package org.apache.jackrabbit.oak.security.authorization.accesscontrol;

import java.security.Principal;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.security.AccessControlException;
import javax.jcr.security.AccessControlPolicy;
import javax.jcr.security.AccessControlPolicyIterator;
import javax.jcr.security.Privilege;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlEntry;
import org.apache.jackrabbit.api.security.authorization.PrivilegeManager;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authorization.AuthorizationConfiguration;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ACE;
import org.apache.jackrabbit.oak.spi.security.authorization.accesscontrol.ReadPolicy;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.Restriction;
import org.apache.jackrabbit.oak.spi.security.authorization.restriction.RestrictionProvider;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBits;
import org.apache.jackrabbit.oak.spi.security.privilege.PrivilegeBitsProvider;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authorization/accesscontrol/AbstractAccessControlTest.class */
public abstract class AbstractAccessControlTest extends AbstractSecurityTest {
    static final String TEST_PATH = "/testPath";
    private PrivilegeManager privilegeManager;
    PrincipalManager principalManager;
    Principal testPrincipal;
    Privilege[] testPrivileges;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "testPath", "nt:unstructured");
        this.root.commit();
        this.testPrincipal = getTestUser().getPrincipal();
        this.testPrivileges = privilegesFromNames("jcr:addChildNodes", "jcr:lockManagement");
        this.privilegeManager = getPrivilegeManager(this.root);
        this.principalManager = getPrincipalManager(this.root);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Tree tree = this.root.getTree(TEST_PATH);
            if (tree.exists()) {
                tree.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public RestrictionProvider getRestrictionProvider() {
        return ((AuthorizationConfiguration) getConfig(AuthorizationConfiguration.class)).getRestrictionProvider();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public PrivilegeBitsProvider getBitsProvider() {
        return new PrivilegeBitsProvider(this.root);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ACE createEntry(@NotNull Principal principal, boolean z, @Nullable Set<Restriction> set, @NotNull String... strArr) throws RepositoryException {
        return createEntry(principal, privilegesFromNames(strArr), z, set == null ? Collections.emptySet() : set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ACE createEntry(@NotNull Principal principal, @NotNull Privilege[] privilegeArr, boolean z, @NotNull Set<Restriction> set) throws RepositoryException {
        return createACL(TEST_PATH, Collections.emptyList(), getNamePathMapper(), getRestrictionProvider()).createACE(principal, getBitsProvider().getBits(privilegeArr, getNamePathMapper()), z, set);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ACE createEntry(@NotNull Principal principal, @NotNull PrivilegeBits privilegeBits, boolean z, @NotNull Set<Restriction> set) throws RepositoryException {
        AccessControlPolicyIterator applicablePolicies = getAccessControlManager(this.root).getApplicablePolicies(TEST_PATH);
        while (applicablePolicies.hasNext()) {
            ACL nextAccessControlPolicy = applicablePolicies.nextAccessControlPolicy();
            if (nextAccessControlPolicy instanceof ACL) {
                return nextAccessControlPolicy.createACE(principal, privilegeBits, z, set);
            }
        }
        throw new UnsupportedOperationException();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ACL createACL(@Nullable String str, @NotNull List<ACE> list, @NotNull NamePathMapper namePathMapper, @NotNull RestrictionProvider restrictionProvider) {
        return createACL(str, list, namePathMapper, restrictionProvider, this.privilegeManager);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @NotNull
    public ACL createACL(@Nullable String str, @NotNull List<ACE> list, @NotNull NamePathMapper namePathMapper, @NotNull final RestrictionProvider restrictionProvider, @NotNull final PrivilegeManager privilegeManager) {
        return new ACL(str == null ? null : namePathMapper.getOakPath(str), list, namePathMapper) { // from class: org.apache.jackrabbit.oak.security.authorization.accesscontrol.AbstractAccessControlTest.1
            @NotNull
            public RestrictionProvider getRestrictionProvider() {
                return restrictionProvider;
            }

            @NotNull
            ACE createACE(@NotNull Principal principal, @NotNull PrivilegeBits privilegeBits, boolean z, @NotNull Set<Restriction> set) throws RepositoryException {
                return AbstractAccessControlTest.this.createEntry(principal, privilegeBits, z, set);
            }

            boolean checkValidPrincipal(@Nullable Principal principal) throws AccessControlException {
                return Util.checkValidPrincipal(principal, AbstractAccessControlTest.this.principalManager, Util.getImportBehavior((AuthorizationConfiguration) AbstractAccessControlTest.this.getConfig(AuthorizationConfiguration.class)));
            }

            @NotNull
            PrivilegeManager getPrivilegeManager() {
                return privilegeManager;
            }

            @NotNull
            PrivilegeBits getPrivilegeBits(@NotNull Privilege[] privilegeArr) {
                return new PrivilegeBitsProvider(AbstractAccessControlTest.this.root).getBits(privilegeArr, getNamePathMapper());
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static JackrabbitAccessControlEntry mockAccessControlEntry(@NotNull Principal principal, @NotNull Privilege[] privilegeArr) {
        JackrabbitAccessControlEntry jackrabbitAccessControlEntry = (JackrabbitAccessControlEntry) Mockito.mock(JackrabbitAccessControlEntry.class);
        Mockito.when(jackrabbitAccessControlEntry.getPrincipal()).thenReturn(principal);
        Mockito.when(jackrabbitAccessControlEntry.getPrivileges()).thenReturn(privilegeArr);
        return jackrabbitAccessControlEntry;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void assertPolicies(@Nullable AccessControlPolicy[] accessControlPolicyArr, long j) {
        assertPolicies(accessControlPolicyArr, j, false);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void assertPolicies(@Nullable AccessControlPolicy[] accessControlPolicyArr, long j, boolean z) {
        Assert.assertNotNull(accessControlPolicyArr);
        Assert.assertEquals(j, accessControlPolicyArr.length);
        if (accessControlPolicyArr.length > 0) {
            Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(accessControlPolicyArr[accessControlPolicyArr.length - 1] instanceof ReadPolicy));
        }
    }
}
