package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.ValueFormatException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.AccessControlConstants;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.xml.NodeInfo;
import org.apache.jackrabbit.oak.spi.xml.PropInfo;
import org.apache.jackrabbit.oak.spi.xml.ReferenceChangeTracker;
import org.apache.jackrabbit.oak.spi.xml.TextValue;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AccessControlImporterBaseTest.class */
public abstract class AccessControlImporterBaseTest extends AbstractSecurityTest implements AccessControlConstants {
    final NodeInfo aceGrantInfo = new NodeInfo("grantAceName", "rep:GrantACE", ImmutableList.of(), (String) null);
    private final NodeInfo aceDenyInfo = new NodeInfo("denyAceName", "rep:DenyACE", ImmutableList.of(), (String) null);
    private final NodeInfo restrInfo = new NodeInfo("anyRestrName", "rep:Restrictions", ImmutableList.of(), (String) null);
    final PropInfo unknownPrincipalInfo = new PropInfo("rep:principalName", 1, createTextValue("unknownPrincipal"));
    private Tree accessControlledTree;
    Tree aclTree;
    AccessControlImporter importer;
    private String principalName;
    private PropInfo principalInfo;
    private PropInfo privInfo;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        Tree addChild = this.root.getTree(IdentifierManagerTest.ID_ROOT).addChild("testNode");
        addChild.setProperty("jcr:primaryType", "oak:Unstructured", Type.NAME);
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, addChild.getPath());
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), privilegesFromNames("jcr:read"));
        accessControlManager.setPolicy(addChild.getPath(), accessControlList);
        this.root.commit();
        this.accessControlledTree = this.root.getTree("/testNode");
        this.aclTree = this.accessControlledTree.getChild("rep:policy");
        this.importer = new AccessControlImporter();
        this.principalName = getTestUser().getPrincipal().getName();
        this.principalInfo = new PropInfo("rep:principalName", 1, createTextValue(this.principalName));
        this.privInfo = new PropInfo("rep:privileges", 7, createTextValues("jcr:read", "jcr:addChildNodes"));
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Tree tree = this.root.getTree("/testNode");
            if (tree.exists()) {
                tree.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.authorization", ConfigurationParameters.of("importBehavior", getImportBehavior()));
    }

    abstract String getImportBehavior();

    @NotNull
    private Session mockJackrabbitSession() throws Exception {
        JackrabbitSession jackrabbitSession = (JackrabbitSession) Mockito.mock(JackrabbitSession.class);
        Mockito.when(jackrabbitSession.getPrincipalManager()).thenReturn(getPrincipalManager(this.root));
        Mockito.when(jackrabbitSession.getAccessControlManager()).thenReturn(getAccessControlManager(this.root));
        return jackrabbitSession;
    }

    boolean isWorkspaceImport() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void init() throws Exception {
        this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 1, new ReferenceChangeTracker(), getSecurityProvider());
    }

    @NotNull
    private TextValue createTextValue(@NotNull final String str) {
        return new TextValue() { // from class: org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlImporterBaseTest.1
            public String getString() {
                return str;
            }

            public Value getValue(int i) throws RepositoryException {
                return AccessControlImporterBaseTest.this.getValueFactory(AccessControlImporterBaseTest.this.root).createValue(str, i);
            }

            public void dispose() {
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<TextValue> createTextValues(@NotNull String... strArr) {
        ArrayList arrayList = new ArrayList();
        for (String str : strArr) {
            arrayList.add(createTextValue(str));
        }
        return arrayList;
    }

    @Test
    public void testInitNoJackrabbitSession() {
        Assert.assertFalse(this.importer.init((Session) Mockito.mock(Session.class), this.root, getNamePathMapper(), false, 3, new ReferenceChangeTracker(), getSecurityProvider()));
    }

    @Test(expected = IllegalStateException.class)
    public void testInitAlreadyInitialized() throws Exception {
        init();
        this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 1, new ReferenceChangeTracker(), getSecurityProvider());
    }

    @Test
    public void testInitImportUUIDBehaviorRemove() throws Exception {
        Assert.assertTrue(this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 1, new ReferenceChangeTracker(), getSecurityProvider()));
    }

    @Test
    public void testInitImportUUIDBehaviorReplace() throws Exception {
        Assert.assertTrue(this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 2, new ReferenceChangeTracker(), getSecurityProvider()));
    }

    @Test
    public void testInitImportUUIDBehaviorThrow() throws Exception {
        Assert.assertTrue(this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 3, new ReferenceChangeTracker(), getSecurityProvider()));
    }

    @Test
    public void testInitImportUUIDBehaviourCreateNew() throws Exception {
        Assert.assertTrue(this.importer.init(mockJackrabbitSession(), this.root, getNamePathMapper(), isWorkspaceImport(), 0, new ReferenceChangeTracker(), getSecurityProvider()));
    }

    @Test
    public void testInitCausesRepositoryException() {
        Assert.assertEquals(Boolean.valueOf(isWorkspaceImport()), Boolean.valueOf(this.importer.init((JackrabbitSession) Mockito.mock(JackrabbitSession.class, Mockito.withSettings().defaultAnswer(invocationOnMock -> {
            throw new RepositoryException();
        })), this.root, getNamePathMapper(), isWorkspaceImport(), 2, new ReferenceChangeTracker(), getSecurityProvider())));
    }

    @Test(expected = IllegalStateException.class)
    public void testStartNotInitialized() throws Exception {
        this.importer.start((Tree) Mockito.mock(Tree.class));
    }

    @Test
    public void testStartRootTree() throws Exception {
        init();
        Assert.assertFalse(this.importer.start(this.root.getTree(IdentifierManagerTest.ID_ROOT)));
    }

    @Test
    public void testStartAccessControlledTree() throws Exception {
        init();
        Assert.assertFalse(this.importer.start(this.accessControlledTree));
    }

    @Test
    public void testStartAclTree() throws Exception {
        init();
        Assert.assertTrue(this.importer.start(this.aclTree));
        Assert.assertFalse(this.root.hasPendingChanges());
    }

    @Test
    public void testStartAclTreeMissingMixin() throws Exception {
        init();
        this.accessControlledTree.removeProperty("jcr:mixinTypes");
        Assert.assertFalse(this.importer.start(this.aclTree));
    }

    @Test
    public void testStartAclTreeWrongPrimaryType() throws Exception {
        init();
        this.aclTree.setProperty("jcr:primaryType", "oak:Unstructured");
        Assert.assertFalse(this.importer.start(this.aclTree));
    }

    @Test
    public void testStartRepoPolicyTree() throws Exception {
        init();
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        accessControlManager.setPolicy((String) null, AccessControlUtils.getAccessControlList(accessControlManager, (String) null));
        Tree tree = this.root.getTree("/rep:repoPolicy");
        Assert.assertTrue(tree.exists());
        Assert.assertTrue(this.importer.start(tree));
    }

    @Test
    public void testStartRepoPolicyTreeMissingMixin() throws Exception {
        init();
        Assert.assertFalse(this.importer.start(TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "rep:repoPolicy", "rep:ACL")));
    }

    @Test
    public void testStartMisplacedRepoPolicyTree() throws Exception {
        init();
        TreeUtil.addMixin(this.accessControlledTree, "rep:RepoAccessControllable", this.root.getTree("/jcr:system/jcr:nodeTypes"), (String) null);
        Assert.assertFalse(this.importer.start(TreeUtil.addChild(this.accessControlledTree, "rep:repoPolicy", "rep:ACL")));
    }

    @Test
    public void testStartRepoPolicyTreeWrongPrimaryType() throws Exception {
        init();
        TreeUtil.addMixin(this.accessControlledTree, "rep:RepoAccessControllable", this.root.getTree("/jcr:system/jcr:nodeTypes"), (String) null);
        Assert.assertFalse(this.importer.start(TreeUtil.addChild(this.accessControlledTree, "rep:repoPolicy", "oak:Unstructured")));
    }

    @Test
    public void testStartNoJackrabbitAccessControlList() throws Exception {
        AccessControlPolicy accessControlPolicy = (AccessControlList) Mockito.mock(AccessControlList.class);
        AccessControlManager accessControlManager = (AccessControlManager) Mockito.mock(AccessControlManager.class);
        Mockito.when(accessControlManager.getPolicies(ArgumentMatchers.anyString())).thenReturn(new AccessControlPolicy[]{accessControlPolicy});
        JackrabbitSession jackrabbitSession = (JackrabbitSession) Mockito.mock(JackrabbitSession.class);
        Mockito.when(jackrabbitSession.getAccessControlManager()).thenReturn(accessControlManager);
        Mockito.when(jackrabbitSession.getPrincipalManager()).thenReturn(getPrincipalManager(this.root));
        SecurityProvider securityProvider = (SecurityProvider) Mockito.mock(SecurityProvider.class);
        AuthorizationConfiguration authorizationConfiguration = (AuthorizationConfiguration) Mockito.spy(getConfig(AuthorizationConfiguration.class));
        Mockito.when(authorizationConfiguration.getAccessControlManager(this.root, getNamePathMapper())).thenReturn(accessControlManager);
        Mockito.when(securityProvider.getConfiguration(AuthorizationConfiguration.class)).thenReturn(authorizationConfiguration);
        Mockito.when(securityProvider.getConfiguration(PrincipalConfiguration.class)).thenReturn(getConfig(PrincipalConfiguration.class));
        this.importer.init(jackrabbitSession, this.root, getNamePathMapper(), isWorkspaceImport(), 1, new ReferenceChangeTracker(), securityProvider);
        Assert.assertFalse(this.importer.start(this.aclTree));
    }

    @Test
    public void testProcessReferencesIsNoOp() {
        this.importer.processReferences();
        Assert.assertFalse(this.root.hasPendingChanges());
    }

    @Test(expected = IllegalStateException.class)
    public void testStartChildInfoNotInitialized() throws Exception {
        this.importer.startChildInfo((NodeInfo) Mockito.mock(NodeInfo.class), ImmutableList.of());
    }

    @Test(expected = ConstraintViolationException.class)
    public void testStartChildInfoUnknownType() throws Exception {
        NodeInfo nodeInfo = new NodeInfo("anyName", "oak:Unstructured", ImmutableList.of(), (String) null);
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(nodeInfo, ImmutableList.of());
    }

    @Test(expected = ConstraintViolationException.class)
    public void testStartNestedAceChildInfo() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of());
        this.importer.startChildInfo(this.aceDenyInfo, ImmutableList.of());
    }

    @Test(expected = ConstraintViolationException.class)
    public void testStartRestrictionChildInfoWithoutAce() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.restrInfo, ImmutableList.of());
    }

    @Test
    public void testStartAceAndRestrictionChildInfo() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of());
        this.importer.startChildInfo(this.restrInfo, ImmutableList.of());
    }

    @Test(expected = AccessControlException.class)
    public void testStartAceChildInfoInvalidPrivilege() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceDenyInfo, ImmutableList.of(new PropInfo("rep:privileges", 7, createTextValues("jcr:invalidPrivilege"), PropInfo.MultipleStatus.MULTIPLE)));
    }

    @Test(expected = IllegalStateException.class)
    public void testEndChildInfoNotInitialized() throws Exception {
        this.importer.endChildInfo();
    }

    @Test(expected = ConstraintViolationException.class)
    public void testEndChildInfoWithoutStart() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.endChildInfo();
    }

    @Test(expected = AccessControlException.class)
    public void testEndChildInfoIncompleteAce() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of());
        this.importer.endChildInfo();
    }

    @Test(expected = IllegalStateException.class)
    public void testEndWithoutStart() throws Exception {
        this.importer.end(this.aclTree);
    }

    @Test(expected = IllegalStateException.class)
    public void testEndWithoutAcl() throws Exception {
        Assert.assertFalse(this.importer.start(this.accessControlledTree));
        this.importer.end(this.accessControlledTree);
    }

    @Test
    public void testEndWithoutChildInfo() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.end(this.aclTree);
        Assert.assertTrue(this.root.hasPendingChanges());
        Assert.assertFalse(this.aclTree.getChildren().iterator().hasNext());
    }

    @Test(expected = AccessControlException.class)
    public void testInvalidRestriction() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of(this.principalInfo, this.privInfo));
        this.importer.startChildInfo(this.restrInfo, ImmutableList.of(new PropInfo("rep:glob", 7, createTextValues("glob1", "glob2"), PropInfo.MultipleStatus.MULTIPLE)));
        this.importer.endChildInfo();
        this.importer.endChildInfo();
        this.importer.end(this.aclTree);
    }

    @Test(expected = ValueFormatException.class)
    public void testUnknownRestriction() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of(this.principalInfo, this.privInfo));
        this.importer.startChildInfo(this.restrInfo, ImmutableList.of(new PropInfo("unknown", 1, createTextValue("val"))));
        this.importer.endChildInfo();
        this.importer.endChildInfo();
        this.importer.end(this.aclTree);
    }

    @Test
    public void testImportSimple() throws Exception {
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of(this.principalInfo, this.privInfo));
        this.importer.endChildInfo();
        this.importer.end(this.aclTree);
        Assert.assertTrue(this.aclTree.getChildren().iterator().hasNext());
        Tree tree = (Tree) this.aclTree.getChildren().iterator().next();
        Assert.assertEquals(this.principalName, TreeUtil.getString(tree, "rep:principalName"));
        Assert.assertEquals(ImmutableSet.of("jcr:read", "jcr:addChildNodes"), ImmutableSet.copyOf(TreeUtil.getNames(tree, "rep:privileges")));
        Assert.assertFalse(tree.hasChild("rep:restrictions"));
    }

    @Test
    public void testImportWithRestrictions() throws Exception {
        PropInfo propInfo = new PropInfo("rep:glob", 1, createTextValue("/*"));
        PropInfo propInfo2 = new PropInfo("rep:ntNames", 7, createTextValues("oak:Resource", "oak:Resource"));
        PropInfo propInfo3 = new PropInfo("rep:itemNames", 7, createTextValue("itemName"));
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of(this.principalInfo, this.privInfo, propInfo, propInfo2, propInfo3));
        this.importer.endChildInfo();
        this.importer.end(this.aclTree);
        assertImport(this.aclTree, this.principalName);
    }

    @Test
    public void testImportWithRestrictionNodeInfo() throws Exception {
        PropInfo propInfo = new PropInfo("rep:glob", 1, createTextValue("/*"));
        PropInfo propInfo2 = new PropInfo("rep:ntNames", 7, createTextValues("oak:Resource", "oak:Resource"));
        PropInfo propInfo3 = new PropInfo("rep:itemNames", 7, createTextValue("itemName"));
        init();
        this.importer.start(this.aclTree);
        this.importer.startChildInfo(this.aceGrantInfo, ImmutableList.of(this.principalInfo, this.privInfo));
        this.importer.startChildInfo(this.restrInfo, ImmutableList.of(propInfo, propInfo2, propInfo3));
        this.importer.endChildInfo();
        this.importer.endChildInfo();
        this.importer.end(this.aclTree);
        assertImport(this.aclTree, this.principalName);
    }

    private static void assertImport(@NotNull Tree tree, @NotNull String str) {
        Assert.assertTrue(tree.getChildren().iterator().hasNext());
        Tree tree2 = (Tree) tree.getChildren().iterator().next();
        Assert.assertEquals(str, TreeUtil.getString(tree2, "rep:principalName"));
        Assert.assertEquals(ImmutableSet.of("jcr:read", "jcr:addChildNodes"), ImmutableSet.copyOf(TreeUtil.getNames(tree2, "rep:privileges")));
        Assert.assertTrue(tree2.hasChild("rep:restrictions"));
        Tree child = tree2.getChild("rep:restrictions");
        Assert.assertEquals("/*", TreeUtil.getString(child, "rep:glob"));
        Assert.assertEquals(Lists.newArrayList(new String[]{"oak:Resource", "oak:Resource"}), child.getProperty("rep:ntNames").getValue(Type.NAMES));
        Assert.assertEquals(Lists.newArrayList(new String[]{"itemName"}), child.getProperty("rep:itemNames").getValue(Type.NAMES));
    }
}
