package org.jahia.test.services.content.protection;

import java.io.IOException;
import java.util.Collections;
import java.util.Locale;
import java.util.Properties;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import org.apache.commons.io.FileUtils;
import org.apache.commons.lang.StringUtils;
import org.jahia.services.content.JCRCallback;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.JCRStoreProvider;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRMountPointNode;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.pwdpolicy.JahiaPasswordPolicyService;
import org.jahia.services.usermanager.JahiaGroupManagerService;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.test.JahiaTestCase;
import org.json.JSONObject;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/jahia/test/services/content/protection/JcrSettingsAccessTest.class */
public class JcrSettingsAccessTest extends JahiaTestCase {
    private static final String[] JCR_PATHS_TO_TEST = {"/settings/mail-server", "/settings/mail-server/j:activated", "/settings/search-settings", "/settings/search-settings/j:provider", "/settings/forgesSettings", "/passwordPolicy", "/passwordPolicy/j:policy"};
    private static final String PRIVILEGED_USER_NAME = "jcr-settings-test-privileged-user";
    private static final String SERVER_ADMIN_USER_NAME = "jcr-mount-point-test-serveradmin-user";
    private static final String USER_PASSWORD = "password";
    private static JahiaGroupManagerService groupManager;
    private static String mountPointPath;
    private static JahiaUserManagerService userManager;

    /* JADX INFO: Access modifiers changed from: private */
    public static void checkExistence(JCRSessionWrapper jCRSessionWrapper, boolean z, String... strArr) throws RepositoryException {
        String userID = jCRSessionWrapper.getUserID();
        String name = jCRSessionWrapper.getWorkspace().getName();
        for (String str : strArr) {
            if (z) {
                Assert.assertTrue(str + " should be accessible with " + userID + " session in " + name, jCRSessionWrapper.itemExists(str));
                Assert.assertNotNull(str + " should be accessible with " + userID + " session in " + name, jCRSessionWrapper.getItem(str));
            } else {
                Assert.assertFalse(str + " should not be accessible with " + userID + " session in " + name, jCRSessionWrapper.itemExists(str));
                try {
                    jCRSessionWrapper.getItem(str);
                    Assert.fail(str + " should not be accessible with " + userID + " session in " + name);
                } catch (PathNotFoundException e) {
                }
            }
        }
    }

    @BeforeClass
    public static void oneTimeSetUp() throws Exception {
        groupManager = JahiaGroupManagerService.getInstance();
        userManager = JahiaUserManagerService.getInstance();
        JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.1
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2833doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JCRUserNode createUser = JcrSettingsAccessTest.userManager.createUser(JcrSettingsAccessTest.PRIVILEGED_USER_NAME, "password", new Properties(), jCRSessionWrapper);
                jCRSessionWrapper.save();
                JcrSettingsAccessTest.groupManager.lookupGroup((String) null, "privileged", jCRSessionWrapper).addMember(createUser);
                jCRSessionWrapper.save();
                JahiaPasswordPolicyService.getInstance().getDefaultPolicy();
                JcrSettingsAccessTest.userManager.createUser(JcrSettingsAccessTest.SERVER_ADMIN_USER_NAME, "password", new Properties(), jCRSessionWrapper);
                jCRSessionWrapper.save();
                jCRSessionWrapper.getRootNode().grantRoles("u:jcr-mount-point-test-serveradmin-user", Collections.singleton("server-administrator"));
                jCRSessionWrapper.save();
                JCRMountPointNode addNode = jCRSessionWrapper.getNode("/mounts").addNode("jcr-mount-point-test-" + System.currentTimeMillis() + "-mount", "jnt:vfsMountPoint");
                addNode.setProperty("j:rootPath", FileUtils.getTempDirectoryPath());
                addNode.setMountStatus(JCRMountPointNode.MountStatus.mounted);
                jCRSessionWrapper.save();
                JCRStoreProvider mountProvider = addNode.getMountProvider();
                Assert.assertTrue("Unable to create VFS mount point", mountProvider != null && mountProvider.isAvailable());
                String unused = JcrSettingsAccessTest.mountPointPath = addNode.getPath();
                return null;
            }
        });
    }

    @AfterClass
    public static void oneTimeTearDown() throws Exception {
        JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.2
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2834doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JCRUserNode lookupUser = JcrSettingsAccessTest.userManager.lookupUser(JcrSettingsAccessTest.PRIVILEGED_USER_NAME, jCRSessionWrapper);
                if (lookupUser != null) {
                    JcrSettingsAccessTest.groupManager.lookupGroup((String) null, "privileged", jCRSessionWrapper).removeMember(lookupUser);
                    jCRSessionWrapper.save();
                    JcrSettingsAccessTest.userManager.deleteUser(lookupUser.getPath(), jCRSessionWrapper);
                    jCRSessionWrapper.save();
                }
                JCRUserNode lookupUser2 = JcrSettingsAccessTest.userManager.lookupUser(JcrSettingsAccessTest.SERVER_ADMIN_USER_NAME, jCRSessionWrapper);
                if (lookupUser2 != null) {
                    jCRSessionWrapper.getRootNode().revokeRolesForPrincipal("u:jcr-mount-point-test-serveradmin-user");
                    JcrSettingsAccessTest.userManager.deleteUser(lookupUser2.getPath(), jCRSessionWrapper);
                    jCRSessionWrapper.save();
                }
                if (JcrSettingsAccessTest.mountPointPath == null || !jCRSessionWrapper.nodeExists(JcrSettingsAccessTest.mountPointPath)) {
                    return null;
                }
                jCRSessionWrapper.getNode(JcrSettingsAccessTest.mountPointPath).remove();
                jCRSessionWrapper.save();
                return null;
            }
        });
        groupManager = null;
        userManager = null;
    }

    private void checkNoAccessViaRest() throws IOException {
        checkNoAccessViaRest("/modules/api/jcr/v1/live/en/paths/settings/mail-server");
        checkNoAccessViaRest("/modules/api/jcr/v1/default/en/paths/settings/mail-server");
        checkNoAccessViaRest("/modules/api/jcr/v1/default/en/paths/settings/search-settings");
        checkNoAccessViaRest("/modules/api/jcr/v1/default/en/paths/settings/forgesSettings");
        checkNoAccessViaRest("/modules/api/jcr/v1/default/en/paths/passwordPolicy");
        checkNoAccessViaRest("/modules/api/jcr/v1/default/en/paths" + mountPointPath);
    }

    private void checkNoAccessViaRest(String str) throws IOException {
        Assert.assertTrue(StringUtils.contains(getAsText(str, 404), "\"exception\":\"javax.jcr.PathNotFoundException\""));
    }

    @Test
    public void shouldHaveAccessToMountPointNodeWithServerAdminUserViaJcr() throws RepositoryException {
        JCRTemplate.getInstance().doExecute(SERVER_ADMIN_USER_NAME, (String) null, "default", Locale.ENGLISH, new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.3
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2835doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, true, JcrSettingsAccessTest.mountPointPath, JcrSettingsAccessTest.mountPointPath + "/j:rootPath");
                return null;
            }
        });
    }

    @Test
    public void shouldHaveAccessToMountPointNodeWithServerAdminUserViaRest() throws RepositoryException, IOException {
        login(SERVER_ADMIN_USER_NAME, "password");
        try {
            String asText = getAsText("/modules/api/jcr/v1/default/en/paths" + mountPointPath);
            Assert.assertTrue(StringUtils.contains(asText, "\"type\":\"jnt:vfsMountPoint\""));
            Assert.assertTrue(StringUtils.contains(asText, "\"name\":\"j:rootPath\""));
            Assert.assertTrue(StringUtils.contains(asText, "\"value\":" + JSONObject.quote(FileUtils.getTempDirectoryPath())));
        } finally {
            logout();
        }
    }

    @Test
    public void shouldHaveAccessToSettingsWithSystemUserViaJcr() throws RepositoryException {
        JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.4
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2836doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, true, JcrSettingsAccessTest.JCR_PATHS_TO_TEST);
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, true, JcrSettingsAccessTest.mountPointPath, JcrSettingsAccessTest.mountPointPath + "/j:rootPath");
                return null;
            }
        });
    }

    @Test
    public void shouldHaveAccessToSettingsWithSystemUserViaRest() throws RepositoryException, IOException {
        loginRoot();
        try {
            String asText = getAsText("/modules/api/jcr/v1/default/en/paths/settings/mail-server");
            Assert.assertTrue(StringUtils.contains(asText, "\"type\":\"jnt:mailServerSettings\""));
            Assert.assertTrue(StringUtils.contains(asText, "\"path\":\"/settings/mail-server/j:activated\""));
            String asText2 = getAsText("/modules/api/jcr/v1/default/en/paths/settings/search-settings");
            Assert.assertTrue(StringUtils.contains(asText2, "\"type\":\"jnt:searchServerSettings\""));
            Assert.assertTrue(StringUtils.contains(asText2, "\"path\":\"/settings/search-settings/j:provider\""));
            Assert.assertTrue(StringUtils.contains(getAsText("/modules/api/jcr/v1/default/en/paths/settings/forgesSettings"), "\"type\":\"jnt:forgesServerSettings\""));
            Assert.assertTrue(StringUtils.contains(getAsText("/modules/api/jcr/v1/default/en/paths/passwordPolicy"), "\"type\":\"jnt:passwordPolicy\""));
            String asText3 = getAsText("/modules/api/jcr/v1/default/en/paths" + mountPointPath);
            Assert.assertTrue(StringUtils.contains(asText3, "\"type\":\"jnt:vfsMountPoint\""));
            Assert.assertTrue(StringUtils.contains(asText3, "\"name\":\"j:rootPath\""));
            Assert.assertTrue(StringUtils.contains(asText3, "\"value\":" + JSONObject.quote(FileUtils.getTempDirectoryPath())));
        } finally {
            logout();
        }
    }

    @Test
    public void shouldNotHaveAccessToSettingsWithGuestUserViaJcr() throws RepositoryException {
        JCRCallback<Boolean> jCRCallback = new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.5
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2837doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, false, JcrSettingsAccessTest.JCR_PATHS_TO_TEST);
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, false, JcrSettingsAccessTest.mountPointPath + "/j:rootPath");
                return null;
            }
        };
        JCRTemplate.getInstance().doExecute("guest", (String) null, "default", Locale.ENGLISH, jCRCallback);
        JCRTemplate.getInstance().doExecute("guest", (String) null, "live", Locale.ENGLISH, jCRCallback);
    }

    @Test
    public void shouldNotHaveAccessToSettingsWithGuestUserViaRest() throws RepositoryException, IOException {
        checkNoAccessViaRest();
    }

    @Test
    public void shouldNotHaveAccessToSettingsWithPrivilegedUserViaJcr() throws RepositoryException {
        JCRTemplate.getInstance().doExecute(PRIVILEGED_USER_NAME, (String) null, "default", Locale.ENGLISH, new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.JcrSettingsAccessTest.6
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m2838doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, false, JcrSettingsAccessTest.JCR_PATHS_TO_TEST);
                JcrSettingsAccessTest.checkExistence(jCRSessionWrapper, false, JcrSettingsAccessTest.mountPointPath + "/j:rootPath");
                return null;
            }
        });
    }

    @Test
    public void shouldNotHaveAccessToSettingsWithPrivilegedUserViaRest() throws RepositoryException, IOException {
        login("privileged", "password");
        try {
            checkNoAccessViaRest();
        } finally {
            logout();
        }
    }
}
