package org.jahia.test.services.content.protection;

import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Properties;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.commons.lang.StringUtils;
import org.jahia.services.content.JCRCallback;
import org.jahia.services.content.JCRContentUtils;
import org.jahia.services.content.JCRNodeWrapper;
import org.jahia.services.content.JCRPublicationService;
import org.jahia.services.content.JCRSessionFactory;
import org.jahia.services.content.JCRSessionWrapper;
import org.jahia.services.content.JCRTemplate;
import org.jahia.services.content.decorator.JCRUserNode;
import org.jahia.services.sites.JahiaSite;
import org.jahia.services.usermanager.JahiaUserManagerService;
import org.jahia.test.JahiaTestCase;
import org.jahia.test.TestHelper;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import shaded.org.apache.http.HttpStatus;

/* loaded from: input_file:org/jahia/test/services/content/protection/RestApiAccessTest.class */
public class RestApiAccessTest extends JahiaTestCase {
    private static final String EDITOR_USER_NAME = "rest-api-access-test-editor";
    private static final String EDITOR_USER_PASSWORD = "password";
    private static String editorNodePath;
    private static JahiaSite site;
    private static final String TESTSITE_NAME = "restApiAccessTest";

    @BeforeClass
    public static void oneTimeSetUp() throws Exception {
        site = TestHelper.createSite(TESTSITE_NAME, "localhost" + System.currentTimeMillis(), TestHelper.WEB_TEMPLATES);
        Assert.assertNotNull(site);
        JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.RestApiAccessTest.1
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m911doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JCRUserNode createUser = JahiaUserManagerService.getInstance().createUser(RestApiAccessTest.EDITOR_USER_NAME, (String) null, "password", new Properties(), jCRSessionWrapper);
                String unused = RestApiAccessTest.editorNodePath = createUser.getPath();
                jCRSessionWrapper.save();
                JCRNodeWrapper node = jCRSessionWrapper.getNode(RestApiAccessTest.site.getJCRLocalPath());
                node.grantRoles("u:rest-api-access-test-editor", Collections.singleton("editor"));
                jCRSessionWrapper.save();
                JCRNodeWrapper addNode = createUser.addNode("files", "jnt:folder");
                jCRSessionWrapper.save();
                JCRPublicationService.getInstance().publishByMainId(addNode.getIdentifier(), "default", "live", (Set) null, true, (List) null);
                JCRPublicationService.getInstance().publishByMainId(node.getIdentifier(), "default", "live", (Set) null, true, (List) null);
                return null;
            }
        });
    }

    @AfterClass
    public static void oneTimeTearDown() throws Exception {
        JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<Boolean>() { // from class: org.jahia.test.services.content.protection.RestApiAccessTest.2
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public Boolean m912doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                JahiaUserManagerService jahiaUserManagerService = JahiaUserManagerService.getInstance();
                JCRUserNode lookupUser = jahiaUserManagerService.lookupUser(RestApiAccessTest.EDITOR_USER_NAME, jCRSessionWrapper);
                if (lookupUser == null) {
                    return null;
                }
                jahiaUserManagerService.deleteUser(lookupUser.getPath(), jCRSessionWrapper);
                jCRSessionWrapper.save();
                return null;
            }
        });
        TestHelper.deleteSite(TESTSITE_NAME);
        JCRSessionFactory.getInstance().closeAllSessions();
    }

    @Test
    public void accessWithEditorUser() throws RepositoryException, IOException {
        login(EDITOR_USER_NAME, "password");
        try {
            checkLiveAccess(editorNodePath);
            checkLiveAccess(editorNodePath + "/files");
            checkLiveAccess("/sites/restApiAccessTest/contents");
        } finally {
            logout();
        }
    }

    @Test
    public void accessWithGuestToFoldersAndPages() throws RepositoryException, IOException {
        checkNoAccess("/sites/restApiAccessTest/files");
        checkNoAccess("/sites/restApiAccessTest/home");
    }

    private void checkLiveAccess(String str) throws IOException {
        checkAccess("/modules/api/jcr/v1/live/en/paths" + str, true);
    }

    private void checkAccess(String str, boolean z) throws IOException {
        String asText = getAsText(str, z ? HttpStatus.SC_OK : HttpStatus.SC_NOT_FOUND);
        if (z) {
            Assert.assertFalse("Should have access to the URL: " + str, StringUtils.contains(asText, "\"exception\":\"javax.jcr.PathNotFoundException\""));
        } else {
            Assert.assertTrue("Should NOT have access to the URL: " + str, StringUtils.contains(asText, "\"exception\":\"javax.jcr.PathNotFoundException\""));
        }
    }

    private void checkNoAccess(String str) throws IOException {
        checkNoAccess(str, "live");
        checkNoAccess(str, "default");
    }

    private void checkNoAccess(String str, String str2) throws IOException {
        checkAccess("/modules/api/jcr/v1/" + str2 + "/en/paths" + str, false);
    }

    @Test
    public void noAccessToConfiguredNodeTypesToSkip() throws RepositoryException, IOException {
        String str = (String) JCRTemplate.getInstance().doExecuteWithSystemSession(new JCRCallback<String>() { // from class: org.jahia.test.services.content.protection.RestApiAccessTest.3
            /* renamed from: doInJCR, reason: merged with bridge method [inline-methods] */
            public String m913doInJCR(JCRSessionWrapper jCRSessionWrapper) throws RepositoryException {
                List childrenOfType = JCRContentUtils.getChildrenOfType(jCRSessionWrapper.getNode("/users/root/passwordHistory"), "jnt:passwordHistoryEntry", 1);
                if (childrenOfType.size() > 0) {
                    return ((JCRNodeWrapper) childrenOfType.iterator().next()).getPath();
                }
                return null;
            }
        });
        Assert.assertNotNull("Unable to find password history entry for root user", str);
        checkNoAccess("/users/root/passwordHistory");
        checkNoAccess(str);
        loginRoot();
        try {
            checkNoAccess("/users/root/passwordHistory");
            checkNoAccess(str);
        } finally {
            logout();
        }
    }

    @Test
    public void noAccessWithGuestToOtherContent() throws RepositoryException, IOException {
        for (String str : new String[]{"/groups", "/imports", "/j:acl", "/jcr:system", "/modules", "/passwordPolicy", "/referencesKeeper", "/settings", "/sites", "/users", "/users/root", "/users/root/files", editorNodePath + "/files"}) {
            checkNoAccess(str);
        }
    }
}
