package org.apache.jackrabbit.core.security.authorization.combined;

import java.security.Principal;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.Value;
import javax.jcr.security.AccessControlManager;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.id.NodeId;
import org.apache.jackrabbit.spi.Path;
import org.apache.jackrabbit.test.NotExecutableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authorization/combined/WriteTest.class */
public class WriteTest extends org.apache.jackrabbit.core.security.authorization.acl.WriteTest {
    private static Logger log = LoggerFactory.getLogger(WriteTest.class);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.core.security.authorization.AbstractWriteTest, org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    public void setUp() throws Exception {
        super.setUp();
        try {
            getPrincipalBasedPolicy(this.acMgr, this.path, this.testUser.getPrincipal());
        } catch (Exception e) {
            this.superuser.logout();
            throw e;
        }
    }

    @Override // org.apache.jackrabbit.core.security.authorization.acl.WriteTest, org.apache.jackrabbit.core.security.authorization.AbstractEvaluationTest
    protected boolean isExecutable() {
        try {
            if (this.acMgr.getPolicies("/").length > 0) {
                return true;
            }
            return this.acMgr.getApplicablePolicies("/").hasNext();
        } catch (RepositoryException e) {
            return false;
        }
    }

    private JackrabbitAccessControlList getPrincipalBasedPolicy(AccessControlManager accessControlManager, String str, Principal principal) throws RepositoryException, AccessDeniedException, NotExecutableException {
        if (accessControlManager instanceof JackrabbitAccessControlManager) {
            for (JackrabbitAccessControlList jackrabbitAccessControlList : ((JackrabbitAccessControlManager) accessControlManager).getApplicablePolicies(principal)) {
                if (jackrabbitAccessControlList instanceof JackrabbitAccessControlList) {
                    return jackrabbitAccessControlList;
                }
            }
        }
        throw new NotExecutableException();
    }

    private JackrabbitAccessControlList givePrivileges(String str, Principal principal, Privilege[] privilegeArr, Map<String, Value> map, boolean z) throws NotExecutableException, RepositoryException {
        if (z) {
            return givePrivileges(str, principal, privilegeArr, getRestrictions(this.superuser, str));
        }
        JackrabbitAccessControlList principalBasedPolicy = getPrincipalBasedPolicy(this.acMgr, str, principal);
        principalBasedPolicy.addEntry(principal, privilegeArr, true, map);
        this.acMgr.setPolicy(principalBasedPolicy.getPath(), principalBasedPolicy);
        this.superuser.save();
        return principalBasedPolicy;
    }

    private JackrabbitAccessControlList withdrawPrivileges(String str, Principal principal, Privilege[] privilegeArr, Map<String, Value> map, boolean z) throws NotExecutableException, RepositoryException {
        if (z) {
            return withdrawPrivileges(str, principal, privilegeArr, getRestrictions(this.superuser, str));
        }
        JackrabbitAccessControlList principalBasedPolicy = getPrincipalBasedPolicy(this.acMgr, str, principal);
        principalBasedPolicy.addEntry(principal, privilegeArr, false, map);
        this.acMgr.setPolicy(principalBasedPolicy.getPath(), principalBasedPolicy);
        this.superuser.save();
        return principalBasedPolicy;
    }

    private Map<String, Value> getPrincipalBasedRestrictions(String str) throws RepositoryException, NotExecutableException {
        if (!(this.superuser instanceof SessionImpl)) {
            throw new NotExecutableException();
        }
        HashMap hashMap = new HashMap();
        hashMap.put("rep:nodePath", this.superuser.getValueFactory().createValue(str, 8));
        return hashMap;
    }

    public void testCombinedPolicies() throws RepositoryException, NotExecutableException {
        Group testGroup = getTestGroup();
        Session testSession = getTestSession();
        AccessControlManager testACManager = getTestACManager();
        checkReadOnly(this.path);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        withdrawPrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        givePrivileges(this.path, testGroup.getPrincipal(), privilegesFromName, getPrincipalBasedRestrictions(this.path), false);
        assertFalse(testSession.itemExists(this.path));
        assertFalse(testSession.hasPermission(this.path, "read"));
        assertFalse(testACManager.hasPrivileges(this.path, privilegesFromName));
        JackrabbitAccessControlList policy = getPolicy(this.acMgr, this.path, this.testUser.getPrincipal());
        this.acMgr.removePolicy(policy.getPath(), policy);
        this.superuser.save();
        assertTrue(testSession.itemExists(this.path));
        assertTrue(testSession.hasPermission(this.path, "read"));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName));
        Privilege[] privilegesFromName2 = privilegesFromName("{internal}write");
        givePrivileges(this.path, privilegesFromName2, getRestrictions(this.superuser, this.path));
        Privilege[] privilegesFromName3 = privilegesFromName("{http://www.jcp.org/jcr/1.0}modifyProperties");
        withdrawPrivileges(this.path, this.testUser.getPrincipal(), privilegesFromName3, getPrincipalBasedRestrictions(this.path), false);
        assertTrue(testSession.hasPermission(this.path + "/anyproperty", "set_property"));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName2));
        withdrawPrivileges(this.childNPath, this.testUser.getPrincipal(), privilegesFromName3, getRestrictions(this.superuser, this.childNPath));
        assertTrue(testSession.hasPermission(this.path + "/anyproperty", "set_property"));
        assertTrue(testACManager.hasPrivileges(this.path, privilegesFromName3));
        assertFalse(testSession.hasPermission(this.childNPath + "/anyproperty", "set_property"));
        assertFalse(testACManager.hasPrivileges(this.childNPath, privilegesFromName3));
    }

    public void testCanReadOnCombinedPolicies() throws RepositoryException, NotExecutableException {
        Group testGroup = getTestGroup();
        SessionImpl testSession = getTestSession();
        checkReadOnly(this.path);
        Privilege[] privilegesFromName = privilegesFromName("{http://www.jcp.org/jcr/1.0}read");
        withdrawPrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        givePrivileges(this.path, testGroup.getPrincipal(), privilegesFromName, getPrincipalBasedRestrictions(this.path), false);
        NodeId nodeId = this.superuser.getNode(this.path).getNodeId();
        assertFalse(testSession.getAccessManager().canRead((Path) null, nodeId));
        givePrivileges(this.childNPath, testGroup.getPrincipal(), privilegesFromName, getPrincipalBasedRestrictions(this.path), false);
        NodeId nodeId2 = this.superuser.getNode(this.childNPath).getNodeId();
        assertTrue(testSession.getAccessManager().canRead((Path) null, nodeId2));
        JackrabbitAccessControlList policy = getPolicy(this.acMgr, this.path, this.testUser.getPrincipal());
        this.acMgr.removePolicy(policy.getPath(), policy);
        this.superuser.save();
        assertTrue(testSession.getAccessManager().canRead((Path) null, nodeId));
        givePrivileges(this.path, privilegesFromName, getRestrictions(this.superuser, this.path));
        withdrawPrivileges(this.path, testGroup.getPrincipal(), privilegesFromName, getPrincipalBasedRestrictions(this.path), false);
        assertTrue(testSession.getAccessManager().canRead((Path) null, nodeId));
        withdrawPrivileges(this.childNPath, testGroup.getPrincipal(), privilegesFromName, getPrincipalBasedRestrictions(this.path), false);
        assertFalse(testSession.getAccessManager().canRead((Path) null, nodeId2));
    }
}
