package org.apache.jackrabbit.oak.jcr.security.authorization;

import java.util.HashSet;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/ReadWithGlobRestrictionTest.class */
public class ReadWithGlobRestrictionTest extends AbstractEvaluationTest {
    private String ccPath;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        this.ccPath = this.superuser.getNode(this.childNPath).addNode("child").getPath();
        this.superuser.save();
    }

    @Test
    public void testGlobRestriction() throws Exception {
        deny(this.path, this.readPrivileges, createGlobRestriction("*/" + this.jcrPrimaryType));
        assertTrue(this.testAcMgr.hasPrivileges(this.path, this.readPrivileges));
        assertTrue(this.testSession.hasPermission(this.path, "read"));
        this.testSession.getNode(this.path);
        assertTrue(this.testAcMgr.hasPrivileges(this.childNPath, this.readPrivileges));
        assertTrue(this.testSession.hasPermission(this.childNPath, "read"));
        this.testSession.getNode(this.childNPath);
        String str = this.path + "/" + this.jcrPrimaryType;
        assertFalse(this.testSession.hasPermission(str, "read"));
        assertFalse(this.testSession.propertyExists(str));
        String str2 = this.childNPath + "/" + this.jcrPrimaryType;
        assertFalse(this.testSession.hasPermission(str2, "read"));
        assertFalse(this.testSession.propertyExists(str2));
    }

    @Test
    public void testGlobRestriction2() throws Exception {
        Group createGroup = getUserManager(this.superuser).createGroup(generateId("group2_"));
        Group createGroup2 = getUserManager(this.superuser).createGroup(generateId("group3_"));
        this.superuser.save();
        try {
            Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
            modify(this.path, getTestGroup().getPrincipal(), privilegesFromName, true, createGlobRestriction("/*"));
            allow(this.path, createGroup.getPrincipal(), privilegesFromName);
            deny(this.path, createGroup2.getPrincipal(), privilegesFromName);
            HashSet hashSet = new HashSet();
            hashSet.add(getTestGroup().getPrincipal());
            hashSet.add(createGroup.getPrincipal());
            hashSet.add(createGroup2.getPrincipal());
            assertFalse(this.acMgr.hasPrivileges(this.path, hashSet, privilegesFromName));
            assertFalse(this.acMgr.hasPrivileges(this.childNPath, hashSet, privilegesFromName));
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
        } catch (Throwable th) {
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
            throw th;
        }
    }

    @Test
    public void testGlobRestriction3() throws Exception {
        Group createGroup = getUserManager(this.superuser).createGroup(generateId("group2_"));
        Group createGroup2 = getUserManager(this.superuser).createGroup(generateId("group3_"));
        this.superuser.save();
        try {
            Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
            allow(this.path, createGroup.getPrincipal(), privilegesFromName);
            deny(this.path, createGroup2.getPrincipal(), privilegesFromName);
            modify(this.path, getTestGroup().getPrincipal(), privilegesFromName, true, createGlobRestriction("/*"));
            HashSet hashSet = new HashSet();
            hashSet.add(getTestGroup().getPrincipal());
            hashSet.add(createGroup.getPrincipal());
            hashSet.add(createGroup2.getPrincipal());
            assertFalse(this.acMgr.hasPrivileges(this.path, hashSet, privilegesFromName));
            assertTrue(this.acMgr.hasPrivileges(this.childNPath, hashSet, privilegesFromName));
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
        } catch (Throwable th) {
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
            throw th;
        }
    }

    @Test
    public void testGlobRestriction4() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("a");
        allow(this.path, this.readPrivileges);
        deny(this.path, this.readPrivileges, createGlobRestriction("*/anotherpath"));
        String path = addNode.getPath();
        assertTrue(this.testSession.nodeExists(path));
        Node node = this.testSession.getNode(path);
        Node node2 = this.testSession.getNode(this.path);
        assertTrue(node2.hasNode("a"));
        assertTrue(node.isSame(node2.getNode("a")));
    }

    @Test
    public void testGlobRestriction5() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("a");
        allow(this.path, this.readPrivileges);
        deny(this.path, this.readPrivileges, createGlobRestriction("*/anotherpath"));
        allow(addNode.getPath(), this.repWritePrivileges);
        String path = addNode.getPath();
        assertTrue(this.testSession.nodeExists(path));
        Node node = this.testSession.getNode(path);
        Node node2 = this.testSession.getNode(this.path);
        assertTrue(node2.hasNode("a"));
        assertTrue(node.isSame(node2.getNode("a")));
    }

    @Test
    public void testGlobRestriction6() throws Exception {
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        allow(this.path, privilegesFromName);
        deny(this.path, privilegesFromName, createGlobRestriction("/*"));
        assertTrue(this.testSession.nodeExists(this.path));
        assertFalse(this.testSession.propertyExists(this.path + "/jcr:primaryType"));
        assertFalse(this.testSession.nodeExists(this.childNPath));
        assertFalse(this.testSession.propertyExists(this.childPPath));
    }

    @Test
    public void testEmptyGlobRestriction() throws Exception {
        deny(this.path, this.readPrivileges);
        assertFalse(canReadNode(this.testSession, this.path));
        assertFalse(canReadNode(this.testSession, this.childNPath));
        assertFalse(canReadNode(this.testSession, this.ccPath));
        assertFalse(this.testSession.propertyExists(this.childchildPPath));
        allow(this.childNPath, this.readPrivileges, createGlobRestriction(""));
        assertFalse(canReadNode(this.testSession, this.path));
        assertTrue(canReadNode(this.testSession, this.childNPath));
        assertFalse(canReadNode(this.testSession, this.ccPath));
        assertFalse(this.testSession.propertyExists(this.childchildPPath));
        assertFalse(this.testSession.propertyExists(this.childNPath + "/jcr:primaryType"));
        allow(this.ccPath, this.readPrivileges);
        assertTrue(canReadNode(this.testSession, this.ccPath));
        assertTrue(this.testSession.propertyExists(this.ccPath + "/jcr:primaryType"));
    }

    @Test
    public void testEmptyGlobRestriction2() throws Exception {
        deny(this.path, this.readPrivileges);
        assertFalse(canReadNode(this.testSession, this.path));
        assertFalse(canReadNode(this.testSession, this.childNPath));
        assertFalse(canReadNode(this.testSession, this.ccPath));
        assertFalse(this.testSession.propertyExists(this.childchildPPath));
        allow(this.path, this.readPrivileges, createGlobRestriction(""));
        assertTrue(canReadNode(this.testSession, this.path));
        assertFalse(canReadNode(this.testSession, this.childNPath));
        assertFalse(canReadNode(this.testSession, this.ccPath));
        assertFalse(this.testSession.propertyExists(this.childchildPPath));
        assertFalse(this.testSession.propertyExists(this.childNPath + "/jcr:primaryType"));
    }

    @Test
    public void testEmptyGlobRestriction3() throws Exception {
        Group testGroup = getTestGroup();
        Group createGroup = getUserManager(this.superuser).createGroup(generateId("group2_"));
        createGroup.addMember(this.testUser);
        Group createGroup2 = getUserManager(this.superuser).createGroup(generateId("group3_"));
        this.superuser.save();
        try {
            assertTrue(testGroup.isDeclaredMember(this.testUser));
            assertTrue(createGroup.isDeclaredMember(this.testUser));
            assertFalse(createGroup2.isDeclaredMember(this.testUser));
            deny(this.path, testGroup.getPrincipal(), this.readPrivileges);
            modify(this.path, testGroup.getPrincipal(), this.readPrivileges, true, createGlobRestriction(""));
            deny(this.childNPath, createGroup.getPrincipal(), this.readPrivileges);
            modify(this.childNPath, createGroup.getPrincipal(), this.readPrivileges, true, createGlobRestriction(""));
            deny(this.childNPath2, createGroup2.getPrincipal(), this.readPrivileges);
            modify(this.childNPath2, createGroup2.getPrincipal(), this.readPrivileges, true, createGlobRestriction(""));
            Session login = getHelper().getRepository().login(this.creds);
            assertTrue(canReadNode(login, this.path));
            assertTrue(canReadNode(login, this.childNPath));
            assertFalse(canReadNode(login, this.childNPath2));
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
        } catch (Throwable th) {
            createGroup.remove();
            createGroup2.remove();
            this.superuser.save();
            throw th;
        }
    }

    @Test
    public void testTwoWildCards() throws Exception {
        Node addNode = this.superuser.getNode(this.childNPath).addNode("100");
        Node addNode2 = addNode.addNode("110");
        Node addNode3 = addNode.addNode("120");
        Node addNode4 = addNode2.addNode("111");
        Node addNode5 = addNode2.addNode("112");
        Node addNode6 = addNode3.addNode("121");
        Node addNode7 = addNode3.addNode("122");
        deny(this.childNPath, privilegesFromName("{http://www.jcp.org/jcr/1.0}all"), createGlobRestriction("/*/110/*"));
        this.superuser.save();
        assertTrue(canReadNode(this.testSession, addNode.getPath()));
        assertTrue(canReadNode(this.testSession, addNode2.getPath()));
        assertFalse(canReadNode(this.testSession, addNode4.getPath()));
        assertFalse(canReadNode(this.testSession, addNode5.getPath()));
        assertTrue(canReadNode(this.testSession, addNode3.getPath()));
        assertTrue(canReadNode(this.testSession, addNode6.getPath()));
        assertTrue(canReadNode(this.testSession, addNode7.getPath()));
    }

    @Test
    public void testGlobTrailingSlash() throws Exception {
        deny(this.path, this.readPrivileges);
        allow(this.path, this.readPrivileges, createGlobRestriction("/" + PathUtils.getName(this.childNPath) + "/"));
        assertGlobTrailingSlashEffect();
    }

    @Test
    public void testGlobTrailingSlashWildcard() throws Exception {
        deny(this.path, this.readPrivileges);
        allow(this.path, this.readPrivileges, createGlobRestriction("/" + PathUtils.getName(this.childNPath) + "/*"));
        assertGlobTrailingSlashEffect();
    }

    private void assertGlobTrailingSlashEffect() throws RepositoryException {
        assertFalse(canReadNode(this.testSession, this.path));
        assertFalse(canReadNode(this.testSession, this.path + "/"));
        assertFalse(canReadNode(this.testSession, this.childNPath));
        assertTrue(canReadNode(this.testSession, this.ccPath));
        assertTrue(this.testSession.propertyExists(this.childchildPPath));
    }
}
