package org.apache.jackrabbit.oak.jcr.security.authorization;

import javax.jcr.AccessDeniedException;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.Privilege;
import javax.jcr.version.Version;
import javax.jcr.version.VersionHistory;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.test.NotExecutableException;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/VersionManagementTest.class */
public class VersionManagementTest extends AbstractEvaluationTest {
    private static final String SYSTEM = "/jcr:system";
    private static final String VERSIONSTORE = "/jcr:system/jcr:versionStorage";
    private Privilege[] versionPrivileges;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.versionPrivileges = privilegesFromName("{http://www.jcp.org/jcr/1.0}versionManagement");
        assertFalse(this.testAcMgr.hasPrivileges(VERSIONSTORE, this.versionPrivileges));
    }

    private Node createVersionableNode(Node node) throws Exception {
        Node node2 = node.hasNode(this.nodeName1) ? node.getNode(this.nodeName1) : node.addNode(this.nodeName1);
        if (!node2.canAddMixin(this.mixVersionable)) {
            throw new NotExecutableException();
        }
        node2.addMixin(this.mixVersionable);
        node2.getSession().save();
        return node2;
    }

    @Test
    public void testAddMixVersionable() throws Exception {
        modify(this.path, "rep:write", true);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}versionManagement", false);
        Node node = this.testSession.getNode(this.path);
        try {
            createVersionableNode(node);
            fail("Test session does not have permission to add mixins -> no version content should be created.");
        } catch (AccessDeniedException e) {
            assertFalse(node.isNodeType(this.mixVersionable));
            assertFalse(node.hasProperty("jcr:isCheckedOut"));
            assertFalse(node.hasProperty(this.jcrVersionHistory));
        }
    }

    @Test
    public void testAddMixVersionable2() throws Exception {
        modify(this.path, "rep:write", true);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}nodeTypeManagement", true);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}versionManagement", true);
        Node createVersionableNode = createVersionableNode(this.testSession.getNode(this.path));
        createVersionableNode.checkin();
        createVersionableNode.checkout();
    }

    @Test
    public void testCheckInCheckout() throws Exception {
        modify(this.path, "rep:write", true);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}versionManagement", false);
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        try {
            this.testSession.refresh(false);
            this.testSession.getNode(createVersionableNode.getPath()).checkin();
            fail("Missing jcr:versionManagement privilege -> checkin/checkout must fail.");
        } catch (AccessDeniedException e) {
            assertFalse(createVersionableNode.getProperty("jcr:isCheckedOut").isModified());
            assertTrue(createVersionableNode.getProperty("jcr:isCheckedOut").getValue().getBoolean());
        }
    }

    @Test
    public void testRemoveVersion() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        Node node = this.testSession.getNode(this.path);
        modify(node.getPath(), "{http://www.jcp.org/jcr/1.0}versionManagement", true);
        Node node2 = node.getNode(createVersionableNode.getName());
        Version checkin = node2.checkin();
        node2.checkout();
        node2.checkin();
        node2.getVersionHistory().removeVersion(checkin.getName());
    }

    @Test
    public void testRemoveVersion2() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        Node node = this.testSession.getNode(this.path);
        modify(node.getPath(), "{http://www.jcp.org/jcr/1.0}versionManagement", true);
        Node node2 = node.getNode(createVersionableNode.getName());
        Version checkin = node2.checkin();
        node2.checkout();
        node2.checkin();
        modify(node.getPath(), "{http://www.jcp.org/jcr/1.0}versionManagement", false);
        try {
            node2.getVersionHistory().removeVersion(checkin.getName());
            fail("Missing jcr:versionManagement privilege -> remove a version must fail.");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testRemoveVersion3() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        Version checkin = createVersionableNode.checkin();
        createVersionableNode.checkout();
        createVersionableNode.checkin();
        this.testSession.refresh(false);
        assertFalse(this.testAcMgr.hasPrivileges(createVersionableNode.getPath(), this.versionPrivileges));
        JackrabbitAccessControlList allow = allow(SYSTEM, this.versionPrivileges);
        try {
            this.testSession.getNode(createVersionableNode.getPath()).getVersionHistory().removeVersion(checkin.getName());
            fail("Missing jcr:versionManagement privilege -> remove a version must fail.");
            for (AccessControlEntry accessControlEntry : allow.getAccessControlEntries()) {
                if (accessControlEntry.getPrincipal().equals(this.testUser.getPrincipal())) {
                    allow.removeAccessControlEntry(accessControlEntry);
                }
            }
            this.acMgr.setPolicy(SYSTEM, allow);
            this.superuser.save();
        } catch (AccessDeniedException e) {
            for (AccessControlEntry accessControlEntry2 : allow.getAccessControlEntries()) {
                if (accessControlEntry2.getPrincipal().equals(this.testUser.getPrincipal())) {
                    allow.removeAccessControlEntry(accessControlEntry2);
                }
            }
            this.acMgr.setPolicy(SYSTEM, allow);
            this.superuser.save();
        } catch (Throwable th) {
            for (AccessControlEntry accessControlEntry3 : allow.getAccessControlEntries()) {
                if (accessControlEntry3.getPrincipal().equals(this.testUser.getPrincipal())) {
                    allow.removeAccessControlEntry(accessControlEntry3);
                }
            }
            this.acMgr.setPolicy(SYSTEM, allow);
            this.superuser.save();
            throw th;
        }
    }

    @Test
    public void testAccessVersionContentWithoutStoreAccess() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        Version checkin = createVersionableNode.checkin();
        VersionHistory versionHistory = createVersionableNode.getVersionHistory();
        createVersionableNode.checkout();
        Version checkin2 = createVersionableNode.checkin();
        createVersionableNode.checkout();
        this.testSession.refresh(false);
        assertFalse(this.testAcMgr.hasPrivileges(createVersionableNode.getPath(), this.versionPrivileges));
        JackrabbitAccessControlList deny = deny(SYSTEM, privilegesFromName("{http://www.jcp.org/jcr/1.0}read"));
        try {
            assertTrue(this.testSession.nodeExists(checkin.getPath()));
            assertTrue(this.testSession.nodeExists(checkin2.getPath()));
            assertTrue(this.testSession.nodeExists(versionHistory.getPath()));
            for (AccessControlEntry accessControlEntry : deny.getAccessControlEntries()) {
                if (accessControlEntry.getPrincipal().equals(this.testUser.getPrincipal())) {
                    deny.removeAccessControlEntry(accessControlEntry);
                }
            }
            this.acMgr.setPolicy(SYSTEM, deny);
            this.superuser.save();
        } catch (Throwable th) {
            for (AccessControlEntry accessControlEntry2 : deny.getAccessControlEntries()) {
                if (accessControlEntry2.getPrincipal().equals(this.testUser.getPrincipal())) {
                    deny.removeAccessControlEntry(accessControlEntry2);
                }
            }
            this.acMgr.setPolicy(SYSTEM, deny);
            this.superuser.save();
            throw th;
        }
    }

    @Test
    public void testAccessVersionHistory() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        allow(createVersionableNode.getPath(), this.versionPrivileges);
        Node node = this.testSession.getNode(createVersionableNode.getPath());
        node.checkin();
        node.checkout();
        VersionHistory versionHistory = node.getVersionHistory();
        String path = versionHistory.getPath();
        String identifier = versionHistory.getIdentifier();
        assertTrue(versionHistory.isSame(node.getSession().getNode(path)));
        assertTrue(versionHistory.isSame(node.getSession().getNodeByIdentifier(identifier)));
        assertTrue(versionHistory.isSame(node.getSession().getNodeByUUID(identifier)));
    }

    @Test
    public void testAccessVersionHistoryVersionableNodeNotAccessible() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        allow(createVersionableNode.getPath(), this.versionPrivileges);
        Node node = this.testSession.getNode(createVersionableNode.getPath());
        node.checkin();
        node.checkout();
        VersionHistory versionHistory = node.getVersionHistory();
        String path = versionHistory.getPath();
        String identifier = versionHistory.getIdentifier();
        modify(createVersionableNode.getPath(), "{http://www.jcp.org/jcr/1.0}read", false);
        assertFalse(this.testSession.nodeExists(createVersionableNode.getPath()));
        try {
            this.testSession.getNode(path);
            fail("Access to version history should be denied if versionable node is not accessible");
        } catch (PathNotFoundException e) {
        }
        try {
            this.testSession.getNodeByIdentifier(identifier);
            fail("Access to version history should be denied if versionable node is not accessible");
        } catch (ItemNotFoundException e2) {
        }
        try {
            this.testSession.getNodeByUUID(identifier);
            fail("Access to version history should be denied if versionable node is not accessible");
        } catch (ItemNotFoundException e3) {
        }
    }

    @Test
    public void testAccessVersionHistoryVersionableNodeRemoved() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        allow(createVersionableNode.getPath(), this.versionPrivileges);
        createVersionableNode.checkin();
        createVersionableNode.checkout();
        String path = createVersionableNode.getPath();
        VersionHistory versionHistory = createVersionableNode.getVersionHistory();
        String path2 = versionHistory.getPath();
        String identifier = versionHistory.getIdentifier();
        createVersionableNode.remove();
        this.superuser.save();
        this.testSession.refresh(false);
        assertTrue(this.testSession.nodeExists(this.path));
        assertFalse(this.testSession.nodeExists(path));
        this.testSession.getNode(path2);
        this.testSession.getNodeByIdentifier(identifier);
        this.testSession.getNodeByUUID(identifier);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}read", false);
        assertFalse(this.testSession.nodeExists(path2));
    }

    @Test
    public void testAddVersionLabel() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        allow(createVersionableNode.getPath(), this.versionPrivileges);
        Node node = this.testSession.getNode(createVersionableNode.getPath());
        Version checkin = node.checkin();
        node.checkout();
        Version checkin2 = node.checkin();
        node.checkout();
        VersionHistory versionHistory = node.getVersionHistory();
        versionHistory.addVersionLabel(checkin.getName(), "testLabel", false);
        versionHistory.addVersionLabel(checkin2.getName(), "testLabel", true);
        this.testSession.getWorkspace().getVersionManager().getVersionHistory(node.getPath()).addVersionLabel(checkin.getName(), "testLabel", true);
    }

    @Test
    public void testVersionablePath() throws Exception {
        Node createVersionableNode = createVersionableNode(this.superuser.getNode(this.path));
        assertEquals(createVersionableNode.getPath(), createVersionableNode.getVersionHistory().getProperty(this.superuser.getWorkspace().getName()).getString());
    }

    @Test
    public void testAddNewVersionableNode() throws Exception {
        modify(this.path, "rep:write", true);
        modify(this.path, "{http://www.jcp.org/jcr/1.0}versionManagement", true);
        this.testSession.getNode(this.path).addNode("versionable").addMixin("mix:versionable");
        this.testSession.save();
    }

    @Test
    public void testVersionableChildNode() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("n1").addNode("n2").addNode("n3").addNode("jcr:content");
        this.superuser.save();
        addNode.addMixin("mix:versionable");
        this.superuser.save();
        assertTrue(addNode.isNodeType("mix:versionable"));
        assertEquals(addNode.getPath(), addNode.getVersionHistory().getProperty(this.superuser.getWorkspace().getName()).getString());
    }

    @Test
    public void testVersionableChildNode2() throws Exception {
        Node addNode = this.superuser.getNode(this.path).addNode("n1").addNode("n2").addNode("n3").addNode("jcr:content");
        addNode.addMixin("mix:versionable");
        this.superuser.save();
        addNode.remove();
        Node addNode2 = this.superuser.getNode(this.path).getNode("n1").getNode("n2").getNode("n3").addNode("jcr:content");
        addNode2.addMixin("mix:versionable");
        this.superuser.save();
        assertTrue(addNode2.isNodeType("mix:versionable"));
        assertEquals(addNode2.getPath(), addNode2.getVersionHistory().getProperty(this.superuser.getWorkspace().getName()).getString());
    }
}
