package org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol;

import com.google.common.collect.ImmutableList;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.authorization.PrivilegeCollection;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.exercise.ExerciseUtility;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.InvalidTestPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.NotExecutableException;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L5_AccessControlListImplTest.class */
public class L5_AccessControlListImplTest extends AbstractJCRTest {
    private AccessControlManager acMgr;
    private JackrabbitAccessControlList acl;
    private Principal testPrincipal;
    private Privilege[] testPrivileges;

    protected void setUp() throws Exception {
        super.setUp();
        this.acMgr = this.superuser.getAccessControlManager();
        this.testPrincipal = ExerciseUtility.createTestGroup(this.superuser.getUserManager()).getPrincipal();
        this.superuser.save();
        this.acl = AccessControlUtils.getAccessControlList(this.superuser, this.testRoot);
        if (this.acl == null) {
            throw new NotExecutableException();
        }
        this.testPrivileges = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read", "{http://www.jcp.org/jcr/1.0}write"});
    }

    protected void tearDown() throws Exception {
        try {
            Authorizable authorizable = this.superuser.getUserManager().getAuthorizable(this.testPrincipal);
            if (authorizable != null) {
                authorizable.remove();
                this.superuser.save();
            }
        } finally {
            super.tearDown();
        }
    }

    public void testAddEntryTwice() throws Exception {
        this.acl.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.emptyMap());
        assertEquals(false, this.acl.addEntry(this.testPrincipal, this.testPrivileges, true, Collections.emptyMap()));
    }

    public void testUpdateAndComplementary() throws Exception {
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        Privilege[] privilegesFromNames2 = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}write"});
        Privilege[] privilegesFromNames3 = AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"});
        assertTrue(this.acl.addEntry(this.testPrincipal, privilegesFromNames, true));
        assertTrue(this.acl.addEntry(this.testPrincipal, privilegesFromNames2, true));
        assertTrue(this.acl.addEntry(this.testPrincipal, privilegesFromNames3, true));
        assertEquals(-1, this.acl.size());
        assertTrue(this.acl.addEntry(this.testPrincipal, privilegesFromNames, false));
        assertEquals(-1, this.acl.size());
        AccessControlEntry[] accessControlEntries = this.acl.getAccessControlEntries();
        Assert.assertArrayEquals((Object[]) null, accessControlEntries[0].getPrivileges());
        Assert.assertArrayEquals((Object[]) null, accessControlEntries[1].getPrivileges());
    }

    public void testAddEntryWithInvalidPrincipals() throws Exception {
        Iterator it = ImmutableList.of(new InvalidTestPrincipal("unknown"), (Object) null, new PrincipalImpl(""), new Principal() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol.L5_AccessControlListImplTest.1
            @Override // java.security.Principal
            public String getName() {
                return "unknown";
            }
        }).iterator();
        while (it.hasNext()) {
            try {
                this.acl.addAccessControlEntry((Principal) it.next(), this.testPrivileges);
                fail("Adding an ACE with an invalid principal should fail");
            } catch (AccessControlException e) {
            }
        }
    }

    public void testAddEntriesWithCustomKnownPrincipal() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl(this.testPrincipal.getName());
        Principal principal = new Principal() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol.L5_AccessControlListImplTest.2
            @Override // java.security.Principal
            public String getName() {
                return L5_AccessControlListImplTest.this.testPrincipal.getName();
            }
        };
        assertTrue(this.acl.addAccessControlEntry(principalImpl, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read"})));
        assertTrue(this.acl.addAccessControlEntry(principal, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}readAccessControl"})));
        assertEquals(-1, this.acl.getAccessControlEntries().length);
    }

    public void testAddEntryWithInvalidPrivilege() throws Exception {
        Iterator it = ImmutableList.of(new Privilege[0], (Object) null, new Privilege[]{this.superuser.getWorkspace().getPrivilegeManager().registerPrivilege("AccessControlListImplTestPrivilege", true, new String[0])}).iterator();
        while (it.hasNext()) {
            try {
                this.acl.addAccessControlEntry(this.testPrincipal, (Privilege[]) it.next());
                fail("Adding an ACE with invalid privilege array should fail.");
            } catch (AccessControlException e) {
            }
        }
    }

    public void testRemoveInvalidEntry() throws RepositoryException {
        assertTrue(AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, this.testPrivileges, true));
        try {
            this.acl.removeAccessControlEntry(new JackrabbitAccessControlEntry() { // from class: org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol.L5_AccessControlListImplTest.3
                public boolean isAllow() {
                    return false;
                }

                @NotNull
                public String[] getRestrictionNames() {
                    return new String[0];
                }

                @Nullable
                public Value getRestriction(@NotNull String str) {
                    return null;
                }

                @Nullable
                public Value[] getRestrictions(@NotNull String str) {
                    return null;
                }

                @NotNull
                public PrivilegeCollection getPrivilegeCollection() throws RepositoryException {
                    throw new UnsupportedRepositoryOperationException();
                }

                public Principal getPrincipal() {
                    return L5_AccessControlListImplTest.this.testPrincipal;
                }

                public Privilege[] getPrivileges() {
                    return L5_AccessControlListImplTest.this.testPrivileges;
                }
            });
            fail("Passing an unknown ACE should fail");
        } catch (AccessControlException e) {
        }
    }
}
