package org.fcrepo.test.api;

import java.io.BufferedReader;
import java.io.File;
import java.io.FileInputStream;
import java.io.FileOutputStream;
import java.io.FileReader;
import java.io.FilenameFilter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.lang.reflect.InvocationTargetException;
import junit.framework.Test;
import junit.framework.TestSuite;
import junit.textui.TestRunner;
import org.apache.axis.AxisFault;
import org.fcrepo.client.FedoraClient;
import org.fcrepo.server.access.FedoraAPIA;
import org.fcrepo.server.management.FedoraAPIM;
import org.fcrepo.server.security.servletfilters.xmluserfile.FedoraUsers;
import org.fcrepo.server.types.gen.Property;
import org.fcrepo.server.utilities.ServerUtility;
import org.fcrepo.server.utilities.StreamUtility;
import org.fcrepo.test.DemoObjectTestSetup;
import org.fcrepo.test.FedoraServerTestCase;

/* loaded from: input_file:org/fcrepo/test/api/TestXACMLPolicies.class */
public class TestXACMLPolicies extends FedoraServerTestCase {
    private FedoraClient admin;
    private FedoraClient testuser1;
    private FedoraClient testuserroleA;
    private FedoraClient testuser2;
    private FedoraClient testuser3;
    private FedoraClient testuserroleB;
    private FedoraClient testuserroleC;
    private FedoraClient testuserroleC2;
    private FedoraClient testuser4;
    private File fedoraUsersBackup = null;

    public static Test suite() {
        TestSuite testSuite = new TestSuite("XACML Policy TestSuite");
        testSuite.addTestSuite(TestXACMLPolicies.class);
        return new DemoObjectTestSetup(testSuite);
    }

    public void testXACMLMultiOwnerAccess() throws Exception {
        addTestObject("test:MultiOwnerObject", "fedoraAdmin,testuser1", null);
        try {
            assertTrue(canWrite(this.admin, "test:MultiOwnerObject"));
            assertTrue(canWrite(this.testuser1, "test:MultiOwnerObject"));
            assertFalse(canWrite(this.testuserroleA, "test:MultiOwnerObject"));
            removeTestObject("test:MultiOwnerObject");
        } catch (Throwable th) {
            removeTestObject("test:MultiOwnerObject");
            throw th;
        }
    }

    public void testXACMLUnmodifiableContentModel() throws Exception {
        addTestObject("test:HasUnrestrictedCModel", null, "test:UnrestrictedCModel");
        addTestObject("test:HasRestrictedCModel", null, "test:RestrictedCModel");
        addTestObject("test:HasUnrestrictedAndRestrictedCModel", null, "test:UnrestrictedCModel", "test:RestrictedCModel");
        addTestObject("test:HasRestrictedAndUnrestrictedCModel", null, "test:RestrictedCModel", "test:UnrestrictedCModel");
        try {
            assertTrue(canWrite(this.admin, "test:HasUnrestrictedCModel"));
            assertFalse(canWrite(this.admin, "test:HasRestrictedCModel"));
            assertFalse(canWrite(this.admin, "test:HasUnrestrictedAndRestrictedCModel"));
            assertFalse(canWrite(this.admin, "test:HasRestrictedAndUnrestrictedCModel"));
            removeTestObject("test:HasUnrestrictedCModel");
            removeTestObject("test:HasRestrictedCModel");
            removeTestObject("test:HasUnrestrictedAndRestrictedCModel");
            removeTestObject("test:HasRestrictedAndUnrestrictedCModel");
        } catch (Throwable th) {
            removeTestObject("test:HasUnrestrictedCModel");
            removeTestObject("test:HasRestrictedCModel");
            removeTestObject("test:HasUnrestrictedAndRestrictedCModel");
            removeTestObject("test:HasRestrictedAndUnrestrictedCModel");
            throw th;
        }
    }

    private boolean canWrite(FedoraClient fedoraClient, String str) throws Exception {
        try {
            fedoraClient.getAPIM().modifyObject(str, (String) null, (String) null, (String) null, "log message");
            return true;
        } catch (Exception e) {
            return false;
        }
    }

    public void testXACMLAPIMAccess() throws Exception {
        String str = getDemoBaseURL() + "/simple-image-demo/col1.jpg";
        String str2 = getDemoBaseURL() + "/simple-image-demo/col2.jpg";
        String str3 = getDemoBaseURL() + "/simple-image-demo/col3.jpg";
        Class[] clsArr = {String.class, String.class, String[].class, String.class, String.class, String.class, String.class, String.class, String.class, String.class, Boolean.TYPE};
        Object[] objArr = {"demo:5", "THUMBRES_IMG", null, null, null, null, null, null, null, null, false};
        Class[] clsArr2 = {String.class, String.class, String.class, String.class, String.class, Boolean.TYPE};
        Object[] objArr2 = {"demo:5", "THUMBRES_IMG", null, null, null, false};
        Class[] clsArr3 = {String.class, String.class, Boolean.TYPE, String.class};
        Object[] objArr3 = {"demo:5", "THUMBRES_IMG", Boolean.FALSE, null};
        Object[] objArr4 = {"demo:5", "THUMBRES_IMG", Boolean.TRUE, null};
        invokeAPIMFailure(this.testuserroleA, "testuserroleA", "modifyDatastreamByReference", clsArr, objArr);
        objArr[6] = str;
        String invokeAPIMSuccessString = invokeAPIMSuccessString(this.testuser1, "testuser1", "modifyDatastreamByReference", clsArr, objArr);
        System.out.println("    URL = " + objArr[6]);
        assertTrue(invokeAPIMSuccessString != null);
        System.out.println("  Modify datastream from testuser1 succeeded.");
        System.out.println("Disabling versioning.");
        invokeAPIMSuccess(this.admin, "admin", "setDatastreamVersionable", clsArr3, objArr3);
        objArr[6] = str2;
        System.out.println("Testing modify datastream from admin with versioning off.");
        String invokeAPIMSuccessString2 = invokeAPIMSuccessString(this.admin, "admin", "modifyDatastreamByReference", clsArr, objArr);
        System.out.println("    URL = " + objArr[6]);
        assertTrue(invokeAPIMSuccessString2 != null);
        System.out.println("  Modify datastream from admin succeeded.");
        objArr[6] = null;
        objArr[3] = "The Colliseum with Graffiti";
        System.out.println("Testing modify datastream from admin with versioning off just changing label.");
        String invokeAPIMSuccessString3 = invokeAPIMSuccessString(this.admin, "admin", "modifyDatastreamByReference", clsArr, objArr);
        System.out.println("    Label = " + objArr[3]);
        assertTrue(invokeAPIMSuccessString3 != null);
        System.out.println("  Modify datastream from admin succeeded.");
        System.out.println("Re-enabling versioning.");
        invokeAPIMSuccess(this.admin, "admin", "setDatastreamVersionable", clsArr3, objArr4);
        objArr[6] = str3;
        objArr[3] = null;
        String invokeAPIMSuccessString4 = invokeAPIMSuccessString(this.testuser1, "testuser1", "modifyDatastreamByReference", clsArr, objArr);
        System.out.println("    URL = " + objArr[6]);
        assertTrue(invokeAPIMSuccessString4 != null);
        System.out.println("  Modify datastream from testuser1 succeeded.");
        objArr2[2] = invokeAPIMSuccessString;
        objArr2[3] = invokeAPIMSuccessString4;
        invokeAPIMFailure(this.testuser1, "testuser1", "purgeDatastream", clsArr2, objArr2);
        invokeAPIMFailure(this.testuserroleA, "testuserroleA", "purgeDatastream", clsArr2, objArr2);
        String[] invokeAPIMSuccessStringArray = invokeAPIMSuccessStringArray(this.admin, "admin", "purgeDatastream", clsArr2, objArr2);
        System.out.println("    Checking number of versions purged.");
        assertEquals(invokeAPIMSuccessStringArray.length, 2);
        System.out.println("    Checking dates of versions purged.");
        assertEquals(invokeAPIMSuccessStringArray[0], invokeAPIMSuccessString3);
        assertEquals(invokeAPIMSuccessStringArray[1], invokeAPIMSuccessString4);
        System.out.println("Purge Datastreams successful.");
    }

    public void testXACMLAPIAAccess() throws Exception {
        if (!isAPIAAuthzOn()) {
            System.out.println("Authorization is not enabled for APIA");
            System.out.println("Testing Policies for APIA access will not work.");
            return;
        }
        Class[] clsArr = {String.class, String.class, String.class};
        Object[] objArr = {"demo:5", "THUMBRES_IMG", null};
        Object[] objArr2 = {"demo:29", "url", null};
        Object[] objArr3 = {"demo:31", "DS1", null};
        Object[] objArr4 = {"demo:ObjSpecificTest", "DC", null};
        Class[] clsArr2 = {String.class, String.class, String.class, Property[].class, String.class};
        Class[] clsArr3 = {String.class, String.class, String.class, String.class, String.class};
        Object[] objArr5 = {"demo:31", null, null, null, null};
        invokeAPIAFailure(this.testuser2, "testuser2", "getDatastreamDissemination", clsArr, objArr);
        invokeAPIAFailure(this.testuser3, "testuser3", "getDatastreamDissemination", clsArr, objArr);
        invokeAPIAFailure(this.testuserroleB, "testuserroleB", "getDissemination", clsArr2, new Object[]{"demo:5", "demo:1", "getHigh", null, null});
        invokeAPIAFailure(this.testuser4, "testuser4", "getDatastreamDissemination", clsArr, objArr2);
        invokeAPIAFailure(this.testuser4, "testuser4", "getDissemination", clsArr2, new Object[]{"demo:29", "demo:27", "grayscaleImage", null, null});
        invokeAPIAFailure(this.testuserroleC, "testuserroleC", "getDissemination", clsArr2, new Object[]{"demo:5", "demo:1", "getVeryHigh", null, null});
        invokeAPIAFailure(this.testuser1, "testuser1", "getDatastreamDissemination", clsArr, objArr2);
        invokeAPIASuccess(this.testuserroleC, "testuserroleC", "getDatastreamDissemination", clsArr, objArr2);
        addObjectSpecificPolicies();
        try {
            invokeAPIASuccess(this.testuserroleC, "testuserroleC", "getDatastreamDissemination", clsArr, objArr4);
            invokeAPIAFailure(this.testuserroleC2, "testuserroleC2", "getDatastreamDissemination", clsArr, objArr4);
            removeObjectSpecificPolicies();
            invokeAPIASuccess(this.testuser1, "testuser1", "getDatastreamDissemination", clsArr, objArr);
            invokeAPIAFailure(this.testuser1, "testuser1", "getDatastreamDissemination", clsArr, objArr3);
            objArr5[3] = "testuser1";
            assertTrue(invokeAPIMSuccessString(this.admin, "fedoraAdmin", "modifyObject", clsArr3, objArr5) != null);
            System.out.println("  Modify Object from admin succeeded.");
            invokeAPIASuccess(this.testuser1, "testuser1", "getDatastreamDissemination", clsArr, objArr3);
            objArr5[3] = "fedoraAdmin";
            assertTrue(invokeAPIMSuccessString(this.admin, "fedoraAdmin", "modifyObject", clsArr3, objArr5) != null);
            System.out.println("  Modify Object from admin succeeded.");
        } catch (Throwable th) {
            removeObjectSpecificPolicies();
            throw th;
        }
    }

    public void invokeAPIMFailure(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        try {
            System.out.println("Testing " + str2 + " from invalid user: " + str);
            FedoraAPIM apim = fedoraClient.getAPIM();
            apim.getClass().getMethod(str2, clsArr).invoke(apim, objArr);
            fail("Illegal access allowed");
        } catch (IOException e) {
            System.out.println("    Reason = " + e.getMessage());
            assertTrue(e.getMessage().contains("[403 Forbidden]"));
            System.out.println("Access denied correctly");
        } catch (InvocationTargetException e2) {
            AxisFault cause = e2.getCause();
            if (!(cause instanceof AxisFault)) {
                System.out.println("Got exception: " + cause.getClass().getName());
                fail("Illegal access dis-allowed for some other reason");
            } else {
                AxisFault axisFault = cause;
                System.out.println("    Reason = " + axisFault.getFaultReason().substring(axisFault.getFaultReason().lastIndexOf(".") + 1));
                assertTrue(axisFault.getFaultReason().contains("AuthzDeniedException"));
                System.out.println("Access denied correctly");
            }
        } catch (Exception e3) {
            System.out.println("Some other exception: " + e3.getClass().getName());
            fail("Some other exception");
        }
    }

    public String invokeAPIMSuccessString(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        return (String) invokeAPIMSuccess(fedoraClient, str, str2, clsArr, objArr);
    }

    public String[] invokeAPIMSuccessStringArray(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        return (String[]) invokeAPIMSuccess(fedoraClient, str, str2, clsArr, objArr);
    }

    public Object invokeAPIMSuccess(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        try {
            System.out.println("Testing " + str2 + " from valid user: " + str);
            FedoraAPIM apim = fedoraClient.getAPIM();
            Object invoke = apim.getClass().getMethod(str2, clsArr).invoke(apim, objArr);
            assertTrue(invoke != null);
            return invoke;
        } catch (InvocationTargetException e) {
            AxisFault cause = e.getCause();
            if (!(cause instanceof AxisFault)) {
                System.out.println("Got exception: " + cause.getClass().getName());
                fail("Legal access dis-allowed");
                return null;
            }
            AxisFault axisFault = cause;
            System.out.println("Got exception: " + axisFault.getClass().getName());
            System.out.println("Reason = " + axisFault.getFaultReason());
            System.out.println("Message = " + axisFault.getMessage());
            fail("Legal access dis-allowed");
            return null;
        } catch (Exception e2) {
            System.out.println("Got exception: " + e2.getClass().getName());
            fail("Legal access dis-allowed");
            return null;
        }
    }

    public void invokeAPIAFailure(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        try {
            System.out.println("Testing " + str2 + " from invalid user: " + str);
            FedoraAPIA apia = fedoraClient.getAPIA();
            apia.getClass().getMethod(str2, clsArr).invoke(apia, objArr);
            fail("Illegal access allowed");
        } catch (IOException e) {
            System.out.println("    Reason = " + e.getMessage().substring(e.getMessage().lastIndexOf("[")));
            assertTrue(e.getMessage().contains("[403 Forbidden]"));
            System.out.println("Access denied correctly");
        } catch (InvocationTargetException e2) {
            AxisFault cause = e2.getCause();
            if (!(cause instanceof AxisFault)) {
                System.out.println("Got exception: " + cause.getClass().getName());
                fail("Illegal access dis-allowed for some other reason");
            } else {
                AxisFault axisFault = cause;
                System.out.println("    Reason = " + axisFault.getFaultReason().substring(axisFault.getFaultReason().lastIndexOf(".") + 1));
                assertTrue(axisFault.getFaultReason().contains("AuthzDeniedException"));
                System.out.println("Access denied correctly");
            }
        } catch (Exception e3) {
            System.out.println("Some other exception: " + e3.getClass().getName());
            fail("Illegal access dis-allowed for some other reason");
        }
    }

    public Object invokeAPIASuccess(FedoraClient fedoraClient, String str, String str2, Class[] clsArr, Object[] objArr) {
        try {
            System.out.println("Testing " + str2 + " from valid user: " + str);
            FedoraAPIA apia = fedoraClient.getAPIA();
            Object invoke = apia.getClass().getMethod(str2, clsArr).invoke(apia, objArr);
            assertTrue(invoke != null);
            System.out.println("Access succeeded");
            return invoke;
        } catch (InvocationTargetException e) {
            AxisFault cause = e.getCause();
            if (!(cause instanceof AxisFault)) {
                System.out.println("Got exception: " + cause.getClass().getName());
                fail("Legal access dis-allowed");
                return null;
            }
            AxisFault axisFault = cause;
            System.out.println("Got exception: " + axisFault.getClass().getName());
            System.out.println("Reason = " + axisFault.getFaultReason());
            System.out.println("Message = " + axisFault.getMessage());
            fail("Legal access dis-allowed");
            return null;
        } catch (Exception e2) {
            System.out.println("Got exception: " + e2.getClass().getName());
            fail("Legal access dis-allowed");
            return null;
        }
    }

    public boolean isAPIAAuthzOn() throws IOException {
        BufferedReader bufferedReader = null;
        try {
            bufferedReader = new BufferedReader(new FileReader(new File(FEDORA_HOME, "install/install.properties")));
            while (true) {
                String readLine = bufferedReader.readLine();
                if (readLine == null) {
                    if (bufferedReader != null) {
                        bufferedReader.close();
                    }
                    return false;
                }
                if (readLine.startsWith("apia.auth.required")) {
                    if (readLine.equals("apia.auth.required=true")) {
                        if (bufferedReader != null) {
                            bufferedReader.close();
                        }
                        return true;
                    }
                    if (readLine.equals("apia.auth.required=false")) {
                        if (bufferedReader != null) {
                            bufferedReader.close();
                        }
                        return false;
                    }
                }
            }
        } catch (Throwable th) {
            if (bufferedReader != null) {
                bufferedReader.close();
            }
            throw th;
        }
    }

    public void installJunitPolicies() {
        File file = new File((System.getProperty("fcrepo-integrationtest-core.classes") != null ? System.getProperty("fcrepo-integrationtest-core.classes") : "src/test/resources/") + "XACMLTestPolicies/junit");
        System.out.println("Copying Policies For Testing from " + file.getAbsolutePath());
        File file2 = new File(FEDORA_HOME, "data/fedora-xacml-policies/repository-policies/junit");
        if (!file2.exists()) {
            file2.mkdir();
        }
        traverseAndCopy(getFilesInDir(file), file2);
        System.out.println("Copying Policies succeeded");
    }

    private void deleteJunitPolicies() {
        System.out.println("Removing Policies For Testing");
        File file = new File(FEDORA_HOME, "data/fedora-xacml-policies/repository-policies/junit");
        if (file.exists()) {
            traverseAndDelete(getFilesInDir(file));
            file.delete();
        }
    }

    private File[] getFilesInDir(File file) {
        return file.listFiles(new FilenameFilter() { // from class: org.fcrepo.test.api.TestXACMLPolicies.1
            @Override // java.io.FilenameFilter
            public boolean accept(File file2, String str) {
                return (str.toLowerCase().startsWith("permit") || str.toLowerCase().startsWith("deny")) && str.endsWith(".xml");
            }
        });
    }

    private void traverseAndCopy(File[] fileArr, File file) {
        for (File file2 : fileArr) {
            File file3 = new File(file, file2.getName());
            System.out.println("Copying policy: " + file2.getName());
            if (!file3.exists()) {
                try {
                    file3.createNewFile();
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            }
            copyFile(file2, file3);
        }
    }

    private void traverseAndDelete(File[] fileArr) {
        for (File file : fileArr) {
            System.out.println("Deleting policy: " + file.getName());
            file.delete();
        }
    }

    private boolean copyFile(File file, File file2) {
        try {
            StreamUtility.pipeStream(new FileInputStream(file), new FileOutputStream(file2), 1024);
            return true;
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    private void reloadPolicies() {
        System.out.println("Reloading Policies...");
        try {
            new FedoraClient(ServerUtility.getBaseURL(getProtocol()), getUsername(), getPassword()).reloadPolicies();
            System.out.println("  Done Reloading Policies");
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    private void backupFedoraUsersFile() {
        this.fedoraUsersBackup = new File(FedoraUsers.fedoraUsersXML.getAbsolutePath() + ".backup");
        System.out.println("Backing Up Fedora Users");
        if (!this.fedoraUsersBackup.exists()) {
            try {
                this.fedoraUsersBackup.createNewFile();
            } catch (IOException e) {
                e.printStackTrace();
            }
        }
        copyFile(FedoraUsers.fedoraUsersXML, this.fedoraUsersBackup);
    }

    private void restoreFedoraUsersFile() {
        System.out.println("Restoring Fedora Users");
        if (this.fedoraUsersBackup.exists()) {
            copyFile(this.fedoraUsersBackup, FedoraUsers.fedoraUsersXML);
        }
    }

    private void createNewFedoraUsersFileWithTestUsers() {
        String property = System.getProperty("line.seperator");
        if (property == null) {
            property = "\n";
        }
        String str = "<?xml version='1.0' ?>  " + property + "<fedora-users>" + property + "    <user name=\"" + getUsername() + "\" password=\"" + getPassword() + "\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>administrator</value>" + property + "      </attribute>" + property + "    </user>" + property + "    <user name=\"fedoraIntCallUser\" password=\"changeme\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>fedoraInternalCall-1</value>" + property + "        <value>fedoraInternalCall-2</value>" + property + "      </attribute>" + property + "    </user>" + property + "    <user name=\"testuser1\" password=\"testuser1\"/>" + property + "    <user name=\"testuser2\" password=\"testuser2\"/>" + property + "    <user name=\"testuser3\" password=\"testuser3\"/>" + property + "    <user name=\"testuser4\" password=\"testuser4\"/>" + property + "    <user name=\"testuserroleA\" password=\"testuserroleA\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>roleA</value>" + property + "      </attribute>" + property + "    </user>" + property + "    <user name=\"testuserroleB\" password=\"testuserroleB\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>roleB</value>" + property + "      </attribute>" + property + "    </user>" + property + "    <user name=\"testuserroleC\" password=\"testuserroleC\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>roleC</value>" + property + "      </attribute>" + property + "    </user>" + property + "    <user name=\"testuserroleC2\" password=\"testuserroleC2\">" + property + "      <attribute name=\"fedoraRole\">" + property + "        <value>roleC</value>" + property + "        <value>roleUntrusted</value>" + property + "      </attribute>" + property + "    </user>" + property + "  </fedora-users>";
        try {
            OutputStreamWriter outputStreamWriter = new OutputStreamWriter(new FileOutputStream(FedoraUsers.fedoraUsersXML));
            outputStreamWriter.write(str);
            outputStreamWriter.close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public void setUp() throws Exception {
        System.out.println("setting Up XACML test");
        this.admin = getFedoraClient();
        backupFedoraUsersFile();
        createNewFedoraUsersFileWithTestUsers();
        installJunitPolicies();
        reloadPolicies();
        System.out.println("creating alternate users");
        this.testuser1 = new FedoraClient(getBaseURL(), "testuser1", "testuser1");
        this.testuserroleA = new FedoraClient(getBaseURL(), "testuserroleA", "testuserroleA");
        this.testuser2 = new FedoraClient(getBaseURL(), "testuser2", "testuser2");
        this.testuser3 = new FedoraClient(getBaseURL(), "testuser3", "testuser3");
        this.testuserroleB = new FedoraClient(getBaseURL(), "testuserroleB", "testuserroleB");
        this.testuserroleC = new FedoraClient(getBaseURL(), "testuserroleC", "testuserroleC");
        this.testuserroleC2 = new FedoraClient(getBaseURL(), "testuserroleC2", "testuserroleC2");
        this.testuser4 = new FedoraClient(getBaseURL(), "testuser4", "testuser4");
        System.out.println("done setting up");
    }

    private void addObjectSpecificPolicies() {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
            stringBuffer.append("<foxml:digitalObject VERSION=\"1.1\" PID=\"demo:ObjSpecificTest\" xmlns:foxml=\"info:fedora/fedora-system:def/foxml#\">");
            stringBuffer.append("  <foxml:objectProperties>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#state\" VALUE=\"A\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#label\" VALUE=\"ObjSpecificTest\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#createdDate\" VALUE=\"2004-12-10T00:21:57Z\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/view#lastModifiedDate\" VALUE=\"2004-12-10T00:21:57Z\"/>");
            stringBuffer.append("  </foxml:objectProperties>");
            stringBuffer.append("  <foxml:datastream ID=\"POLICY\" CONTROL_GROUP=\"X\" STATE=\"A\">");
            stringBuffer.append("    <foxml:datastreamVersion FORMAT_URI=\"" + XACML_POLICY1_0.uri + "\" ID=\"POLICY1.0\" MIMETYPE=\"text/xml\" LABEL=\"Policy\">");
            stringBuffer.append("         <foxml:xmlContent>");
            stringBuffer.append("<Policy PolicyId=\"POLICY\" RuleCombiningAlgId=\"urn:oasis:names:tc:xacml:1.0:rule-combining-algorithm:first-applicable\"");
            stringBuffer.append("  xmlns=\"urn:oasis:names:tc:xacml:1.0:policy\" xmlns:xsi=\"http://www.w3.org/2001/XMLSchema-instance\">");
            stringBuffer.append("  <Description>");
            stringBuffer.append("    Denies all to user with id testuserroleC2");
            stringBuffer.append("  </Description>");
            stringBuffer.append("  <Target>");
            stringBuffer.append("    <Subjects>");
            stringBuffer.append("      <AnySubject/>");
            stringBuffer.append("    </Subjects>");
            stringBuffer.append("    <Resources>");
            stringBuffer.append("      <AnyResource/>");
            stringBuffer.append("    </Resources>");
            stringBuffer.append("    <Actions>");
            stringBuffer.append("      <AnyAction/>");
            stringBuffer.append("    </Actions>");
            stringBuffer.append("  </Target>");
            stringBuffer.append("  <Rule Effect=\"Deny\" RuleId=\"1\">");
            stringBuffer.append("    <Condition FunctionId=\"urn:oasis:names:tc:xacml:1.0:function:string-is-in\">");
            stringBuffer.append("      <AttributeValue DataType=\"http://www.w3.org/2001/XMLSchema#string\">roleUntrusted</AttributeValue>");
            stringBuffer.append("      <SubjectAttributeDesignator AttributeId=\"fedoraRole\"");
            stringBuffer.append("        DataType=\"http://www.w3.org/2001/XMLSchema#string\" MustBePresent=\"false\"/>");
            stringBuffer.append("    </Condition>");
            stringBuffer.append("  </Rule>");
            stringBuffer.append("</Policy>");
            stringBuffer.append("      </foxml:xmlContent>");
            stringBuffer.append("    </foxml:datastreamVersion>");
            stringBuffer.append("  </foxml:datastream>");
            stringBuffer.append("</foxml:digitalObject>");
            this.admin.getAPIM().ingest(stringBuffer.toString().getBytes("UTF-8"), FOXML1_1.uri, "");
        } catch (Exception e) {
            throw new RuntimeException("Failure adding object-specific policies", e);
        }
    }

    private void removeObjectSpecificPolicies() {
        try {
            this.admin.getAPIM().purgeObject("demo:ObjSpecificTest", "", false);
        } catch (Exception e) {
            throw new RuntimeException("Failure removing object-specific policies", e);
        }
    }

    private void addTestObject(String str, String str2, String... strArr) {
        try {
            StringBuffer stringBuffer = new StringBuffer();
            stringBuffer.append("<?xml version=\"1.0\" encoding=\"UTF-8\"?>");
            stringBuffer.append("<foxml:digitalObject VERSION=\"1.1\" PID=\"" + str + "\" xmlns:foxml=\"info:fedora/fedora-system:def/foxml#\">");
            stringBuffer.append("  <foxml:objectProperties>");
            if (str2 != null && str2.trim().length() > 0) {
                stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#ownerId\" VALUE=\"");
                stringBuffer.append(str2.trim());
                stringBuffer.append("\"/>");
            }
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#state\" VALUE=\"A\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#label\" VALUE=\"MultiOwnerObject\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/model#createdDate\" VALUE=\"2004-12-10T00:21:57Z\"/>");
            stringBuffer.append("    <foxml:property NAME=\"info:fedora/fedora-system:def/view#lastModifiedDate\" VALUE=\"2004-12-10T00:21:57Z\"/>");
            stringBuffer.append("  </foxml:objectProperties>");
            if (strArr != null) {
                stringBuffer.append("<foxml:datastream CONTROL_GROUP=\"X\" ID=\"RELS-EXT\">");
                stringBuffer.append("  <foxml:datastreamVersion CREATED=\"2008-07-02T05:09:43.375Z\" FORMAT_URI=\"info:fedora/fedora-system:FedoraRELSExt-1.0\" ID=\"RELS-EXT1.0\" LABEL=\"RDF Statements about this object\" MIMETYPE=\"application/rdf+xml\">");
                stringBuffer.append("    <foxml:xmlContent>");
                stringBuffer.append("      <rdf:RDF xmlns:fedora-model=\"info:fedora/fedora-system:def/model#\" xmlns:rdf=\"http://www.w3.org/1999/02/22-rdf-syntax-ns#\">");
                stringBuffer.append("        <rdf:Description rdf:about=\"info:fedora/" + str + "\">");
                for (String str3 : strArr) {
                    stringBuffer.append("          <fedora-model:hasModel rdf:resource=\"info:fedora/" + str3 + "\"/>");
                }
                stringBuffer.append("        </rdf:Description>");
                stringBuffer.append("      </rdf:RDF>");
                stringBuffer.append("    </foxml:xmlContent>");
                stringBuffer.append("  </foxml:datastreamVersion>");
                stringBuffer.append("</foxml:datastream>");
            }
            stringBuffer.append("</foxml:digitalObject>");
            this.admin.getAPIM().ingest(stringBuffer.toString().getBytes("UTF-8"), FOXML1_1.uri, "");
        } catch (Exception e) {
            throw new RuntimeException("Failure adding test object: " + str, e);
        }
    }

    private void removeTestObject(String str) {
        try {
            this.admin.getAPIM().purgeObject(str, "", false);
        } catch (Exception e) {
            throw new RuntimeException("Failure removing test object: " + str, e);
        }
    }

    public void tearDown() {
        restoreFedoraUsersFile();
        deleteJunitPolicies();
        reloadPolicies();
    }

    public static void main(String[] strArr) {
        TestRunner.run(TestXACMLPolicies.class);
    }
}
