package org.jahia.test.services.acl;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Collections;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Properties;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import org.assertj.core.api.AbstractBooleanAssert;
import org.assertj.core.api.Assertions;
import org.jahia.registries.ServicesRegistry;
import org.jahia.services.content.JCRCallback;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRPublicationService;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRGroupNode;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.test.TestHelper;
import org.jahia.test.services.content.ContentTest;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import shaded.org.eclipse.aether.repository.AuthenticationContext;

/* loaded from: input_file:org/jahia/test/services/acl/AclTest.class */
public class AclTest {
    private static final Logger logger = LoggerFactory.getLogger(ContentTest.class);
    private static final String TESTSITE_NAME = "aclTestSite";
    public static final String SITEPATH = "/sites/aclTestSite";
    public static final String HOMEPATH = "/sites/aclTestSite/home";
    public static final String GROUP1 = "group1";
    public static final String GROUP2 = "group2";
    public static final String USER1 = "user1";
    public static final String USER2 = "user2";
    public static final String USER3 = "user3";
    public static final String USER4 = "user4";
    private static String homeIdentifier;
    private JCRSessionWrapper session;
    static String content1Identifier;
    private static String content11Identifier;
    private static String content12Identifier;
    private static String content2Identifier;
    private static String content21Identifier;
    private static String content22Identifier;

    /* loaded from: input_file:org/jahia/test/services/acl/AclTest$CheckPermission.class */
    private static class CheckPermission implements JCRCallback<Boolean> {
        private String path;
        private String permission;

        CheckPermission(String str, String str2) {
            this.path = str;
            this.permission = str2;
        }

        /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
        public Boolean m2821doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
            try {
                return Boolean.valueOf(jCRSessionWrapper.getNode(this.path).hasPermission(this.permission));
            } catch (PathNotFoundException e) {
                return false;
            }
        }
    }

    private static void assertRole(JCRNodeWrapper jCRNodeWrapper, String str, String str2, String str3) {
        Map aclEntries = jCRNodeWrapper.getAclEntries();
        String path = jCRNodeWrapper.getPath();
        Assertions.assertThat(aclEntries).as("ACL entries for node %s should contain %s for role for principal %s", path, str2, str3, str).containsKey(str);
        Assertions.assertThat((Object[]) ((List) aclEntries.get(str)).get(0)).as("ACL entries for node %s should contain %s for role for principal %s", path, str2, str3, str).containsExactly((Object[]) new String[]{path, str2, str3});
    }

    @BeforeClass
    public static void oneTimeSetUp() throws Exception {
        JahiaSite createSite = TestHelper.createSite(TESTSITE_NAME, TestHelper.DX_BASE_DEMO_TEMPLATES);
        JCRPublicationService jCRPublicationService = ServicesRegistry.getInstance().getJCRPublicationService();
        JahiaGroupManagerService jahiaGroupManagerService = ServicesRegistry.getInstance().getJahiaGroupManagerService();
        JahiaUserManagerService jahiaUserManagerService = ServicesRegistry.getInstance().getJahiaUserManagerService();
        JCRSessionWrapper currentUserSession = jCRPublicationService.getSessionFactory().getCurrentUserSession();
        JCRNodeWrapper node = currentUserSession.getNode(HOMEPATH);
        homeIdentifier = node.getIdentifier();
        JCRNodeWrapper addNode = node.addNode("content1", "jnt:contentList");
        content1Identifier = addNode.getIdentifier();
        content11Identifier = addNode.addNode("content1.1", "jnt:contentList").getIdentifier();
        content12Identifier = addNode.addNode("content1.2", "jnt:contentList").getIdentifier();
        JCRNodeWrapper addNode2 = node.addNode("content2", "jnt:contentList");
        content2Identifier = addNode2.getIdentifier();
        content21Identifier = addNode2.addNode("content2.1", "jnt:contentList").getIdentifier();
        content22Identifier = addNode2.addNode("content2.2", "jnt:contentList").getIdentifier();
        currentUserSession.save();
        JCRUserNode createUser = jahiaUserManagerService.createUser(USER1, AuthenticationContext.PASSWORD, new Properties(), currentUserSession);
        JCRUserNode createUser2 = jahiaUserManagerService.createUser(USER2, AuthenticationContext.PASSWORD, new Properties(), currentUserSession);
        JCRUserNode createUser3 = jahiaUserManagerService.createUser(USER3, AuthenticationContext.PASSWORD, new Properties(), currentUserSession);
        JCRUserNode createUser4 = jahiaUserManagerService.createUser(USER4, AuthenticationContext.PASSWORD, new Properties(), currentUserSession);
        JCRGroupNode createGroup = jahiaGroupManagerService.createGroup(createSite.getSiteKey(), GROUP1, new Properties(), false, currentUserSession);
        JCRGroupNode createGroup2 = jahiaGroupManagerService.createGroup(createSite.getSiteKey(), GROUP2, new Properties(), false, currentUserSession);
        createGroup.addMember(createUser);
        createGroup.addMember(createUser2);
        createGroup2.addMember(createUser3);
        createGroup2.addMember(createUser4);
        currentUserSession.save();
    }

    @AfterClass
    public static void oneTimeTearDown() throws Exception {
        try {
            JCRSessionWrapper currentUserSession = JCRSessionFactory.getInstance().getCurrentUserSession();
            if (currentUserSession.nodeExists(SITEPATH)) {
                TestHelper.deleteSite(TESTSITE_NAME);
            }
            JahiaUserManagerService jahiaUserManagerService = ServicesRegistry.getInstance().getJahiaUserManagerService();
            jahiaUserManagerService.deleteUser(jahiaUserManagerService.getUserPath(USER1), currentUserSession);
            jahiaUserManagerService.deleteUser(jahiaUserManagerService.getUserPath(USER2), currentUserSession);
            jahiaUserManagerService.deleteUser(jahiaUserManagerService.getUserPath(USER3), currentUserSession);
            jahiaUserManagerService.deleteUser(jahiaUserManagerService.getUserPath(USER4), currentUserSession);
            currentUserSession.save();
        } catch (Exception e) {
            logger.warn("Exception during test tearDown", (Throwable) e);
        }
        JCRSessionFactory.getInstance().closeAllSessions();
    }

    @Before
    public void setUp() throws RepositoryException {
        this.session = JCRSessionFactory.getInstance().getCurrentUserSession();
        this.session.getNodeByIdentifier(homeIdentifier).getAclEntries();
        this.session.getNodeByIdentifier(content1Identifier).getAclEntries();
        this.session.getNodeByIdentifier(content11Identifier).getAclEntries();
        this.session.getNodeByIdentifier(content12Identifier).getAclEntries();
        this.session.getNodeByIdentifier(content2Identifier).getAclEntries();
        this.session.getNodeByIdentifier(content21Identifier).getAclEntries();
        this.session.getNodeByIdentifier(content22Identifier).getAclEntries();
        this.session.save();
    }

    @After
    public void tearDown() throws Exception {
        this.session.getNodeByIdentifier(homeIdentifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content1Identifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content11Identifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content12Identifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content2Identifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content21Identifier).revokeAllRoles();
        this.session.getNodeByIdentifier(content22Identifier).revokeAllRoles();
        this.session.save();
        JCRSessionFactory.getInstance().closeAllSessions();
    }

    @Test
    public void testDefaultReadRight() throws Exception {
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(HOMEPATH, "jcr:read"))).booleanValue());
    }

    @Test
    public void testGrantUser() throws Exception {
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(content11Identifier);
        nodeByIdentifier.grantRoles("u:user1", Collections.singleton("owner"));
        assertRole(nodeByIdentifier, "u:user1", "GRANT", "owner");
        this.session.save();
        Assert.assertTrue(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER2, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
    }

    @Test
    public void testGrantGroup() throws Exception {
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(content11Identifier);
        nodeByIdentifier.grantRoles("g:group1", Collections.singleton("owner"));
        assertRole(nodeByIdentifier, "g:group1", "GRANT", "owner");
        this.session.save();
        Assert.assertTrue(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
        Assert.assertTrue(((Boolean) JCRTemplate.getInstance().doExecute(USER2, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER3, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER4, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
    }

    @Test
    public void testDenyUser() throws Exception {
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(content1Identifier);
        JCRNodeWrapper nodeByIdentifier2 = this.session.getNodeByIdentifier(content11Identifier);
        nodeByIdentifier.grantRoles("u:user1", Collections.singleton("owner"));
        nodeByIdentifier2.denyRoles("u:user1", Collections.singleton("owner"));
        assertRole(nodeByIdentifier, "u:user1", "GRANT", "owner");
        assertRole(nodeByIdentifier2, "u:user1", "DENY", "owner");
        this.session.save();
        Assert.assertTrue(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:write"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier2.getPath(), "jcr:write"))).booleanValue());
    }

    @Test
    public void testAclBreak() throws Exception {
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(content1Identifier);
        JCRNodeWrapper nodeByIdentifier2 = this.session.getNodeByIdentifier(content11Identifier);
        JCRNodeWrapper nodeByIdentifier3 = this.session.getNodeByIdentifier(content12Identifier);
        Assertions.assertThat(nodeByIdentifier.getAclEntries()).as("ACL entries for node %s should NOT be empty", nodeByIdentifier.getPath()).isNotEmpty();
        nodeByIdentifier.setAclInheritanceBreak(true);
        Assertions.assertThat(nodeByIdentifier.getAclEntries()).as("ACL entries for node %s should be empty", nodeByIdentifier.getPath()).isEmpty();
        nodeByIdentifier2.grantRoles("u:user1", Collections.singleton("owner"));
        assertRole(nodeByIdentifier2, "u:user1", "GRANT", "owner");
        Assertions.assertThat(nodeByIdentifier2.getAclEntries()).as("ACL entries for node %s should contains %s role for user %s", nodeByIdentifier2.getPath(), "owner", USER1).containsOnlyKeys((Object[]) new String[]{"u:user1"});
        this.session.save();
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(HOMEPATH, "jcr:read"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier.getPath(), "jcr:read"))).booleanValue());
        Assert.assertTrue(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier2.getPath(), "jcr:read"))).booleanValue());
        Assert.assertFalse(((Boolean) JCRTemplate.getInstance().doExecute(USER1, (String) null, (String) null, (Locale) null, new CheckPermission(nodeByIdentifier3.getPath(), "jcr:read"))).booleanValue());
    }

    @Test
    public void testRevokeRoles() throws Exception {
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(content11Identifier);
        nodeByIdentifier.grantRoles("u:user1", Collections.singleton("owner"));
        nodeByIdentifier.grantRoles("u:user2", Collections.singleton("owner"));
        assertRole(nodeByIdentifier, "u:user1", "GRANT", "owner");
        assertRole(nodeByIdentifier, "u:user2", "GRANT", "owner");
        this.session.save();
        nodeByIdentifier.revokeRolesForPrincipal("u:user2");
        assertRole(nodeByIdentifier, "u:user1", "GRANT", "owner");
        Assertions.assertThat(nodeByIdentifier.getAclEntries()).as("ACL entries for node %s should NOT contain roles for principal %s", nodeByIdentifier.getPath(), "u:user2").doesNotContainKey("u:user2");
        this.session.save();
        nodeByIdentifier.revokeAllRoles();
        Assertions.assertThat(nodeByIdentifier.getAclEntries()).as("ACL entries for node %s should NOT contain roles for principal %s", nodeByIdentifier.getPath(), "u:user1").doesNotContainKey("u:user1");
        Assertions.assertThat(nodeByIdentifier.getAclEntries()).as("ACL entries for node %s should NOT contain roles for principal %s", nodeByIdentifier.getPath(), "u:user2").doesNotContainKey("u:user2");
        this.session.save();
    }

    @Test
    public void testPrivilegedAccess() throws Exception {
        assertAccess(ImmutableMap.of(USER1, false, USER3, false));
        JCRNodeWrapper nodeByIdentifier = this.session.getNodeByIdentifier(homeIdentifier);
        nodeByIdentifier.grantRoles("g:group1", Collections.singleton("editor"));
        this.session.save();
        assertAccess(ImmutableMap.of(USER1, true, USER3, false));
        nodeByIdentifier.revokeRolesForPrincipal("g:group1");
        nodeByIdentifier.grantRoles("u:user1", Collections.singleton("editor"));
        this.session.save();
        assertAccess(ImmutableMap.of(USER1, true, USER2, false, USER3, false));
        nodeByIdentifier.revokeRolesForPrincipal("u:user1");
        nodeByIdentifier.grantRoles("u:user1", Collections.singleton("editor-in-chief"));
        this.session.save();
        assertAccess(ImmutableMap.of(USER1, true, USER2, false, USER3, false));
        nodeByIdentifier.revokeRolesForPrincipal("u:user1");
        this.session.save();
        assertAccess(ImmutableMap.of(USER1, false, USER2, false, USER3, false));
        nodeByIdentifier.grantRoles("g:group1", Collections.singleton("editor"));
        nodeByIdentifier.revokeRolesForPrincipal("g:group1");
        this.session.save();
        assertAccess(ImmutableMap.of(USER1, false, USER2, false, USER3, false));
    }

    /* JADX WARN: Multi-variable type inference failed */
    private static void assertAccess(ImmutableMap<String, Boolean> immutableMap) throws Exception {
        UnmodifiableIterator it = immutableMap.entrySet().iterator();
        while (it.hasNext()) {
            Map.Entry entry = (Map.Entry) it.next();
            String str = (String) entry.getKey();
            Boolean bool = (Boolean) entry.getValue();
            AbstractBooleanAssert<?> assertThat = Assertions.assertThat(isUserPrivileged(str));
            Object[] objArr = new Object[2];
            objArr[0] = str;
            objArr[1] = bool.booleanValue() ? "" : "NOT ";
            ((AbstractBooleanAssert) assertThat.as("%s should %sbe in privileged group", objArr)).isEqualTo((Object) bool);
            AbstractBooleanAssert<?> assertThat2 = Assertions.assertThat(nodeExists(HOMEPATH, str));
            Object[] objArr2 = new Object[2];
            objArr2[0] = str;
            objArr2[1] = bool.booleanValue() ? "" : "NOT ";
            ((AbstractBooleanAssert) assertThat2.as("%s should %shave access to home page in edit mode", objArr2)).isEqualTo((Object) bool);
            AbstractBooleanAssert<?> assertThat3 = Assertions.assertThat(nodeExists(SITEPATH, str));
            Object[] objArr3 = new Object[2];
            objArr3[0] = str;
            objArr3[1] = bool.booleanValue() ? "" : "NOT ";
            ((AbstractBooleanAssert) assertThat3.as("%s should %shave access to site in edit mode", objArr3)).isEqualTo((Object) bool);
        }
    }

    private static boolean isUserPrivileged(String str) throws Exception {
        return ((Boolean) JCRTemplate.getInstance().doExecuteWithSystemSession(jCRSessionWrapper -> {
            return Boolean.valueOf(ServicesRegistry.getInstance().getJahiaGroupManagerService().lookupGroup(TESTSITE_NAME, "site-privileged", jCRSessionWrapper).isMember(ServicesRegistry.getInstance().getJahiaUserManagerService().lookupUser(str, jCRSessionWrapper)));
        })).booleanValue();
    }

    private static boolean nodeExists(String str, String str2) throws Exception {
        return ((Boolean) doInJcrAsUser(str2, jCRSessionWrapper -> {
            try {
                jCRSessionWrapper.getNode(str);
                return Boolean.TRUE;
            } catch (PathNotFoundException e) {
                return Boolean.FALSE;
            }
        })).booleanValue();
    }

    private static <T> T doInJcrAsUser(String str, JCRCallback<T> jCRCallback) throws Exception {
        return (T) JCRTemplate.getInstance().doExecute(str, (String) null, "default", Locale.ENGLISH, jCRCallback);
    }
}
