package org.apache.jackrabbit.oak.security.user;

import com.google.common.collect.ImmutableMap;
import java.util.UUID;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.CredentialExpiredException;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/PasswordForceInitialPasswordChangeTest.class */
public class PasswordForceInitialPasswordChangeTest extends AbstractSecurityTest {
    private String userId;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userId = getTestUser().getID();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("initialPasswordChange", true)));
    }

    @Test
    public void testCreateUser() throws Exception {
        String str = "newuser" + UUID.randomUUID();
        User user = null;
        try {
            user = getUserManager(this.root).createUser(str, str);
            this.root.commit();
            Assert.assertFalse(this.root.getTree(user.getPath()).hasChild("rep:pwd"));
            Assert.assertFalse(user.hasProperty("rep:pwd/rep:passwordLastModified"));
            if (user != null) {
                user.remove();
                this.root.commit();
            }
        } catch (Throwable th) {
            if (user != null) {
                user.remove();
                this.root.commit();
            }
            throw th;
        }
    }

    @Test
    public void testAuthenticateMustChangePassword() throws Exception {
        try {
            new UserAuthentication(getUserConfiguration(), this.root, this.userId).authenticate(new SimpleCredentials(this.userId, this.userId.toCharArray()));
            Assert.fail("Credentials should be expired");
        } catch (CredentialExpiredException e) {
        }
    }

    @Test
    public void testChangePassword() throws Exception {
        User testUser = getTestUser();
        Assert.assertNull(this.root.getTree(testUser.getPath()).getChild("rep:pwd").getProperty("rep:passwordLastModified"));
        testUser.changePassword(this.userId);
        this.root.commit();
        PropertyState property = this.root.getTree(testUser.getPath()).getChild("rep:pwd").getProperty("rep:passwordLastModified");
        Assert.assertNotNull(property);
        Assert.assertTrue(((Long) property.getValue(Type.LONG)).longValue() > 0);
        new UserAuthentication(getUserConfiguration(), this.root, this.userId).authenticate(new SimpleCredentials(this.userId, this.userId.toCharArray()));
    }
}
