package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import javax.jcr.Node;
import javax.jcr.NodeIterator;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.security.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.junit.Assert;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/L6_AccessControlContentTest.class */
public class L6_AccessControlContentTest extends AbstractJCRTest {
    private AccessControlManager acMgr;
    private JackrabbitAccessControlList acl;
    private Principal testPrincipal;
    private Privilege[] testPrivileges;

    protected void setUp() throws Exception {
        super.setUp();
        this.acMgr = this.superuser.getAccessControlManager();
        this.testPrincipal = ExerciseUtility.createTestGroup(this.superuser.getUserManager()).getPrincipal();
        this.superuser.save();
        this.acl = AccessControlUtils.getAccessControlList(this.superuser, this.testRoot);
        if (this.acl == null) {
            throw new NotExecutableException();
        }
        this.testPrivileges = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}write"});
    }

    protected void tearDown() throws Exception {
        try {
            Authorizable authorizable = this.superuser.getUserManager().getAuthorizable(this.testPrincipal);
            if (authorizable != null) {
                authorizable.remove();
                this.superuser.save();
            }
        } finally {
            super.tearDown();
        }
    }

    public void testAclContent() throws RepositoryException {
        this.acMgr.setPolicy(this.testRoot, this.acl);
        Node node = this.superuser.getNode((String) null);
        assertEquals(null, node.getName());
        assertEquals(null, node.getPrimaryNodeType().getName());
        node.getNodes();
    }

    public void testAceContent() throws RepositoryException {
        this.acl.addAccessControlEntry(this.testPrincipal, this.testPrivileges);
        this.acl.addEntry(EveryonePrincipal.getInstance(), this.testPrivileges, false);
        this.acMgr.setPolicy(this.testRoot, this.acl);
        Node node = this.superuser.getNode((String) null);
        NodeIterator nodes = node.getNodes();
        assertEquals(-1, nodes.getSize());
        while (nodes.hasNext()) {
            assertEquals(null, nodes.nextNode().getPrimaryNodeType().getName());
        }
        node.getNodes().nextNode();
    }

    public void testRestrictionContent() throws RepositoryException {
        ValueFactory valueFactory = this.superuser.getValueFactory();
        this.acl.addEntry(this.testPrincipal, this.testPrivileges, false, ImmutableMap.of("rep:glob", valueFactory.createValue("")), ImmutableMap.of("rep:prefixes", new Value[]{valueFactory.createValue("jcr"), valueFactory.createValue("mix")}));
        this.acMgr.setPolicy(this.testRoot, this.acl);
        this.superuser.getNode((String) null).getNodes().nextNode();
    }

    public void testMixins() throws RepositoryException {
        this.acMgr.setPolicy(this.testRoot, this.acl);
        Assert.assertArrayEquals((Object[]) null, this.superuser.getNode(this.acl.getPath()).getMixinNodeTypes());
    }

    public void testRepoPolicy() throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, (String) null);
        assertNotNull(accessControlList);
        accessControlList.addAccessControlEntry(this.testPrincipal, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"jcr:namespaceManagement"}));
        this.acMgr.setPolicy((String) null, accessControlList);
        Node node = this.superuser.getNode((String) null);
        assertEquals(null, node.getName());
        assertEquals(null, node.getPrimaryNodeType().getName());
        node.getNodes();
    }
}
