies("/var").length);
        Assert.assertEquals(1L, this.acMgr.getEffectivePolicies("/jcr:system/rep:namespaces").length);
    }

    @Test
    public void testApplicablePolicies() throws Exception {
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies("/content/c2");
        int i = 0;
        while (applicablePolicies.hasNext()) {
            applicablePolicies.nextAccessControlPolicy();
            i++;
        }
        Assert.assertEquals(2L, i);
        AccessControlPolicyIterator applicablePolicies2 = this.acMgr.getApplicablePolicies("/var");
        int i2 = 0;
        while (applicablePolicies2.hasNext()) {
            applicablePolicies2.nextAccessControlPolicy();
            i2++;
        }
        Assert.assertEquals(1L, i2);
        AccessControlPolicyIterator applicablePolicies3 = this.acMgr.getApplicablePolicies("/content");
        int i3 = 0;
        while (applicablePolicies3.hasNext()) {
            applicablePolicies3.nextAccessControlPolicy();
            i3++;
        }
        Assert.assertEquals(1L, i3);
    }

    @Test
    public void testGetSetPolicies() throws Exception {
        AccessControlPolicy[] policies = this.acMgr.getPolicies("/content/c1");
        Assert.assertEquals(2L, policies.length);
        for (AccessControlPolicy accessControlPolicy : policies) {
            this.acMgr.setPolicy("/content/c1", accessControlPolicy);
        }
        Assert.assertEquals(2L, this.acMgr.getPolicies("/content/c1").length);
    }

    @Test
    public void testRemovePolicy() throws Exception {
        AccessControlPolicy[] policies = this.acMgr.getPolicies("/content/c1");
        Assert.assertEquals(2L, policies.length);
        for (AccessControlPolicy accessControlPolicy : policies) {
            this.acMgr.removePolicy("/content/c1", accessControlPolicy);
        }
        Assert.assertEquals(0L, this.acMgr.getPolicies("/content/c1").length);
    }
}
