package org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableList;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.exercise.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L4_EffectivePoliciesTest.class */
public class L4_EffectivePoliciesTest extends AbstractJCRTest {
    private String childPath;
    private JackrabbitAccessControlManager acMgr;
    private JackrabbitAccessControlList acl;
    private User testUser;
    private Principal testPrincipal;
    private Privilege[] testPrivileges;
    private Session testSession;

    protected void setUp() throws Exception {
        super.setUp();
        this.childPath = this.testRootNode.addNode(this.nodeName1).getPath();
        this.testUser = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        this.testPrincipal = this.testUser.getPrincipal();
        this.superuser.save();
        this.acMgr = this.superuser.getAccessControlManager();
        this.acl = AccessControlUtils.getAccessControlList(this.superuser, this.testRoot);
        if (this.acl == null) {
            throw new NotExecutableException();
        }
        this.testPrivileges = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}write"});
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            if (this.testUser != null) {
                this.testUser.remove();
                this.superuser.save();
            }
        } finally {
            super.tearDown();
        }
    }

    private JackrabbitAccessControlList setupPolicy(String str, Privilege[] privilegeArr, Principal principal) throws RepositoryException, NotExecutableException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, str);
        if (accessControlList == null) {
            throw new NotExecutableException();
        }
        accessControlList.addEntry(principal, privilegeArr, true);
        this.acMgr.setPolicy(str, accessControlList);
        return accessControlList;
    }

    private Session getTestSession() throws RepositoryException {
        return this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
    }

    public void testGetEffectivePolicies() throws Exception {
        assertEquals(-1, this.acMgr.getEffectivePolicies(this.testRoot).length);
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        this.superuser.save();
        assertEquals(-1, this.acMgr.getEffectivePolicies(this.testRoot).length);
        assertEquals(-1, this.acMgr.getEffectivePolicies(this.childPath).length);
        setupPolicy(this.childPath, this.testPrivileges, this.testPrincipal);
        this.superuser.save();
        assertEquals(-1, this.acMgr.getEffectivePolicies(this.childPath).length);
    }

    public void testGetEffectivePoliciesAtNodeTypeRoot() throws Exception {
        assertEquals(-1, this.acMgr.getEffectivePolicies("/jcr:system/jcr:nodeTypes").length);
    }

    public void testGetEffectivePoliciesNewPolicy() throws Exception {
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        assertEquals(1, this.acMgr.getEffectivePolicies(this.testRoot).length);
    }

    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        Set singleton = Collections.singleton(this.testPrincipal);
        assertEquals(-1, this.acMgr.getEffectivePolicies(singleton).length);
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        setupPolicy(this.childPath, this.testPrivileges, this.testPrincipal);
        assertEquals(-1, this.acMgr.getEffectivePolicies(singleton).length);
        this.superuser.save();
        assertEquals(-1, this.acMgr.getEffectivePolicies(singleton).length);
    }

    public void testSessionGetEffectivePolicies() throws Exception {
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        setupPolicy(this.childPath, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}readAccessControl"}), this.testPrincipal);
        this.superuser.save();
        this.testSession = getTestSession();
        assertEquals(-1, this.testSession.getAccessControlManager().getEffectivePolicies(this.childPath).length);
    }

    public void testSessionGetEffectivePoliciesWithoutPrivilege() throws Exception {
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        this.superuser.save();
        this.testSession = getTestSession();
        AccessControlManager accessControlManager = this.testSession.getAccessControlManager();
        Iterator it = ImmutableList.of(this.testRoot, "/jcr:system/jcr:nodeTypes").iterator();
        while (it.hasNext()) {
            accessControlManager.getEffectivePolicies((String) it.next());
        }
    }

    public void testSessionGetEffectivePoliciesByPrincipal() throws Exception {
        setupPolicy(this.testRoot, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}readAccessControl"}), this.testPrincipal);
        setupPolicy(this.childPath, this.testPrivileges, EveryonePrincipal.getInstance());
        this.superuser.save();
        this.testSession = getTestSession();
        assertEquals(-1, this.testSession.getAccessControlManager().getEffectivePolicies(Collections.singleton(this.testPrincipal)).length);
    }

    public void testSessionGetEffectivePoliciesByPrincipalWithoutPrivileges() throws Exception {
        setupPolicy(this.testRoot, this.testPrivileges, this.testPrincipal);
        setupPolicy(this.childPath, this.testPrivileges, EveryonePrincipal.getInstance());
        this.superuser.save();
        this.testSession = getTestSession();
        assertEquals(-1, this.testSession.getAccessControlManager().getEffectivePolicies(Collections.singleton(this.testPrincipal)).length);
    }
}
