package org.apache.jackrabbit.oak.security.user;

import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserPrincipalProviderWithCacheTest.class */
public class UserPrincipalProviderWithCacheTest extends AbstractPrincipalProviderTest {
    private String userId;
    private ContentSession systemSession;
    private Root systemRoot;

    @Override // org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.userId = getTestUser().getID();
        this.systemSession = getSystemSession();
        this.systemRoot = this.systemSession.getLatestRoot();
    }

    @Override // org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            if (this.systemSession != null) {
                this.systemSession.close();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("cacheExpiration", 3600000));
    }

    @Override // org.apache.jackrabbit.oak.security.principal.AbstractPrincipalProviderTest
    @NotNull
    protected PrincipalProvider createPrincipalProvider() {
        return createPrincipalProvider(this.root);
    }

    private PrincipalProvider createPrincipalProvider(Root root) {
        return new UserPrincipalProvider(root, getUserConfiguration(), this.namePathMapper);
    }

    private ContentSession getSystemSession() throws Exception {
        if (this.systemSession == null) {
            this.systemSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, () -> {
                return login(null);
            });
        }
        return this.systemSession;
    }

    private void changeUserConfiguration(ConfigurationParameters configurationParameters) {
        getUserConfiguration().setParameters(configurationParameters);
    }

    private Tree getCacheTree(Root root) throws Exception {
        return getCacheTree(root, getTestUser().getPath());
    }

    private Tree getCacheTree(Root root, String str) {
        return root.getTree(str + "/rep:cache");
    }

    private static void assertPrincipals(Set<? extends Principal> set, Principal... principalArr) {
        Assert.assertEquals(principalArr.length, set.size());
        for (Principal principal : principalArr) {
            Assert.assertTrue(set.contains(principal));
        }
    }

    @Test
    public void testGetPrincipalsPopulatesCache() throws Exception {
        assertPrincipals(createPrincipalProvider(this.systemRoot).getPrincipals(this.userId), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
        this.root.refresh();
        Tree cacheTree = getCacheTree(this.root);
        Assert.assertTrue(cacheTree.exists());
        Assert.assertEquals("rep:Cache", TreeUtil.getPrimaryTypeName(cacheTree));
        Assert.assertNotNull(cacheTree.getProperty("rep:expiration"));
        PropertyState property = cacheTree.getProperty("rep:groupPrincipalNames");
        Assert.assertNotNull(property);
        Assert.assertEquals(this.testGroup.getPrincipal().getName(), (String) property.getValue(Type.STRING));
    }

    @Test
    public void testGetGroupMembershipPopulatesCache() throws Exception {
        assertPrincipals(createPrincipalProvider(this.systemRoot).getMembershipPrincipals(getTestUser().getPrincipal()), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal());
        this.root.refresh();
        Tree cacheTree = getCacheTree(this.root);
        Assert.assertTrue(cacheTree.exists());
        Assert.assertEquals("rep:Cache", TreeUtil.getPrimaryTypeName(cacheTree));
        Assert.assertNotNull(cacheTree.getProperty("rep:expiration"));
        PropertyState property = cacheTree.getProperty("rep:groupPrincipalNames");
        Assert.assertNotNull(property);
        Assert.assertEquals(this.testGroup.getPrincipal().getName(), (String) property.getValue(Type.STRING));
    }

    @Test
    public void testPrincipalManagerGetGroupMembershipPopulatesCache() throws Exception {
        assertPrincipals(ImmutableSet.copyOf(getPrincipalManager(this.systemRoot).getGroupMembership(getTestUser().getPrincipal())), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal());
        this.root.refresh();
        Tree cacheTree = getCacheTree(this.root);
        Assert.assertTrue(cacheTree.exists());
        Assert.assertEquals("rep:Cache", TreeUtil.getPrimaryTypeName(cacheTree));
        Assert.assertNotNull(cacheTree.getProperty("rep:expiration"));
        PropertyState property = cacheTree.getProperty("rep:groupPrincipalNames");
        Assert.assertNotNull(property);
        Assert.assertEquals(this.testGroup.getPrincipal().getName(), (String) property.getValue(Type.STRING));
    }

    @Test
    public void testGetPrincipalsForGroups() throws Exception {
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        Assert.assertTrue(createPrincipalProvider.getPrincipals(this.testGroup.getID()).isEmpty());
        Assert.assertTrue(createPrincipalProvider.getPrincipals(this.testGroup2.getID()).isEmpty());
        this.root.refresh();
        Assert.assertFalse(getCacheTree(this.root, this.testGroup.getPath()).exists());
        Assert.assertFalse(getCacheTree(this.root, this.testGroup2.getPath()).exists());
    }

    @Test
    public void testGetGroupMembershipForGroups() throws Exception {
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        assertPrincipals(createPrincipalProvider.getMembershipPrincipals(this.testGroup.getPrincipal()), EveryonePrincipal.getInstance());
        assertPrincipals(createPrincipalProvider.getMembershipPrincipals(this.testGroup2.getPrincipal()), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal());
        this.root.refresh();
        Assert.assertFalse(getCacheTree(this.root, this.testGroup.getPath()).exists());
        Assert.assertFalse(getCacheTree(this.root, this.testGroup2.getPath()).exists());
    }

    @Test
    public void testExtractPrincipalsFromCache() throws Exception {
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        Set principals = createPrincipalProvider.getPrincipals(this.userId);
        assertPrincipals(principals, EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
        Assert.assertEquals(principals, createPrincipalProvider.getPrincipals(this.userId));
    }

    @Test
    public void testGroupPrincipalNameEscape() throws Exception {
        String str = null;
        try {
            PrincipalImpl principalImpl = new PrincipalImpl(this.groupId + ",,%,%%");
            Group createGroup = getUserManager(this.root).createGroup(principalImpl);
            str = createGroup.getID();
            createGroup.addMember(getTestUser());
            this.root.commit();
            this.systemRoot.refresh();
            PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
            Assert.assertTrue(createPrincipalProvider.getPrincipals(this.userId).contains(principalImpl));
            Assert.assertTrue(createPrincipalProvider.getPrincipals(this.userId).contains(principalImpl));
            this.root.refresh();
            if (str != null) {
                getUserManager(this.root).getAuthorizable(str).remove();
                this.root.commit();
            }
        } catch (Throwable th) {
            this.root.refresh();
            if (str != null) {
                getUserManager(this.root).getAuthorizable(str).remove();
                this.root.commit();
            }
            throw th;
        }
    }

    @Test
    public void testMembershipChange() throws Exception {
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        Set principals = createPrincipalProvider.getPrincipals(this.userId);
        UserManager userManager = getUserManager(this.root);
        Assert.assertTrue(userManager.getAuthorizable(this.groupId, Group.class).removeMember(userManager.getAuthorizable(this.userId)));
        this.root.commit();
        this.systemRoot.refresh();
        Assert.assertEquals(principals, createPrincipalProvider.getPrincipals(this.userId));
        changeUserConfiguration(ConfigurationParameters.EMPTY);
        assertPrincipals(createPrincipalProvider(this.systemRoot).getPrincipals(this.userId), EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
    }

    @Test
    public void testCacheUpdate() throws Exception {
        Set principals = createPrincipalProvider(this.systemRoot).getPrincipals(this.userId);
        Assert.assertTrue(getCacheTree(this.systemRoot).exists());
        UserManager userManager = getUserConfiguration().getUserManager(this.systemRoot, this.namePathMapper);
        Assert.assertTrue(userManager.getAuthorizable(this.groupId, Group.class).removeMember(userManager.getAuthorizable(this.userId)));
        this.systemRoot.commit();
        getCacheTree(this.systemRoot).setProperty("rep:expiration", 2);
        this.systemRoot.commit(CacheValidatorProvider.asCommitAttributes());
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        Set principals2 = createPrincipalProvider.getPrincipals(this.userId);
        Assert.assertNotEquals(principals, principals2);
        assertPrincipals(principals2, EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
        Tree cacheTree = getCacheTree(this.systemRoot);
        Assert.assertNotSame(2, Long.valueOf(TreeUtil.getLong(cacheTree, "rep:expiration", 2L)));
        Assert.assertEquals("", TreeUtil.getString(cacheTree, "rep:groupPrincipalNames"));
        Set principals3 = createPrincipalProvider.getPrincipals(this.userId);
        Assert.assertNotEquals(principals, principals3);
        assertPrincipals(principals3, EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
    }

    @Test
    public void testMissingExpiration() throws Exception {
        Set principals = createPrincipalProvider(this.systemRoot).getPrincipals(this.userId);
        Assert.assertTrue(getCacheTree(this.systemRoot).exists());
        getCacheTree(this.systemRoot).removeProperty("rep:expiration");
        this.systemRoot.commit(CacheValidatorProvider.asCommitAttributes());
        Assert.assertFalse(getCacheTree(this.systemRoot).hasProperty("rep:expiration"));
        Assert.assertEquals(principals, createPrincipalProvider(this.systemRoot).getPrincipals(this.userId));
        Assert.assertTrue(getCacheTree(this.systemRoot).hasProperty("rep:expiration"));
    }

    @Test
    public void testOnlySystemCreatesCache() throws Exception {
        assertPrincipals(this.principalProvider.getPrincipals(getTestUser().getID()), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
        this.root.refresh();
        Assert.assertFalse(this.root.getTree(getTestUser().getPath()).hasChild("rep:cache"));
    }

    @Test
    public void testOnlySystemReadsFromCache() throws Exception {
        String id = getTestUser().getID();
        PrincipalProvider createPrincipalProvider = createPrincipalProvider(this.systemRoot);
        assertPrincipals(createPrincipalProvider.getPrincipals(id), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
        this.root.refresh();
        assertPrincipals(this.principalProvider.getPrincipals(id), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
        this.testGroup.removeMember(getTestUser());
        this.root.commit();
        assertPrincipals(this.principalProvider.getPrincipals(id), EveryonePrincipal.getInstance(), getTestUser().getPrincipal());
        assertPrincipals(createPrincipalProvider.getPrincipals(id), EveryonePrincipal.getInstance(), this.testGroup.getPrincipal(), getTestUser().getPrincipal());
    }

    @Test
    public void testInvalidExpiry() throws Exception {
        for (long j : new long[]{0, -1, Long.MIN_VALUE}) {
            changeUserConfiguration(ConfigurationParameters.of("cacheExpiration", Long.valueOf(j)));
            createPrincipalProvider(this.systemRoot).getPrincipals(this.userId);
            this.root.refresh();
            Assert.assertFalse(this.root.getTree(getTestUser().getPath()).hasChild("rep:cache"));
        }
    }

    @Test
    public void testLongOverflow() throws Exception {
        Root latestRoot = getSystemSession().getLatestRoot();
        for (long j : new long[]{Long.MAX_VALUE, 9223372036854775806L, 9223372036854765807L}) {
            changeUserConfiguration(ConfigurationParameters.of("cacheExpiration", Long.valueOf(j)));
            createPrincipalProvider(latestRoot).getPrincipals(this.userId);
            Tree child = latestRoot.getTree(getTestUser().getPath()).getChild("rep:cache");
            Assert.assertTrue(child.exists());
            PropertyState property = child.getProperty("rep:expiration");
            Assert.assertNotNull(property);
            Assert.assertEquals(Long.MAX_VALUE, ((Long) property.getValue(Type.LONG)).longValue());
            child.remove();
            latestRoot.commit();
        }
    }

    @Test
    public void testChangeCache() throws Exception {
        createPrincipalProvider(this.systemRoot).getPrincipals(this.userId);
        this.root.refresh();
        ArrayList arrayList = new ArrayList();
        arrayList.add(PropertyStates.createProperty("rep:expiration", 25));
        arrayList.add(PropertyStates.createProperty("rep:groupPrincipalNames", "everyone"));
        arrayList.add(PropertyStates.createProperty("jcr:primaryType", "nt:unstructured"));
        arrayList.add(PropertyStates.createProperty("residualProp", "anyvalue"));
        for (Root root : new Root[]{this.root, this.systemRoot}) {
            Iterator it = arrayList.iterator();
            while (it.hasNext()) {
                try {
                    getCacheTree(root).setProperty((PropertyState) it.next());
                    root.commit();
                    Assert.fail("Attempt to modify the cache tree must fail.");
                    root.refresh();
                } catch (CommitFailedException e) {
                    root.refresh();
                } catch (Throwable th) {
                    root.refresh();
                    throw th;
                }
            }
        }
    }

    @Test
    public void testRemoveCache() throws Exception {
        createPrincipalProvider(this.systemRoot).getPrincipals(this.userId);
        this.root.refresh();
        getCacheTree(this.root).remove();
        this.root.commit();
    }

    @Test
    public void testConcurrentLoginWithCacheRemoval() throws Exception {
        changeUserConfiguration(ConfigurationParameters.of("cacheExpiration", 1));
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        for (int i = 0; i < 100; i++) {
            arrayList2.add(new Thread(() -> {
                try {
                    login(new SimpleCredentials(this.userId, this.userId.toCharArray())).close();
                } catch (Exception e) {
                    arrayList.add(e);
                }
            }));
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            ((Thread) it.next()).start();
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            ((Thread) it2.next()).join();
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            ((Exception) it3.next()).printStackTrace();
        }
        if (arrayList.isEmpty()) {
            return;
        }
        Assert.fail();
    }
}
