package org.apache.jackrabbit.oak.security.authentication.ldap;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.TestNameMapper;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.class */
public abstract class LdapLoginTestBase extends AbstractSecurityTest {
    protected static final String USER_ID = "foobar";
    protected static final String USER_PWD = "foobar";
    protected static final String USER_FIRSTNAME = "Foo";
    protected static final String USER_LASTNAME = "Bar";
    protected static final String USER_ATTR = "givenName";
    protected static final String USER_PROP = "profile/name";
    protected static final String GROUP_PROP = "profile/member";
    protected static final String GROUP_NAME = "foobargroup";
    protected static String GROUP_DN;
    protected static final boolean USE_COMMON_LDAP_FIXTURE = false;
    protected final HashMap<String, Object> options = new HashMap<>();
    protected UserManager userManager;
    protected static final InternalLdapServer LDAP_SERVER = new InternalLdapServer();
    protected static int CONCURRENT_LOGINS = 10;

    @BeforeClass
    public static void beforeClass() throws Exception {
    }

    @AfterClass
    public static void afterClass() throws Exception {
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        LDAP_SERVER.setUp();
        createLdapFixture();
        this.options.put("host", "127.0.0.1");
        this.options.put("port", String.valueOf(LDAP_SERVER.getPort()));
        this.options.put("authDn", "uid=admin,ou=system");
        this.options.put("authPw", InternalLdapServer.ADMIN_PW);
        this.options.put("userRoot", "ou=users,ou=system");
        this.options.put("groupRoot", "ou=groups,ou=system");
        this.options.put("autocreate.user.givenName", USER_PROP);
        this.options.put("autocreate.group.member", GROUP_PROP);
        this.options.put("groupFilter", "(objectclass=groupOfNames)");
        this.options.put("groupMembershipAttribute", InternalLdapServer.GROUP_MEMBER_ATTR);
        this.options.put("syncMode", "createUser");
        this.userManager = ((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getUserManager(this.root, NamePathMapper.DEFAULT);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        Authorizable authorizable;
        LDAP_SERVER.tearDown();
        try {
            Authorizable authorizable2 = this.userManager.getAuthorizable("foobar");
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            if (GROUP_DN != null && (authorizable = this.userManager.getAuthorizable(GROUP_DN)) != null) {
                authorizable.remove();
            }
            this.root.commit();
            this.root.refresh();
            super.after();
        } catch (Throwable th) {
            this.root.refresh();
            super.after();
            throw th;
        }
    }

    @Test
    public void testLoginFailed() throws Exception {
        try {
            login(new SimpleCredentials("foobar", new char[USE_COMMON_LDAP_FIXTURE])).close();
            Assert.fail("login failure expected");
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
        } catch (LoginException e) {
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
        } catch (Throwable th) {
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
            throw th;
        }
    }

    @Test
    public void testSyncCreateUser() throws Exception {
        this.options.put("syncMode", "createUser");
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Assert.assertFalse(contentSession.getLatestRoot().getTree(authorizable.getPath()).hasProperty("rep:password"));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncCreateGroup() throws Exception {
        this.options.put("syncMode", "createGroup");
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncCreateUserAndGroups() throws Exception {
        this.options.put("syncMode", new String[]{"createUser", "createGroup"});
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Authorizable authorizable2 = this.userManager.getAuthorizable(GROUP_DN);
            Assert.assertTrue(authorizable2.hasProperty(GROUP_PROP));
            Assert.assertNotNull(authorizable2);
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testNoSync() throws Exception {
        this.options.put("syncMode", "");
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testDefaultSync() throws Exception {
        this.options.put("syncMode", null);
        this.userManager.createUser("foobar", (String) null);
        this.root.commit();
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Authorizable authorizable2 = this.userManager.getAuthorizable(GROUP_DN);
            Assert.assertTrue(authorizable2.hasProperty(GROUP_PROP));
            Assert.assertNotNull(authorizable2);
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncUpdate() throws Exception {
        this.options.put("syncMode", "update");
        this.userManager.createUser("foobar", (String) null);
        this.root.commit();
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncUpdateAndGroups() throws Exception {
        this.options.put("syncMode", new String[]{"update", "createGroup"});
        this.userManager.createUser("foobar", (String) null);
        this.root.commit();
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Authorizable authorizable2 = this.userManager.getAuthorizable(GROUP_DN);
            Assert.assertTrue(authorizable2.hasProperty(GROUP_PROP));
            Assert.assertNotNull(authorizable2);
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testLoginSetsAuthInfo() throws Exception {
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("foobar", "foobar".toCharArray());
            simpleCredentials.setAttribute("attr", "val");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            Assert.assertEquals("foobar", authInfo.getUserID());
            Assert.assertEquals("val", authInfo.getAttribute("attr"));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testPrincipalsFromAuthInfo() throws Exception {
        this.options.put("syncMode", "createUser");
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("foobar", "foobar".toCharArray());
            simpleCredentials.setAttribute("attr", "val");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            this.root.refresh();
            Set principals = ((PrincipalConfiguration) getSecurityProvider().getConfiguration(PrincipalConfiguration.class)).getPrincipalProvider(this.root, NamePathMapper.DEFAULT).getPrincipals("foobar");
            Assert.assertEquals(2L, principals.size());
            Assert.assertEquals(principals, authInfo.getPrincipals());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testPrincipalsFromAuthInfo2() throws Exception {
        this.options.put("syncMode", new String[]{"createUser", "createGroup"});
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("foobar", "foobar".toCharArray());
            simpleCredentials.setAttribute("attr", "val");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            this.root.refresh();
            Set principals = ((PrincipalConfiguration) getSecurityProvider().getConfiguration(PrincipalConfiguration.class)).getPrincipalProvider(this.root, NamePathMapper.DEFAULT).getPrincipals("foobar");
            Assert.assertEquals(3L, principals.size());
            Assert.assertEquals(principals, authInfo.getPrincipals());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testReLogin() throws Exception {
        this.options.put("syncMode", "createUser");
        ContentSession contentSession = USE_COMMON_LDAP_FIXTURE;
        try {
            ContentSession login = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertFalse(this.root.getTree(authorizable.getPath()).hasProperty("rep:password"));
            login.close();
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            Assert.assertEquals("foobar", contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    @Ignore
    public void testConcurrentLogin() throws Exception {
        concurrentLogin(false);
    }

    @Test
    @Ignore
    public void testConcurrentLoginSameGroup() throws Exception {
        concurrentLogin(true);
    }

    private void concurrentLogin(boolean z) throws Exception {
        final ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i = USE_COMMON_LDAP_FIXTURE; i < CONCURRENT_LOGINS; i++) {
            final String str = "user-" + i;
            String addUser = LDAP_SERVER.addUser(str, TestNameMapper.TEST_LOCAL_PREFIX, str, InternalLdapServer.ADMIN_PW);
            if (z) {
                LDAP_SERVER.addMember(GROUP_DN, addUser);
            }
            arrayList2.add(new Thread(new Runnable() { // from class: org.apache.jackrabbit.oak.security.authentication.ldap.LdapLoginTestBase.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        LdapLoginTestBase.this.login(new SimpleCredentials(str, InternalLdapServer.ADMIN_PW.toCharArray())).close();
                    } catch (Exception e) {
                        arrayList.add(e);
                    }
                }
            }));
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            ((Thread) it.next()).start();
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            ((Thread) it2.next()).join();
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            ((Exception) it3.next()).printStackTrace();
        }
        if (!arrayList.isEmpty()) {
            throw ((Exception) arrayList.get(USE_COMMON_LDAP_FIXTURE));
        }
    }

    protected static void createLdapFixture() throws Exception {
        InternalLdapServer internalLdapServer = LDAP_SERVER;
        String addGroup = LDAP_SERVER.addGroup(GROUP_NAME);
        GROUP_DN = addGroup;
        internalLdapServer.addMember(addGroup, LDAP_SERVER.addUser(USER_FIRSTNAME, USER_LASTNAME, "foobar", "foobar"));
    }
}
