package org.apache.jackrabbit.oak.exercise.security.authorization.permission;

import java.security.Principal;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.exercise.ExerciseUtility;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.AbstractJCRTest;

/* loaded from: input_file:org/apache/jackrabbit/oak/exercise/security/authorization/permission/L3_PrecedenceRulesTest.class */
public class L3_PrecedenceRulesTest extends AbstractJCRTest {
    private Principal testPrincipal;
    private Principal testGroupPrincipal;
    private Session testSession;
    private String childPath;
    private String propertyPath;

    protected void setUp() throws Exception {
        super.setUp();
        this.propertyPath = this.testRootNode.setProperty(this.propertyName1, "val").getPath();
        this.childPath = this.testRootNode.addNode(this.nodeName1).getPath();
        User createTestUser = ExerciseUtility.createTestUser(this.superuser.getUserManager());
        Group createTestGroup = ExerciseUtility.createTestGroup(this.superuser.getUserManager());
        createTestGroup.addMember(createTestUser);
        this.superuser.save();
        this.testPrincipal = createTestUser.getPrincipal();
        this.testGroupPrincipal = createTestGroup.getPrincipal();
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, EveryonePrincipal.getInstance(), AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}all"}), false);
        this.testSession = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(createTestUser.getID()));
    }

    protected void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            UserManager userManager = this.superuser.getUserManager();
            Authorizable authorizable = userManager.getAuthorizable(this.testPrincipal);
            if (authorizable != null) {
                authorizable.remove();
            }
            Authorizable authorizable2 = userManager.getAuthorizable(this.testGroupPrincipal);
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            this.superuser.save();
            super.tearDown();
        } catch (Throwable th) {
            super.tearDown();
            throw th;
        }
    }

    public void testGroupMembership() throws RepositoryException {
        assertFalse(this.testSession.nodeExists(this.testRoot));
        assertTrue(((java.security.acl.Group) this.testGroupPrincipal).isMember(this.testPrincipal));
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testGroupPrincipal, AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}read"}), true);
        this.superuser.save();
        this.testSession.refresh(false);
        assertEquals(false, this.testSession.nodeExists(this.testRoot));
    }

    public void testHierarchy() throws RepositoryException {
        assertFalse(this.testSession.nodeExists(this.testRoot));
        assertFalse(this.testSession.nodeExists(this.childPath));
        assertFalse(this.testSession.propertyExists(this.propertyPath));
        Principal principal = this.testPrincipal;
        this.superuser.save();
        this.testSession.refresh(false);
        assertTrue(this.testSession.nodeExists(this.testRoot));
        assertTrue(this.testSession.nodeExists(this.childPath));
        assertTrue(this.testSession.propertyExists(this.propertyPath));
    }

    public void testAceOrder() throws RepositoryException {
        assertFalse(this.testSession.nodeExists(this.testRoot));
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.superuser, this.testRoot);
        accessControlList.addEntry(this.testGroupPrincipal, privilegesFromNames, true);
        accessControlList.addEntry(EveryonePrincipal.getInstance(), privilegesFromNames, false);
        this.superuser.getAccessControlManager().setPolicy(accessControlList.getPath(), accessControlList);
        this.superuser.save();
        this.testSession.refresh(false);
        assertTrue(this.testSession.nodeExists(this.testRoot));
        assertTrue(this.testSession.propertyExists(this.propertyPath));
    }

    public void testPrecedenceOfUserPrincipals() throws RepositoryException {
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.superuser, this.testRoot);
        accessControlList.addEntry(this.testPrincipal, privilegesFromNames, false);
        accessControlList.addEntry(this.testGroupPrincipal, privilegesFromNames, true);
        this.superuser.getAccessControlManager().setPolicy(accessControlList.getPath(), accessControlList);
        this.superuser.save();
        this.testSession.refresh(false);
        Boolean bool = null;
        assertEquals(bool.booleanValue(), this.testSession.nodeExists(this.testRoot));
        assertEquals(bool.booleanValue(), this.testSession.nodeExists(this.childPath));
    }

    public void testCombination() throws RepositoryException {
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, privilegesFromNames, false);
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testGroupPrincipal, privilegesFromNames, true);
        this.superuser.save();
        this.testSession.refresh(false);
        Boolean bool = null;
        assertEquals(bool.booleanValue(), this.testSession.nodeExists(this.testRoot));
        assertEquals(bool.booleanValue(), this.testSession.propertyExists(this.propertyPath));
        assertEquals(bool.booleanValue(), this.testSession.nodeExists(this.childPath));
    }

    public void testCombination2() throws RepositoryException {
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.superuser, new String[]{"{http://www.jcp.org/jcr/1.0}read"});
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, privilegesFromNames, false);
        AccessControlUtils.addAccessControlEntry(this.superuser, this.testRoot, this.testPrincipal, new String[]{"rep:readProperties"}, true);
        AccessControlUtils.addAccessControlEntry(this.superuser, this.childPath, this.testGroupPrincipal, privilegesFromNames, false);
        this.superuser.save();
        this.testSession.refresh(false);
        Boolean bool = null;
        assertEquals(bool.booleanValue(), this.testSession.nodeExists(this.testRoot));
        Boolean bool2 = null;
        assertEquals(bool2.booleanValue(), this.testSession.propertyExists(this.propertyPath));
        Boolean bool3 = null;
        assertEquals(bool3.booleanValue(), this.testSession.nodeExists(this.childPath));
        Boolean bool4 = null;
        assertEquals(bool4.booleanValue(), this.testSession.propertyExists(this.childPath + "/jcr:primaryType"));
    }
}
