package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.AccessDeniedException;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlPolicy;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.namepath.NamePathMapperImpl;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.name.Namespaces;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AbstractAccessControlTest;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.TestACL;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlManagerImplTest.class */
public class AccessControlManagerImplTest extends AbstractAccessControlTest implements AccessControlConstants {
    private final String testName = "jr:testRoot";
    private final String testPath = "/jr:testRoot";
    private Principal testPrincipal;
    private Privilege[] testPrivileges;
    private Root testRoot;
    private TestNameMapper nameMapper;
    private NamePathMapper npMapper;
    private AccessControlManagerImpl acMgr;
    private ValueFactory valueFactory;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        registerNamespace(TestNameMapper.TEST_PREFIX, TestNameMapper.TEST_URI);
        this.nameMapper = new TestNameMapper(Namespaces.getNamespaceMap(this.root.getTree(IdentifierManagerTest.ID_ROOT)));
        this.npMapper = new NamePathMapperImpl(this.nameMapper);
        this.acMgr = getAccessControlManager(this.npMapper);
        this.valueFactory = new ValueFactoryImpl(this.root, this.npMapper);
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT), this.npMapper).addChild("jr:testRoot", "nt:unstructured");
        this.root.commit();
        this.testPrivileges = privilegesFromNames("{http://www.jcp.org/jcr/1.0}addChildNodes", "{http://www.jcp.org/jcr/1.0}read");
        this.testPrincipal = getTestPrincipal();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            this.root.refresh();
            this.root.getTree("/jr:testRoot").remove();
            this.root.commit();
            if (this.testRoot != null) {
                this.testRoot.getContentSession().close();
                this.testRoot = null;
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public NamePathMapper getNamePathMapper() {
        return this.npMapper;
    }

    private AccessControlManagerImpl getAccessControlManager(NamePathMapper namePathMapper) {
        return new AccessControlManagerImpl(this.root, namePathMapper, getSecurityProvider());
    }

    private Root getTestRoot() throws Exception {
        if (this.testRoot == null) {
            this.testRoot = createTestSession().getLatestRoot();
        }
        return this.testRoot;
    }

    private AccessControlManagerImpl getTestAccessControlManager() throws Exception {
        return new AccessControlManagerImpl(getTestRoot(), getNamePathMapper(), getSecurityProvider());
    }

    private NamePathMapper getLocalNamePathMapper() {
        return new NamePathMapperImpl(new TestNameMapper(this.nameMapper, TestNameMapper.LOCAL_MAPPING));
    }

    private ACL getApplicablePolicy(@Nullable String str) throws RepositoryException {
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies(str);
        if (applicablePolicies.hasNext()) {
            return applicablePolicies.nextAccessControlPolicy();
        }
        throw new RepositoryException("No applicable policy found.");
    }

    private ACL createPolicy(@Nullable String str) {
        PrincipalManager principalManager = getPrincipalManager(this.root);
        final RestrictionProvider restrictionProvider = getRestrictionProvider();
        return new ACL(str, null, getNamePathMapper(), principalManager, getPrivilegeManager(this.root), getBitsProvider()) { // from class: org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest.1
            ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean z, Set<Restriction> set) {
                throw new UnsupportedOperationException();
            }

            @Nonnull
            public RestrictionProvider getRestrictionProvider() {
                return restrictionProvider;
            }
        };
    }

    @Nonnull
    private ACL setupPolicy(@Nullable String str, @Nullable Privilege... privilegeArr) throws RepositoryException {
        Privilege[] privilegeArr2 = (privilegeArr == null || privilegeArr.length == 0) ? this.testPrivileges : privilegeArr;
        ACL applicablePolicy = getApplicablePolicy(str);
        if (str == null) {
            applicablePolicy.addAccessControlEntry(this.testPrincipal, privilegeArr2);
        } else {
            applicablePolicy.addEntry(this.testPrincipal, privilegeArr2, true, getGlobRestriction("*"));
        }
        this.acMgr.setPolicy(str, applicablePolicy);
        return applicablePolicy;
    }

    private Map<String, Value> getGlobRestriction(@Nonnull String str) {
        return ImmutableMap.of("rep:glob", this.valueFactory.createValue(str));
    }

    private List<String> getInvalidPaths() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("");
        arrayList.add("../../jcr:testRoot");
        arrayList.add("jcr:testRoot");
        arrayList.add("jcr:test/Root");
        arrayList.add("./jcr:testRoot");
        return arrayList;
    }

    private List<String> getAcContentPaths() throws RepositoryException {
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        applicablePolicy.addEntry(this.testPrincipal, this.testPrivileges, true, getGlobRestriction("*"));
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        Tree tree = this.root.getTree("/jr:testRoot/rep:policy");
        Assert.assertTrue(tree.exists());
        Iterator it = tree.getChildren().iterator();
        Assert.assertTrue(it.hasNext());
        Tree tree2 = (Tree) it.next();
        Assert.assertNotNull(tree2);
        ArrayList arrayList = new ArrayList();
        arrayList.add("/jr:testRoot/rep:policy");
        arrayList.add(tree2.getPath());
        Tree child = tree2.getChild("rep:restrictions");
        if (child.exists()) {
            arrayList.add(child.getPath());
        }
        return arrayList;
    }

    private Set<Principal> getPrincipals(ContentSession contentSession) {
        return contentSession.getAuthInfo().getPrincipals();
    }

    @Test
    public void testGetSupportedPrivileges() throws Exception {
        List asList = Arrays.asList(getPrivilegeManager(this.root).getRegisteredPrivileges());
        ArrayList arrayList = new ArrayList();
        arrayList.add(null);
        arrayList.add(IdentifierManagerTest.ID_ROOT);
        arrayList.add("/jcr:system");
        arrayList.add("/jr:testRoot");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Privilege[] supportedPrivileges = this.acMgr.getSupportedPrivileges((String) it.next());
            Assert.assertNotNull(supportedPrivileges);
            Assert.assertEquals(asList.size(), supportedPrivileges.length);
            Assert.assertTrue(asList.containsAll(Arrays.asList(supportedPrivileges)));
        }
    }

    @Test
    public void testGetSupportedPrivilegesInvalidPath() throws Exception {
        for (String str : getInvalidPaths()) {
            try {
                this.acMgr.getSupportedPrivileges(str);
                Assert.fail("Expects valid node path, found: " + str);
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testGetSupportedPrivilegesPropertyPath() throws Exception {
        try {
            this.acMgr.getSupportedPrivileges("/jcr:primaryType");
            Assert.fail("Property path -> PathNotFoundException expected.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetSupportedPrivilegesNonExistingPath() throws Exception {
        try {
            this.acMgr.getSupportedPrivileges("/non/existing/node");
            Assert.fail("Nonexisting node -> PathNotFoundException expected.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetSupportedPrivilegesIncludingPathConversion() throws Exception {
        List asList = Arrays.asList(getPrivilegeManager(this.root).getRegisteredPrivileges());
        ArrayList arrayList = new ArrayList();
        arrayList.add("/test:testRoot");
        arrayList.add("/{http://jackrabbit.apache.org}testRoot");
        AccessControlManagerImpl accessControlManager = getAccessControlManager(getLocalNamePathMapper());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Privilege[] supportedPrivileges = accessControlManager.getSupportedPrivileges((String) it.next());
            Assert.assertNotNull(supportedPrivileges);
            Assert.assertEquals(asList.size(), supportedPrivileges.length);
            Assert.assertTrue(asList.containsAll(Arrays.asList(supportedPrivileges)));
        }
    }

    @Test
    public void testGetSupportedForPrivilegesAcContent() throws Exception {
        List asList = Arrays.asList(getPrivilegeManager(this.root).getRegisteredPrivileges());
        Iterator<String> it = getAcContentPaths().iterator();
        while (it.hasNext()) {
            Privilege[] supportedPrivileges = this.acMgr.getSupportedPrivileges(it.next());
            Assert.assertNotNull(supportedPrivileges);
            Assert.assertEquals(asList.size(), supportedPrivileges.length);
            Assert.assertTrue(asList.containsAll(Arrays.asList(supportedPrivileges)));
        }
    }

    @Test
    public void testPrivilegeFromName() throws Exception {
        for (Privilege privilege : Arrays.asList(getPrivilegeManager(this.root).getRegisteredPrivileges())) {
            Assert.assertEquals(privilege, this.acMgr.privilegeFromName(privilege.getName()));
        }
    }

    @Test
    public void testPrivilegeFromExpandedName() throws Exception {
        Assert.assertEquals(getPrivilegeManager(this.root).getPrivilege("jcr:read"), this.acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}read"));
    }

    @Test
    public void testPrivilegeFromInvalidName() throws Exception {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add(null);
        arrayList.add("");
        arrayList.add("test:read");
        for (String str : arrayList) {
            try {
                this.acMgr.privilegeFromName(str);
                Assert.fail("Invalid privilege name " + str);
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testPrivilegeFromUnknownName() throws Exception {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add("unknownPrivilege");
        arrayList.add("{http://www.jcp.org/jcr/1.0}unknown");
        for (String str : arrayList) {
            try {
                this.acMgr.privilegeFromName(str);
                Assert.fail("Invalid privilege name " + str);
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testHasNullPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", (Privilege[]) null));
    }

    @Test
    public void testHasEmptyPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges("/jr:testRoot", new Privilege[0]));
    }

    @Test
    public void testHasPrivilegesForPropertyPath() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        try {
            this.acMgr.hasPrivileges("/jcr:primaryType", privilegesFromNames);
            Assert.fail("AccessControlManager#hasPrivileges for property should fail.");
        } catch (PathNotFoundException e) {
        }
        try {
            this.acMgr.hasPrivileges("/jcr:primaryType", getPrincipals(this.adminSession), privilegesFromNames);
            Assert.fail("AccessControlManager#hasPrivileges for property should fail.");
        } catch (PathNotFoundException e2) {
        }
    }

    @Test
    public void testHasPrivilegesNonExistingNodePath() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        try {
            this.acMgr.hasPrivileges("/not/existing", privilegesFromNames);
            Assert.fail("AccessControlManager#hasPrivileges  for node that doesn't exist should fail.");
        } catch (PathNotFoundException e) {
        }
        try {
            this.acMgr.hasPrivileges("/not/existing", getPrincipals(this.adminSession), privilegesFromNames);
            Assert.fail("AccessControlManager#hasPrivileges  for node that doesn't exist should fail.");
        } catch (PathNotFoundException e2) {
        }
    }

    @Test
    public void testHasPrivilegesInvalidPaths() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.hasPrivileges(it.next(), privilegesFromNames);
                Assert.fail("AccessControlManager#hasPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e) {
            }
        }
        Iterator<String> it2 = getInvalidPaths().iterator();
        while (it2.hasNext()) {
            try {
                this.acMgr.hasPrivileges(it2.next(), getPrincipals(this.adminSession), privilegesFromNames);
                Assert.fail("AccessControlManager#hasPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e2) {
            }
        }
    }

    @Test
    public void testHasPrivilegesAccessControlledNodePath() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        for (String str : getAcContentPaths()) {
            Assert.assertTrue(this.acMgr.hasPrivileges(str, privilegesFromNames));
            Assert.assertTrue(this.acMgr.hasPrivileges(str, getPrincipals(this.adminSession), privilegesFromNames));
        }
    }

    @Test
    public void testHasPrivilegesNotAccessiblePath() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(IdentifierManagerTest.ID_ROOT);
        arrayList.addAll(getAcContentPaths());
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                testAccessControlManager.hasPrivileges((String) it.next(), privilegesFromNames);
                Assert.fail("AccessControlManager#hasPrivileges for node that is not accessible should fail.");
            } catch (PathNotFoundException e) {
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                testAccessControlManager.hasPrivileges((String) it2.next(), getPrincipals(getTestRoot().getContentSession()), privilegesFromNames);
                Assert.fail("AccessControlManager#hasPrivileges for node that is not accessible should fail.");
            } catch (PathNotFoundException e2) {
            }
        }
    }

    @Test
    public void testTestSessionHasPrivileges() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        ArrayList<Privilege[]> arrayList = new ArrayList();
        arrayList.add(privilegesFromNames("jcr:read"));
        arrayList.add(privilegesFromNames("rep:readNodes"));
        arrayList.add(privilegesFromNames("rep:readProperties"));
        arrayList.add(privilegesFromNames("jcr:addChildNodes"));
        arrayList.add(this.testPrivileges);
        for (Privilege[] privilegeArr : arrayList) {
            Assert.assertTrue(testAccessControlManager.hasPrivileges("/jr:testRoot", privilegeArr));
            Assert.assertTrue(testAccessControlManager.hasPrivileges("/jr:testRoot", getPrincipals(getTestRoot().getContentSession()), privilegeArr));
        }
        ArrayList<Privilege[]> arrayList2 = new ArrayList();
        arrayList2.add(privilegesFromNames("jcr:all"));
        arrayList2.add(privilegesFromNames("jcr:readAccessControl"));
        arrayList2.add(privilegesFromNames("jcr:write"));
        arrayList2.add(privilegesFromNames("jcr:lockManagement"));
        for (Privilege[] privilegeArr2 : arrayList2) {
            Assert.assertFalse(testAccessControlManager.hasPrivileges("/jr:testRoot", privilegeArr2));
            Assert.assertFalse(testAccessControlManager.hasPrivileges("/jr:testRoot", getPrincipals(getTestRoot().getContentSession()), privilegeArr2));
        }
    }

    @Test
    public void testTestSessionHasPrivilegesForPrincipals() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        try {
            getTestAccessControlManager().getPrivileges("/jr:testRoot", getPrincipals(this.adminSession));
            Assert.fail("testSession doesn't have sufficient permission to read access control information at testPath");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testHasRepoPrivileges() throws Exception {
        Assert.assertTrue(this.acMgr.hasPrivileges((String) null, privilegesFromNames("jcr:all")));
        Assert.assertTrue(this.acMgr.hasPrivileges((String) null, getPrincipals(this.adminSession), privilegesFromNames("jcr:all")));
    }

    @Test
    public void testTestSessionHasRepoPrivileges() throws Exception {
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Assert.assertFalse(testAccessControlManager.hasPrivileges((String) null, this.testPrivileges));
        Assert.assertFalse(testAccessControlManager.hasPrivileges((String) null, getPrincipals(getTestRoot().getContentSession()), this.testPrivileges));
        try {
            testAccessControlManager.getPrivileges((String) null, getPrincipals(this.adminSession));
            Assert.fail("testSession doesn't have sufficient permission to read access control information");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testGetPrivilegesForPropertyPath() throws Exception {
        try {
            this.acMgr.getPrivileges("/jcr:primaryType");
            Assert.fail("AccessControlManager#getPrivileges for property should fail.");
        } catch (PathNotFoundException e) {
        }
        try {
            this.acMgr.getPrivileges("/jcr:primaryType", Collections.singleton(this.testPrincipal));
            Assert.fail("AccessControlManager#getPrivileges for property should fail.");
        } catch (PathNotFoundException e2) {
        }
    }

    @Test
    public void testGetPrivilegesNonExistingNodePath() throws Exception {
        try {
            this.acMgr.getPrivileges("/not/existing");
            Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
        } catch (PathNotFoundException e) {
        }
        try {
            this.acMgr.getPrivileges("/not/existing", Collections.singleton(this.testPrincipal));
            Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
        } catch (PathNotFoundException e2) {
        }
    }

    @Test
    public void testGetPrivilegesInvalidPaths() throws Exception {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getPrivileges(it.next());
                Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e) {
            }
        }
        Iterator<String> it2 = getInvalidPaths().iterator();
        while (it2.hasNext()) {
            try {
                this.acMgr.getPrivileges(it2.next(), Collections.singleton(this.testPrincipal));
                Assert.fail("AccessControlManager#getPrivileges  for node that doesn't exist should fail.");
            } catch (RepositoryException e2) {
            }
        }
    }

    @Test
    public void testGetPrivilegesAccessControlledNodePath() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        for (String str : getAcContentPaths()) {
            Assert.assertArrayEquals(privilegesFromNames, this.acMgr.getPrivileges(str));
            Assert.assertArrayEquals(privilegesFromNames, this.acMgr.getPrivileges(str, getPrincipals(this.adminSession)));
        }
    }

    @Test
    public void testGetPrivilegesForPrincipalsAccessControlledNodePath() throws Exception {
        ImmutableSet of = ImmutableSet.of(this.testPrincipal);
        Privilege[] privilegeArr = new Privilege[0];
        Iterator<String> it = getAcContentPaths().iterator();
        while (it.hasNext()) {
            Assert.assertArrayEquals(privilegeArr, this.acMgr.getPrivileges(it.next(), of));
        }
    }

    @Test
    public void testGetPrivilegesNotAccessiblePath() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(IdentifierManagerTest.ID_ROOT);
        arrayList.addAll(getAcContentPaths());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                getTestAccessControlManager().getPrivileges((String) it.next());
                Assert.fail("AccessControlManager#getPrivileges for node that is not accessible should fail.");
            } catch (PathNotFoundException e) {
            }
        }
        Iterator it2 = arrayList.iterator();
        while (it2.hasNext()) {
            try {
                getTestAccessControlManager().getPrivileges((String) it2.next(), Collections.singleton(this.testPrincipal));
                Assert.fail("AccessControlManager#getPrivileges for node that is not accessible should fail.");
            } catch (PathNotFoundException e2) {
            }
        }
    }

    @Test
    public void testTestSessionGetPrivileges() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Set<Principal> principals = getPrincipals(getTestRoot().getContentSession());
        Assert.assertArrayEquals(new Privilege[0], testAccessControlManager.getPrivileges((String) null));
        Assert.assertArrayEquals(new Privilege[0], testAccessControlManager.getPrivileges((String) null, principals));
        Assert.assertEquals(ImmutableSet.copyOf(this.testPrivileges), ImmutableSet.copyOf(testAccessControlManager.getPrivileges("/jr:testRoot")));
        Assert.assertEquals(ImmutableSet.copyOf(this.testPrivileges), ImmutableSet.copyOf(testAccessControlManager.getPrivileges("/jr:testRoot", principals)));
        try {
            testAccessControlManager.getPrivileges("/jr:testRoot", getPrincipals(this.adminSession));
            Assert.fail("testSession doesn't have sufficient permission to read access control information at testPath");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testGetRepoPrivileges() throws Exception {
        Assert.assertArrayEquals(privilegesFromNames("jcr:all"), this.acMgr.getPrivileges((String) null));
    }

    @Test
    public void testGetPrivilegesForPrincipals() throws Exception {
        Set<Principal> principals = getPrincipals(this.adminSession);
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:all");
        Assert.assertArrayEquals(privilegesFromNames, this.acMgr.getPrivileges(IdentifierManagerTest.ID_ROOT, principals));
        Assert.assertArrayEquals(privilegesFromNames, this.acMgr.getPrivileges((String) null, principals));
        Assert.assertArrayEquals(privilegesFromNames, this.acMgr.getPrivileges("/jr:testRoot", principals));
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        Set singleton = Collections.singleton(this.testPrincipal);
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges((String) null, singleton));
        Assert.assertArrayEquals(new Privilege[0], this.acMgr.getPrivileges(IdentifierManagerTest.ID_ROOT, singleton));
        Assert.assertEquals(ImmutableSet.copyOf(this.testPrivileges), ImmutableSet.copyOf(this.acMgr.getPrivileges("/jr:testRoot", singleton)));
    }

    @Test
    public void testGetApplicablePolicies() throws Exception {
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies("/jr:testRoot");
        Assert.assertNotNull(applicablePolicies);
        Assert.assertTrue(applicablePolicies.hasNext());
        ACL nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
        Assert.assertNotNull(nextAccessControlPolicy);
        Assert.assertTrue(nextAccessControlPolicy instanceof ACL);
        ACL acl = nextAccessControlPolicy;
        Assert.assertTrue(acl.isEmpty());
        Assert.assertEquals("/jr:testRoot", acl.getPath());
        Assert.assertFalse(applicablePolicies.hasNext());
    }

    @Test
    public void testGetApplicablePoliciesOnAccessControllable() throws Exception {
        new NodeUtil(this.root.getTree("/jr:testRoot")).setNames("jcr:mixinTypes", new String[]{"rep:AccessControllable"});
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies("/jr:testRoot");
        Assert.assertNotNull(applicablePolicies);
        Assert.assertTrue(applicablePolicies.hasNext());
    }

    @Test
    public void testGetApplicableRepoPolicies() throws Exception {
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies((String) null);
        Assert.assertNotNull(applicablePolicies);
        Assert.assertTrue(applicablePolicies.hasNext());
        ACL nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
        Assert.assertNotNull(nextAccessControlPolicy);
        Assert.assertTrue(nextAccessControlPolicy instanceof ACL);
        ACL acl = nextAccessControlPolicy;
        Assert.assertTrue(acl.isEmpty());
        Assert.assertNull(acl.getPath());
        Assert.assertFalse(applicablePolicies.hasNext());
    }

    @Test
    public void testGetApplicablePoliciesWithCollidingNode() throws Exception {
        new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("rep:policy", "nt:unstructured");
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies("/jr:testRoot");
        Assert.assertNotNull(applicablePolicies);
        Assert.assertFalse(applicablePolicies.hasNext());
    }

    @Test
    public void testGetApplicablePoliciesForAccessControlled() throws Exception {
        this.acMgr.setPolicy("/jr:testRoot", getApplicablePolicy("/jr:testRoot"));
        AccessControlPolicyIterator applicablePolicies = this.acMgr.getApplicablePolicies("/jr:testRoot");
        Assert.assertNotNull(applicablePolicies);
        Assert.assertFalse(applicablePolicies.hasNext());
    }

    @Test
    public void testGetApplicablePoliciesInvalidPath() throws Exception {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getPolicies(it.next());
                Assert.fail("Getting applicable policies for an invalid path should fail");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testApplicablePoliciesForPropertyPath() throws Exception {
        try {
            this.acMgr.getApplicablePolicies("/jcr:primaryType");
            Assert.fail("Getting applicable policies for property should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetApplicablePoliciesNonExistingNodePath() throws Exception {
        try {
            this.acMgr.getApplicablePolicies("/not/existing");
            Assert.fail("Getting applicable policies for node that doesn't exist should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetApplicablePoliciesForAcContentPaths() throws Exception {
        Iterator<String> it = getAcContentPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getApplicablePolicies(it.next());
                Assert.fail("Getting applicable policies for access control content should fail.");
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testGetPolicies() throws Exception {
        this.acMgr.setPolicy("/jr:testRoot", getApplicablePolicy("/jr:testRoot"));
        ACL[] policies = this.acMgr.getPolicies("/jr:testRoot");
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof ACL);
        ACL acl = policies[0];
        Assert.assertTrue(acl.isEmpty());
        Assert.assertEquals("/jr:testRoot", acl.getOakPath());
    }

    @Test
    public void testGetPoliciesNodeNotAccessControlled() throws Exception {
        Assert.assertNotNull(this.acMgr.getPolicies("/jr:testRoot"));
        Assert.assertEquals(0L, r0.length);
    }

    @Test
    public void testGetPoliciesAfterSet() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        ACL[] policies = this.acMgr.getPolicies("/jr:testRoot");
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof ACL);
        Assert.assertFalse(policies[0].isEmpty());
    }

    @Test
    public void testGetPoliciesAfterRemove() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        AccessControlPolicy[] policies = this.acMgr.getPolicies("/jr:testRoot");
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        this.acMgr.removePolicy("/jr:testRoot", policies[0]);
        Assert.assertNotNull(this.acMgr.getPolicies("/jr:testRoot"));
        Assert.assertEquals(0L, r0.length);
        Assert.assertTrue(this.acMgr.getApplicablePolicies("/jr:testRoot").hasNext());
    }

    @Test
    public void testGetPolicyWithInvalidPrincipal() throws Exception {
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        applicablePolicy.addEntry(this.testPrincipal, this.testPrivileges, true, getGlobRestriction("*"));
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        NodeUtil addChild = new NodeUtil(this.root.getTree("/jr:testRoot/rep:policy")).addChild("testACE", "rep:DenyACE");
        addChild.setString("rep:principalName", "invalidPrincipal");
        addChild.setNames("rep:privileges", new String[]{"jcr:read"});
        ACL[] policies = this.acMgr.getPolicies("/jr:testRoot");
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        ACL acl = policies[0];
        ArrayList arrayList = new ArrayList();
        Iterator it = acl.getEntries().iterator();
        while (it.hasNext()) {
            arrayList.add(((AccessControlEntry) it.next()).getPrincipal().getName());
        }
        Assert.assertTrue(arrayList.remove("invalidPrincipal"));
        Assert.assertTrue(arrayList.remove(this.testPrincipal.getName()));
        Assert.assertTrue(arrayList.isEmpty());
    }

    @Test
    public void testGetRepoPolicies() throws Exception {
        Assert.assertNotNull(this.acMgr.getPolicies((String) null));
        Assert.assertEquals(0L, r0.length);
        this.acMgr.setPolicy((String) null, this.acMgr.getApplicablePolicies((String) null).nextAccessControlPolicy());
        Assert.assertFalse(this.acMgr.getApplicablePolicies((String) null).hasNext());
        ACL[] policies = this.acMgr.getPolicies((String) null);
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof ACL);
        ACL acl = policies[0];
        Assert.assertTrue(acl.isEmpty());
        Assert.assertNull(acl.getPath());
        Assert.assertNull(acl.getOakPath());
        Assert.assertFalse(this.acMgr.getApplicablePolicies((String) null).hasNext());
        this.acMgr.removePolicy((String) null, acl);
        Assert.assertEquals(0L, this.acMgr.getPolicies((String) null).length);
        Assert.assertTrue(this.acMgr.getApplicablePolicies((String) null).hasNext());
    }

    @Test
    public void testGetPoliciesInvalidPath() throws Exception {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getPolicies(it.next());
                Assert.fail("Getting policies for an invalid path should fail");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testGetPoliciesPropertyPath() throws Exception {
        try {
            this.acMgr.getPolicies("/jcr:primaryType");
            Assert.fail("Getting policies for property should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetPoliciesNonExistingNodePath() throws Exception {
        try {
            this.acMgr.getPolicies("/not/existing");
            Assert.fail("Getting policies for node that doesn't exist should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetPoliciesAcContentPaths() throws Exception {
        Iterator<String> it = getAcContentPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getPolicies(it.next());
                Assert.fail("Getting policies for access control content should fail.");
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testGetEffectivePolicies() throws Exception {
        Assert.assertNotNull(this.acMgr.getEffectivePolicies("/jr:testRoot"));
        Assert.assertEquals(0L, r0.length);
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        Assert.assertNotNull(this.acMgr.getEffectivePolicies("/jr:testRoot"));
        Assert.assertEquals(1L, r0.length);
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        Assert.assertNotNull(this.acMgr.getEffectivePolicies(path));
        Assert.assertEquals(1L, r0.length);
        setupPolicy(path, new Privilege[0]);
        this.root.commit();
        Assert.assertNotNull(this.acMgr.getEffectivePolicies(path));
        Assert.assertEquals(2L, r0.length);
    }

    @Test
    public void testGetEffectivePoliciesNewPolicy() throws Exception {
        Assert.assertNotNull(this.acMgr.getEffectivePolicies("/jr:testRoot"));
        Assert.assertEquals(0L, r0.length);
        setupPolicy("/jr:testRoot", new Privilege[0]);
        Assert.assertNotNull(this.acMgr.getEffectivePolicies("/jr:testRoot"));
        Assert.assertEquals(0L, r0.length);
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        Assert.assertNotNull(this.acMgr.getEffectivePolicies(path));
        Assert.assertEquals(0L, r0.length);
        setupPolicy(path, new Privilege[0]);
        Assert.assertNotNull(this.acMgr.getEffectivePolicies(path));
        Assert.assertEquals(0L, r0.length);
    }

    @Test
    public void testGetEffectiveModifiedPolicy() throws Exception {
        ACL acl = setupPolicy("/jr:testRoot", new Privilege[0]);
        AccessControlEntry[] accessControlEntries = acl.getAccessControlEntries();
        this.root.commit();
        acl.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames("jcr:versionManagement"));
        this.acMgr.setPolicy("/jr:testRoot", acl);
        AccessControlList[] effectivePolicies = this.acMgr.getEffectivePolicies("/jr:testRoot");
        Assert.assertNotNull(effectivePolicies);
        Assert.assertEquals(1L, effectivePolicies.length);
        Assert.assertTrue(effectivePolicies[0] instanceof AccessControlList);
        AccessControlEntry[] accessControlEntries2 = effectivePolicies[0].getAccessControlEntries();
        Assert.assertArrayEquals(accessControlEntries, accessControlEntries2);
        Assert.assertFalse(Arrays.equals(accessControlEntries2, acl.getAccessControlEntries()));
    }

    @Test
    public void testGetEffectivePoliciesInvalidPath() throws Exception {
        Iterator<String> it = getInvalidPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getEffectivePolicies(it.next());
                Assert.fail("Getting policies for an invalid path should fail");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testGetEffectivePoliciesForPropertyPath() throws Exception {
        try {
            this.acMgr.getEffectivePolicies("/jcr:primaryType");
            Assert.fail("Getting policies for property should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetEffectivePoliciesNonExistingNodePath() throws Exception {
        try {
            this.acMgr.getEffectivePolicies("/not/existing");
            Assert.fail("Getting policies for node that doesn't exist should fail.");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testGetEffectivePoliciesForAcContentPaths() throws Exception {
        Iterator<String> it = getAcContentPaths().iterator();
        while (it.hasNext()) {
            try {
                this.acMgr.getEffectivePolicies(it.next());
                Assert.fail("Getting effective policies for access control content should fail.");
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testTestSessionGetEffectivePolicies() throws Exception {
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:read", "jcr:readAccessControl");
        setupPolicy("/jr:testRoot", privilegesFromNames);
        this.root.commit();
        getTestRoot().refresh();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Assert.assertTrue(testAccessControlManager.hasPrivileges("/jr:testRoot", privilegesFromNames));
        Assert.assertNotNull(testAccessControlManager.getEffectivePolicies("/jr:testRoot"));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePolicies2() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        setupPolicy("/jr:testRoot", privilegesFromNames("jcr:read"));
        setupPolicy(path, privilegesFromNames("jcr:readAccessControl"));
        this.root.commit();
        getTestRoot().refresh();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Assert.assertTrue(testAccessControlManager.hasPrivileges(path, privilegesFromNames("jcr:read", "jcr:readAccessControl")));
        Assert.assertNotNull(testAccessControlManager.getEffectivePolicies(path));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePoliciesWithoutPrivilege() throws Exception {
        setupPolicy("/jr:testRoot", privilegesFromNames("jcr:read"));
        this.root.commit();
        getTestRoot().refresh();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        for (String str : ImmutableList.of("/jr:testRoot", "/jcr:system/jcr:nodeTypes")) {
            Assert.assertFalse(testAccessControlManager.hasPrivileges(str, privilegesFromNames("jcr:readAccessControl")));
            try {
                testAccessControlManager.getEffectivePolicies(str);
                Assert.fail("READ_ACCESS_CONTROL is not granted at " + str);
            } catch (AccessDeniedException e) {
            }
        }
    }

    @Test
    public void testSetPolicy() throws Exception {
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        applicablePolicy.addAccessControlEntry(this.testPrincipal, this.testPrivileges);
        applicablePolicy.addEntry(EveryonePrincipal.getInstance(), this.testPrivileges, false, getGlobRestriction("*/something"));
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        this.root.commit();
        ACL[] policies = getAccessControlManager(this.adminSession.getLatestRoot()).getPolicies("/jr:testRoot");
        Assert.assertEquals(1L, policies.length);
        Assert.assertArrayEquals(applicablePolicy.getAccessControlEntries(), policies[0].getAccessControlEntries());
    }

    @Test
    public void testSetRepoPolicy() throws Exception {
        ACL applicablePolicy = getApplicablePolicy(null);
        applicablePolicy.addAccessControlEntry(this.testPrincipal, privilegesFromNames("jcr:namespaceManagement"));
        this.acMgr.setPolicy((String) null, applicablePolicy);
        this.root.commit();
        ACL[] policies = getAccessControlManager(this.adminSession.getLatestRoot()).getPolicies((String) null);
        Assert.assertEquals(1L, policies.length);
        Assert.assertArrayEquals(applicablePolicy.getAccessControlEntries(), policies[0].getAccessControlEntries());
    }

    @Test
    public void testSetPolicyWritesAcContent() throws Exception {
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        applicablePolicy.addAccessControlEntry(this.testPrincipal, this.testPrivileges);
        applicablePolicy.addEntry(EveryonePrincipal.getInstance(), this.testPrivileges, false, getGlobRestriction("*/something"));
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        this.root.commit();
        Tree tree = this.adminSession.getLatestRoot().getTree("/jr:testRoot");
        Assert.assertTrue(tree.hasChild("rep:policy"));
        Tree child = tree.getChild("rep:policy");
        Assert.assertEquals("rep:ACL", TreeUtil.getPrimaryTypeName(child));
        Assert.assertEquals(2L, child.getChildrenCount(3L));
        Iterator it = child.getChildren().iterator();
        Tree tree2 = (Tree) it.next();
        Assert.assertEquals("rep:GrantACE", TreeUtil.getPrimaryTypeName(tree2));
        Assert.assertEquals(this.testPrincipal.getName(), TreeUtil.getString(tree2, "rep:principalName"));
        Assert.assertArrayEquals(this.testPrivileges, privilegesFromNames(TreeUtil.getStrings(tree2, "rep:privileges")));
        Assert.assertFalse(tree2.hasChild("rep:restrictions"));
        NodeUtil nodeUtil = new NodeUtil((Tree) it.next());
        Assert.assertEquals("rep:DenyACE", nodeUtil.getPrimaryNodeTypeName());
        Assert.assertEquals("everyone", nodeUtil.getString("rep:principalName", (String) null));
        Assert.assertArrayEquals(this.testPrivileges, privilegesFromNames(nodeUtil.getNames("rep:privileges")));
        Assert.assertTrue(nodeUtil.hasChild("rep:restrictions"));
        Assert.assertEquals("*/something", nodeUtil.getChild("rep:restrictions").getString("rep:glob", (String) null));
    }

    @Test
    public void testModifyExistingPolicy() throws Exception {
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        Assert.assertTrue(applicablePolicy.addAccessControlEntry(this.testPrincipal, this.testPrivileges));
        AccessControlEntry accessControlEntry = applicablePolicy.getAccessControlEntries()[0];
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        this.root.commit();
        ACL acl = this.acMgr.getPolicies("/jr:testRoot")[0];
        Assert.assertTrue(acl.addEntry(EveryonePrincipal.getInstance(), this.testPrivileges, false, getGlobRestriction("*/something")));
        AccessControlEntry[] accessControlEntries = acl.getAccessControlEntries();
        Assert.assertEquals(2L, accessControlEntries.length);
        AccessControlEntry accessControlEntry2 = accessControlEntries[1];
        Assert.assertEquals(EveryonePrincipal.getInstance(), accessControlEntry2.getPrincipal());
        acl.orderBefore(accessControlEntry2, accessControlEntry);
        this.acMgr.setPolicy("/jr:testRoot", acl);
        this.root.commit();
        ACL acl2 = this.acMgr.getPolicies("/jr:testRoot")[0];
        AccessControlEntry[] accessControlEntries2 = acl2.getAccessControlEntries();
        Assert.assertEquals(2L, accessControlEntries2.length);
        Assert.assertEquals(accessControlEntry2, accessControlEntries2[0]);
        Assert.assertEquals(accessControlEntry, accessControlEntries2[1]);
        Assert.assertTrue(acl2.addEntry(this.testPrincipal, new Privilege[]{this.acMgr.privilegeFromName("jcr:readAccessControl")}, false, Collections.emptyMap()));
        Assert.assertEquals(3L, acl2.size());
        AccessControlEntry accessControlEntry3 = acl2.getAccessControlEntries()[2];
        acl2.orderBefore(accessControlEntry3, accessControlEntry);
        this.acMgr.setPolicy("/jr:testRoot", acl2);
        AccessControlEntry[] accessControlEntries3 = this.acMgr.getPolicies("/jr:testRoot")[0].getAccessControlEntries();
        Assert.assertEquals(3L, accessControlEntries3.length);
        Assert.assertEquals(accessControlEntry2, accessControlEntries3[0]);
        Assert.assertEquals(accessControlEntry3, accessControlEntries3[1]);
        Assert.assertEquals(accessControlEntry, accessControlEntries3[2]);
    }

    @Test
    public void testSetInvalidPolicy() throws Exception {
        try {
            this.acMgr.setPolicy("/jr:testRoot", new TestACL("/jr:testRoot", getRestrictionProvider(), new JackrabbitAccessControlEntry[0]));
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e) {
        }
        ACL acl = setupPolicy("/jr:testRoot", new Privilege[0]);
        try {
            this.acMgr.setPolicy("/jr:testRoot", new TestACL("/jr:testRoot", getRestrictionProvider(), new JackrabbitAccessControlEntry[0]));
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e2) {
        }
        try {
            this.acMgr.setPolicy("/jr:testRoot", setupPolicy(null, new Privilege[0]));
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e3) {
        }
        try {
            this.acMgr.setPolicy((String) null, acl);
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e4) {
        }
    }

    @Test
    public void testSetPolicyInvalidPath() throws Exception {
        for (String str : getInvalidPaths()) {
            try {
                this.acMgr.setPolicy(str, createPolicy(str));
                Assert.fail("Setting access control policy with invalid path should fail");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testSetPolicyPropertyPath() throws Exception {
        try {
            this.acMgr.setPolicy("/jcr:primaryType", createPolicy("/jcr:primaryType"));
            Assert.fail("Setting access control policy at property path should fail");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testSetPolicyNonExistingNodePath() throws Exception {
        try {
            this.acMgr.setPolicy("/non/existing", createPolicy("/non/existing"));
            Assert.fail("Setting access control policy for non-existing node path should fail");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testSetPolicyAcContent() throws Exception {
        for (String str : getAcContentPaths()) {
            try {
                this.acMgr.setPolicy(str, createPolicy(str));
                Assert.fail("Setting access control policy to access control content should fail");
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testSetPolicyAtDifferentPath() throws Exception {
        try {
            this.acMgr.setPolicy(IdentifierManagerTest.ID_ROOT, getApplicablePolicy("/jr:testRoot"));
            Assert.fail("Setting access control policy at a different node path must fail");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testRemovePolicy() throws Exception {
        this.acMgr.removePolicy("/jr:testRoot", setupPolicy("/jr:testRoot", new Privilege[0]));
        Assert.assertEquals(0L, this.acMgr.getPolicies("/jr:testRoot").length);
        Assert.assertTrue(this.acMgr.getApplicablePolicies("/jr:testRoot").hasNext());
    }

    @Test
    public void testRemoveRepoPolicy() throws Exception {
        this.acMgr.removePolicy((String) null, setupPolicy(null, new Privilege[0]));
        Assert.assertEquals(0L, this.acMgr.getPolicies((String) null).length);
        Assert.assertTrue(this.acMgr.getApplicablePolicies((String) null).hasNext());
    }

    @Test
    public void testRemoveInvalidPolicy() throws Exception {
        ACL acl = setupPolicy("/jr:testRoot", new Privilege[0]);
        try {
            this.acMgr.removePolicy("/jr:testRoot", new TestACL("/jr:testRoot", getRestrictionProvider(), new JackrabbitAccessControlEntry[0]));
            Assert.fail("Invalid policy -> removal must fail");
        } catch (AccessControlException e) {
        }
        try {
            this.acMgr.removePolicy("/jr:testRoot", setupPolicy(null, new Privilege[0]));
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e2) {
        }
        try {
            this.acMgr.removePolicy((String) null, acl);
            Assert.fail("Setting invalid policy must fail");
        } catch (AccessControlException e3) {
        }
    }

    @Test
    public void testRemovePolicyInvalidPath() throws Exception {
        for (String str : getInvalidPaths()) {
            try {
                this.acMgr.removePolicy(str, createPolicy(str));
                Assert.fail("Removing access control policy with invalid path should fail");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testRemovePolicyPropertyPath() throws Exception {
        try {
            this.acMgr.removePolicy("/jcr:primaryType", createPolicy("/jcr:primaryType"));
            Assert.fail("Removing access control policy at property path should fail");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testRemovePolicyNonExistingNodePath() throws Exception {
        try {
            this.acMgr.removePolicy("/non/existing", createPolicy("/non/existing"));
            Assert.fail("Removing access control policy for non-existing node path should fail");
        } catch (PathNotFoundException e) {
        }
    }

    @Test
    public void testRemovePolicyAcContent() throws Exception {
        for (String str : getAcContentPaths()) {
            try {
                this.acMgr.removePolicy(str, createPolicy(str));
                Assert.fail("Removing access control policy to access control content should fail");
            } catch (AccessControlException e) {
            }
        }
    }

    @Test
    public void testRemovePolicyAtDifferentPath() throws Exception {
        try {
            setupPolicy("/jr:testRoot", new Privilege[0]);
            this.acMgr.removePolicy("/jr:testRoot", getApplicablePolicy(IdentifierManagerTest.ID_ROOT));
            Assert.fail("Removing access control policy at a different node path must fail");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testGetApplicablePoliciesNullPrincipal() throws Exception {
        try {
            this.acMgr.getApplicablePolicies((Principal) null);
            Assert.fail("Null is not a valid principal");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testGetApplicablePoliciesInvalidPrincipal() throws Exception {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        try {
            this.acMgr.getApplicablePolicies(new InvalidTestPrincipal("unknown0"));
            Assert.fail("Unknown principal should be detected.");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testGetApplicablePoliciesInternalPrincipal() throws Exception {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        Assert.assertEquals(1L, this.acMgr.getApplicablePolicies(new PrincipalImpl("unknown0")).length);
    }

    @Test
    public void testGetApplicablePoliciesByPrincipal() throws Exception {
        Iterator it = ImmutableList.of(this.testPrincipal, EveryonePrincipal.getInstance()).iterator();
        while (it.hasNext()) {
            JackrabbitAccessControlPolicy[] applicablePolicies = this.acMgr.getApplicablePolicies((Principal) it.next());
            Assert.assertNotNull(applicablePolicies);
            Assert.assertEquals(1L, applicablePolicies.length);
            Assert.assertTrue(applicablePolicies[0] instanceof ACL);
        }
    }

    @Test
    public void testGetApplicablePoliciesByPrincipal2() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        JackrabbitAccessControlPolicy[] applicablePolicies = this.acMgr.getApplicablePolicies(this.testPrincipal);
        Assert.assertNotNull(applicablePolicies);
        Assert.assertEquals(1L, applicablePolicies.length);
        Assert.assertTrue(applicablePolicies[0] instanceof ACL);
        this.root.commit();
        Assert.assertNotNull(this.acMgr.getApplicablePolicies(this.testPrincipal));
        Assert.assertEquals(0L, r0.length);
    }

    @Test
    public void testTestSessionGetApplicablePolicies() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        getTestRoot().refresh();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        Iterator it = ImmutableList.of(this.testPrincipal, EveryonePrincipal.getInstance()).iterator();
        while (it.hasNext()) {
            JackrabbitAccessControlPolicy[] applicablePolicies = testAccessControlManager.getApplicablePolicies((Principal) it.next());
            Assert.assertNotNull(applicablePolicies);
            Assert.assertEquals(1L, applicablePolicies.length);
            Assert.assertTrue(applicablePolicies[0] instanceof ACL);
        }
    }

    @Test
    public void testGetPoliciesNullPrincipal() throws Exception {
        try {
            this.acMgr.getPolicies((Principal) null);
            Assert.fail("Null is not a valid principal");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testGetPoliciesInvalidPrincipal() throws Exception {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        try {
            this.acMgr.getPolicies(new InvalidTestPrincipal("unknown0"));
            Assert.fail("Unknown principal should be detected.");
        } catch (AccessControlException e) {
        }
    }

    @Test
    public void testGetPoliciesInternalPrincipal() throws Exception {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        Assert.assertEquals(0L, this.acMgr.getPolicies(new PrincipalImpl("unknown0")).length);
    }

    @Test
    public void testGetPoliciesByPrincipal() throws Exception {
        Iterator it = ImmutableList.of(this.testPrincipal, EveryonePrincipal.getInstance()).iterator();
        while (it.hasNext()) {
            Assert.assertNotNull(this.acMgr.getPolicies((Principal) it.next()));
            Assert.assertEquals(0L, r0.length);
        }
    }

    @Test
    public void testGetPoliciesByPrincipal2() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        Assert.assertNotNull(this.acMgr.getPolicies(this.testPrincipal));
        Assert.assertEquals(0L, r0.length);
        this.root.commit();
        Assert.assertNotNull(this.acMgr.getPolicies(this.testPrincipal));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testTestSessionGetPolicies() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        Root testRoot = getTestRoot();
        testRoot.refresh();
        AccessControlManagerImpl testAccessControlManager = getTestAccessControlManager();
        PrincipalManager principalManager = getPrincipalManager(testRoot);
        for (Principal principal : ImmutableList.of(this.testPrincipal, EveryonePrincipal.getInstance())) {
            if (principalManager.hasPrincipal(principal.getName())) {
                Assert.assertNotNull(testAccessControlManager.getPolicies(principal));
                Assert.assertEquals(0L, r0.length);
            } else {
                Assert.assertEquals(0L, testAccessControlManager.getPolicies(principal).length);
            }
        }
    }

    @Test
    public void testGetEffectivePoliciesNullPrincipal() throws Exception {
        try {
            this.acMgr.getEffectivePolicies((Set) null);
            Assert.fail("Null principal set not allowed");
        } catch (AccessControlException e) {
        }
        try {
            this.acMgr.getEffectivePolicies(new HashSet(Arrays.asList(EveryonePrincipal.getInstance(), null, this.testPrincipal)));
            Assert.fail("Null principal set not allowed");
        } catch (AccessControlException e2) {
        }
    }

    @Test
    public void testGetEffectivePoliciesInvalidPrincipals() throws Exception {
        Principal principal = getPrincipalManager(this.root).getPrincipal("unknown");
        while (principal != null) {
            principal = getPrincipalManager(this.root).getPrincipal("unknown0");
        }
        InvalidTestPrincipal invalidTestPrincipal = new InvalidTestPrincipal("unknown0");
        try {
            this.acMgr.getEffectivePolicies(Collections.singleton(invalidTestPrincipal));
            Assert.fail("Unknown principal should be detected.");
        } catch (AccessControlException e) {
        }
        try {
            this.acMgr.getEffectivePolicies(ImmutableSet.of(invalidTestPrincipal, EveryonePrincipal.getInstance(), this.testPrincipal));
            Assert.fail("Unknown principal should be detected.");
        } catch (AccessControlException e2) {
        }
    }

    @Test
    public void testGetEffectivePoliciesByPrincipal() throws Exception {
        HashSet<Set> hashSet = new HashSet();
        hashSet.add(Collections.singleton(getTestPrincipal()));
        hashSet.add(Collections.singleton(EveryonePrincipal.getInstance()));
        hashSet.add(ImmutableSet.of(this.testPrincipal, EveryonePrincipal.getInstance()));
        Iterator it = hashSet.iterator();
        while (it.hasNext()) {
            Assert.assertNotNull(this.acMgr.getEffectivePolicies((Set) it.next()));
            Assert.assertEquals(0L, r0.length);
        }
        setupPolicy("/jr:testRoot", new Privilege[0]);
        Iterator it2 = hashSet.iterator();
        while (it2.hasNext()) {
            Assert.assertNotNull(this.acMgr.getEffectivePolicies((Set) it2.next()));
            Assert.assertEquals(0L, r0.length);
        }
        this.root.commit();
        for (Set set : hashSet) {
            Assert.assertNotNull(this.acMgr.getEffectivePolicies(set));
            if (set.contains(getTestPrincipal())) {
                Assert.assertEquals(1L, r0.length);
            } else {
                Assert.assertEquals(0L, r0.length);
            }
        }
        setupPolicy(new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath(), new Privilege[0]);
        for (Set set2 : hashSet) {
            Assert.assertNotNull(this.acMgr.getEffectivePolicies(set2));
            if (set2.contains(getTestPrincipal())) {
                Assert.assertEquals(1L, r0.length);
            } else {
                Assert.assertEquals(0L, r0.length);
            }
        }
        this.root.commit();
        for (Set set3 : hashSet) {
            Assert.assertNotNull(this.acMgr.getEffectivePolicies(set3));
            if (set3.contains(getTestPrincipal())) {
                Assert.assertEquals(2L, r0.length);
            } else {
                Assert.assertEquals(0L, r0.length);
            }
        }
    }

    @Test
    public void testTestSessionGetEffectivePoliciesByPrincipal() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:read", "jcr:readAccessControl");
        setupPolicy("/jr:testRoot", privilegesFromNames);
        setupPolicy(path, privilegesFromNames);
        this.root.commit();
        getTestRoot().refresh();
        Assert.assertNotNull(getTestAccessControlManager().getEffectivePolicies(Collections.singleton(getTestPrincipal())));
        Assert.assertEquals(2L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePoliciesByPrincipal2() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        setupPolicy("/jr:testRoot", privilegesFromNames("jcr:readAccessControl"));
        setupPolicy(path, privilegesFromNames("jcr:read", "jcr:readAccessControl"));
        this.root.commit();
        getTestRoot().refresh();
        Assert.assertNotNull(getTestAccessControlManager().getEffectivePolicies(Collections.singleton(getTestPrincipal())));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePoliciesByPrincipal3() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        setupPolicy("/jr:testRoot", privilegesFromNames("jcr:read"));
        setupPolicy(path, privilegesFromNames("jcr:readAccessControl"));
        this.root.commit();
        getTestRoot().refresh();
        Assert.assertNotNull(getTestAccessControlManager().getEffectivePolicies(Collections.singleton(getTestPrincipal())));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePoliciesByPrincipals() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:read", "jcr:readAccessControl");
        setupPolicy("/jr:testRoot", privilegesFromNames("jcr:read", "jcr:readAccessControl"));
        ACL applicablePolicy = getApplicablePolicy(path);
        applicablePolicy.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames, true);
        this.acMgr.setPolicy(path, applicablePolicy);
        this.root.commit();
        getTestRoot().refresh();
        Assert.assertNotNull(getTestAccessControlManager().getEffectivePolicies(ImmutableSet.of(getTestPrincipal(), EveryonePrincipal.getInstance())));
        Assert.assertEquals(2L, r0.length);
    }

    @Test
    public void testTestSessionGetEffectivePoliciesByPrincipals2() throws Exception {
        String path = new NodeUtil(this.root.getTree("/jr:testRoot")).addChild("child", "nt:unstructured").getTree().getPath();
        Privilege[] privilegesFromNames = privilegesFromNames("jcr:read", "jcr:readAccessControl");
        ACL applicablePolicy = getApplicablePolicy("/jr:testRoot");
        applicablePolicy.addEntry(getTestPrincipal(), privilegesFromNames, false);
        this.acMgr.setPolicy("/jr:testRoot", applicablePolicy);
        setupPolicy(path, privilegesFromNames("jcr:read", "jcr:readAccessControl"));
        this.root.commit();
        getTestRoot().refresh();
        Assert.assertNotNull(getTestAccessControlManager().getEffectivePolicies(ImmutableSet.of(getTestPrincipal(), EveryonePrincipal.getInstance())));
        Assert.assertEquals(1L, r0.length);
    }

    @Test
    public void testSetPrincipalPolicy() throws Exception {
        ACL[] applicablePolicies = this.acMgr.getApplicablePolicies(this.testPrincipal);
        Assert.assertNotNull(applicablePolicies);
        Assert.assertEquals(1L, applicablePolicies.length);
        Assert.assertTrue(applicablePolicies[0] instanceof ACL);
        ACL acl = applicablePolicies[0];
        Assert.assertTrue(acl.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.singletonMap("rep:nodePath", getValueFactory().createValue("/jr:testRoot", 8))));
        this.acMgr.setPolicy(acl.getPath(), acl);
        this.root.commit();
        Root latestRoot = this.adminSession.getLatestRoot();
        ACL[] policies = getAccessControlManager(latestRoot).getPolicies("/jr:testRoot");
        Assert.assertEquals(1L, policies.length);
        Assert.assertEquals(1L, policies[0].getAccessControlEntries().length);
        ACL[] policies2 = getAccessControlManager(latestRoot).getPolicies(this.testPrincipal);
        Assert.assertEquals(1L, policies2.length);
        Assert.assertArrayEquals(acl.getAccessControlEntries(), policies2[0].getAccessControlEntries());
    }

    @Test
    public void testSetPrincipalPolicy2() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        ACL[] policies = this.acMgr.getPolicies(this.testPrincipal);
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof ACL);
        ACL acl = policies[0];
        HashMap hashMap = new HashMap();
        hashMap.put("rep:nodePath", getValueFactory().createValue("/jr:testRoot", 8));
        Assert.assertTrue(acl.addEntry(this.testPrincipal, this.testPrivileges, true, hashMap));
        hashMap.putAll(getGlobRestriction("*"));
        Assert.assertFalse(acl.addEntry(this.testPrincipal, this.testPrivileges, true, hashMap));
        this.acMgr.setPolicy(acl.getPath(), acl);
        Assert.assertEquals(2L, this.acMgr.getPolicies("/jr:testRoot")[0].getAccessControlEntries().length);
    }

    @Test
    public void testRemovePrincipalPolicy() throws Exception {
        ACL[] applicablePolicies = this.acMgr.getApplicablePolicies(this.testPrincipal);
        Assert.assertNotNull(applicablePolicies);
        Assert.assertEquals(1L, applicablePolicies.length);
        Assert.assertTrue(applicablePolicies[0] instanceof ACL);
        ACL acl = applicablePolicies[0];
        Assert.assertTrue(acl.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.singletonMap("rep:nodePath", getValueFactory().createValue("/jr:testRoot", 8))));
        this.acMgr.setPolicy(acl.getPath(), acl);
        this.root.commit();
        this.acMgr.removePolicy(acl.getPath(), acl);
        this.root.commit();
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.testPrincipal).length);
        Assert.assertEquals(0L, this.acMgr.getPolicies("/jr:testRoot").length);
    }

    @Test
    public void testRemovePrincipalPolicy2() throws Exception {
        setupPolicy("/jr:testRoot", new Privilege[0]);
        this.root.commit();
        ACL[] policies = this.acMgr.getPolicies(this.testPrincipal);
        Assert.assertNotNull(policies);
        Assert.assertEquals(1L, policies.length);
        Assert.assertTrue(policies[0] instanceof ACL);
        ACL acl = policies[0];
        this.acMgr.removePolicy(acl.getPath(), acl);
        Assert.assertEquals(0L, this.acMgr.getPolicies("/jr:testRoot").length);
        Assert.assertEquals(0L, this.acMgr.getPolicies(this.testPrincipal).length);
    }
}
