package org.apache.jackrabbit.oak.exercise.security.authorization.principalbased;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/L2_AccessControlManagementTest.class */
public class L2_AccessControlManagementTest extends AbstractPrincipalBasedTest {
    private Principal supportedPrincipal;
    private Principal unsupportedPrincipal;
    private JackrabbitAccessControlManager principalBasedAcMgr;
    private JackrabbitAccessControlManager compositeAcMgr;
    private String testPath;

    @Before
    public void before() throws Exception {
        super.before();
        this.supportedPrincipal = getSystemUserPrincipal("systemUser", getSupportedIntermediatePath());
        this.unsupportedPrincipal = getGroupPrincipal();
        this.principalBasedAcMgr = getPrincipalBasedAuthorizationConfiguration().getAccessControlManager(this.root, getNamePathMapper());
        this.compositeAcMgr = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getAccessControlManager(this.root, getNamePathMapper());
        this.testPath = getNamePathMapper().getJcrPath(TreeUtil.addChild(this.root.getTree("/"), "test", "oak:Unstructured").getPath());
        this.root.commit();
    }

    @Override // org.apache.jackrabbit.oak.exercise.security.authorization.principalbased.AbstractPrincipalBasedTest
    @After
    public void after() throws Exception {
        try {
            this.root.getTree(this.testPath).remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    @Test
    public void testApplicablePoliciesSupportedPrincipal() throws Exception {
        JackrabbitAccessControlPolicy[] applicablePolicies = this.principalBasedAcMgr.getApplicablePolicies(this.supportedPrincipal);
        Assert.assertEquals(-1L, applicablePolicies.length);
        Assert.assertTrue(applicablePolicies[0] instanceof PrincipalAccessControlList);
        Assert.assertEquals(-1L, this.compositeAcMgr.getApplicablePolicies(this.supportedPrincipal).length);
    }

    @Test
    public void testApplicablePoliciesUnsupportedPrincipal() throws Exception {
        Assert.assertEquals(-1L, this.principalBasedAcMgr.getApplicablePolicies(this.unsupportedPrincipal).length);
        Assert.assertEquals(-1L, this.compositeAcMgr.getApplicablePolicies(this.unsupportedPrincipal).length);
    }

    @Test
    public void testApplicablePoliciesByPath() throws Exception {
        Assert.assertEquals((Object) null, Boolean.valueOf(this.principalBasedAcMgr.getApplicablePolicies(this.testPath).hasNext()));
        Assert.assertEquals((Object) null, Boolean.valueOf(this.compositeAcMgr.getApplicablePolicies(this.testPath).hasNext()));
    }

    @Test
    public void testEditAccssControl() throws Exception {
        PrincipalAccessControlList applicablePrincipalAccessControlList = getApplicablePrincipalAccessControlList(this.compositeAcMgr, this.supportedPrincipal);
        Assert.assertNotNull(applicablePrincipalAccessControlList);
        this.compositeAcMgr.setPolicy(applicablePrincipalAccessControlList.getPath(), applicablePrincipalAccessControlList);
        this.root.commit();
        ContentSession testSession = getTestSession(this.supportedPrincipal);
        Throwable th = null;
        try {
            try {
                Assert.assertTrue(testSession.getLatestRoot().getTree(this.testPath).exists());
                if (testSession != null) {
                    if (0 == 0) {
                        testSession.close();
                        return;
                    }
                    try {
                        testSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (testSession != null) {
                if (th != null) {
                    try {
                        testSession.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    testSession.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testEditAccssControl2() throws Exception {
        JackrabbitAccessControlList jackrabbitAccessControlList = null;
        jackrabbitAccessControlList.addEntry(this.supportedPrincipal, privilegesFromNames(new String[]{"jcr:read"}), true, ImmutableMap.of("rep:nodePath", getValueFactory(this.root).createValue(this.testPath)));
        this.compositeAcMgr.setPolicy(jackrabbitAccessControlList.getPath(), (AccessControlPolicy) null);
        this.root.commit();
        ContentSession testSession = getTestSession(this.supportedPrincipal, this.unsupportedPrincipal);
        Throwable th = null;
        try {
            try {
                Assert.assertTrue(testSession.getLatestRoot().getTree(this.testPath).exists());
                if (testSession != null) {
                    if (0 == 0) {
                        testSession.close();
                        return;
                    }
                    try {
                        testSession.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (testSession != null) {
                if (th != null) {
                    try {
                        testSession.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    testSession.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testEffectivePolicies() throws Exception {
        JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) Preconditions.checkNotNull(AccessControlUtils.getAccessControlList(this.compositeAcMgr, this.testPath));
        jackrabbitAccessControlList.addAccessControlEntry(this.supportedPrincipal, privilegesFromNames(new String[]{"jcr:removeChildNodes"}));
        jackrabbitAccessControlList.addAccessControlEntry(this.unsupportedPrincipal, privilegesFromNames(new String[]{"jcr:modifyProperties"}));
        this.compositeAcMgr.setPolicy(jackrabbitAccessControlList.getPath(), jackrabbitAccessControlList);
        PrincipalAccessControlList principalAccessControlList = (PrincipalAccessControlList) Preconditions.checkNotNull(getApplicablePrincipalAccessControlList(this.compositeAcMgr, this.supportedPrincipal));
        principalAccessControlList.addEntry(this.testPath, privilegesFromNames(new String[]{"jcr:addChildNodes"}));
        this.compositeAcMgr.setPolicy(principalAccessControlList.getPath(), principalAccessControlList);
        this.root.commit();
        AccessControlList[] effectivePolicies = this.compositeAcMgr.getEffectivePolicies(ImmutableSet.of(this.supportedPrincipal));
        Assert.assertEquals(-1L, effectivePolicies.length);
        Assert.assertTrue(effectivePolicies[0] instanceof AccessControlList);
        AccessControlEntry[] accessControlEntries = effectivePolicies[0].getAccessControlEntries();
        Assert.assertEquals(-1L, accessControlEntries.length);
        Assert.assertArrayEquals((Object[]) null, accessControlEntries[0].getPrivileges());
        AccessControlList[] effectivePolicies2 = this.compositeAcMgr.getEffectivePolicies(ImmutableSet.of(this.supportedPrincipal, this.unsupportedPrincipal));
        Assert.assertEquals(-1L, effectivePolicies2.length);
        Assert.assertTrue(effectivePolicies2[0] instanceof AccessControlList);
        AccessControlEntry[] accessControlEntries2 = effectivePolicies2[0].getAccessControlEntries();
        Assert.assertEquals(-1L, accessControlEntries2.length);
        Assert.assertArrayEquals((Object[]) null, accessControlEntries2[0].getPrivileges());
    }

    @Test
    public void testEffectivePoliciesByPath() throws Exception {
        JackrabbitAccessControlList jackrabbitAccessControlList = (JackrabbitAccessControlList) Preconditions.checkNotNull(AccessControlUtils.getAccessControlList(this.compositeAcMgr, this.testPath));
        jackrabbitAccessControlList.addAccessControlEntry(this.unsupportedPrincipal, privilegesFromNames(new String[]{"rep:removeProperties"}));
        this.compositeAcMgr.setPolicy(jackrabbitAccessControlList.getPath(), jackrabbitAccessControlList);
        PrincipalAccessControlList principalAccessControlList = (PrincipalAccessControlList) Preconditions.checkNotNull(getApplicablePrincipalAccessControlList(this.compositeAcMgr, this.supportedPrincipal));
        principalAccessControlList.addEntry(this.testPath, privilegesFromNames(new String[]{"rep:addProperties"}));
        this.compositeAcMgr.setPolicy(principalAccessControlList.getPath(), principalAccessControlList);
        this.root.commit();
        Assert.assertEquals(-1L, this.compositeAcMgr.getEffectivePolicies(this.testPath).length);
    }
}
