3                  Q        z + - C  -    ! "#$ %& '( %)* +, -./0 1 2 O3 456 H78 9: ;<= z>? Q@ AB CD EFGHI Z J KL ZMN O>PQRS TUVWXYZ[\]^ H _ +` abc ud w wef z zg wh uij klmlog Lorg/apache/commons/logging/Log;8(Lorg/dataone/integration/ContextAwareTestCaseDataone;)VCodeLineNumberTableLocalVariableTablethisJLorg/dataone/integration/it/testImplementations/CNAuthTestImplementations;catc5Lorg/dataone/integration/ContextAwareTestCaseDataone;testSetRightsHolder)(Ljava/util/Iterator;Ljava/lang/String;)V nodeIteratorLjava/util/Iterator;versionLjava/lang/String;LocalVariableTypeTable9Ljava/util/Iterator; StackMapTable SignatureN(Ljava/util/Iterator;Ljava/lang/String;)VRuntimeVisibleAnnotations-Lorg/dataone/integration/webTest/WebTestName;value2setRightsHolder - tests that setRightsHolder works4Lorg/dataone/integration/webTest/WebTestDescription;first uses setRightsHolder to change the rights holder, then calls isAuthorized with an unauthorized subject, verifies that if fails with a NotAuthorized exception, then calls isAuthorized with the rights holder set earlier and verifies that there's no exception8(Lorg/dataone/service/types/v1/Node;Ljava/lang/String;)Vna.Lorg/dataone/service/exceptions/NotAuthorized;smd-Lorg/dataone/service/types/v1/SystemMetadata;response)Lorg/dataone/service/types/v1/Identifier;changeableObjecte.Lorg/dataone/service/exceptions/BaseException;Ljava/lang/Exception;node#Lorg/dataone/service/types/v1/Node; currentUrl callAdapterCN0Lorg/dataone/integration/adapters/CNCallAdapter;callAdapterRightsHoldercallAdapterPersonoriginalOwnerSubject&Lorg/dataone/service/types/v1/Subject;inheritorSubjectj=fno= testSetRightsHolderV2tries to use setRightsHolder to change the rights holder, but this should fail since it's done against a v2 object (one that has a v2 authoritative MN)testSetAccessPolicy2setAccessPolicy - tests that setAccessPolicy workstfinds an object that can be modified, clears its AccessPolicy, calls isAuthorized with a non-owner subject expecting a NotAuthorized exception, then calls setAccessPolicy as the rights holder to set the AccessPolicy to allow read for a specific person, verifies that this was allowed, then tries isAuthorized again as that specific person, making sure they now have access)Lorg/dataone/service/exceptions/NotFound;isLjava/io/InputStream; serialVersionJsuccessZosLjava/io/ByteArrayOutputStream;6Lorg/dataone/integration/TestIterationEndingException; callAdapterRHcallAdapterSubmittercallAdapterPublic ownerSubject readerSubjectorigObjectCacheSetting8I5testSetAccessPolicyV2PsetAccessPolicy - tests that setAccessPolicy fails for a v2 authoritative objectitries to set the access policy of a v2 object (one that has a v2 authoritative MN) and expects it to fail accessPolicy+Lorg/dataone/service/types/v1/AccessPolicy; accessRule)Lorg/dataone/service/types/v1/AccessRule;subjectpid()V SourceFileCNAuthTestImplementations.java p qr st!org/dataone/service/types/v1/Node uvjava/lang/StringBuilder #testSetRightsHolder(...) vs. node: wx yv z{.org/dataone/integration/adapters/CNCallAdapter | }~ testRightsHolder testPerson TierTesting:setRH: v   o    v31. setRightsHolder(...) returns a Identifier object   =2. isAuthorized to CHANGE as former rightsHolder should fail. ,org/dataone/service/exceptions/NotAuthorized53. testPerson should not be able to CHANGE the object(4. testPerson should be the rightsHolder  :5. testPerson should now be able to get the systemmetadata3could not create object for testing setRightsHolder,org/dataone/service/exceptions/BaseException vjava/lang/Exception   v: v r0v2 CN.setRightsHolder() on v2 object should fail  testSubmitterpublic D1Client.useLocalCache   D1Client.CNode.create.timeouts  v testSetAccessPolicy() vs. node: TierTesting:%s:setAccess%sjava/lang/Object  v 4org/dataone/integration/TestIterationEndingException5the test object should be owned by the client subject {'org/dataone/service/exceptions/NotFound clear the AccessPolicy java/lang/String v'org/dataone/service/types/v1/Permission   )1. isAuthorized by the reader should fail ;2. getting the newly created object as a reader should failAallow read permission for client-who-is-the-object's-RightsHolder;3. testRightsHolder should be able to set the access policyjava/io/ByteArrayOutputStream  !trying isAuthorized as testPerson54. testPerson should be authorized to read this pid 'n'now trying get() as testPerson25. testPerson should now be able to get the objectPnow try to get as a known user with no rights to the object (should not be able) y56. testSubmitter should not be able to get the objectInow try isAuthorized() on it as a known user with no rights to the object<7. testSubmitter should not be authorized to read the object,finally test access against anonymous clientH8. anonymous client (no certificate) should not beable to get the object7and test isAuthorized on it with certificateless clientf9. anonymous client (no certificate) should not be able to get successful response from isAuthorized()done.&No Objects available to test against: v v testSetAccessPolicy_)org/dataone/service/types/v1/AccessPolicy'org/dataone/service/types/v1/AccessRule $org/dataone/service/types/v1/Subject {  Horg/dataone/integration/it/testImplementations/CNAuthTestImplementations .org/dataone/integration/it/ContextAwareAdapter'org/dataone/service/types/v1/Identifier+org/dataone/service/types/v1/SystemMetadatajava/util/IteratorhasNext()Znext()Ljava/lang/Object; getBaseURL()Ljava/lang/String;append-(Ljava/lang/String;)Ljava/lang/StringBuilder;toStringprintTestHeader(Ljava/lang/String;)V cnSubmitter getSessionA(Ljava/lang/String;)Lorg/dataone/client/rest/MultipartRestClient;e(Lorg/dataone/client/rest/MultipartRestClient;Lorg/dataone/service/types/v1/Node;Ljava/lang/String;)V3org/dataone/integration/ContextAwareTestCaseDataone getSubject:(Ljava/lang/String;)Lorg/dataone/service/types/v1/Subject;(org/dataone/integration/ExampleUtilitiesgenerateIdentifier$org/dataone/integration/APITestUtilsbuildIdentifier=(Ljava/lang/String;)Lorg/dataone/service/types/v1/Identifier;createTestObject(Lorg/dataone/client/D1Node;Lorg/dataone/service/types/v1/Identifier;Lorg/dataone/service/types/v1/AccessRule;Ljava/lang/String;)Lorg/dataone/service/types/v1/Identifier;getSystemMetadata~(Lorg/dataone/service/types/v1/Session;Lorg/dataone/service/types/v1/Identifier;)Lorg/dataone/service/types/v2/SystemMetadata;getSerialVersion()Ljava/math/BigInteger;java/math/BigInteger longValue()JsetRightsHolder(Lorg/dataone/service/types/v1/Session;Lorg/dataone/service/types/v1/Identifier;Lorg/dataone/service/types/v1/Subject;J)Lorg/dataone/service/types/v1/Identifier;getLatestRequestUrl checkTrue((Ljava/lang/String;Ljava/lang/String;Z)VCHANGE_PERMISSION)Lorg/dataone/service/types/v1/Permission; isAuthorized{(Lorg/dataone/service/types/v1/Session;Lorg/dataone/service/types/v1/Identifier;Lorg/dataone/service/types/v1/Permission;)Z handleFail'(Ljava/lang/String;Ljava/lang/String;)VgetRightsHolder(()Lorg/dataone/service/types/v1/Subject;equals(Ljava/lang/Object;)ZgetDescriptionprintStackTracegetClass()Ljava/lang/Class;java/lang/ClassgetName getMessagenodeListContainsV2Mn"org/dataone/configuration/SettingsgetConfiguration2()Lorg/apache/commons/configuration/Configuration;.org/apache/commons/configuration/Configuration getBoolean(Ljava/lang/String;)Zjava/lang/BooleanvalueOf(Z)Ljava/lang/Boolean; setProperty'(Ljava/lang/String;Ljava/lang/Object;)Vjava/lang/Integer(I)Ljava/lang/Integer;getNodeBaseServiceUrlcreateNodeAbbreviation&(Ljava/lang/String;)Ljava/lang/String;getTestObjectSeriesSuffixformat9(Ljava/lang/String;[Ljava/lang/Object;)Ljava/lang/String;)org/dataone/client/v1/types/D1TypeBuilderorg/apache/commons/logging/Loginfo(Ljava/lang/Object;)VgetValueREAD,org/dataone/service/types/v1/util/AccessUtilcreateSingleRuleAccessPolicyj([Ljava/lang/String;[Lorg/dataone/service/types/v1/Permission;)Lorg/dataone/service/types/v1/AccessPolicy;setAccessPolicy~(Lorg/dataone/service/types/v1/Session;Lorg/dataone/service/types/v1/Identifier;Lorg/dataone/service/types/v1/AccessPolicy;J)Zgetf(Lorg/dataone/service/types/v1/Session;Lorg/dataone/service/types/v1/Identifier;)Ljava/io/InputStream;getAccessPolicy-()Lorg/dataone/service/types/v1/AccessPolicy;'org/dataone/service/util/TypeMarshallermarshalTypeToOutputStream+(Ljava/lang/Object;Ljava/io/OutputStream;)Vorg/apache/commons/io/IOUtils)(Ljava/io/InputStream;)Ljava/lang/String; getSimpleNamegetDetail_code addPermission,(Lorg/dataone/service/types/v1/Permission;)VsetValue addSubject)(Lorg/dataone/service/types/v1/Subject;)VaddAllow,(Lorg/dataone/service/types/v1/AccessRule;)V%org/apache/commons/logging/LogFactorygetLog3(Ljava/lang/Class;)Lorg/apache/commons/logging/Log;! >*+ )*}+*+,2 34  ss +N*Y - Y**+,: Y*+,: Y*+,:::Y  : * *:   :   : *  !W*"#:  !W: *%# : *& '(: *)#  W**#D: * ,#1:  .*-Y /0 1  2 #$$$_KN+_Ka-%=>@/A@BQCXD_HyKMNOUWX\Z_b`aefigh*k=m@nKwNqPr^watcuhvx  y P c, /a@PQ?X8_1  \N a  BR-}+*+,3   ssR *4+N*Y - Y**+,: Y*+,::Y  :**:4:: *5#: **#D:*,#1:.*-Y/0 1 2 #$R+R-f ':KRl~z $lS,:KR8  BR-}+*+,6   ss^ Y**+,N Y*+,: Y*+,: Y*7+,: Y*8+,::: 9:;6 9:<=9>'?=-@: *YA  BCY*-@DSY*ESFG: : - :  '( HYIJ:*- *: LMN 7- OY 'PSQYRSST6 R!W*U#: VW*W#:LXN :  7 OY PSQYRSST6*Y : ZY[: \]L^NL_N R!W*:*Y`  a b #LcN VW:*d#LeN V:LfN*g#:LhN R!W*i#:LjN VW*k#:LlN R!W*m#:LnN: *Yo  p #o: *Y /q 1  r 1  , #2:  .* Y /0 1  2 #9: <= KF]`$bvy$ $?HK$b$$$$H*+g-RT#4EV]dp~ FR]`bkvy{   5?HKMXb l!y"&$')*-+/12648:;?=@JBC'J*D,EdJgGiHnIKL%M l0 - F$ ,8 i- #4rEaVP]IdB p6  BTV&U nc`c d|.}+*+,sR ST  ss g*4 Y**+,N Y*+,:9:<=9>'?=-@:*YA  Yt  G:*-*:-:uYv:wYx:  RyzY{:  8|  } ~-TW*-5#:o:*Y/q 1 r 1 , #2:.*Y/0 1 2 #$j+j7-zX Y [\.^<_L`Rajdegijklmnopqtr{uv4{7x9y>zf| KB 1 sY89-gggJ.9R1 B|." L%