package org.apache.jackrabbit.oak.exercise.security.authorization.permission;

import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.version.VersionManager;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.exercise.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/permission/L5_SpecialPermissionsTest.class */
public class L5_SpecialPermissionsTest extends AbstractJCRTest {
    private User testUser;
    private User testUser2;
    private Principal testPrincipal;
    private Principal testGroupPrincipal;
    private Session testSession;
    private String childPath;
    private String grandChildPath;
    private String propertyPath;
    private String childPropertyPath;
    private List<String> paths = new ArrayList();

    protected void setUp() throws Exception {
        super.setUp();
        this.propertyPath = this.testRootNode.setProperty(this.propertyName1, "val").getPath();
        Node addNode = this.testRootNode.addNode(this.nodeName1);
        this.childPath = addNode.getPath();
        this.childPropertyPath = addNode.setProperty(this.propertyName2, "val").getPath();
        this.grandChildPath = addNode.addNode(this.nodeName2).getPath();
        this.testUser = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        this.testUser2 = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        Group createTestGroup = ExerciseUtility.createTestGroup(this.superuser.getUserManager());
        createTestGroup.addMember(this.testUser);
        this.superuser.save();
        this.testPrincipal = this.testUser.getPrincipal();
        this.testGroupPrincipal = createTestGroup.getPrincipal();
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            UserManager userManager = this.superuser.getUserManager();
            if (this.testUser != null) {
                this.testUser.remove();
            }
            if (this.testUser2 != null) {
                this.testUser2.remove();
            }
            Authorizable authorizable = userManager.getAuthorizable(this.testGroupPrincipal);
            if (authorizable != null) {
                authorizable.remove();
            }
            removePolicies(this.paths);
            this.superuser.save();
        } finally {
            super.tearDown();
        }
    }

    private void removePolicies(List<String> list) throws RepositoryException {
        AccessControlManager accessControlManager = this.superuser.getAccessControlManager();
        for (String str : list) {
            for (AccessControlPolicy accessControlPolicy : accessControlManager.getPolicies(str)) {
                if (accessControlPolicy instanceof JackrabbitAccessControlList) {
                    accessControlManager.removePolicy(str, accessControlPolicy);
                }
            }
        }
    }

    private Session createTestSession() throws RepositoryException {
        if (this.testSession == null) {
            this.testSession = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
        }
        return this.testSession;
    }

    public void testVersioning() throws Exception {
        this.superuser.getNode(this.childPath).addMixin("mix:versionable");
        this.superuser.getNode(this.grandChildPath).addMixin("mix:versionable");
        AccessControlUtils.addAccessControlEntry(this.superuser, this.grandChildPath, this.testGroupPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}versionManagement"}, true);
        this.superuser.save();
        Session createTestSession = createTestSession();
        Node node = createTestSession.getNode(this.childPath);
        node.checkin();
        node.checkout();
        Node node2 = createTestSession.getNode(this.grandChildPath);
        node2.checkin();
        node2.checkout();
    }

    @Test
    public void testReadVersionInformation() throws RepositoryException {
        Node node = this.superuser.getNode(this.childPath);
        node.addMixin("mix:versionable");
        this.superuser.save();
        node.checkin();
        node.checkout();
        VersionManager versionManager = createTestSession().getWorkspace().getVersionManager();
        versionManager.getVersionHistory(this.childPath).getRootVersion();
        versionManager.getBaseVersion(this.childPath);
    }

    @Test
    public void testUserManagement() throws RepositoryException {
        this.paths.add("/rep:security/rep:authorizables/rep:users");
        AccessControlUtils.addAccessControlEntry(this.superuser, "/rep:security/rep:authorizables/rep:users", this.testGroupPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}all"}, true);
        String path = this.superuser.getUserManager().getAuthorizable(this.superuser.getUserID()).getPath();
        this.paths.add(path);
        AccessControlUtils.addAccessControlEntry(this.superuser, path, EveryonePrincipal.getInstance(), new String[]{"rep:write"}, false);
        JackrabbitSession createTestSession = createTestSession();
        createTestSession.getUserManager().getAuthorizable(this.testUser2.getID(), User.class).changePassword("gugus");
        createTestSession.save();
        try {
            createTestSession.getUserManager().getAuthorizable(this.superuser.getUserID(), User.class).changePassword("gugus");
            createTestSession.save();
            fail("privilege escalation!");
            createTestSession.refresh(false);
        } catch (AccessDeniedException e) {
            createTestSession.refresh(false);
        } catch (Throwable th) {
            createTestSession.refresh(false);
            throw th;
        }
    }

    public void testRepositoryLevelPrivileges() throws RepositoryException {
        createTestSession().getWorkspace().getNamespaceRegistry().registerNamespace("jr", "http://jackrabbit.apache.org");
    }
}
