package org.apache.jackrabbit.oak.security.user;

import com.google.common.collect.ImmutableList;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/IntermediatePathTest.class */
public class IntermediatePathTest extends AbstractSecurityTest {
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
        } finally {
            super.after();
        }
    }

    private Authorizable createAuthorizable(boolean z, @Nullable String str) throws RepositoryException {
        String uuid = UUID.randomUUID().toString();
        return z ? getUserManager(this.root).createGroup(uuid, new PrincipalImpl(uuid), str) : getUserManager(this.root).createUser(uuid, (String) null, new PrincipalImpl(uuid), str);
    }

    @Test
    public void testUserNullPath() throws Exception {
        Assert.assertNotNull(createAuthorizable(false, null));
    }

    @Test
    public void testGroupNullPath() throws Exception {
        Assert.assertNotNull(createAuthorizable(true, null));
    }

    @Test
    public void testUserEmptyPath() throws Exception {
        Authorizable createAuthorizable = createAuthorizable(false, "");
        Assert.assertFalse("/rep:security/rep:authorizables/rep:users".equals(PathUtils.getAncestorPath(createAuthorizable.getPath(), 1)));
        Assert.assertTrue(createAuthorizable.getPath().startsWith("/rep:security/rep:authorizables/rep:users"));
    }

    @Test
    public void testGroupEmptyPath() throws Exception {
        Authorizable createAuthorizable = createAuthorizable(true, "");
        Assert.assertFalse("/rep:security/rep:authorizables/rep:groups".equals(PathUtils.getAncestorPath(createAuthorizable.getPath(), 1)));
        Assert.assertTrue(createAuthorizable.getPath().startsWith("/rep:security/rep:authorizables/rep:groups"));
    }

    @Test
    public void testUserRelativePath() throws Exception {
        Assert.assertTrue(createAuthorizable(false, "a/b/c").getPath().startsWith("/rep:security/rep:authorizables/rep:users/a/b/c"));
    }

    @Test
    public void testGroupRelativePath() throws Exception {
        Assert.assertTrue(createAuthorizable(true, "a/b/c").getPath().startsWith("/rep:security/rep:authorizables/rep:groups/a/b/c"));
    }

    @Test
    public void testUserAbsolutePath() throws Exception {
        Assert.assertTrue(createAuthorizable(false, "/rep:security/rep:authorizables/rep:users/a/b/c").getPath().startsWith("/rep:security/rep:authorizables/rep:users/a/b/c"));
    }

    @Test
    public void testGroupAbsolutePath() throws Exception {
        Assert.assertTrue(createAuthorizable(true, "/rep:security/rep:authorizables/rep:groups/a/b/c").getPath().startsWith("/rep:security/rep:authorizables/rep:groups/a/b/c"));
    }

    @Test
    public void testUserRootPath() throws Exception {
        Authorizable createAuthorizable = createAuthorizable(false, "/rep:security/rep:authorizables/rep:users");
        Assert.assertFalse("/rep:security/rep:authorizables/rep:users".equals(PathUtils.getAncestorPath(createAuthorizable.getPath(), 1)));
        Assert.assertTrue(createAuthorizable.getPath().startsWith("/rep:security/rep:authorizables/rep:users"));
    }

    @Test
    public void testGroupRootPath() throws Exception {
        Authorizable createAuthorizable = createAuthorizable(true, "/rep:security/rep:authorizables/rep:groups");
        Assert.assertFalse("/rep:security/rep:authorizables/rep:groups".equals(PathUtils.getAncestorPath(createAuthorizable.getPath(), 1)));
        Assert.assertTrue(createAuthorizable.getPath().startsWith("/rep:security/rep:authorizables/rep:groups"));
    }

    @Test(expected = ConstraintViolationException.class)
    public void testUserWrongRoot() throws Exception {
        createAuthorizable(false, "/rep:security/rep:authorizables/rep:groups");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testGroupWrongRoot() throws Exception {
        createAuthorizable(true, "/rep:security/rep:authorizables/rep:users");
    }

    @Test
    public void testInvalidAbsolutePaths() throws Exception {
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild("testNode", "oak:Unstructured");
        for (String str : ImmutableList.of(IdentifierManagerTest.ID_ROOT, PathUtils.getAncestorPath("/rep:security/rep:authorizables/rep:groups", 1), PathUtils.getAncestorPath("/rep:security/rep:authorizables/rep:groups", 2), "/testNode", "/nonExisting")) {
            try {
                createAuthorizable(false, str);
                Assert.fail("Invalid path " + str + " outside of configured scope.");
                this.root.refresh();
            } catch (ConstraintViolationException e) {
                this.root.refresh();
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testAbsolutePathsWithParentElements() throws Exception {
        Assert.assertTrue(createAuthorizable(true, "/rep:security/rep:authorizables/rep:groups/a/../b").getPath().startsWith("/rep:security/rep:authorizables/rep:groups/b"));
    }

    @Test
    public void testAbsolutePathsWithInvalidParentElements() throws Exception {
        try {
            Assert.assertTrue(createAuthorizable(true, "/rep:security/rep:authorizables/rep:groups/../a").getPath().startsWith(PathUtils.getAncestorPath("/rep:security/rep:authorizables/rep:groups", 1) + "/a"));
            this.root.commit();
            Assert.fail("Invalid path /rep:security/rep:authorizables/rep:groups/../a outside of configured scope.");
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isConstraintViolation());
            Assert.assertEquals(28L, e.getCode());
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testRelativePaths() throws Exception {
        new NodeUtil(this.root.getTree(IdentifierManagerTest.ID_ROOT)).addChild("testNode", "oak:Unstructured");
        for (String str : ImmutableList.of("..", "../..", "../../..", "../../../testNode", "a/b/../../../c")) {
            try {
                try {
                    createAuthorizable(false, str);
                    this.root.commit();
                    Assert.fail("Invalid path " + str + " outside of configured scope.");
                    this.root.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertTrue(e.isConstraintViolation());
                    Assert.assertEquals(28L, e.getCode());
                    this.root.refresh();
                }
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCurrentRelativePath() throws Exception {
        Assert.assertEquals("/rep:security/rep:authorizables/rep:users", PathUtils.getAncestorPath(createAuthorizable(false, ".").getPath(), 1));
    }
}
