package org.apache.jackrabbit.oak.security.authorization.permission;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import java.security.Principal;
import java.util.HashMap;
import javax.jcr.AccessDeniedException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.security.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.authorization.permission.Permissions;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.apache.jackrabbit.test.api.util.Text;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/permission/L4_PrivilegesAndPermissionsTest.class */
public class L4_PrivilegesAndPermissionsTest extends AbstractJCRTest {
    private User testUser;
    private Principal testPrincipal;
    private Principal testGroupPrincipal;
    private Session testSession;
    private String childPath;
    private String grandChildPath;
    private String propertyPath;
    private String childPropertyPath;

    protected void setUp() throws Exception {
        super.setUp();
        this.propertyPath = this.testRootNode.setProperty(this.propertyName1, "val").getPath();
        Node addNode = this.testRootNode.addNode(this.nodeName1);
        this.childPath = addNode.getPath();
        this.childPropertyPath = addNode.setProperty(this.propertyName2, "val").getPath();
        this.grandChildPath = addNode.addNode(this.nodeName2).getPath();
        this.testUser = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        Group createTestGroup = ExerciseUtility.createTestGroup(this.superuser.getUserManager());
        createTestGroup.addMember(this.testUser);
        this.superuser.save();
        this.testPrincipal = this.testUser.getPrincipal();
        this.testGroupPrincipal = createTestGroup.getPrincipal();
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            UserManager userManager = this.superuser.getUserManager();
            if (this.testUser != null) {
                this.testUser.remove();
            }
            Authorizable authorizable = userManager.getAuthorizable(this.testGroupPrincipal);
            if (authorizable != null) {
                authorizable.remove();
            }
            this.superuser.save();
        } finally {
            super.tearDown();
        }
    }

    private Session createTestSession() throws RepositoryException {
        if (this.testSession == null) {
            this.testSession = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
        }
        return this.testSession;
    }

    public void testAddNodes() throws Exception {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}addChildNodes"}, true);
        this.superuser.save();
        Session createTestSession = createTestSession();
        ImmutableMap of = ImmutableMap.of(this.testRootNode.getPath(), (Object) null, this.childPath, (Object) null, this.childPath + "/toCreate", (Object) null, this.grandChildPath + "/nextGeneration", (Object) null, this.propertyPath, (Object) null);
        for (String str : of.keySet()) {
            assertEquals(((Boolean) of.get(str)).booleanValue(), createTestSession.hasPermission(str, "add_node"));
        }
        ImmutableMap of2 = ImmutableMap.of(this.testRootNode.getPath(), (Object) null, this.childPath, (Object) null, this.childPath + "/toCreate", (Object) null, this.grandChildPath + "/nextGeneration", (Object) null);
        for (String str2 : of2.keySet()) {
            assertEquals(ImmutableSet.of((Privilege[]) of2.get(str2)), ImmutableSet.of(createTestSession.getAccessControlManager().getPrivileges(str2)));
        }
    }

    public void testAddProperties() throws Exception {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"rep:addProperties"}, true);
        this.superuser.save();
        ImmutableMap of = ImmutableMap.of(this.propertyPath, new Boolean[]{null, null}, this.childPath + "/newProp", new Boolean[]{null, null}, this.childPropertyPath, new Boolean[]{null, null}, this.grandChildPath + "/jcr:primaryType", new Boolean[]{null, null});
        Session createTestSession = createTestSession();
        for (String str : of.keySet()) {
            Boolean[] boolArr = (Boolean[]) of.get(str);
            boolean booleanValue = boolArr[0].booleanValue();
            boolean booleanValue2 = boolArr[1].booleanValue();
            assertEquals(booleanValue, createTestSession.hasPermission(str, "set_property"));
            assertEquals(booleanValue2, createTestSession.hasPermission(str, Permissions.getString(4L)));
        }
    }

    public void testRemoveNodes() throws Exception {
        this.superuser.save();
        ImmutableMap of = ImmutableMap.of(this.testRootNode.getPath(), false, this.childPath, false, this.grandChildPath, true);
        Session createTestSession = createTestSession();
        for (String str : of.keySet()) {
            assertEquals(((Boolean) of.get(str)).booleanValue(), createTestSession.hasPermission(str, "remove"));
        }
        AccessControlManager accessControlManager = createTestSession.getAccessControlManager();
        assertFalse(accessControlManager.hasPrivileges(this.childPath, new Privilege[]{accessControlManager.privilegeFromName("{http://www.jcp.org/jcr/1.0}removeNode")}));
        createTestSession.getNode(this.grandChildPath).remove();
        createTestSession.save();
    }

    public void testRemoveProperties() throws Exception {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"rep:removeProperties"}, true);
        this.superuser.save();
        ImmutableMap of = ImmutableMap.of(this.propertyPath, false, this.childPropertyPath, true, this.grandChildPath + "/jcr:primaryType", false, this.grandChildPath + "/" + this.propertyName2, false);
        Session createTestSession = createTestSession();
        for (String str : of.keySet()) {
            boolean booleanValue = ((Boolean) of.get(str)).booleanValue();
            try {
                try {
                    createTestSession.getProperty(str).remove();
                    if (!booleanValue) {
                        fail("property at " + str + " should not be removable.");
                    }
                    createTestSession.refresh(false);
                } catch (RepositoryException e) {
                    if (booleanValue) {
                        fail("property at " + str + " should be removable.");
                    }
                    createTestSession.refresh(false);
                }
            } catch (Throwable th) {
                createTestSession.refresh(false);
                throw th;
            }
        }
    }

    public void testRemoveNonExistingItems() throws Exception {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}removeNode", "{http://www.jcp.org/jcr/1.0}removeChildNodes", "rep:removeProperties"}, true);
        this.superuser.save();
        ImmutableMap of = ImmutableMap.of(this.childPath + "_non_existing_sibling", (Object) null, this.childPath + "/_non_existing_childitem", (Object) null, this.grandChildPath + "/_non_existing_child_item", (Object) null);
        Session createTestSession = createTestSession();
        for (String str : of.keySet()) {
            assertEquals(((Boolean) of.get(str)).booleanValue(), createTestSession.hasPermission(str, "remove"));
        }
    }

    public void testModifyProperties() throws Exception {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"rep:alterProperties"}, true);
        this.superuser.save();
        ImmutableMap of = ImmutableMap.of(this.propertyPath, (Object) null, this.childPropertyPath, (Object) null, this.grandChildPath + "/jcr:primaryType", (Object) null, this.grandChildPath + "/" + this.propertyName2, (Object) null);
        Session createTestSession = createTestSession();
        for (String str : of.keySet()) {
            boolean booleanValue = ((Boolean) of.get(str)).booleanValue();
            try {
                try {
                    createTestSession.getProperty(str).setValue("newVal");
                    createTestSession.save();
                    if (!booleanValue) {
                        fail("setting property at " + str + " should fail.");
                    }
                    createTestSession.refresh(false);
                } catch (RepositoryException e) {
                    if (booleanValue) {
                        fail("setting property at " + str + " should not fail.");
                    }
                    createTestSession.refresh(false);
                }
            } catch (Throwable th) {
                createTestSession.refresh(false);
                throw th;
            }
        }
    }

    public void testSetProperty() throws RepositoryException {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{"rep:alterProperties"}, true);
        this.superuser.save();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(this.childPropertyPath, (Value) null);
        newHashMap.put(this.grandChildPath + "/nonexisting", (Value) null);
        Session createTestSession = createTestSession();
        for (String str : newHashMap.keySet()) {
            try {
                createTestSession.getNode(Text.getRelativeParent(str, 1)).setProperty(Text.getName(str), (Value) newHashMap.get(str));
                createTestSession.save();
                createTestSession.refresh(false);
            } catch (Throwable th) {
                createTestSession.refresh(false);
                throw th;
            }
        }
    }

    public void testChangingPrimaryAndMixinTypes() throws RepositoryException {
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{null}, true);
        this.superuser.save();
        Session createTestSession = createTestSession();
        Node node = createTestSession.getNode(this.childPath);
        node.setPrimaryType("oak:Unstructured");
        node.addMixin("mix:referenceable");
        createTestSession.save();
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{null}, true);
        this.superuser.save();
        createTestSession.refresh(false);
        createTestSession.getNode(this.childPath).addNode(this.nodeName4, "oak:Unstructured");
        createTestSession.save();
        this.superuser.save();
        createTestSession.refresh(false);
        Node node2 = createTestSession.getNode(this.childPath);
        node2.addNode(this.nodeName3);
        createTestSession.save();
        try {
            node2.addNode(this.nodeName1, "oak:Unstructured");
            createTestSession.save();
            fail("Adding node with explicitly the primary type should fail");
            createTestSession.refresh(false);
        } catch (AccessDeniedException e) {
            createTestSession.refresh(false);
        } catch (Throwable th) {
            createTestSession.refresh(false);
            throw th;
        }
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testPrincipal, new String[]{null}, true);
    }
}
