package org.apache.jackrabbit.oak.jcr.security.authorization;

import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Workspace;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.AccessControlPolicy;
import org.apache.jackrabbit.api.JackrabbitWorkspace;
import org.apache.jackrabbit.test.NotExecutableException;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/PrivilegeManagementTest.class */
public class PrivilegeManagementTest extends AbstractEvaluationTest {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        assertHasRepoPrivilege("rep:privilegeManagement", false);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.authorization.AbstractEvaluationTest
    public void tearDown() throws Exception {
        try {
            for (AccessControlPolicy accessControlPolicy : this.acMgr.getPolicies((String) null)) {
                this.acMgr.removePolicy((String) null, accessControlPolicy);
            }
            this.superuser.save();
            super.tearDown();
        } catch (Throwable th) {
            super.tearDown();
            throw th;
        }
    }

    private String getNewPrivilegeName(Workspace workspace) throws RepositoryException, NotExecutableException {
        String str = null;
        AccessControlManager accessControlManager = workspace.getSession().getAccessControlManager();
        for (int i = 0; i < 100; i++) {
            try {
                accessControlManager.privilegeFromName(str);
                str = "privilege-" + i;
            } catch (Exception e) {
            }
        }
        if (str == null) {
            throw new NotExecutableException("failed to define new privilege name.");
        }
        return str;
    }

    @Test
    public void testRegisterPrivilege() throws Exception {
        try {
            JackrabbitWorkspace workspace = this.testSession.getWorkspace();
            workspace.getPrivilegeManager().registerPrivilege(getNewPrivilegeName(workspace), false, new String[0]);
            fail("Privilege registration should be denied.");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void testModifyPrivilegeMgtPrivilege() throws Exception {
        modify(null, "rep:privilegeManagement", true);
        assertHasRepoPrivilege("rep:privilegeManagement", true);
        modify(null, "rep:privilegeManagement", false);
        assertHasRepoPrivilege("rep:privilegeManagement", false);
    }

    @Test
    public void testRegisterPrivilegeWithPrivilege() throws Exception {
        modify(null, "rep:privilegeManagement", true);
        try {
            JackrabbitWorkspace workspace = this.testSession.getWorkspace();
            workspace.getPrivilegeManager().registerPrivilege(getNewPrivilegeName(workspace), false, new String[0]);
        } finally {
            modify(null, "rep:privilegeManagement", false);
        }
    }
}
