package org.apache.jackrabbit.oak.security.user;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import java.security.PrivilegedExceptionAction;
import java.util.HashMap;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.TypeEditorProvider;
import org.apache.jackrabbit.oak.plugins.nodetype.write.InitialContent;
import org.apache.jackrabbit.oak.security.SecurityProviderImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.apache.jackrabbit.oak.util.TreeUtil;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserInitializerTest.class */
public class UserInitializerTest extends AbstractSecurityTest {
    private UserManager userMgr;
    private ConfigurationParameters config;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userMgr = getUserManager(this.root);
        this.config = getUserConfiguration().getParameters();
    }

    @Test
    public void testBuildInUserExist() throws Exception {
        Assert.assertNotNull(this.userMgr.getAuthorizable(UserUtil.getAdminId(this.config)));
        Assert.assertNotNull(this.userMgr.getAuthorizable(UserUtil.getAnonymousId(this.config)));
    }

    @Test
    public void testAdminUser() throws Exception {
        User authorizable = this.userMgr.getAuthorizable(UserUtil.getAdminId(this.config));
        Assert.assertFalse(authorizable.isGroup());
        User user = authorizable;
        Assert.assertTrue(user.isAdmin());
        Assert.assertTrue(user.getPrincipal() instanceof AdminPrincipal);
        Assert.assertTrue(user.getPrincipal() instanceof TreeBasedPrincipal);
        Assert.assertEquals(user.getID(), user.getPrincipal().getName());
    }

    @Test
    public void testAnonymous() throws Exception {
        User authorizable = this.userMgr.getAuthorizable(UserUtil.getAnonymousId(this.config));
        Assert.assertFalse(authorizable.isGroup());
        User user = authorizable;
        Assert.assertFalse(user.isAdmin());
        Assert.assertFalse(user.getPrincipal() instanceof AdminPrincipal);
        Assert.assertTrue(user.getPrincipal() instanceof TreeBasedPrincipal);
        Assert.assertEquals(user.getID(), user.getPrincipal().getName());
    }

    @Test
    public void testUserContent() throws Exception {
        Assert.assertTrue(this.root.getTree(this.userMgr.getAuthorizable(UserUtil.getAdminId(this.config)).getPath()).exists());
        Assert.assertTrue(this.root.getTree(this.userMgr.getAuthorizable(UserUtil.getAnonymousId(this.config)).getPath()).exists());
    }

    @Test
    public void testUserIndexDefinitions() throws Exception {
        Tree tree = this.root.getTree("/oak:index");
        Assert.assertTrue(tree.exists());
        assertIndexDefinition(tree.getChild("authorizableId"), "rep:authorizableId", true);
        Tree child = tree.getChild("principalName");
        assertIndexDefinition(child, "rep:principalName", true);
        Assert.assertArrayEquals(new String[]{"rep:Authorizable"}, Iterables.toArray(TreeUtil.getStrings(child, "declaringNodeTypes"), String.class));
        assertIndexDefinition(tree.getChild("members"), "rep:members", false);
    }

    @Test
    public void testAdminConfiguration() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("adminId", "admin");
        hashMap.put("omitAdminPw", true);
        SecurityProviderImpl securityProviderImpl = new SecurityProviderImpl(ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of(hashMap))));
        final ContentRepository createContentRepository = new Oak().with(new InitialContent()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(securityProviderImpl).createContentRepository();
        ContentSession contentSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { // from class: org.apache.jackrabbit.oak.security.user.UserInitializerTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ContentSession run() throws Exception {
                return createContentRepository.login((Credentials) null, (String) null);
            }
        });
        try {
            Root latestRoot = contentSession.getLatestRoot();
            Authorizable authorizable = ((UserConfiguration) securityProviderImpl.getConfiguration(UserConfiguration.class)).getUserManager(latestRoot, NamePathMapper.DEFAULT).getAuthorizable("admin");
            Assert.assertNotNull(authorizable);
            Tree tree = latestRoot.getTree(authorizable.getPath());
            Assert.assertTrue(tree.exists());
            Assert.assertNull(tree.getProperty("rep:password"));
            contentSession.close();
            ContentSession contentSession2 = null;
            try {
                contentSession2 = createContentRepository.login(new SimpleCredentials("admin", new char[0]), (String) null);
                Assert.fail();
                if (contentSession2 != null) {
                    contentSession2.close();
                }
            } catch (LoginException e) {
                if (contentSession2 != null) {
                    contentSession2.close();
                }
            } catch (Throwable th) {
                if (contentSession2 != null) {
                    contentSession2.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            contentSession.close();
            throw th2;
        }
    }

    @Test
    public void testAnonymousConfiguration() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("anonymousId", "");
        SecurityProviderImpl securityProviderImpl = new SecurityProviderImpl(ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of(hashMap))));
        final ContentRepository createContentRepository = new Oak().with(new InitialContent()).with(new PropertyIndexEditorProvider()).with(new PropertyIndexProvider()).with(new TypeEditorProvider()).with(securityProviderImpl).createContentRepository();
        ContentSession contentSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { // from class: org.apache.jackrabbit.oak.security.user.UserInitializerTest.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public ContentSession run() throws Exception {
                return createContentRepository.login((Credentials) null, (String) null);
            }
        });
        try {
            Assert.assertNull(((UserConfiguration) securityProviderImpl.getConfiguration(UserConfiguration.class)).getUserManager(contentSession.getLatestRoot(), NamePathMapper.DEFAULT).getAuthorizable("anonymous"));
            contentSession.close();
            ContentSession contentSession2 = null;
            try {
                contentSession2 = createContentRepository.login(new GuestCredentials(), (String) null);
                Assert.fail();
                if (contentSession2 != null) {
                    contentSession2.close();
                }
            } catch (LoginException e) {
                if (contentSession2 != null) {
                    contentSession2.close();
                }
            } catch (Throwable th) {
                if (contentSession2 != null) {
                    contentSession2.close();
                }
                throw th;
            }
        } catch (Throwable th2) {
            contentSession.close();
            throw th2;
        }
    }

    private static void assertIndexDefinition(Tree tree, String str, boolean z) {
        Assert.assertTrue(tree.exists());
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(TreeUtil.getBoolean(tree, "unique")));
        Assert.assertArrayEquals(str, new String[]{str}, Iterables.toArray(TreeUtil.getStrings(tree, "propertyNames"), String.class));
    }
}
