package org.apache.jackrabbit.test.api.security;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.test.NotExecutableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:jackrabbit-jcr-tests-2.18.4-jahia1.jar:org/apache/jackrabbit/test/api/security/AccessControlListTest.class */
public class AccessControlListTest extends AbstractAccessControlTest {
    private static Logger log = LoggerFactory.getLogger(AccessControlListTest.class);
    private String path;
    private Privilege[] privs;
    private Principal testPrincipal;
    private List<Privilege> privilegesToRestore = new ArrayList();

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.test.api.security.AbstractAccessControlTest, org.apache.jackrabbit.test.AbstractJCRTest, org.apache.jackrabbit.test.JUnitTest, junit.framework.TestCase
    public void setUp() throws Exception {
        checkSupportedOption("option.access.control.supported");
        super.setUp();
        try {
            Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
            this.superuser.save();
            this.path = addNode.getPath();
            this.privs = this.acMgr.getSupportedPrivileges(this.path);
            if (this.privs.length == 0) {
                throw new NotExecutableException("No supported privileges at absPath " + this.path);
            }
            this.testPrincipal = getHelper().getKnownPrincipal(this.superuser);
            this.privilegesToRestore = currentPrivileges(getList(this.acMgr, this.path), this.testPrincipal);
        } catch (Exception e) {
            this.superuser.logout();
            throw e;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.test.AbstractJCRTest, org.apache.jackrabbit.test.JUnitTest, junit.framework.TestCase
    public void tearDown() throws Exception {
        try {
            AccessControlList list = getList(this.acMgr, this.path);
            for (AccessControlEntry accessControlEntry : list.getAccessControlEntries()) {
                if (this.testPrincipal.equals(accessControlEntry.getPrincipal())) {
                    list.removeAccessControlEntry(accessControlEntry);
                }
            }
            if (!this.privilegesToRestore.isEmpty()) {
                list.addAccessControlEntry(this.testPrincipal, (Privilege[]) this.privilegesToRestore.toArray(new Privilege[this.privilegesToRestore.size()]));
            }
            if (list.getAccessControlEntries().length > 0 && this.acMgr.getPolicies(this.path).length > 0) {
                this.acMgr.setPolicy(this.path, list);
                this.superuser.save();
            }
        } catch (Exception e) {
            log.warn("Unexpected error while removing test entries.", (Throwable) e);
        }
        super.tearDown();
    }

    private static AccessControlList getList(AccessControlManager accessControlManager, String str) throws NotExecutableException, AccessDeniedException, RepositoryException {
        AccessControlPolicyIterator applicablePolicies = accessControlManager.getApplicablePolicies(str);
        while (applicablePolicies.hasNext()) {
            AccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof AccessControlList) {
                return nextAccessControlPolicy;
            }
        }
        AccessControlList[] policies = accessControlManager.getPolicies(str);
        for (int i = 0; i < policies.length; i++) {
            if (policies[i] instanceof AccessControlList) {
                return policies[i];
            }
        }
        throw new NotExecutableException("No AccessControlList at " + str);
    }

    private static List<Privilege> currentPrivileges(AccessControlList accessControlList, Principal principal) throws RepositoryException {
        ArrayList arrayList = new ArrayList();
        for (AccessControlEntry accessControlEntry : accessControlList.getAccessControlEntries()) {
            if (principal.equals(accessControlEntry.getPrincipal())) {
                arrayList.addAll(Arrays.asList(accessControlEntry.getPrivileges()));
            }
        }
        return arrayList;
    }

    public void testGetAccessControlEntries() throws RepositoryException, AccessDeniedException, NotExecutableException {
        checkCanReadAc(this.path);
        AccessControlEntry[] accessControlEntries = getList(this.acMgr, this.path).getAccessControlEntries();
        assertNotNull("AccessControlList#getAccessControlEntries must not return null.", accessControlEntries);
        for (int i = 0; i < accessControlEntries.length; i++) {
            assertNotNull("An ACE must contain a principal", accessControlEntries[i].getPrincipal());
            Privilege[] privileges = accessControlEntries[i].getPrivileges();
            assertTrue("An ACE must contain at least a single privilege", privileges != null && privileges.length > 0);
        }
    }

    public void testAddAccessControlEntry() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        Privilege[] privilegeArr = {this.privs[0]};
        AccessControlList list = getList(this.acMgr, this.path);
        AccessControlEntry accessControlEntry = null;
        if (!list.addAccessControlEntry(this.testPrincipal, privilegeArr)) {
            throw new NotExecutableException();
        }
        AccessControlEntry[] accessControlEntries = list.getAccessControlEntries();
        for (int i = 0; i < accessControlEntries.length; i++) {
            if (accessControlEntries[i].getPrincipal().equals(this.testPrincipal) && Arrays.asList(privilegeArr).equals(Arrays.asList(accessControlEntries[i].getPrivileges()))) {
                accessControlEntry = accessControlEntries[i];
            }
        }
        if (accessControlEntry == null) {
            throw new NotExecutableException();
        }
        assertEquals("Principal name of the ACE must be equal to the name of the passed Principal", this.testPrincipal.getName(), accessControlEntry.getPrincipal().getName());
        assertEquals("Privileges of the ACE must be equal to the passed ones", Arrays.asList(privilegeArr), Arrays.asList(accessControlEntry.getPrivileges()));
    }

    public void testAddAggregatePrivilege() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        Privilege privilege = null;
        int i = 0;
        while (true) {
            if (i >= this.privs.length) {
                break;
            }
            if (this.privs[i].isAggregate()) {
                privilege = this.privs[i];
                break;
            }
            i++;
        }
        if (privilege == null) {
            throw new NotExecutableException("No aggregate privilege supported at " + this.path);
        }
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, new Privilege[]{privilege});
        List<Privilege> currentPrivileges = currentPrivileges(list, this.testPrincipal);
        assertTrue("Privileges added through 'addAccessControlEntry' must be reflected upon getAccessControlEntries", currentPrivileges.contains(privilege) || currentPrivileges.containsAll(Arrays.asList(privilege.getAggregatePrivileges())));
    }

    public void testAddAggregatedPrivilegesSeparately() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        Privilege privilege = null;
        int i = 0;
        while (true) {
            if (i >= this.privs.length) {
                break;
            }
            if (this.privs[i].isAggregate()) {
                privilege = this.privs[i];
                break;
            }
            i++;
        }
        if (privilege == null) {
            throw new NotExecutableException("No aggregate privilege supported at " + this.path);
        }
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, new Privilege[]{privilege});
        for (Privilege privilege2 : privilege.getAggregatePrivileges()) {
            assertFalse("Adding the aggregated privs individually later on must not modify the policy", list.addAccessControlEntry(this.testPrincipal, new Privilege[]{privilege2}));
        }
    }

    public void testAddAbstractPrivilege() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        Privilege privilege = null;
        Privilege[] aggregatePrivileges = this.acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}all").getAggregatePrivileges();
        int i = 0;
        while (true) {
            if (i >= aggregatePrivileges.length) {
                break;
            }
            if (aggregatePrivileges[i].isAbstract()) {
                privilege = aggregatePrivileges[i];
                break;
            }
            i++;
        }
        if (privilege == null) {
            throw new NotExecutableException("No abstract privilege found.");
        }
        try {
            getList(this.acMgr, this.path).addAccessControlEntry(this.testPrincipal, new Privilege[]{privilege});
            fail("Adding an ACE with an abstract privilege must fail.");
        } catch (AccessControlException e) {
        }
    }

    public void testAddPrivilegesPresentInEntries() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, this.privs);
        HashSet hashSet = new HashSet();
        AccessControlEntry[] accessControlEntries = list.getAccessControlEntries();
        for (int i = 0; i < accessControlEntries.length; i++) {
            if (accessControlEntries[i].getPrincipal().equals(this.testPrincipal)) {
                Privilege[] privileges = accessControlEntries[i].getPrivileges();
                for (int i2 = 0; i2 < privileges.length; i2++) {
                    if (privileges[i2].isAggregate()) {
                        hashSet.addAll(Arrays.asList(privileges[i2].getAggregatePrivileges()));
                    } else {
                        hashSet.add(privileges[i2]);
                    }
                }
            }
        }
        HashSet hashSet2 = new HashSet();
        for (int i3 = 0; i3 < this.privs.length; i3++) {
            if (this.privs[i3].isAggregate()) {
                hashSet2.addAll(Arrays.asList(this.privs[i3].getAggregatePrivileges()));
            } else {
                hashSet2.add(this.privs[i3]);
            }
        }
        assertTrue("getAccessControlEntries must contain an entry or entries that grant at least the added privileges.", hashSet.containsAll(hashSet2));
    }

    public void testAddAccessControlEntryAndSetPolicy() throws RepositoryException, NotExecutableException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        List asList = Arrays.asList(list.getAccessControlEntries());
        if (!list.addAccessControlEntry(this.testPrincipal, this.privs)) {
            throw new NotExecutableException();
        }
        assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", asList, Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()));
        this.acMgr.setPolicy(this.path, list);
        assertEquals("Before calling setPolicy any modifications to an ACL must not be reflected in the policies", Arrays.asList(list.getAccessControlEntries()), Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()));
    }

    public void testAddAccessControlEntryIsTransient() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        List asList = Arrays.asList(list.getAccessControlEntries());
        if (!list.addAccessControlEntry(this.testPrincipal, this.privs)) {
            throw new NotExecutableException();
        }
        this.acMgr.setPolicy(this.path, list);
        this.superuser.refresh(false);
        assertEquals("After calling Session.refresh() any changes to a nodes policies must be reverted.", asList, Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()));
    }

    public void testAddAccessControlEntryInvalidPrincipal() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        try {
            getList(this.acMgr, this.path).addAccessControlEntry(getHelper().getUnknownPrincipal(this.superuser), this.privs);
            fail("Adding an entry with an unknown principal must throw AccessControlException.");
        } catch (AccessControlException e) {
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testAddAccessControlEntryEmptyPrivilegeArray() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        try {
            getList(this.acMgr, this.path).addAccessControlEntry(this.testPrincipal, new Privilege[0]);
            fail("Adding an entry with an invalid privilege array must throw AccessControlException.");
        } catch (AccessControlException e) {
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testAddAccessControlEntryInvalidPrivilege() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        try {
            getList(this.acMgr, this.path).addAccessControlEntry(this.testPrincipal, new Privilege[]{new Privilege() { // from class: org.apache.jackrabbit.test.api.security.AccessControlListTest.1
                public String getName() {
                    return null;
                }

                public boolean isAbstract() {
                    return false;
                }

                public boolean isAggregate() {
                    return false;
                }

                public Privilege[] getDeclaredAggregatePrivileges() {
                    return new Privilege[0];
                }

                public Privilege[] getAggregatePrivileges() {
                    return new Privilege[0];
                }
            }});
            fail("Adding an entry with an invalid privilege must throw AccessControlException.");
        } catch (AccessControlException e) {
        } finally {
            this.superuser.refresh(false);
        }
    }

    public void testRemoveAccessControlEntry() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        AccessControlEntry[] accessControlEntries = list.getAccessControlEntries();
        if (accessControlEntries.length > 0) {
            AccessControlEntry accessControlEntry = accessControlEntries[0];
            list.removeAccessControlEntry(accessControlEntry);
            assertFalse("AccessControlList.getAccessControlEntries still returns a removed ACE.", Arrays.asList(list.getAccessControlEntries()).contains(accessControlEntry));
        }
    }

    public void testRemoveAddedAccessControlEntry() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, this.privs);
        for (AccessControlEntry accessControlEntry : list.getAccessControlEntries()) {
            list.removeAccessControlEntry(accessControlEntry);
        }
        assertEquals("After removing all ACEs the ACL must be empty", 0, list.getAccessControlEntries().length);
    }

    public void testRemoveAccessControlEntryAndSetPolicy() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        if (!list.addAccessControlEntry(this.testPrincipal, this.privs)) {
            throw new NotExecutableException();
        }
        this.acMgr.setPolicy(this.path, list);
        AccessControlList list2 = getList(this.acMgr, this.path);
        AccessControlEntry[] accessControlEntries = list2.getAccessControlEntries();
        if (accessControlEntries.length == 0) {
            throw new NotExecutableException();
        }
        list2.removeAccessControlEntry(accessControlEntries[0]);
        assertEquals("Removal of an ACE must only be visible upon 'setPolicy'", Arrays.asList(accessControlEntries), Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()));
        this.acMgr.setPolicy(this.path, list2);
        assertEquals("After 'setPolicy' the ACE-removal must be visible to the editing session.", Arrays.asList(list2.getAccessControlEntries()), Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()));
    }

    public void testRemoveAccessControlEntryIsTransient() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        if (!list.addAccessControlEntry(this.testPrincipal, this.privs)) {
            throw new NotExecutableException();
        }
        this.acMgr.setPolicy(this.path, list);
        this.superuser.save();
        AccessControlList list2 = getList(this.acMgr, this.path);
        AccessControlEntry accessControlEntry = list2.getAccessControlEntries()[0];
        list2.removeAccessControlEntry(accessControlEntry);
        this.acMgr.setPolicy(this.path, list2);
        this.superuser.refresh(false);
        assertTrue("After reverting any changes the removed ACE should be present again.", Arrays.asList(getList(this.acMgr, this.path).getAccessControlEntries()).contains(accessControlEntry));
    }

    public void testRemoveIllegalAccessControlEntry() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        try {
            getList(this.acMgr, this.path).removeAccessControlEntry(new AccessControlEntry() { // from class: org.apache.jackrabbit.test.api.security.AccessControlListTest.2
                public Principal getPrincipal() {
                    return AccessControlListTest.this.testPrincipal;
                }

                public Privilege[] getPrivileges() {
                    return AccessControlListTest.this.privs;
                }
            });
            fail("AccessControlManager.removeAccessControlEntry with an unknown entry must throw AccessControlException.");
        } catch (AccessControlException e) {
        }
    }

    public void testAddAccessControlEntryTwice() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        if (list.addAccessControlEntry(this.testPrincipal, this.privs)) {
            assertFalse("Adding the same ACE twice should not modify the AC-List.", list.addAccessControlEntry(this.testPrincipal, this.privs));
        }
    }

    public void testAddAccessControlEntryAgain() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, this.privs);
        AccessControlEntry[] accessControlEntries = list.getAccessControlEntries();
        if (accessControlEntries.length <= 0) {
            throw new NotExecutableException();
        }
        assertFalse("Adding an existing entry again must not modify the AC-List", list.addAccessControlEntry(accessControlEntries[0].getPrincipal(), accessControlEntries[0].getPrivileges()));
    }

    public void testExtendPrivileges() throws NotExecutableException, RepositoryException {
        checkCanModifyAc(this.path);
        ArrayList arrayList = new ArrayList(2);
        for (int i = 0; i < this.privs.length && arrayList.size() < 2; i++) {
            if (!this.privs[i].isAggregate()) {
                arrayList.add(this.privs[i]);
            }
        }
        if (arrayList.size() < 2) {
            throw new NotExecutableException("At least 2 supported, non-aggregate privileges required at " + this.path);
        }
        AccessControlList list = getList(this.acMgr, this.path);
        list.addAccessControlEntry(this.testPrincipal, new Privilege[]{(Privilege) arrayList.get(0)});
        list.addAccessControlEntry(this.testPrincipal, new Privilege[]{(Privilege) arrayList.get(1)});
        assertTrue("'AccessControlList.addAccessControlEntry' must not remove privileges added before", currentPrivileges(list, this.testPrincipal).containsAll(arrayList));
    }
}
