package org.apache.jackrabbit.oak.security.user;

import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.AccountLockedException;
import javax.security.auth.login.AccountNotFoundException;
import javax.security.auth.login.FailedLoginException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserAuthenticationTest.class */
public class UserAuthenticationTest extends AbstractSecurityTest {
    private String userId;
    private UserAuthentication authentication;

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserAuthenticationTest$TestAuthInfo.class */
    private final class TestAuthInfo implements AuthInfo {
        private TestAuthInfo() {
        }

        public String getUserID() {
            return UserAuthenticationTest.this.userId;
        }

        @Nonnull
        public String[] getAttributeNames() {
            return new String[0];
        }

        public Object getAttribute(String str) {
            return null;
        }

        @Nonnull
        public Set<Principal> getPrincipals() {
            return null;
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userId = getTestUser().getID();
        this.authentication = new UserAuthentication(getUserConfiguration(), this.root, this.userId);
    }

    @Test
    public void testAuthenticateWithoutUserId() throws Exception {
        this.authentication = new UserAuthentication(getUserConfiguration(), this.root, (String) null);
        Assert.assertFalse(this.authentication.authenticate(new SimpleCredentials(this.userId, this.userId.toCharArray())));
    }

    @Test
    public void testAuthenticateInvalidCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new TokenCredentials("token"));
        arrayList.add(new Credentials() { // from class: org.apache.jackrabbit.oak.security.user.UserAuthenticationTest.1
        });
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Assert.assertFalse(this.authentication.authenticate((Credentials) it.next()));
        }
    }

    @Test
    public void testAuthenticateCannotResolveUser() throws Exception {
        SimpleCredentials simpleCredentials = new SimpleCredentials("unknownUser", "pw".toCharArray());
        Assert.assertFalse(new UserAuthentication(getUserConfiguration(), this.root, simpleCredentials.getUserID()).authenticate(simpleCredentials));
    }

    @Test
    public void testAuthenticateResolvesToGroup() throws Exception {
        Group createGroup = getUserManager(this.root).createGroup("g1");
        SimpleCredentials simpleCredentials = new SimpleCredentials(createGroup.getID(), "pw".toCharArray());
        try {
            try {
                new UserAuthentication(getUserConfiguration(), this.root, simpleCredentials.getUserID()).authenticate(simpleCredentials);
                Assert.fail("Authenticating Group should fail");
                if (createGroup != null) {
                    createGroup.remove();
                    this.root.commit();
                }
            } catch (LoginException e) {
                Assert.assertTrue(e instanceof AccountNotFoundException);
                if (createGroup != null) {
                    createGroup.remove();
                    this.root.commit();
                }
            }
        } catch (Throwable th) {
            if (createGroup != null) {
                createGroup.remove();
                this.root.commit();
            }
            throw th;
        }
    }

    @Test
    public void testAuthenticateResolvesToDisabledUser() throws Exception {
        User testUser = getTestUser();
        SimpleCredentials simpleCredentials = new SimpleCredentials(testUser.getID(), testUser.getID().toCharArray());
        UserAuthentication userAuthentication = new UserAuthentication(getUserConfiguration(), this.root, simpleCredentials.getUserID());
        try {
            try {
                getTestUser().disable("disabled");
                this.root.commit();
                userAuthentication.authenticate(simpleCredentials);
                Assert.fail("Authenticating disabled user should fail");
                getTestUser().disable((String) null);
                this.root.commit();
            } catch (LoginException e) {
                Assert.assertTrue(e instanceof AccountLockedException);
                getTestUser().disable((String) null);
                this.root.commit();
            }
        } catch (Throwable th) {
            getTestUser().disable((String) null);
            this.root.commit();
            throw th;
        }
    }

    @Test
    public void testAuthenticateInvalidSimpleCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new SimpleCredentials(this.userId, "wrongPw".toCharArray()));
        arrayList.add(new SimpleCredentials(this.userId, "".toCharArray()));
        arrayList.add(new SimpleCredentials("unknownUser", "pw".toCharArray()));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                this.authentication.authenticate((Credentials) it.next());
                Assert.fail("LoginException expected");
            } catch (LoginException e) {
                Assert.assertTrue(e instanceof FailedLoginException);
            }
        }
    }

    @Test
    public void testAuthenticateIdMismatch() throws Exception {
        try {
            this.authentication.authenticate(new SimpleCredentials("unknownUser", "pw".toCharArray()));
            Assert.fail("LoginException expected");
        } catch (LoginException e) {
            Assert.assertTrue(e instanceof FailedLoginException);
        }
    }

    @Test
    public void testAuthenticateSimpleCredentials() throws Exception {
        Assert.assertTrue(this.authentication.authenticate(new SimpleCredentials(this.userId, this.userId.toCharArray())));
    }

    @Test
    public void testAuthenticateInvalidImpersonationCredentials() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ImpersonationCredentials(new GuestCredentials(), this.adminSession.getAuthInfo()));
        arrayList.add(new ImpersonationCredentials(new SimpleCredentials(this.adminSession.getAuthInfo().getUserID(), new char[0]), new TestAuthInfo()));
        arrayList.add(new ImpersonationCredentials(new SimpleCredentials("unknown", new char[0]), this.adminSession.getAuthInfo()));
        arrayList.add(new ImpersonationCredentials(new SimpleCredentials("unknown", new char[0]), new TestAuthInfo()));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                this.authentication.authenticate((Credentials) it.next());
                Assert.fail("LoginException expected");
            } catch (LoginException e) {
                Assert.assertTrue(e instanceof FailedLoginException);
            }
        }
    }

    @Test
    public void testAuthenticateImpersonationCredentials() throws Exception {
        Assert.assertTrue(this.authentication.authenticate(new ImpersonationCredentials(new SimpleCredentials(this.userId, new char[0]), this.adminSession.getAuthInfo())));
    }

    @Test
    public void testAuthenticateImpersonationCredentials2() throws Exception {
        Assert.assertTrue(this.authentication.authenticate(new ImpersonationCredentials(new SimpleCredentials(this.userId, new char[0]), new TestAuthInfo())));
    }
}
