package org.apache.jackrabbit.oak.security.authentication;

import com.google.common.collect.ImmutableSet;
import java.security.Provider;
import java.security.Security;
import java.util.HashMap;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.ConfigurationSpi;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.GuestLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.JaasLoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginContext;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleMonitor;
import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthContext;
import org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/LoginContextProviderImplTest.class */
public class LoginContextProviderImplTest extends AbstractSecurityTest {
    private LoginContextProviderImpl lcProvider;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.lcProvider = newLoginContextProviderImpl(ConfigurationParameters.EMPTY);
    }

    private LoginContextProviderImpl newLoginContextProviderImpl(ConfigurationParameters configurationParameters) {
        return new LoginContextProviderImpl("jackrabbit.oak", configurationParameters, getContentRepository(), getSecurityProvider(), new DefaultWhiteboard(), LoginModuleMonitor.NOOP);
    }

    @NotNull
    private static String addProvider(final boolean z) throws Exception {
        Provider.Service service = (Provider.Service) Mockito.mock(Provider.Service.class);
        Mockito.when(service.newInstance(null)).thenReturn(new ConfigurationSpi() { // from class: org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImplTest.1
            protected AppConfigurationEntry[] engineGetAppConfigurationEntry(String str) {
                if (z) {
                    return new AppConfigurationEntry[]{new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap())};
                }
                return null;
            }
        });
        Provider provider = (Provider) Mockito.when(((Provider) Mockito.mock(Provider.class)).getName()).thenReturn("testProvider_" + z).getMock();
        Mockito.when(provider.getService("Configuration", "JavaLoginConfig")).thenReturn(service);
        Security.addProvider(provider);
        return provider.getName();
    }

    @Test
    public void testGetLoginContext() throws Exception {
        Subject subject = this.lcProvider.getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), this.root.getContentSession().getWorkspaceName()).getSubject();
        Assert.assertNotNull(subject);
        Assert.assertFalse(subject.isReadOnly());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
    }

    @Test
    public void getLoginContextWithoutCredentials() throws Exception {
        LoginContext loginContext = this.lcProvider.getLoginContext((Credentials) null, this.root.getContentSession().getWorkspaceName());
        Assert.assertNotNull(loginContext);
        Assert.assertTrue(loginContext instanceof JaasLoginContext);
    }

    @Test
    public void testGetPreAuthLoginContext() {
        Subject subject = new Subject(true, ImmutableSet.of(), ImmutableSet.of(), ImmutableSet.of());
        LoginContext loginContext = (LoginContext) Subject.doAs(subject, () -> {
            try {
                return this.lcProvider.getLoginContext((Credentials) null, (String) null);
            } catch (LoginException e) {
                throw new RuntimeException();
            }
        });
        Assert.assertTrue(loginContext instanceof PreAuthContext);
        Assert.assertSame(subject, loginContext.getSubject());
    }

    @Test
    public void testGetLoginContextWithInvalidProviderConfig() throws Exception {
        newLoginContextProviderImpl(ConfigurationParameters.of("org.apache.jackrabbit.oak.authentication.configSpiName", IdentifierManagerTest.ID_INVALID)).getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), (String) null).login();
    }

    @Test(expected = LoginException.class)
    public void testGetLoginContextWithIncompleteProvider() throws Exception {
        newLoginContextProviderImpl(ConfigurationParameters.of("org.apache.jackrabbit.oak.authentication.configSpiName", addProvider(false))).getLoginContext(new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()), (String) null).login();
    }

    @Test
    public void testGetLoginContextWithCompleteProvider() throws Exception {
        newLoginContextProviderImpl(ConfigurationParameters.of("org.apache.jackrabbit.oak.authentication.configSpiName", addProvider(true))).getLoginContext((Credentials) null, this.adminSession.getWorkspaceName()).login();
    }

    @Test
    public void testGetLoginContextWithConfigurationPreset() throws Exception {
        Configuration.setConfiguration(new Configuration() { // from class: org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImplTest.2
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap())};
            }
        });
        LoginContext loginContext = newLoginContextProviderImpl(ConfigurationParameters.EMPTY).getLoginContext((Credentials) null, (String) null);
        loginContext.login();
        Assert.assertFalse(loginContext.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
    }

    @Test
    public void testGetLoginContextTwice() throws Exception {
        Configuration.setConfiguration(new Configuration() { // from class: org.apache.jackrabbit.oak.security.authentication.LoginContextProviderImplTest.3
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry(GuestLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.OPTIONAL, new HashMap())};
            }
        });
        LoginContextProviderImpl newLoginContextProviderImpl = newLoginContextProviderImpl(ConfigurationParameters.EMPTY);
        newLoginContextProviderImpl.getLoginContext((Credentials) null, (String) null);
        LoginContext loginContext = newLoginContextProviderImpl.getLoginContext((Credentials) null, (String) null);
        loginContext.login();
        Assert.assertFalse(loginContext.getSubject().getPublicCredentials(GuestCredentials.class).isEmpty());
    }
}
