package org.apache.jackrabbit.oak.exercise.security.authorization.principalbased;

import java.security.Principal;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrincipalAccessControlList;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.guava.common.base.Preconditions;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.PermissionProvider;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/principalbased/L3_PermissionEvaluationTest.class */
public class L3_PermissionEvaluationTest extends AbstractPrincipalBasedTest {
    private Principal systemUserPrincipal1;
    private Principal systemUserPrincipal2;
    private Principal userPrincipal;
    private Principal groupPrincipal;
    private String testPath;

    @Before
    public void before() throws Exception {
        super.before();
        this.systemUserPrincipal1 = getSystemUserPrincipal("systemUser1", getSupportedIntermediatePath());
        this.systemUserPrincipal2 = getSystemUserPrincipal("systemUser2", getSupportedIntermediatePath());
        this.userPrincipal = getRegularUserPrincipal();
        this.groupPrincipal = getGroupPrincipal();
        Tree addChild = TreeUtil.addChild(this.root.getTree("/"), "test", "oak:Unstructured");
        addChild.setProperty("prop", "value");
        this.testPath = getNamePathMapper().getJcrPath(addChild.getPath());
        setupAccessControl();
        this.root.commit();
    }

    @Override // org.apache.jackrabbit.oak.exercise.security.authorization.principalbased.AbstractPrincipalBasedTest
    @After
    public void after() throws Exception {
        try {
            this.root.getTree(this.testPath).remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    private void setupAccessControl() throws Exception {
        JackrabbitAccessControlManager accessControlManager = ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getAccessControlManager(this.root, getNamePathMapper());
        PrincipalAccessControlList principalAccessControlList = (PrincipalAccessControlList) Preconditions.checkNotNull(getApplicablePrincipalAccessControlList(accessControlManager, this.systemUserPrincipal1));
        principalAccessControlList.addEntry(this.testPath, privilegesFromNames(new String[]{"rep:readNodes"}));
        accessControlManager.setPolicy(principalAccessControlList.getPath(), principalAccessControlList);
        PrincipalAccessControlList principalAccessControlList2 = (PrincipalAccessControlList) Preconditions.checkNotNull(getApplicablePrincipalAccessControlList(accessControlManager, this.systemUserPrincipal2));
        principalAccessControlList2.addEntry(this.testPath, privilegesFromNames(new String[]{"rep:readProperties", "rep:addProperties"}));
        accessControlManager.setPolicy(principalAccessControlList2.getPath(), principalAccessControlList2);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, this.testPath);
        accessControlList.addAccessControlEntry(this.groupPrincipal, privilegesFromNames(new String[]{"jcr:read"}));
        accessControlList.addAccessControlEntry(this.systemUserPrincipal1, privilegesFromNames(new String[]{"jcr:write"}));
        accessControlList.addAccessControlEntry(this.systemUserPrincipal2, privilegesFromNames(new String[]{"jcr:readAccessControl"}));
        accessControlList.addEntry(this.userPrincipal, privilegesFromNames(new String[]{"rep:removeProperties"}), false);
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
    }

    @NotNull
    private PermissionProvider getPermissionProvider(@NotNull ContentSession contentSession) {
        return ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getPermissionProvider(contentSession.getLatestRoot(), contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals());
    }

    @Test
    public void testPermissions() throws Exception {
        ContentSession testSession = getTestSession(new Principal[0]);
        try {
            Root latestRoot = testSession.getLatestRoot();
            Assert.assertTrue(latestRoot.getTree(this.testPath).exists());
            Assert.assertFalse(latestRoot.getTree(this.testPath).hasProperty("prop"));
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions2() throws Exception {
        ContentSession testSession = getTestSession(this.systemUserPrincipal1, this.systemUserPrincipal2);
        try {
            PermissionProvider permissionProvider = getPermissionProvider(testSession);
            Tree tree = testSession.getLatestRoot().getTree(this.testPath);
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.exists()));
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.hasChild("rep:policy")));
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.hasProperty("prop")));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl"})));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:write"})));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:modifyProperties"})));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"rep:addProperties"})));
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions3() throws Exception {
        ContentSession testSession = getTestSession(new Principal[0]);
        try {
            Tree tree = testSession.getLatestRoot().getTree(this.testPath);
            Assert.assertTrue(tree.exists());
            Assert.assertTrue(tree.hasProperty("prop"));
            Assert.assertTrue(tree.hasChild("rep:policy"));
            Assert.assertFalse(getPermissionProvider(testSession).hasPrivileges(tree, new String[]{"jcr:write"}));
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions4() throws Exception {
        ContentSession testSession = getTestSession(new Principal[0]);
        try {
            Tree tree = testSession.getLatestRoot().getTree(this.testPath);
            Assert.assertTrue(tree.exists());
            Assert.assertTrue(tree.hasProperty("prop"));
            Assert.assertFalse(tree.hasChild("rep:policy"));
            PermissionProvider permissionProvider = getPermissionProvider(testSession);
            Assert.assertTrue(permissionProvider.hasPrivileges(tree, new String[]{"rep:addProperties"}));
            Assert.assertFalse(permissionProvider.hasPrivileges(tree, new String[]{"rep:removeProperties"}));
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testPermissions5() throws Exception {
        ContentSession testSession = getTestSession(this.systemUserPrincipal1, this.groupPrincipal);
        try {
            PermissionProvider permissionProvider = getPermissionProvider(testSession);
            Tree tree = testSession.getLatestRoot().getTree(this.testPath);
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.exists()));
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.hasChild("rep:policy")));
            Assert.assertEquals((Object) null, Boolean.valueOf(tree.hasProperty("prop")));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:readAccessControl"})));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"jcr:write"})));
            Assert.assertEquals((Object) null, Boolean.valueOf(permissionProvider.hasPrivileges(tree, new String[]{"rep:removeProperties"})));
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testReadablePaths() throws Exception {
        ContentSession testSession = getTestSession(this.systemUserPrincipal1, this.systemUserPrincipal2);
        try {
            Assert.assertTrue(testSession.getLatestRoot().getTree((String) null).exists());
            if (testSession != null) {
                testSession.close();
            }
        } catch (Throwable th) {
            if (testSession != null) {
                try {
                    testSession.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
