package org.springframework.security.acls.jdbc;

import java.util.Map;
import javax.sql.DataSource;
import org.springframework.security.GrantedAuthority;
import org.springframework.security.GrantedAuthorityImpl;
import org.springframework.security.acls.AccessControlEntry;
import org.springframework.security.acls.AlreadyExistsException;
import org.springframework.security.acls.ChildrenExistException;
import org.springframework.security.acls.MutableAcl;
import org.springframework.security.acls.NotFoundException;
import org.springframework.security.acls.Permission;
import org.springframework.security.acls.domain.BasePermission;
import org.springframework.security.acls.objectidentity.ObjectIdentity;
import org.springframework.security.acls.objectidentity.ObjectIdentityImpl;
import org.springframework.security.acls.sid.PrincipalSid;
import org.springframework.security.acls.sid.Sid;
import org.springframework.security.context.SecurityContextHolder;
import org.springframework.security.providers.TestingAuthenticationToken;
import org.springframework.test.AbstractTransactionalDataSourceSpringContextTests;

/* loaded from: input_file:spring-security-acl-2.0.8.RELEASE-tests.jar:org/springframework/security/acls/jdbc/JdbcAclServiceTests.class */
public class JdbcAclServiceTests extends AbstractTransactionalDataSourceSpringContextTests {
    public static final String SELECT_ALL_CLASSES = "SELECT * FROM acl_class WHERE class = ?";
    public static final String SELECT_ALL_OBJECT_IDENTITIES = "SELECT * FROM acl_object_identity";
    public static final String SELECT_OBJECT_IDENTITY = "SELECT * FROM acl_object_identity WHERE object_id_identity = ?";
    public static final String SELECT_ACL_ENTRY = "SELECT * FROM acl_entry, acl_object_identity WHERE acl_object_identity.id = acl_entry.acl_object_identity AND acl_object_identity.object_id_identity <= ?";
    private JdbcMutableAclService jdbcMutableAclService;
    private AclCache aclCache;
    private LookupStrategy lookupStrategy;

    protected String[] getConfigLocations() {
        return new String[]{"classpath:org/springframework/security/acls/jdbc/applicationContext-test.xml"};
    }

    public void setJdbcMutableAclService(JdbcMutableAclService jdbcMutableAclService) {
        this.jdbcMutableAclService = jdbcMutableAclService;
    }

    public void setAclCache(AclCache aclCache) {
        this.aclCache = aclCache;
    }

    public void setLookupStrategy(LookupStrategy lookupStrategy) {
        this.lookupStrategy = lookupStrategy;
    }

    protected void onTearDown() throws Exception {
        super.onTearDown();
        SecurityContextHolder.clearContext();
    }

    public void testLifecycle() {
        setComplete();
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
        testingAuthenticationToken.setAuthenticated(true);
        SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
        ObjectIdentity objectIdentityImpl = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100L));
        ObjectIdentity objectIdentityImpl2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101L));
        ObjectIdentity objectIdentityImpl3 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Integer(102));
        MutableAcl createAcl = this.jdbcMutableAclService.createAcl(objectIdentityImpl);
        MutableAcl createAcl2 = this.jdbcMutableAclService.createAcl(objectIdentityImpl2);
        MutableAcl createAcl3 = this.jdbcMutableAclService.createAcl(objectIdentityImpl3);
        createAcl2.setParent(createAcl);
        createAcl3.setParent(createAcl2);
        createAcl.insertAce(0, BasePermission.READ, new PrincipalSid(testingAuthenticationToken), true);
        createAcl.insertAce(1, BasePermission.WRITE, new PrincipalSid(testingAuthenticationToken), false);
        createAcl2.insertAce(0, BasePermission.DELETE, new PrincipalSid(testingAuthenticationToken), true);
        createAcl3.insertAce(0, BasePermission.DELETE, new PrincipalSid(testingAuthenticationToken), false);
        this.jdbcMutableAclService.updateAcl(createAcl);
        this.jdbcMutableAclService.updateAcl(createAcl2);
        this.jdbcMutableAclService.updateAcl(createAcl3);
        Map readAclsById = this.jdbcMutableAclService.readAclsById(new ObjectIdentity[]{objectIdentityImpl, objectIdentityImpl2, objectIdentityImpl3});
        assertEquals(3, readAclsById.size());
        MutableAcl mutableAcl = (MutableAcl) readAclsById.get(objectIdentityImpl);
        MutableAcl mutableAcl2 = (MutableAcl) readAclsById.get(objectIdentityImpl2);
        MutableAcl mutableAcl3 = (MutableAcl) readAclsById.get(objectIdentityImpl3);
        assertNotNull(mutableAcl.getId());
        assertNotNull(mutableAcl2.getId());
        assertNotNull(mutableAcl3.getId());
        assertNull(mutableAcl.getParentAcl());
        assertEquals(objectIdentityImpl, mutableAcl2.getParentAcl().getObjectIdentity());
        assertEquals(objectIdentityImpl2, mutableAcl3.getParentAcl().getObjectIdentity());
        assertEquals(2, mutableAcl.getEntries().length);
        assertEquals(1, mutableAcl2.getEntries().length);
        assertEquals(1, mutableAcl3.getEntries().length);
        assertTrue(mutableAcl.isGranted(new Permission[]{BasePermission.READ}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        assertFalse(mutableAcl.isGranted(new Permission[]{BasePermission.WRITE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        assertTrue(mutableAcl2.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        assertFalse(mutableAcl3.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        try {
            mutableAcl3.isGranted(new Permission[]{BasePermission.ADMINISTRATION}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException e) {
            assertTrue(true);
        }
        assertTrue(mutableAcl3.isGranted(new Permission[]{BasePermission.READ}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        assertFalse(mutableAcl3.isGranted(new Permission[]{BasePermission.WRITE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        assertFalse(mutableAcl3.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        mutableAcl3.setEntriesInheriting(false);
        this.jdbcMutableAclService.updateAcl(mutableAcl3);
        MutableAcl readAclById = this.jdbcMutableAclService.readAclById(objectIdentityImpl3);
        assertFalse(readAclById.isEntriesInheriting());
        assertFalse(readAclById.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, true));
        try {
            readAclById.isGranted(new Permission[]{BasePermission.READ}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, true);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException e2) {
            assertTrue(true);
        }
        try {
            readAclById.isGranted(new Permission[]{BasePermission.WRITE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, true);
            fail("Should have thrown NotFoundException");
        } catch (NotFoundException e3) {
            assertTrue(true);
        }
        readAclById.insertAce(1, BasePermission.DELETE, new PrincipalSid(testingAuthenticationToken), true);
        readAclById.insertAce(2, BasePermission.CREATE, new PrincipalSid(testingAuthenticationToken), true);
        this.jdbcMutableAclService.updateAcl(readAclById);
        MutableAcl readAclById2 = this.jdbcMutableAclService.readAclById(objectIdentityImpl3);
        assertEquals(3, readAclById2.getEntries().length);
        for (int i = 0; i < readAclById2.getEntries().length; i++) {
            System.out.println(readAclById2.getEntries()[i]);
        }
        assertFalse(readAclById2.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, true));
        assertTrue(readAclById2.isGranted(new Permission[]{BasePermission.CREATE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, true));
        AccessControlEntry accessControlEntry = readAclById2.getEntries()[0];
        assertEquals(BasePermission.DELETE.getMask(), accessControlEntry.getPermission().getMask());
        assertEquals(new PrincipalSid(testingAuthenticationToken), accessControlEntry.getSid());
        assertFalse(accessControlEntry.isGranting());
        assertNotNull(accessControlEntry.getId());
        readAclById2.deleteAce(0);
        MutableAcl updateAcl = this.jdbcMutableAclService.updateAcl(readAclById2);
        assertEquals(2, updateAcl.getEntries().length);
        assertTrue(updateAcl.isGranted(new Permission[]{BasePermission.DELETE}, new Sid[]{new PrincipalSid(testingAuthenticationToken)}, false));
        SecurityContextHolder.clearContext();
    }

    public void testDeleteAclAlsoDeletesChildren() throws Exception {
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100L));
        ObjectIdentityImpl objectIdentityImpl2 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101L));
        ObjectIdentityImpl objectIdentityImpl3 = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(102L));
        assertEquals(objectIdentityImpl2, this.jdbcMutableAclService.readAclById(objectIdentityImpl3).getParentAcl().getObjectIdentity());
        this.jdbcMutableAclService.deleteAcl(objectIdentityImpl2, true);
        try {
            this.jdbcMutableAclService.readAclById(objectIdentityImpl2);
            fail("It should have thrown NotFoundException");
        } catch (NotFoundException e) {
            assertTrue(true);
        }
        try {
            this.jdbcMutableAclService.readAclById(objectIdentityImpl3);
            fail("It should have thrown NotFoundException");
        } catch (NotFoundException e2) {
            assertTrue(true);
        }
        MutableAcl readAclById = this.jdbcMutableAclService.readAclById(objectIdentityImpl);
        assertNotNull(readAclById);
        assertEquals(readAclById.getObjectIdentity(), objectIdentityImpl);
    }

    public void testConstructorRejectsNullParameters() throws Exception {
        try {
            new JdbcMutableAclService((DataSource) null, this.lookupStrategy, this.aclCache);
            fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
        try {
            new JdbcMutableAclService(getJdbcTemplate().getDataSource(), (LookupStrategy) null, this.aclCache);
            fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e2) {
            assertTrue(true);
        }
        try {
            new JdbcMutableAclService(getJdbcTemplate().getDataSource(), this.lookupStrategy, (AclCache) null);
            fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e3) {
            assertTrue(true);
        }
    }

    public void testCreateAclRejectsNullParameter() throws Exception {
        try {
            this.jdbcMutableAclService.createAcl((ObjectIdentity) null);
            fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testCreateAclForADuplicateDomainObject() throws Exception {
        try {
            this.jdbcMutableAclService.createAcl(new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100L)));
            fail("It should have thrown AlreadyExistsException");
        } catch (AlreadyExistsException e) {
            assertTrue(true);
        }
    }

    public void testDeleteAclRejectsNullParameters() throws Exception {
        try {
            this.jdbcMutableAclService.deleteAcl((ObjectIdentity) null, true);
            fail("It should have thrown IllegalArgumentException");
        } catch (IllegalArgumentException e) {
            assertTrue(true);
        }
    }

    public void testDeleteAclWithChildrenThrowsException() throws Exception {
        try {
            try {
                ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100L));
                this.jdbcMutableAclService.setForeignKeysInDatabase(false);
                this.jdbcMutableAclService.deleteAcl(objectIdentityImpl, false);
                fail("It should have thrown ChildrenExistException");
                this.jdbcMutableAclService.setForeignKeysInDatabase(true);
            } catch (ChildrenExistException e) {
                assertTrue(true);
                this.jdbcMutableAclService.setForeignKeysInDatabase(true);
            }
        } catch (Throwable th) {
            this.jdbcMutableAclService.setForeignKeysInDatabase(true);
            throw th;
        }
    }

    public void testDeleteAclRemovesRowsFromDatabase() throws Exception {
        TestingAuthenticationToken testingAuthenticationToken = new TestingAuthenticationToken("ben", "ignored", new GrantedAuthority[]{new GrantedAuthorityImpl("ROLE_ADMINISTRATOR")});
        testingAuthenticationToken.setAuthenticated(true);
        SecurityContextHolder.getContext().setAuthentication(testingAuthenticationToken);
        new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(100L));
        new ObjectIdentityImpl("org.springframework.security.TargetObject", new Long(101L));
        ObjectIdentityImpl objectIdentityImpl = new ObjectIdentityImpl("org.springframework.security.TargetObject", new Integer(102));
        this.jdbcMutableAclService.deleteAcl(objectIdentityImpl, false);
        assertEquals(1, getJdbcTemplate().queryForList(SELECT_ALL_CLASSES, new Object[]{"org.springframework.security.TargetObject"}).size());
        assertEquals(0, getJdbcTemplate().queryForList(SELECT_OBJECT_IDENTITY, new Object[]{new Long(102L)}).size());
        assertEquals(2, getJdbcTemplate().queryForList(SELECT_ALL_OBJECT_IDENTITIES).size());
        assertEquals(3, getJdbcTemplate().queryForList(SELECT_ACL_ENTRY, new Object[]{new Long(103L)}).size());
        assertNull(this.aclCache.getFromCache(objectIdentityImpl));
        assertNull(this.aclCache.getFromCache(new Long(102L)));
    }
}
