package org.apache.jackrabbit.oak.jcr.security.authorization;

import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.Property;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.security.AccessControlEntry;
import javax.jcr.security.AccessControlList;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.test.api.security.AbstractAccessControlTest;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest.class */
public abstract class AbstractEvaluationTest extends AbstractAccessControlTest {
    private static final Map<String, Value> EMPTY_RESTRICTIONS = Collections.emptyMap();
    protected static final String REP_WRITE = "rep:write";
    protected Privilege[] readPrivileges;
    protected Privilege[] modPropPrivileges;
    protected Privilege[] readWritePrivileges;
    protected Privilege[] repWritePrivileges;
    protected String path;
    protected String childNPath;
    protected String childNPath2;
    protected String childPPath;
    protected String childchildPPath;
    protected String siblingPath;
    protected User testUser;
    protected Credentials creds;
    protected Group testGroup;
    protected Session testSession;
    protected AccessControlManager testAcMgr;
    private Map<String, ACL> toRestore = Maps.newHashMap();

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/authorization/AbstractEvaluationTest$ACL.class */
    public final class ACL {
        private final String path;
        private final boolean remove;
        private final Set<AccessControlEntry> entries;

        private ACL(String str) throws RepositoryException {
            this.entries = Sets.newHashSet();
            this.path = str;
            AccessControlList list = getList(str);
            this.remove = list == null;
            if (list != null) {
                Collections.addAll(this.entries, list.getAccessControlEntries());
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        public void restore() throws RepositoryException {
            AccessControlList list = getList(this.path);
            if (list != null) {
                if (this.remove) {
                    AbstractEvaluationTest.this.acMgr.removePolicy(this.path, list);
                } else {
                    for (AccessControlEntry accessControlEntry : list.getAccessControlEntries()) {
                        list.removeAccessControlEntry(accessControlEntry);
                    }
                    for (AccessControlEntry accessControlEntry2 : this.entries) {
                        list.addAccessControlEntry(accessControlEntry2.getPrincipal(), accessControlEntry2.getPrivileges());
                    }
                    AbstractEvaluationTest.this.acMgr.setPolicy(this.path, list);
                }
            }
            AbstractEvaluationTest.this.superuser.save();
        }

        @CheckForNull
        private AccessControlList getList(@Nullable String str) throws RepositoryException {
            if (str != null && !AbstractEvaluationTest.this.superuser.nodeExists(str)) {
                return null;
            }
            for (AccessControlList accessControlList : AbstractEvaluationTest.this.acMgr.getPolicies(str)) {
                if (accessControlList instanceof AccessControlList) {
                    return accessControlList;
                }
            }
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Before
    public void setUp() throws Exception {
        super.setUp();
        this.readPrivileges = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        this.modPropPrivileges = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        this.readWritePrivileges = privilegesFromNames(new String[]{"{http://www.jcp.org/jcr/1.0}read", REP_WRITE});
        this.repWritePrivileges = privilegesFromName(REP_WRITE);
        UserManager userManager = getUserManager(this.superuser);
        String generateId = generateId("testUser");
        this.creds = new SimpleCredentials(generateId, generateId.toCharArray());
        this.testUser = userManager.createUser(generateId, generateId);
        this.testGroup = getUserManager(this.superuser).createGroup(generateId("testGroup"));
        this.testGroup.addMember(this.testUser);
        Node addNode = this.testRootNode.addNode(this.nodeName1, this.testNodeType);
        Node addNode2 = addNode.addNode(this.nodeName2, this.testNodeType);
        Property property = addNode.setProperty(this.propertyName1, "anyValue");
        Node addNode3 = addNode.addNode(this.nodeName3, this.testNodeType);
        Property property2 = addNode2.setProperty(this.propertyName1, "childNodeProperty");
        Node addNode4 = this.testRootNode.addNode(this.nodeName2, this.testNodeType);
        this.superuser.save();
        this.path = addNode.getPath();
        this.childNPath = addNode2.getPath();
        this.childNPath2 = addNode3.getPath();
        this.childPPath = property.getPath();
        this.childchildPPath = property2.getPath();
        this.siblingPath = addNode4.getPath();
        this.superuser.save();
        this.testSession = createTestSession();
        this.testAcMgr = getAccessControlManager(this.testSession);
        assertReadOnly(this.path);
        assertReadOnly(this.childNPath);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @After
    public void tearDown() throws Exception {
        try {
            if (this.testSession != null && this.testSession.isLive()) {
                this.testSession.logout();
            }
            this.superuser.refresh(false);
            Iterator<String> it = this.toRestore.keySet().iterator();
            while (it.hasNext()) {
                this.toRestore.get(it.next()).restore();
            }
            this.toRestore.clear();
            if (this.testGroup != null) {
                this.testGroup.remove();
            }
            if (this.testUser != null) {
                this.testUser.remove();
            }
            this.superuser.save();
        } finally {
            super.tearDown();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Session createTestSession() throws RepositoryException {
        return getHelper().getRepository().login(this.creds);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static UserManager getUserManager(Session session) throws NotExecutableException {
        if (!(session instanceof JackrabbitSession)) {
            throw new NotExecutableException();
        }
        try {
            return ((JackrabbitSession) session).getUserManager();
        } catch (RepositoryException e) {
            throw new NotExecutableException(e.getMessage());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static String generateId(@Nonnull String str) {
        return str + UUID.randomUUID();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean canReadNode(Session session, String str) throws RepositoryException {
        try {
            session.getNode(str);
            return session.nodeExists(str);
        } catch (PathNotFoundException e) {
            return session.nodeExists(str);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Group getTestGroup() throws Exception {
        return this.testGroup;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getActions(String... strArr) {
        StringBuilder sb = new StringBuilder();
        for (String str : strArr) {
            if (sb.length() > 0) {
                sb.append(',');
            }
            sb.append(str);
        }
        return sb.toString();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Value> createGlobRestriction(String str) throws RepositoryException {
        return Collections.singletonMap("rep:glob", this.testSession.getValueFactory().createValue(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertHasRepoPrivilege(@Nonnull String str, boolean z) throws Exception {
        assertEquals(z, this.testAcMgr.hasPrivileges((String) null, privilegesFromName(str.toString())));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertHasPrivilege(@Nonnull String str, @Nonnull String str2, boolean z) throws Exception {
        assertHasPrivileges(str, privilegesFromName(str2), z);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertHasPrivileges(@Nonnull String str, @Nonnull Privilege[] privilegeArr, boolean z) throws Exception {
        if (this.testSession.nodeExists(str)) {
            assertEquals(z, this.testAcMgr.hasPrivileges(str, privilegeArr));
            return;
        }
        try {
            this.testAcMgr.hasPrivileges(str, privilegeArr);
            fail("PathNotFoundException expected");
        } catch (PathNotFoundException e) {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertReadOnly(String str) throws Exception {
        Assert.assertArrayEquals(privilegesFromName("{http://www.jcp.org/jcr/1.0}read"), this.testAcMgr.getPrivileges(str));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList modify(@Nullable String str, @Nonnull String str2, boolean z) throws Exception {
        return modify(str, this.testUser.getPrincipal(), privilegesFromName(str2), z, EMPTY_RESTRICTIONS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList modify(String str, Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map) throws Exception {
        return modify(str, principal, privilegeArr, z, map, Collections.emptyMap());
    }

    protected JackrabbitAccessControlList modify(String str, Principal principal, Privilege[] privilegeArr, boolean z, Map<String, Value> map, Map<String, Value[]> map2) throws Exception {
        rememberForRestore(str);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(this.acMgr, str);
        accessControlList.addEntry(principal, privilegeArr, z, map, map2);
        this.acMgr.setPolicy(accessControlList.getPath(), accessControlList);
        this.superuser.save();
        this.testSession.refresh(false);
        return accessControlList;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList allow(@Nullable String str, @Nonnull Privilege[] privilegeArr) throws Exception {
        return modify(str, this.testUser.getPrincipal(), privilegeArr, true, EMPTY_RESTRICTIONS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList allow(@Nullable String str, @Nonnull Privilege[] privilegeArr, Map<String, Value> map) throws Exception {
        return modify(str, this.testUser.getPrincipal(), privilegeArr, true, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList allow(String str, Principal principal, Privilege[] privilegeArr) throws Exception {
        return modify(str, principal, privilegeArr, true, EMPTY_RESTRICTIONS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList deny(String str, Privilege[] privilegeArr) throws Exception {
        return modify(str, this.testUser.getPrincipal(), privilegeArr, false, EMPTY_RESTRICTIONS);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList deny(String str, Privilege[] privilegeArr, Map<String, Value> map) throws Exception {
        return modify(str, this.testUser.getPrincipal(), privilegeArr, false, map);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public JackrabbitAccessControlList deny(String str, Principal principal, Privilege[] privilegeArr) throws Exception {
        return modify(str, principal, privilegeArr, false, EMPTY_RESTRICTIONS);
    }

    private void rememberForRestore(@Nullable String str) throws RepositoryException {
        if (this.toRestore.containsKey(str)) {
            return;
        }
        this.toRestore.put(str, new ACL(str));
    }
}
