package org.apache.jackrabbit.oak.jcr.security.privilege;

import com.google.common.collect.ImmutableSet;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.LinkedHashMap;
import javax.jcr.AccessDeniedException;
import javax.jcr.InvalidItemStateException;
import javax.jcr.NamespaceException;
import javax.jcr.Node;
import javax.jcr.Repository;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.jcr.AbstractRepositoryTest;
import org.apache.jackrabbit.oak.jcr.Jcr;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/privilege/PrivilegeRegistrationTest.class */
public class PrivilegeRegistrationTest extends AbstractPrivilegeTest {
    private Repository repository;
    private Session session;
    private PrivilegeManager privilegeManager;

    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.repository = new Jcr().createRepository();
        this.session = getAdminSession();
        this.privilegeManager = getPrivilegeManager(this.session);
        try {
            AccessControlUtils.addAccessControlEntry(this.session, "/", EveryonePrincipal.getInstance(), new String[]{"{http://www.jcp.org/jcr/1.0}read"}, true);
            this.session.save();
        } catch (RepositoryException e) {
        }
    }

    @After
    public void tearDown() throws Exception {
        try {
            super.tearDown();
            this.session.logout();
            this.repository = AbstractRepositoryTest.dispose(this.repository);
            this.privilegeManager = null;
        } catch (Throwable th) {
            this.session.logout();
            this.repository = AbstractRepositoryTest.dispose(this.repository);
            this.privilegeManager = null;
            throw th;
        }
    }

    private Session getReadOnlySession() throws RepositoryException {
        return this.repository.login(getHelper().getReadOnlyCredentials());
    }

    private Session getAdminSession() throws RepositoryException {
        return this.repository.login(getHelper().getSuperuserCredentials());
    }

    @Test
    public void testRegisterPrivilegeWithReadOnly() throws RepositoryException {
        Session readOnlySession = getReadOnlySession();
        try {
            getPrivilegeManager(readOnlySession).registerPrivilege("test", true, new String[0]);
            fail("Only admin is allowed to register privileges.");
            readOnlySession.logout();
        } catch (AccessDeniedException e) {
            readOnlySession.logout();
        } catch (Throwable th) {
            readOnlySession.logout();
            throw th;
        }
    }

    @Test
    public void testCustomDefinitionsWithCyclicReferences() throws RepositoryException {
        try {
            this.privilegeManager.registerPrivilege("cycl-1", false, new String[]{"cycl-1"});
            fail("Cyclic definitions must be detected upon registration.");
        } catch (RepositoryException e) {
        }
    }

    @Test
    public void testCustomEquivalentDefinitions() throws RepositoryException {
        this.privilegeManager.registerPrivilege("custom4", false, new String[0]);
        this.privilegeManager.registerPrivilege("custom5", false, new String[0]);
        this.privilegeManager.registerPrivilege("custom2", false, new String[]{"custom4", "custom5"});
        ArrayList<String[]> arrayList = new ArrayList();
        arrayList.add(new String[]{"custom4", "custom5"});
        arrayList.add(new String[]{"custom2", "custom4"});
        arrayList.add(new String[]{"custom2", "custom5"});
        int i = 6;
        for (String[] strArr : arrayList) {
            try {
                int i2 = i;
                i++;
                String str = "custom" + i2;
                this.privilegeManager.registerPrivilege(str, false, strArr);
                fail("Equivalent '" + str + "' definitions must be detected.");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testRegisterBuiltInPrivilege() throws RepositoryException {
        HashMap hashMap = new HashMap();
        hashMap.put("jcr:read", new String[0]);
        hashMap.put("jcr:lifecycleManagement", new String[]{"jcr:addChildNodes"});
        hashMap.put("rep:write", new String[0]);
        hashMap.put("jcr:all", new String[0]);
        for (String str : hashMap.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str, false, (String[]) hashMap.get(str));
                fail("Privilege name " + str + " already in use -> Exception expected");
            } catch (RepositoryException e) {
            }
        }
        for (String str2 : hashMap.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str2, true, (String[]) hashMap.get(str2));
                fail("Privilege name " + str2 + " already in use -> Exception expected");
            } catch (RepositoryException e2) {
            }
        }
    }

    @Test
    public void testRegisterInvalidNewAggregate() throws RepositoryException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("jcrReadAggregate", getAggregateNames("jcr:read"));
        linkedHashMap.put("newAggregate2", getAggregateNames("jcr:read", "unknownPrivilege"));
        linkedHashMap.put("newAggregate3", getAggregateNames("unknownPrivilege"));
        linkedHashMap.put("newAggregate4", getAggregateNames("newAggregate"));
        linkedHashMap.put("repWriteAggregate", getAggregateNames("jcr:modifyProperties", "jcr:addChildNodes", "jcr:nodeTypeManagement", "jcr:removeChildNodes", "jcr:removeNode"));
        linkedHashMap.put("newAggregate5", getAggregateNames("jcr:read", "unknownPrivilege"));
        for (String str : linkedHashMap.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str, true, (String[]) linkedHashMap.get(str));
                fail("New aggregate " + str + " referring to unknown Privilege  -> Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testRegisterInvalidNewAggregate2() throws RepositoryException {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        linkedHashMap.put("new", new String[0]);
        linkedHashMap.put("new2", new String[0]);
        linkedHashMap.put("new3", getAggregateNames("new", "new2"));
        for (String str : linkedHashMap.keySet()) {
            this.privilegeManager.registerPrivilege(str, true, (String[]) linkedHashMap.get(str));
        }
        LinkedHashMap linkedHashMap2 = new LinkedHashMap();
        linkedHashMap2.put("newA2", getAggregateNames("new"));
        linkedHashMap2.put("newA3", getAggregateNames("new2"));
        for (String str2 : linkedHashMap2.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str2, false, (String[]) linkedHashMap2.get(str2));
                fail("Invalid aggregation in definition '" + str2.toString() + "' : Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testRegisterPrivilegeWithIllegalName() {
        HashMap hashMap = new HashMap();
        hashMap.put(null, new String[0]);
        hashMap.put("", new String[0]);
        hashMap.put("invalid:privilegeName", new String[0]);
        hashMap.put(".e:privilegeName", new String[0]);
        hashMap.put("newPrivilege", new String[]{"invalid:privilegeName"});
        hashMap.put("newPrivilege", new String[]{".e:privilegeName"});
        hashMap.put("newPrivilege", new String[]{null});
        hashMap.put("newPrivilege", new String[]{""});
        for (String str : hashMap.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str, true, (String[]) hashMap.get(str));
                fail("Illegal name -> Exception expected");
            } catch (RepositoryException e) {
            } catch (NamespaceException e2) {
            }
        }
    }

    @Test
    public void testRegisterReservedName() {
        HashMap hashMap = new HashMap();
        hashMap.put(null, new String[0]);
        hashMap.put("jcr:privilegeName", new String[0]);
        hashMap.put("rep:privilegeName", new String[0]);
        hashMap.put("nt:privilegeName", new String[0]);
        hashMap.put("mix:privilegeName", new String[0]);
        hashMap.put("sv:privilegeName", new String[0]);
        hashMap.put("xml:privilegeName", new String[0]);
        hashMap.put("xmlns:privilegeName", new String[0]);
        hashMap.put("newPrivilege", new String[]{"jcr:privilegeName"});
        for (String str : hashMap.keySet()) {
            try {
                this.privilegeManager.registerPrivilege(str, true, (String[]) hashMap.get(str));
                fail("Illegal name -> Exception expected");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test
    public void testRegisterCustomPrivileges() throws RepositoryException {
        this.session.getWorkspace().getNamespaceRegistry().registerNamespace("test", "http://www.apache.org/jackrabbit/test");
        HashMap hashMap = new HashMap();
        hashMap.put("new", new String[0]);
        hashMap.put("test:new", new String[0]);
        for (String str : hashMap.keySet()) {
            this.privilegeManager.registerPrivilege(str, true, (String[]) hashMap.get(str));
            Privilege privilege = this.privilegeManager.getPrivilege(str);
            assertNotNull(privilege);
            assertEquals(str, privilege.getName());
            assertTrue(privilege.isAbstract());
            assertEquals(0, privilege.getDeclaredAggregatePrivileges().length);
            assertContainsDeclared(this.privilegeManager.getPrivilege("jcr:all"), str);
        }
        HashMap hashMap2 = new HashMap();
        hashMap2.put("newA2", getAggregateNames("test:new", "new"));
        hashMap2.put("newA1", getAggregateNames("new", "jcr:read"));
        hashMap2.put("aggrBuiltIn", getAggregateNames("jcr:modifyProperties", "jcr:read"));
        for (String str2 : hashMap2.keySet()) {
            String[] strArr = (String[]) hashMap2.get(str2);
            this.privilegeManager.registerPrivilege(str2, false, strArr);
            Privilege privilege2 = this.privilegeManager.getPrivilege(str2);
            assertNotNull(privilege2);
            assertEquals(str2, privilege2.getName());
            assertFalse(privilege2.isAbstract());
            for (String str3 : strArr) {
                assertContainsDeclared(privilege2, str3);
            }
            assertContainsDeclared(this.privilegeManager.getPrivilege("jcr:all"), str2);
        }
    }

    @Test
    public void testRegisterCustomPrivilegesVisibleInContent() throws RepositoryException {
        this.session.getWorkspace().getNamespaceRegistry().registerNamespace("test", "http://www.apache.org/jackrabbit/test");
        HashMap hashMap = new HashMap();
        hashMap.put("new", new String[0]);
        hashMap.put("test:new", new String[0]);
        for (String str : hashMap.keySet()) {
            this.privilegeManager.registerPrivilege(str, true, (String[]) hashMap.get(str));
            Node node = this.session.getNode("/jcr:system/rep:privileges");
            assertTrue(node.hasNode(str));
            Node node2 = node.getNode(str);
            assertTrue(node2.getProperty("rep:isAbstract").getBoolean());
            assertFalse(node2.hasProperty("rep:aggregates"));
        }
    }

    @Test
    public void testCustomPrivilegeVisibleToNewSession() throws RepositoryException {
        this.privilegeManager.registerPrivilege("testCustomPrivilegeVisibleToNewSession", false, new String[0]);
        Session adminSession = getAdminSession();
        try {
            Privilege privilege = getPrivilegeManager(adminSession).getPrivilege("testCustomPrivilegeVisibleToNewSession");
            assertEquals("testCustomPrivilegeVisibleToNewSession", privilege.getName());
            assertEquals(false, privilege.isAbstract());
            assertFalse(privilege.isAggregate());
            adminSession.logout();
        } catch (Throwable th) {
            adminSession.logout();
            throw th;
        }
    }

    @Test
    public void testCustomPrivilegeVisibleAfterRefresh() throws RepositoryException {
        Session adminSession = getAdminSession();
        PrivilegeManager privilegeManager = getPrivilegeManager(adminSession);
        try {
            this.privilegeManager.registerPrivilege("testCustomPrivilegeVisibleAfterRefresh", false, new String[0]);
            try {
                privilegeManager.getPrivilege("testCustomPrivilegeVisibleAfterRefresh");
                fail("Custom privilege will show up after Session#refresh()");
            } catch (AccessControlException e) {
            }
            adminSession.refresh(true);
            Privilege privilege = privilegeManager.getPrivilege("testCustomPrivilegeVisibleAfterRefresh");
            assertEquals("testCustomPrivilegeVisibleAfterRefresh", privilege.getName());
            assertEquals(false, privilege.isAbstract());
            assertFalse(privilege.isAggregate());
            adminSession.logout();
        } catch (Throwable th) {
            adminSession.logout();
            throw th;
        }
    }

    @Test
    public void testRegisterPrivilegeWithPendingChanges() throws RepositoryException {
        try {
            this.session.getRootNode().addNode("test");
            assertTrue(this.session.hasPendingChanges());
            this.privilegeManager.registerPrivilege("new", true, new String[0]);
            fail("Privileges may not be registered while there are pending changes.");
            this.superuser.refresh(false);
        } catch (InvalidItemStateException e) {
            this.superuser.refresh(false);
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }

    @Test
    public void testJcrAllWithCustomPrivileges() throws Exception {
        String path = this.session.getRootNode().addNode("test").getPath();
        AccessControlUtils.grantAllToEveryone(this.session, path);
        this.session.save();
        JackrabbitAccessControlManager accessControlManager = this.session.getAccessControlManager();
        Privilege[] privilegesFromNames = AccessControlUtils.privilegesFromNames(this.session, new String[]{"{http://www.jcp.org/jcr/1.0}all"});
        ImmutableSet of = ImmutableSet.of(EveryonePrincipal.getInstance());
        assertTrue(accessControlManager.hasPrivileges(path, of, privilegesFromNames));
        this.privilegeManager.registerPrivilege("customPriv", false, (String[]) null);
        assertTrue(accessControlManager.hasPrivileges(path, of, privilegesFromNames));
    }

    @Test
    public void testRegisterPrivilegeAggregatingJcrAll() throws Exception {
        this.privilegeManager.registerPrivilege("customPriv", false, (String[]) null);
        try {
            try {
                this.privilegeManager.registerPrivilege("customPriv2", false, new String[]{"customPriv", "{http://www.jcp.org/jcr/1.0}all"});
                fail("Aggregation containing jcr:all is invalid.");
                this.superuser.refresh(false);
            } catch (RepositoryException e) {
                CommitFailedException cause = e.getCause();
                assertTrue(cause instanceof CommitFailedException);
                assertEquals(53, cause.getCode());
                this.superuser.refresh(false);
            }
        } catch (Throwable th) {
            this.superuser.refresh(false);
            throw th;
        }
    }
}
