package org.apache.jackrabbit.oak.security.authorization.restriction;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import java.util.Collections;
import java.util.Iterator;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/restriction/ItemNameRestrictionTest.class */
public class ItemNameRestrictionTest extends AbstractRestrictionTest {
    @Override // org.apache.jackrabbit.oak.security.authorization.restriction.AbstractRestrictionTest
    boolean addEntry(@NotNull JackrabbitAccessControlList jackrabbitAccessControlList) throws RepositoryException {
        return jackrabbitAccessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read", "rep:addProperties", "jcr:addChildNodes", "jcr:removeNode"), true, Collections.emptyMap(), ImmutableMap.of("rep:itemNames", new Value[]{this.vf.createValue("a", 7), this.vf.createValue("b", 7), this.vf.createValue("c", 7)}));
    }

    @Test
    public void testRead() {
        Root latestRoot = this.testSession.getLatestRoot();
        Iterator it = ImmutableList.of("/a", "/a/d/b", "/a/d/b/e/c").iterator();
        while (it.hasNext()) {
            Assert.assertTrue(latestRoot.getTree((String) it.next()).exists());
        }
        Iterator it2 = ImmutableList.of(IdentifierManagerTest.ID_ROOT, "/a/d", "/a/d/b/e", "/a/d/b/e/c/f").iterator();
        while (it2.hasNext()) {
            Assert.assertFalse(latestRoot.getTree((String) it2.next()).exists());
        }
        Tree tree = latestRoot.getTree("/a/d/b/e/c");
        Assert.assertNull(tree.getProperty("jcr:primaryType"));
        Assert.assertNull(tree.getProperty("prop"));
        Assert.assertNotNull(tree.getProperty("a"));
    }

    @Test
    public void testAddProperty() throws Exception {
        Root latestRoot = this.testSession.getLatestRoot();
        ImmutableList of = ImmutableList.of("/a", "/a/d/b", "/a/d/b/e/c");
        Iterator it = of.iterator();
        while (it.hasNext()) {
            latestRoot.getTree((String) it.next()).setProperty("b", "anyvalue");
            latestRoot.commit();
        }
        Iterator it2 = of.iterator();
        while (it2.hasNext()) {
            try {
                try {
                    latestRoot.getTree((String) it2.next()).setProperty("notAllowed", "anyvalue");
                    latestRoot.commit();
                    Assert.fail();
                    latestRoot.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isAccessViolation());
                    latestRoot.refresh();
                }
            } catch (Throwable th) {
                latestRoot.refresh();
                throw th;
            }
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testModifyProperty() throws Exception {
        Root latestRoot = this.testSession.getLatestRoot();
        try {
            latestRoot.getTree("/a/d/b/e/c").setProperty("a", "anyvalue");
            latestRoot.commit();
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isAccessViolation());
            throw e;
        }
    }

    @Test
    public void testAddChild() throws Exception {
        Root latestRoot = this.testSession.getLatestRoot();
        Iterator it = ImmutableList.of("/a", "/a/d/b", "/a/d/b/e/c").iterator();
        while (it.hasNext()) {
            TreeUtil.addChild(latestRoot.getTree((String) it.next()), "c", "oak:Unstructured");
            latestRoot.commit();
        }
    }

    @Test
    public void testRemoveTree() {
        Root latestRoot = this.testSession.getLatestRoot();
        Iterator it = ImmutableList.of("/a/d/b/e/c", "/a/d/b", "/a").iterator();
        while (it.hasNext()) {
            try {
                try {
                    latestRoot.getTree((String) it.next()).remove();
                    latestRoot.commit();
                    Assert.fail();
                    latestRoot.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isAccessViolation());
                    latestRoot.refresh();
                }
            } catch (Throwable th) {
                latestRoot.refresh();
                throw th;
            }
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveTree2() throws Exception {
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, "/a");
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read", "jcr:removeChildNodes"), true);
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        Root latestRoot = this.testSession.getLatestRoot();
        Iterator it = ImmutableList.of("/a/d/b/e/c", "/a/d/b").iterator();
        while (it.hasNext()) {
            latestRoot.getTree((String) it.next()).remove();
            latestRoot.commit();
        }
        try {
            latestRoot.getTree("/a").remove();
            latestRoot.commit();
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isAccessViolation());
            throw e;
        }
    }

    @Test
    public void testModifyMembersOnly() throws Exception {
        Group createGroup = getUserManager(this.root).createGroup("testGroup" + UUID.randomUUID());
        this.root.commit();
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        String ancestorPath = PathUtils.getAncestorPath("/rep:security/rep:authorizables/rep:users", 1);
        try {
            try {
                JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, ancestorPath);
                accessControlList.addEntry(this.testPrincipal, privilegesFromNames("jcr:read"), true);
                accessControlList.addEntry(this.testPrincipal, privilegesFromNames("rep:userManagement"), true, Collections.emptyMap(), ImmutableMap.of("rep:itemNames", new Value[]{this.vf.createValue("rep:members", 7)}));
                accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
                this.root.commit();
                Root latestRoot = this.testSession.getLatestRoot();
                UserManager userManager = getUserManager(latestRoot);
                Group authorizable = userManager.getAuthorizable(createGroup.getID(), Group.class);
                User authorizable2 = userManager.getAuthorizable(getTestUser().getID(), User.class);
                authorizable.addMember(authorizable2);
                latestRoot.commit();
                try {
                    try {
                        authorizable2.changePassword("blub");
                        latestRoot.commit();
                        Assert.fail();
                        latestRoot.refresh();
                    } catch (CommitFailedException e) {
                        Assert.assertTrue(e.isAccessViolation());
                        latestRoot.refresh();
                    }
                    JackrabbitAccessControlList accessControlList2 = AccessControlUtils.getAccessControlList(accessControlManager, ancestorPath);
                    if (accessControlList2 != null) {
                        accessControlManager.removePolicy(accessControlList2.getPath(), accessControlList2);
                        this.root.commit();
                    }
                } catch (Throwable th) {
                    latestRoot.refresh();
                    throw th;
                }
            } catch (CommitFailedException e2) {
                Assert.assertTrue(e2.isAccessViolation());
                JackrabbitAccessControlList accessControlList3 = AccessControlUtils.getAccessControlList(accessControlManager, ancestorPath);
                if (accessControlList3 != null) {
                    accessControlManager.removePolicy(accessControlList3.getPath(), accessControlList3);
                    this.root.commit();
                }
            }
        } catch (Throwable th2) {
            JackrabbitAccessControlList accessControlList4 = AccessControlUtils.getAccessControlList(accessControlManager, ancestorPath);
            if (accessControlList4 != null) {
                accessControlManager.removePolicy(accessControlList4.getPath(), accessControlList4);
                this.root.commit();
            }
            throw th2;
        }
    }
}
