package org.apache.jackrabbit.oak.exercise.security.authorization.accesscontrol;

import java.security.Principal;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.exercise.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.AbstractJCRTest;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/accesscontrol/L2_AccessControlManagerTest.class */
public class L2_AccessControlManagerTest extends AbstractJCRTest {
    private AccessControlManager acMgr;
    private Principal testPrincipal;
    private String testID;
    private Session testSession;

    protected void setUp() throws Exception {
        super.setUp();
        this.acMgr = this.superuser.getAccessControlManager();
        User createTestUser = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        this.testPrincipal = createTestUser.getPrincipal();
        this.testID = createTestUser.getID();
        this.superuser.save();
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            Authorizable authorizable = this.superuser.getUserManager().getAuthorizable(this.testPrincipal);
            if (authorizable != null) {
                authorizable.remove();
                this.superuser.save();
            }
        } finally {
            super.tearDown();
        }
    }

    public void testGetAccessControlManager() throws RepositoryException {
        assertNotNull(null);
        assertNotNull(null);
    }

    public void testRetrievePoliciesAtTestRoot() throws RepositoryException {
        assertEquals(-1, this.acMgr.getPolicies(this.testRoot).length);
        assertEquals(-1, this.acMgr.getApplicablePolicies(this.testRoot).getSize());
        assertEquals(AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot), AccessControlUtils.getAccessControlList(this.superuser, this.testRoot));
    }

    public void testRetrievePoliciesAtNamespaceRoot() throws RepositoryException {
        assertEquals(-1, this.acMgr.getPolicies("/jcr:system/rep:namespaces").length);
        assertEquals(-1, this.acMgr.getApplicablePolicies("/jcr:system/rep:namespaces").getSize());
        assertEquals(AccessControlUtils.getAccessControlList(this.acMgr, "/jcr:system/rep:namespaces"), AccessControlUtils.getAccessControlList(this.superuser, "/jcr:system/rep:namespaces"));
    }

    public void testModifyPolicy() throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot);
        assertNotNull(accessControlList);
        assertEquals(0, accessControlList.getAccessControlEntries().length);
        accessControlList.addAccessControlEntry(EveryonePrincipal.getInstance(), new Privilege[]{this.acMgr.privilegeFromName("{http://www.jcp.org/jcr/1.0}read")});
        assertEquals(-1, accessControlList.getAccessControlEntries().length);
        assertEquals(-1, this.acMgr.getApplicablePolicies(this.testRoot).getSize());
        assertEquals(-1, this.acMgr.getPolicies(this.testRoot).length);
    }

    public void testAddAceWithUtility() throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot);
        assertEquals(false, AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}read"}, false));
        assertEquals(-1, accessControlList.getAccessControlEntries().length);
        assertEquals(-1, this.acMgr.getApplicablePolicies(this.testRoot).getSize());
        JackrabbitAccessControlList[] policies = this.acMgr.getPolicies(this.testRoot);
        assertEquals(-1, policies.length);
        JackrabbitAccessControlList jackrabbitAccessControlList = null;
        for (JackrabbitAccessControlList jackrabbitAccessControlList2 : policies) {
            if (jackrabbitAccessControlList2 instanceof JackrabbitAccessControlList) {
                jackrabbitAccessControlList = jackrabbitAccessControlList2;
            }
        }
        assertEquals(jackrabbitAccessControlList, AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot));
        assertEquals(-1, jackrabbitAccessControlList.getAccessControlEntries().length);
    }

    public void testSetPolicy() throws RepositoryException {
        assertTrue(AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot).addEntry(this.testPrincipal, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read"}), false));
        assertFalse(this.acMgr.getApplicablePolicies(this.testRoot).hasNext());
        JackrabbitAccessControlList[] policies = this.acMgr.getPolicies(this.testRoot);
        assertEquals(1, policies.length);
        assertTrue(policies[0] instanceof JackrabbitAccessControlList);
        JackrabbitAccessControlList jackrabbitAccessControlList = policies[0];
        assertFalse(jackrabbitAccessControlList.isEmpty());
        assertEquals(1, jackrabbitAccessControlList.size());
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = jackrabbitAccessControlList.getAccessControlEntries()[0];
        assertTrue(jackrabbitAccessControlEntry instanceof JackrabbitAccessControlEntry);
        assertEquals(this.testPrincipal, jackrabbitAccessControlEntry.getPrincipal());
        assertFalse(jackrabbitAccessControlEntry.isAllow());
    }

    public void testRemovePolicy() throws RepositoryException {
        try {
            this.acMgr.removePolicy(this.testRoot, AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot));
            fail("EXERCISE");
        } catch (AccessControlException e) {
        }
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, new String[]{"{http://www.jcp.org/jcr/1.0}read"}, false);
        this.acMgr.removePolicy(this.testRoot, AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot));
    }

    public void testTransientNature() throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot);
        assertTrue(accessControlList.addEntry(this.testPrincipal, AccessControlUtils.privilegesFromNames(this.acMgr, new String[]{"{http://www.jcp.org/jcr/1.0}read"}), false));
        this.acMgr.setPolicy(this.testRoot, accessControlList);
        assertEquals(accessControlList, AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot));
        Session superuserSession = getHelper().getSuperuserSession();
        try {
            AccessControlPolicy[] policies = superuserSession.getAccessControlManager().getPolicies(this.testRoot);
            assertEquals(1, policies.length);
            assertEquals(accessControlList, policies[0]);
            if (superuserSession.isLive()) {
                superuserSession.logout();
            }
        } catch (Throwable th) {
            if (superuserSession.isLive()) {
                superuserSession.logout();
            }
            throw th;
        }
    }

    public void testRetrievePoliciesAsReadOnlySession() throws RepositoryException {
        this.testSession = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testID));
        this.testSession.getAccessControlManager().getApplicablePolicies(this.testRoot);
        this.testSession.getAccessControlManager().getPolicies(this.testRoot);
    }

    public void testWritePoliciesAsReadOnlySession() throws RepositoryException {
        this.testSession = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testID));
        this.testSession.getAccessControlManager().setPolicy(this.testRoot, AccessControlUtils.getAccessControlList(this.acMgr, this.testRoot));
    }

    public void testPoliciesAtNullPath() throws RepositoryException {
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, (String) null);
        accessControlList.addAccessControlEntry(this.testPrincipal, (Privilege[]) null);
        this.acMgr.setPolicy((String) null, accessControlList);
        this.superuser.save();
    }
}
