package org.apache.jackrabbit.oak.jcr.security.authorization;

import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/JackrabbitAccessControlListTest.class */
public class JackrabbitAccessControlListTest extends AbstractAccessControlTest {
    private JackrabbitAccessControlList acl;
    private Principal testPrincipal;
    private Privilege[] testPrivileges;

    protected void setUp() throws Exception {
        super.setUp();
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        this.superuser.save();
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(addNode.getPath());
        while (applicablePolicies.hasNext() && this.acl == null) {
            JackrabbitAccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof JackrabbitAccessControlList) {
                this.acl = nextAccessControlPolicy;
            }
        }
        if (this.acl == null) {
            this.superuser.logout();
            throw new NotExecutableException("No JackrabbitAccessControlList to test.");
        }
        this.testPrincipal = getValidPrincipal();
        this.testPrivileges = privilegesFromName("{http://www.jcp.org/jcr/1.0}all");
    }

    protected void tearDown() throws Exception {
        this.superuser.refresh(false);
        super.tearDown();
    }

    private Principal getValidPrincipal() throws NotExecutableException, RepositoryException {
        if (!(this.superuser instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        PrincipalIterator principals = this.superuser.getPrincipalManager().getPrincipals(1);
        if (principals.hasNext()) {
            return principals.nextPrincipal();
        }
        throw new NotExecutableException();
    }

    @Test
    public void testGetRestrictionNames() throws RepositoryException {
        assertNotNull(this.acl.getRestrictionNames());
    }

    @Test
    public void testGetRestrictionType() throws RepositoryException {
        for (String str : this.acl.getRestrictionNames()) {
            assertTrue(this.acl.getRestrictionType(str) > 0);
        }
    }

    @Test
    public void testApplicablePolicyIsEmpty() {
        assertTrue(this.acl.isEmpty());
        assertEquals(0, this.acl.size());
    }

    @Test
    public void testIsEmpty() throws RepositoryException {
        if (this.acl.addAccessControlEntry(this.testPrincipal, this.testPrivileges)) {
            assertFalse(this.acl.isEmpty());
        } else {
            assertTrue(this.acl.isEmpty());
        }
    }

    @Test
    public void testSize() throws RepositoryException {
        if (this.acl.addAccessControlEntry(this.testPrincipal, this.testPrivileges)) {
            assertTrue(this.acl.size() > 0);
        } else {
            assertEquals(0, this.acl.size());
        }
    }

    @Test
    public void testAddEntry() throws NotExecutableException, RepositoryException {
        List asList = Arrays.asList(this.acl.getAccessControlEntries());
        if (!this.acl.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.emptyMap())) {
            assertEquals("Grant ALL not successful -> entries must not have changed.", asList, Arrays.asList(this.acl.getAccessControlEntries()));
            return;
        }
        AccessControlEntry[] accessControlEntries = this.acl.getAccessControlEntries();
        AccessControlEntry accessControlEntry = null;
        for (AccessControlEntry accessControlEntry2 : accessControlEntries) {
            if (this.testPrincipal.equals(accessControlEntry2.getPrincipal())) {
                accessControlEntry = accessControlEntry2;
            }
        }
        assertNotNull("addEntry was successful -> expected entry for tesPrincipal.", accessControlEntry);
        assertTrue("addEntry was successful -> at least 1 entry.", accessControlEntries.length > 0);
    }

    @Test
    public void testRemoveEntry() throws NotExecutableException, RepositoryException {
        this.acl.addEntry(getValidPrincipal(), privilegesFromName("rep:write"), true, Collections.emptyMap());
        AccessControlEntry[] accessControlEntries = this.acl.getAccessControlEntries();
        int length = accessControlEntries.length;
        assertTrue("Grant was both successful -> at least 1 entry.", length > 0);
        for (AccessControlEntry accessControlEntry : accessControlEntries) {
            this.acl.removeAccessControlEntry(accessControlEntry);
            length--;
            assertEquals(length, this.acl.size());
            assertEquals(length, this.acl.getAccessControlEntries().length);
        }
        assertTrue(this.acl.isEmpty());
        assertEquals(0, this.acl.size());
        assertEquals(0, this.acl.getAccessControlEntries().length);
    }

    @Test
    public void testEntryWithAggregatePrivileges() throws Exception {
        Privilege privilegeFromName = this.acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}write");
        this.acl.addEntry(this.testPrincipal, privilegeFromName.getAggregatePrivileges(), true);
        AccessControlEntry[] accessControlEntries = this.acl.getAccessControlEntries();
        assertEquals(1, accessControlEntries.length);
        Assert.assertArrayEquals(new Privilege[]{privilegeFromName}, accessControlEntries[0].getPrivileges());
        this.acMgr.setPolicy(this.acl.getPath(), this.acl);
        assertNotNull(AccessControlUtils.getAccessControlList(this.acMgr, this.acl.getPath()));
        AccessControlEntry[] accessControlEntries2 = this.acl.getAccessControlEntries();
        assertEquals(1, accessControlEntries2.length);
        Assert.assertArrayEquals(new Privilege[]{privilegeFromName}, accessControlEntries2[0].getPrivileges());
    }

    @Test
    public void testAddEntryWithCustomPrincipalImpl() throws Exception {
        Principal principal = new Principal() { // from class: org.apache.jackrabbit.oak.jcr.security.authorization.JackrabbitAccessControlListTest.1
            @Override // java.security.Principal
            public String getName() {
                return JackrabbitAccessControlListTest.this.testPrincipal.getName();
            }
        };
        this.acl.addEntry(this.testPrincipal, this.testPrivileges, true);
        this.acl.addEntry(principal, this.testPrivileges, false);
        this.acMgr.setPolicy(this.acl.getPath(), this.acl);
        this.superuser.save();
    }
}
