package org.apache.jackrabbit.oak.exercise.security.privilege;

import com.google.common.base.Predicate;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import java.util.Set;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/privilege/L3_BuiltInPrivilegesTest.class */
public class L3_BuiltInPrivilegesTest extends AbstractSecurityTest {
    private ContentSession testSession;
    private Root testRoot;
    private AccessControlManager acMgr;

    public void before() throws Exception {
        super.before();
        this.testSession = createTestSession();
        this.testRoot = this.testSession.getLatestRoot();
        this.acMgr = getAccessControlManager(this.root);
    }

    public void after() throws Exception {
        try {
            if (this.testSession != null) {
                this.testSession.close();
            }
        } finally {
            super.after();
        }
    }

    @Test
    public void testAggregation() throws RepositoryException {
        PrivilegeManager privilegeManager = getPrivilegeManager(this.root);
        ImmutableMap of = ImmutableMap.of();
        for (Privilege privilege : Iterables.filter(ImmutableList.copyOf(privilegeManager.getRegisteredPrivileges()), new Predicate<Privilege>() { // from class: org.apache.jackrabbit.oak.exercise.security.privilege.L3_BuiltInPrivilegesTest.1
            public boolean apply(@Nullable Privilege privilege2) {
                return privilege2 != null && privilege2.isAggregate();
            }
        })) {
            Assert.assertEquals((Set) of.get(privilege.getName()), ImmutableSet.copyOf(privilege.getDeclaredAggregatePrivileges()));
        }
    }

    @Test
    public void testMapItems() throws Exception {
        for (Privilege privilege : this.acMgr.privilegeFromName("jcr:all").getAggregatePrivileges()) {
            try {
                setupAcl(privilege, this.acMgr);
                this.testRoot.refresh();
                clearAcl(this.acMgr);
                this.testRoot.refresh();
            } catch (Throwable th) {
                clearAcl(this.acMgr);
                this.testRoot.refresh();
                throw th;
            }
        }
    }

    private void setupAcl(Privilege privilege, AccessControlManager accessControlManager) throws Exception {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/");
        accessControlList.addEntry(getTestUser().getPrincipal(), new Privilege[]{privilege}, true);
        accessControlManager.setPolicy("/", accessControlList);
        this.root.commit();
    }

    private void clearAcl(AccessControlManager accessControlManager) throws RepositoryException, CommitFailedException {
        for (AccessControlPolicy accessControlPolicy : accessControlManager.getPolicies("/")) {
            accessControlManager.removePolicy("/", accessControlPolicy);
        }
        this.root.commit();
    }
}
