package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import java.security.Principal;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlPolicyIterator;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AdminPrincipalsBaseTest.class */
public abstract class AdminPrincipalsBaseTest extends AbstractSecurityTest {
    static final String ADMINISTRATORS_PRINCIPAL_NAME = "administrators";
    AccessControlList acl;
    private Principal administrativePrincipal;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "testNode", "nt:unstructured");
        this.administrativePrincipal = getUserManager(this.root).createGroup(new PrincipalImpl(ADMINISTRATORS_PRINCIPAL_NAME)).getPrincipal();
        this.root.commit();
        AccessControlPolicyIterator applicablePolicies = getAccessControlManager(this.root).getApplicablePolicies("/testNode");
        while (applicablePolicies.hasNext() && this.acl == null) {
            AccessControlList nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof AccessControlList) {
                this.acl = nextAccessControlPolicy;
            }
        }
        if (this.acl == null) {
            throw new RepositoryException("No applicable policy found.");
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            this.root.getTree("/testNode").remove();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(this.administrativePrincipal);
            if (authorizable != null) {
                authorizable.remove();
            }
            this.root.commit();
        } finally {
            super.after();
        }
    }

    abstract void assertResult(boolean z) throws Exception;

    abstract void assertException() throws Exception;

    @Test
    public void testAdminPrincipal() throws Exception {
        try {
            assertResult(this.acl.addAccessControlEntry(() -> {
                return "admin";
            }, privilegesFromNames("jcr:read")));
        } catch (AccessControlException e) {
            assertException();
        }
    }

    @Test
    public void testAdminAuthInfoPrincipals() throws Exception {
        try {
            for (Principal principal : this.adminSession.getAuthInfo().getPrincipals()) {
                if (principal instanceof AdminPrincipal) {
                    assertResult(this.acl.addAccessControlEntry(principal, privilegesFromNames("jcr:read")));
                }
            }
        } catch (AccessControlException e) {
            assertException();
        }
    }

    @Test
    public void testSystemPrincipal() throws Exception {
        try {
            assertResult(this.acl.addAccessControlEntry(SystemPrincipal.INSTANCE, privilegesFromNames("jcr:read")));
        } catch (AccessControlException e) {
            assertException();
        }
    }

    @Test
    public void testConfiguredAdministrativePrincipal() throws Exception {
        try {
            assertResult(this.acl.addAccessControlEntry(this.administrativePrincipal, privilegesFromNames("jcr:read")));
        } catch (AccessControlException e) {
            assertException();
        }
    }
}
