package org.apache.jackrabbit.oak.security.user;

import java.security.PrivilegedExceptionAction;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.UUID;
import javax.annotation.Nonnull;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/CacheValidatorProviderTest.class */
public class CacheValidatorProviderTest extends AbstractSecurityTest {
    private Group testGroup;
    private Authorizable[] authorizables;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.testGroup = getUserManager(this.root).createGroup("testGroup_" + UUID.randomUUID());
        this.root.commit();
        this.authorizables = new Authorizable[]{getTestUser(), this.testGroup};
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            if (this.testGroup != null) {
                this.testGroup.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    private Tree getAuthorizableTree(@Nonnull Authorizable authorizable) throws RepositoryException {
        return this.root.getTree(authorizable.getPath());
    }

    private Tree getCache(@Nonnull Authorizable authorizable) throws Exception {
        ContentSession contentSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { // from class: org.apache.jackrabbit.oak.security.user.CacheValidatorProviderTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ContentSession run() throws LoginException, NoSuchWorkspaceException {
                return CacheValidatorProviderTest.this.login(null);
            }
        });
        try {
            Root latestRoot = contentSession.getLatestRoot();
            new NodeUtil(latestRoot.getTree(authorizable.getPath())).getOrAddChild("rep:cache", "rep:Cache").setLong("rep:expiration", 1L);
            latestRoot.commit(CacheValidatorProvider.asCommitAttributes());
            contentSession.close();
            this.root.refresh();
            return this.root.getTree(authorizable.getPath()).getChild("rep:cache");
        } catch (Throwable th) {
            contentSession.close();
            throw th;
        }
    }

    @Test
    public void testCreateCacheByName() throws RepositoryException {
        for (Authorizable authorizable : this.authorizables) {
            try {
                try {
                    new NodeUtil(getAuthorizableTree(authorizable)).addChild("rep:cache", "nt:unstructured");
                    this.root.commit();
                    Assert.fail("Creating rep:cache node below a user or group must fail.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(34L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCreateCacheByNodeType() throws RepositoryException {
        for (Authorizable authorizable : this.authorizables) {
            try {
                try {
                    new NodeUtil(getAuthorizableTree(authorizable)).addChild("childNode", "rep:Cache").setLong("rep:expiration", 1L);
                    this.root.commit();
                    Assert.fail("Creating node with nt rep:Cache below a user or group must fail.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(34L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testChangePrimaryType() throws RepositoryException {
        for (Authorizable authorizable : this.authorizables) {
            try {
                try {
                    NodeUtil addChild = new NodeUtil(getAuthorizableTree(authorizable)).addChild("childNode", "nt:unstructured");
                    this.root.commit();
                    addChild.setName("jcr:primaryType", "rep:Cache");
                    addChild.setLong("rep:expiration", 1L);
                    this.root.commit();
                    Assert.fail("Changing primary type of residual node below an user/group to rep:Cache must fail.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(34L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCreateCacheWithCommitInfo() throws RepositoryException {
        for (Authorizable authorizable : this.authorizables) {
            try {
                try {
                    new NodeUtil(getAuthorizableTree(authorizable)).addChild("rep:cache", "rep:Cache").setLong("rep:expiration", 1L);
                    this.root.commit(CacheValidatorProvider.asCommitAttributes());
                    Assert.fail("Creating rep:cache node below a user or group must fail.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(34L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCreateCacheBelowProfile() throws Exception {
        try {
            try {
                new NodeUtil(getAuthorizableTree(getTestUser())).addChild("profile", "oak:Unstructured").addChild("rep:cache", "rep:Cache").setLong("rep:expiration", 23L);
                this.root.commit(CacheValidatorProvider.asCommitAttributes());
                Assert.fail("Creating rep:cache node below a user or group must fail.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertTrue(e.isConstraintViolation());
                Assert.assertEquals(34L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testCreateCacheBelowPersistedProfile() throws Exception {
        try {
            try {
                NodeUtil addChild = new NodeUtil(getAuthorizableTree(getTestUser())).addChild("profile", "oak:Unstructured");
                this.root.commit();
                addChild.addChild("rep:cache", "rep:Cache").setLong("rep:expiration", 23L);
                this.root.commit(CacheValidatorProvider.asCommitAttributes());
                Assert.fail("Creating rep:cache node below a user or group must fail.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertTrue(e.isConstraintViolation());
                Assert.assertEquals(34L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testModifyCache() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(PropertyStates.createProperty("rep:expiration", 25));
        arrayList.add(PropertyStates.createProperty("rep:groupPrincipalNames", "everyone"));
        arrayList.add(PropertyStates.createProperty("jcr:primaryType", "nt:unstructured"));
        arrayList.add(PropertyStates.createProperty("residualProp", "anyvalue"));
        Tree cache = getCache(getTestUser());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                try {
                    cache.setProperty((PropertyState) it.next());
                    this.root.commit(CacheValidatorProvider.asCommitAttributes());
                    Assert.fail("Modifying rep:cache node below a user or group must fail.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(34L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testNestedCache() throws Exception {
        try {
            try {
                new NodeUtil(getCache(getTestUser())).getOrAddChild("rep:cache", "rep:Cache").setLong("rep:expiration", 223L);
                this.root.commit(CacheValidatorProvider.asCommitAttributes());
                Assert.fail("Creating nested cache must fail.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertTrue(e.isConstraintViolation());
                Assert.assertEquals(34L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testRemoveCache() throws Exception {
        getCache(getTestUser()).remove();
        this.root.commit();
    }

    @Test
    public void testCreateCacheOutsideOfAuthorizable() throws Exception {
        NodeUtil nodeUtil = new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT));
        try {
            try {
                nodeUtil.addChild("rep:cache", "rep:Cache").setLong("rep:expiration", 1L);
                this.root.commit();
                Assert.fail("Using rep:cache/rep:Cache outside a user or group must fail.");
                this.root.refresh();
                Tree child = nodeUtil.getTree().getChild("rep:cache");
                if (child.exists()) {
                    child.remove();
                    this.root.commit();
                }
            } catch (CommitFailedException e) {
                Assert.assertTrue(e.isConstraintViolation());
                Assert.assertEquals(34L, e.getCode());
                this.root.refresh();
                Tree child2 = nodeUtil.getTree().getChild("rep:cache");
                if (child2.exists()) {
                    child2.remove();
                    this.root.commit();
                }
            }
        } catch (Throwable th) {
            this.root.refresh();
            Tree child3 = nodeUtil.getTree().getChild("rep:cache");
            if (child3.exists()) {
                child3.remove();
                this.root.commit();
            }
            throw th;
        }
    }
}
