package org.springframework.security.acls.jdbc;

import java.util.Arrays;
import java.util.List;
import java.util.Map;
import javax.sql.DataSource;
import org.junit.Assert;
import org.junit.Test;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.io.ClassPathResource;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.security.acls.TargetObject;
import org.springframework.security.acls.domain.AclImpl;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.domain.CumulativePermission;
import org.springframework.security.acls.domain.GrantedAuthoritySid;
import org.springframework.security.acls.domain.ObjectIdentityImpl;
import org.springframework.security.acls.domain.PrincipalSid;
import org.springframework.security.acls.model.AccessControlEntry;
import org.springframework.security.acls.model.AclCache;
import org.springframework.security.acls.model.AlreadyExistsException;
import org.springframework.security.acls.model.ChildrenExistException;
import org.springframework.security.acls.model.MutableAcl;
import org.springframework.security.acls.model.NotFoundException;
import org.springframework.security.acls.model.ObjectIdentity;
import org.springframework.security.acls.model.Permission;
import org.springframework.security.acls.model.Sid;
import org.springframework.security.authentication.TestingAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.AbstractTransactionalJUnit4SpringContextTests;
import org.springframework.test.context.transaction.AfterTransaction;
import org.springframework.test.context.transaction.BeforeTransaction;
import org.springframework.transaction.annotation.Transactional;

@ContextConfiguration(locations = {"/jdbcMutableAclServiceTests-context.xml"})
/* loaded from: input_file:org/springframework/security/acls/jdbc/JdbcMutableAclServiceTests.class */
public class JdbcMutableAclServiceTests extends AbstractTransactionalJUnit4SpringContextTests {
    private static final String TARGET_CLASS = TargetObject.class.getName();
    public static final String SELECT_ALL_CLASSES = "SELECT * FROM acl_class WHERE class = ?";

    @Autowired
    private JdbcMutableAclService jdbcMutableAclService;

    @Autowired
    private AclCache aclCache;

    @Autowired
    private LookupStrategy lookupStrategy;

    @Autowired
    private DataSource dataSource;

    @Autowired
    private JdbcTemplate jdbcTemplate;
    private final Authentication auth = new TestingAuthenticationToken("ben", "ignored", new String[]{"ROLE_ADMINISTRATOR"});
    private final ObjectIdentity topParentOid = new ObjectIdentityImpl(TARGET_CLASS, 100L);
    private final ObjectIdentity middleParentOid = new ObjectIdentityImpl(TARGET_CLASS, 101L);
    private final ObjectIdentity childOid = new ObjectIdentityImpl(TARGET_CLASS, 102L);

    @BeforeTransaction
    public void createTables() throws Exception {
        try {
            new DatabaseSeeder(this.dataSource, new ClassPathResource("createAclSchema.sql"));
        } catch (Exception e) {
            e.printStackTrace();
            throw e;
        }
    }

    @AfterTransaction
    public void clearContextAndData() throws Exception {
        SecurityContextHolder.clearContext();
        this.jdbcTemplate.execute("drop table acl_entry");
        this.jdbcTemplate.execute("drop table acl_object_identity");
        this.jdbcTemplate.execute("drop table acl_class");
        this.jdbcTemplate.execute("drop table acl_sid");
    }

    @Test
    @Transactional
    public void testLifecycle() {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(this.topParentOid);
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(this.middleParentOid);
        MutableAcl createAcl3 = this.jdbcMutableAclService.createAcl(this.childOid);
        createAcl2.setParent(createAcl);
        createAcl3.setParent(createAcl2);
        createAcl.insertAce(0, BasePermission.READ, new PrincipalSid(this.auth), true);
        createAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid(this.auth), false);
        createAcl2.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), true);
        createAcl3.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
        this.jdbcMutableAclService.updateAcl(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        this.jdbcMutableAclService.updateAcl(createAcl3);
        Map readAclsById = this.jdbcMutableAclService.readAclsById(Arrays.asList(this.topParentOid, this.middleParentOid, this.childOid));
        Assert.assertEquals(3L, readAclsById.size());
        MutableAcl mutableAcl = (MutableAcl) readAclsById.get(this.topParentOid);
        MutableAcl mutableAcl2 = (MutableAcl) readAclsById.get(this.middleParentOid);
        MutableAcl mutableAcl3 = (MutableAcl) readAclsById.get(this.childOid);
        Assert.assertNotNull(mutableAcl.getId());
        Assert.assertNotNull(mutableAcl2.getId());
        Assert.assertNotNull(mutableAcl3.getId());
        Assert.assertNull(mutableAcl.getParentAcl());
        Assert.assertEquals(this.topParentOid, mutableAcl2.getParentAcl().getObjectIdentity());
        Assert.assertEquals(this.middleParentOid, mutableAcl3.getParentAcl().getObjectIdentity());
        Assert.assertEquals(2L, mutableAcl.getEntries().size());
        Assert.assertEquals(1L, mutableAcl2.getEntries().size());
        Assert.assertEquals(1L, mutableAcl3.getEntries().size());
        List asList = Arrays.asList(BasePermission.READ);
        List asList2 = Arrays.asList(BasePermission.WRITE);
        List asList3 = Arrays.asList(BasePermission.DELETE);
        List asList4 = Arrays.asList(new PrincipalSid(this.auth));
        Assert.assertTrue(mutableAcl.isGranted(asList, asList4, false));
        Assert.assertFalse(mutableAcl.isGranted(asList2, asList4, false));
        Assert.assertTrue(mutableAcl2.isGranted(asList3, asList4, false));
        Assert.assertFalse(mutableAcl3.isGranted(asList3, asList4, false));
        try {
            mutableAcl3.isGranted(Arrays.asList(BasePermission.ADMINISTRATION), asList4, false);
            Assert.fail("Should have thrown NotFoundException");
        } catch (NotFoundException e) {
            Assert.assertTrue(true);
        }
        Assert.assertTrue(mutableAcl3.isGranted(asList, asList4, false));
        Assert.assertFalse(mutableAcl3.isGranted(asList2, asList4, false));
        Assert.assertFalse(mutableAcl3.isGranted(asList3, asList4, false));
        mutableAcl3.setEntriesInheriting(false);
        this.jdbcMutableAclService.updateAcl(mutableAcl3);
        MutableAcl readAclById = this.jdbcMutableAclService.readAclById(this.childOid);
        Assert.assertFalse(readAclById.isEntriesInheriting());
        Assert.assertFalse(readAclById.isGranted(asList3, asList4, true));
        try {
            readAclById.isGranted(asList, asList4, true);
            Assert.fail("Should have thrown NotFoundException");
        } catch (NotFoundException e2) {
            Assert.assertTrue(true);
        }
        try {
            readAclById.isGranted(asList2, asList4, true);
            Assert.fail("Should have thrown NotFoundException");
        } catch (NotFoundException e3) {
            Assert.assertTrue(true);
        }
        readAclById.insertAce(1, BasePermission.DELETE, new PrincipalSid(this.auth), true);
        readAclById.insertAce(2, BasePermission.CREATE, new PrincipalSid(this.auth), true);
        this.jdbcMutableAclService.updateAcl(readAclById);
        MutableAcl readAclById2 = this.jdbcMutableAclService.readAclById(this.childOid);
        Assert.assertEquals(3L, readAclById2.getEntries().size());
        for (int i = 0; i < readAclById2.getEntries().size(); i++) {
            System.out.println(readAclById2.getEntries().get(i));
        }
        Assert.assertFalse(readAclById2.isGranted(asList3, asList4, true));
        Assert.assertTrue(readAclById2.isGranted(Arrays.asList(BasePermission.CREATE), asList4, true));
        AccessControlEntry accessControlEntry = (AccessControlEntry) readAclById2.getEntries().get(0);
        Assert.assertEquals(BasePermission.DELETE.getMask(), accessControlEntry.getPermission().getMask());
        Assert.assertEquals(new PrincipalSid(this.auth), accessControlEntry.getSid());
        Assert.assertFalse(accessControlEntry.isGranting());
        Assert.assertNotNull(accessControlEntry.getId());
        readAclById2.deleteAce(0);
        MutableAcl updateAcl = this.jdbcMutableAclService.updateAcl(readAclById2);
        Assert.assertEquals(2L, updateAcl.getEntries().size());
        Assert.assertTrue(updateAcl.isGranted(asList3, asList4, false));
        SecurityContextHolder.clearContext();
    }

    @Test
    @Transactional
    public void deleteAclAlsoDeletesChildren() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        this.jdbcMutableAclService.createAcl(this.topParentOid);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(this.middleParentOid);
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(this.childOid);
        createAcl2.setParent(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        Assert.assertEquals(this.middleParentOid, this.jdbcMutableAclService.readAclById(this.childOid).getParentAcl().getObjectIdentity());
        this.jdbcMutableAclService.deleteAcl(this.middleParentOid, true);
        try {
            this.jdbcMutableAclService.readAclById(this.middleParentOid);
            Assert.fail("It should have thrown NotFoundException");
        } catch (NotFoundException e) {
            Assert.assertTrue(true);
        }
        try {
            this.jdbcMutableAclService.readAclById(this.childOid);
            Assert.fail("It should have thrown NotFoundException");
        } catch (NotFoundException e2) {
            Assert.assertTrue(true);
        }
        MutableAcl readAclById = this.jdbcMutableAclService.readAclById(this.topParentOid);
        Assert.assertNotNull(readAclById);
        Assert.assertEquals(readAclById.getObjectIdentity(), this.topParentOid);
    }

    @Test
    public void constructorRejectsNullParameters() throws Exception {
        try {
            new JdbcMutableAclService((DataSource) null, this.lookupStrategy, this.aclCache);
            Assert.fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
        }
        try {
            new JdbcMutableAclService(this.dataSource, (LookupStrategy) null, this.aclCache);
            Assert.fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e2) {
        }
        try {
            new JdbcMutableAclService(this.dataSource, this.lookupStrategy, (AclCache) null);
            Assert.fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e3) {
        }
    }

    @Test
    public void createAclRejectsNullParameter() throws Exception {
        try {
            this.jdbcMutableAclService.createAcl((ObjectIdentity) null);
            Assert.fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
        }
    }

    @Test
    @Transactional
    public void createAclForADuplicateDomainObject() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(TARGET_CLASS, 100L);
        this.jdbcMutableAclService.createAcl(objectIdentityImpl);
        try {
            this.jdbcMutableAclService.createAcl(objectIdentityImpl);
            Assert.fail("It should have thrown AlreadyExistsException");
        } catch (AlreadyExistsException e) {
        }
    }

    @Test
    @Transactional
    public void deleteAclRejectsNullParameters() throws Exception {
        try {
            this.jdbcMutableAclService.deleteAcl((ObjectIdentity) null, true);
            Assert.fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
        }
    }

    @Test
    @Transactional
    public void deleteAclWithChildrenThrowsException() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(this.topParentOid);
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(this.middleParentOid);
        createAcl2.setParent(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        try {
            this.jdbcMutableAclService.setForeignKeysInDatabase(false);
            this.jdbcMutableAclService.deleteAcl(this.topParentOid, false);
            Assert.fail("It should have thrown ChildrenExistException");
            this.jdbcMutableAclService.setForeignKeysInDatabase(true);
        } catch (ChildrenExistException e) {
            this.jdbcMutableAclService.setForeignKeysInDatabase(true);
        } catch (Throwable th) {
            this.jdbcMutableAclService.setForeignKeysInDatabase(true);
            throw th;
        }
    }

    @Test
    @Transactional
    public void deleteAclRemovesRowsFromDatabase() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(this.childOid);
        createAcl.insertAce(0, BasePermission.DELETE, new PrincipalSid(this.auth), false);
        this.jdbcMutableAclService.updateAcl(createAcl);
        this.jdbcMutableAclService.deleteAcl(this.childOid, false);
        Assert.assertEquals(1L, this.jdbcTemplate.queryForList(SELECT_ALL_CLASSES, new Object[]{TARGET_CLASS}).size());
        Assert.assertEquals(0L, this.jdbcTemplate.queryForList("select * from acl_object_identity").size());
        Assert.assertEquals(0L, this.jdbcTemplate.queryForList("select * from acl_entry").size());
        Assert.assertNull(this.aclCache.getFromCache(this.childOid));
        Assert.assertNull(this.aclCache.getFromCache(102L));
    }

    @Test
    @Transactional
    public void identityWithIntegerIdIsSupportedByCreateAcl() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(this.auth);
        this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 101));
        Assert.assertNotNull(this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 101L)));
    }

    @Test
    @Transactional
    public void childrenAreClearedFromCacheWhenParentIsUpdated() throws Exception {
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("ben", "ignored", new String[]{"ROLE_ADMINISTRATOR"});
        testingAuthenticationToken.setAuthenticated(true);
        SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl(TARGET_CLASS, 104L);
        ObjectIdentityImpl objectIdentityImpl2 = new ObjectIdentityImpl(TARGET_CLASS, 105L);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(objectIdentityImpl);
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(objectIdentityImpl2);
        createAcl2.setParent(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        AclImpl readAclById = this.jdbcMutableAclService.readAclById(objectIdentityImpl);
        readAclById.insertAce(0, BasePermission.READ, new PrincipalSid("ben"), true);
        this.jdbcMutableAclService.updateAcl(readAclById);
        AclImpl readAclById2 = this.jdbcMutableAclService.readAclById(objectIdentityImpl);
        readAclById2.insertAce(1, BasePermission.READ, new PrincipalSid("scott"), true);
        this.jdbcMutableAclService.updateAcl(readAclById2);
        MutableAcl parentAcl = this.jdbcMutableAclService.readAclById(objectIdentityImpl2).getParentAcl();
        Assert.assertEquals("Fails because child has a stale reference to its parent", 2L, parentAcl.getEntries().size());
        Assert.assertEquals(1L, ((AccessControlEntry) parentAcl.getEntries().get(0)).getPermission().getMask());
        Assert.assertEquals(new PrincipalSid("ben"), ((AccessControlEntry) parentAcl.getEntries().get(0)).getSid());
        Assert.assertEquals(1L, ((AccessControlEntry) parentAcl.getEntries().get(1)).getPermission().getMask());
        Assert.assertEquals(new PrincipalSid("scott"), ((AccessControlEntry) parentAcl.getEntries().get(1)).getSid());
    }

    @Test
    @Transactional
    public void childrenAreClearedFromCacheWhenParentisUpdated2() throws Exception {
        SecurityContextHolder.getContext().setAuthentication(new TestingAuthenticationToken("system", "secret", new String[]{"ROLE_IGNORED"}));
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 1L));
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 2L));
        createAcl2.setParent(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        createAcl.insertAce(0, BasePermission.ADMINISTRATION, new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), true);
        this.jdbcMutableAclService.updateAcl(createAcl);
        createAcl.insertAce(1, BasePermission.DELETE, new PrincipalSid("terry"), true);
        this.jdbcMutableAclService.updateAcl(createAcl);
        MutableAcl parentAcl = this.jdbcMutableAclService.readAclById(new ObjectIdentityImpl(TARGET_CLASS, 2L)).getParentAcl();
        Assert.assertEquals(2L, parentAcl.getEntries().size());
        Assert.assertEquals(16L, ((AccessControlEntry) parentAcl.getEntries().get(0)).getPermission().getMask());
        Assert.assertEquals(new GrantedAuthoritySid("ROLE_ADMINISTRATOR"), ((AccessControlEntry) parentAcl.getEntries().get(0)).getSid());
        Assert.assertEquals(8L, ((AccessControlEntry) parentAcl.getEntries().get(1)).getPermission().getMask());
        Assert.assertEquals(new PrincipalSid("terry"), ((AccessControlEntry) parentAcl.getEntries().get(1)).getSid());
    }

    @Test
    @Transactional
    public void cumulativePermissions() {
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("ben", "ignored", new String[]{"ROLE_ADMINISTRATOR"});
        testingAuthenticationToken.setAuthenticated(true);
        SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl(TARGET_CLASS, 110L));
        Permission permission = new CumulativePermission().set(BasePermission.READ).set(BasePermission.ADMINISTRATION);
        Assert.assertEquals(17L, permission.getMask());
        Sid principalSid = new PrincipalSid(testingAuthenticationToken);
        createAcl.insertAce(0, permission, principalSid, true);
        Assert.assertEquals(1L, createAcl.getEntries().size());
        MutableAcl updateAcl = this.jdbcMutableAclService.updateAcl(createAcl);
        Assert.assertEquals(17L, ((AccessControlEntry) updateAcl.getEntries().get(0)).getPermission().getMask());
        Assert.assertTrue(updateAcl.isGranted(Arrays.asList(permission), Arrays.asList(principalSid), true));
        SecurityContextHolder.clearContext();
    }
}
