package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeConstants;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Before;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.class */
public abstract class AbstractAccessControlTest extends AbstractSecurityTest implements PrivilegeConstants {
    static final String TEST_PATH = "/testPath";
    PrivilegeManager privilegeManager;
    PrincipalManager principalManager;
    ACL acl;
    Principal testPrincipal;
    Privilege[] testPrivileges;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT), getNamePathMapper()).addChild("testPath", "nt:unstructured");
        this.root.commit();
        this.testPrincipal = getTestUser().getPrincipal();
        this.testPrivileges = privilegesFromNames("jcr:addChildNodes", "jcr:lockManagement");
        this.privilegeManager = getPrivilegeManager(this.root);
        this.principalManager = getPrincipalManager(this.root);
        this.acl = createEmptyACL();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Tree tree = this.root.getTree(TEST_PATH);
            if (tree.exists()) {
                tree.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public RestrictionProvider getRestrictionProvider() {
        return ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public PrivilegeBitsProvider getBitsProvider() {
        return new PrivilegeBitsProvider(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public List<ACE> createTestEntries() throws RepositoryException {
        ArrayList arrayList = new ArrayList(3);
        for (int i = 0; i < 3; i++) {
            arrayList.add(createEntry((Principal) new PrincipalImpl("testPrincipal" + i), true, (Set<Restriction>) null, "jcr:read"));
        }
        return arrayList;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACE createEntry(Principal principal, boolean z, Set<Restriction> set, String... strArr) throws RepositoryException {
        return createEntry(principal, privilegesFromNames(strArr), z, set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACE createEntry(Principal principal, Privilege[] privilegeArr, boolean z) throws RepositoryException {
        return createEntry(principal, privilegeArr, z, (Set<Restriction>) null);
    }

    ACE createEntry(Principal principal, PrivilegeBits privilegeBits, boolean z, Set<Restriction> set) throws RepositoryException {
        AccessControlPolicyIterator applicablePolicies = getAccessControlManager(this.root).getApplicablePolicies(TEST_PATH);
        while (applicablePolicies.hasNext()) {
            ACL nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof ACL) {
                return nextAccessControlPolicy.createACE(principal, privilegeBits, z, set);
            }
        }
        throw new UnsupportedOperationException();
    }

    private ACE createEntry(@Nonnull Principal principal, @Nonnull Privilege[] privilegeArr, boolean z, @Nullable Set<Restriction> set) throws RepositoryException {
        return createEmptyACL().createACE(principal, getBitsProvider().getBits(privilegeArr, getNamePathMapper()), z, set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACL createEmptyACL() {
        return createACL(TEST_PATH, Collections.emptyList(), getNamePathMapper(), getRestrictionProvider());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACL createACL(@Nonnull List<ACE> list) {
        return createACL(TEST_PATH, list, this.namePathMapper, getRestrictionProvider());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACL createACL(@Nullable String str, @Nonnull List<ACE> list, @Nonnull NamePathMapper namePathMapper) {
        return createACL(str, list, namePathMapper, getRestrictionProvider());
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public ACL createACL(@Nullable String str, @Nonnull List<ACE> list, @Nonnull NamePathMapper namePathMapper, @Nonnull final RestrictionProvider restrictionProvider) {
        return new ACL(str == null ? null : namePathMapper.getOakPath(str), list, namePathMapper) { // from class: org.apache.jackrabbit.oak.security.authorization.accesscontrol.AbstractAccessControlTest.1
            @Nonnull
            public RestrictionProvider getRestrictionProvider() {
                return restrictionProvider;
            }

            ACE createACE(Principal principal, PrivilegeBits privilegeBits, boolean z, Set<Restriction> set) throws RepositoryException {
                return AbstractAccessControlTest.this.createEntry(principal, privilegeBits, z, set);
            }

            boolean checkValidPrincipal(Principal principal) throws AccessControlException {
                Util.checkValidPrincipal(principal, AbstractAccessControlTest.this.principalManager);
                return true;
            }

            PrivilegeManager getPrivilegeManager() {
                return AbstractAccessControlTest.this.privilegeManager;
            }

            PrivilegeBits getPrivilegeBits(Privilege[] privilegeArr) {
                return new PrivilegeBitsProvider(AbstractAccessControlTest.this.root).getBits(privilegeArr, getNamePathMapper());
            }
        };
    }
}
