package org.apache.jackrabbit.oak.security.user.query;

import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import java.security.Principal;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Query;
import org.apache.jackrabbit.api.security.user.QueryBuilder;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.query.QueryEngineSettings;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.security.user.AbstractUserTest;
import org.apache.jackrabbit.oak.security.user.UserManagerImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/query/UserQueryManagerTest.class */
public class UserQueryManagerTest extends AbstractUserTest {
    private ValueFactory valueFactory;
    private UserQueryManager queryMgr;
    private User user;
    private String propertyName;
    private Value v;
    private final List<Group> groups = new ArrayList();

    @Override // org.apache.jackrabbit.oak.security.user.AbstractUserTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        UserManagerImpl userManager = getUserManager(this.root);
        this.user = getTestUser();
        this.queryMgr = new UserQueryManager(userManager, this.namePathMapper, getUserConfiguration().getParameters(), this.root);
        this.valueFactory = getValueFactory(this.root);
        this.propertyName = "testProperty";
        this.v = this.valueFactory.createValue("value");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public QueryEngineSettings getQueryEngineSettings() {
        if (this.querySettings == null) {
            this.querySettings = new QueryEngineSettings();
            this.querySettings.setFailTraversal(false);
        }
        return this.querySettings;
    }

    @Override // org.apache.jackrabbit.oak.security.user.AbstractUserTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Iterator<Group> it = this.groups.iterator();
            while (it.hasNext()) {
                it.next().remove();
            }
            if (this.root.hasPendingChanges()) {
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    private Group createGroup(@Nullable String str, @Nullable Principal principal) throws RepositoryException {
        Group createGroup;
        if (str != null) {
            createGroup = principal != null ? getUserManager(this.root).createGroup(str, principal, (String) null) : getUserManager(this.root).createGroup(str);
        } else {
            Preconditions.checkNotNull(principal);
            createGroup = getUserManager(this.root).createGroup(principal);
        }
        this.groups.add(createGroup);
        return createGroup;
    }

    private static void assertResultContainsAuthorizables(@NotNull Iterator<Authorizable> it, Authorizable... authorizableArr) throws RepositoryException {
        switch (authorizableArr.length) {
            case 0:
                Assert.assertFalse(it.hasNext());
                return;
            case 1:
                Assert.assertTrue(it.hasNext());
                Assert.assertEquals(authorizableArr[0].getID(), it.next().getID());
                Assert.assertFalse(it.hasNext());
                return;
            default:
                Assert.assertEquals(ImmutableSet.copyOf(authorizableArr), ImmutableSet.copyOf(it));
                return;
        }
    }

    @Test
    public void testFindNodesExact() throws Exception {
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("value \\, containing backslash"));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(this.propertyName, "value \\, containing backslash", AuthorizableType.USER, true), this.user);
    }

    @Test
    public void testFindNodesNonExact() throws Exception {
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("value \\, containing backslash"));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(this.propertyName, "value \\, containing backslash", AuthorizableType.USER, false), this.user);
    }

    @Test
    public void testFindNodesNonExactWithApostrophe() throws Exception {
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("value ' with apostrophe"));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(this.propertyName, "value ' with apostrophe", AuthorizableType.USER, false), this.user);
    }

    @Test
    public void testFindNodesExactWithApostrophe() throws Exception {
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("value ' with apostrophe"));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(this.propertyName, "value ' with apostrophe", AuthorizableType.USER, true), this.user);
    }

    @Test
    public void testFindWithCurrentRelPathTypeMismatch() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables("./" + this.propertyName, this.v.getString(), AuthorizableType.GROUP, false), new Authorizable[0]);
    }

    @Test
    public void testFindWithCurrentRelPath() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables("./" + this.propertyName, this.v.getString(), AuthorizableType.USER, false), this.user);
    }

    @Test
    public void testFindWithRelPath() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables("rel/path/to/" + this.propertyName, this.v.getString(), AuthorizableType.USER, false), new Authorizable[0]);
    }

    @Test
    public void testFindWithRelPathMultipleSelectorNames() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        Authorizable createGroup = createGroup("g", null);
        createGroup.setProperty("rel/path/to/" + this.propertyName, this.v);
        this.root.commit();
        for (AuthorizableType authorizableType : new AuthorizableType[]{AuthorizableType.AUTHORIZABLE, AuthorizableType.GROUP}) {
            assertResultContainsAuthorizables(this.queryMgr.findAuthorizables("rel/path/to/" + this.propertyName, this.v.getString(), authorizableType, false), createGroup);
        }
    }

    @Test
    public void testFindWithRelPathTypeMismatch() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        createGroup("g", null).setProperty("rel/path/to/" + this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables("rel/path/to/" + this.propertyName, this.v.getString(), AuthorizableType.USER, false), new Authorizable[0]);
    }

    @Test
    public void testFilterDuplicateResults() throws Exception {
        this.user.setProperty(this.propertyName, this.v);
        this.user.setProperty("rel/path/to/" + this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(this.propertyName, this.v.getString(), AuthorizableType.AUTHORIZABLE, false), this.user);
    }

    @Test
    public void testQueryMaxCountZero() throws Exception {
        Assert.assertSame(Collections.emptyIterator(), this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.1
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setLimit(0L, 0L);
            }
        }));
    }

    @Test
    public void testQueryScopeEveryoneNonExisting() throws Exception {
        final String id = this.user.getID();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.2
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.nameMatches(id));
                queryBuilder.setScope("everyone", false);
            }
        }), this.user);
    }

    @Test
    public void testQueryScopeEveryoneFiltersEveryone() throws Exception {
        createGroup(null, EveryonePrincipal.getInstance()).setProperty(this.propertyName, this.v);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.3
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("everyone", false);
            }
        }), this.user);
    }

    @Test
    public void testQueryScopeEveryoneWithIdDiffersPrincipalName() throws Exception {
        createGroup("eGroup", EveryonePrincipal.getInstance()).setProperty(this.propertyName, this.v);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.4
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("eGroup", false);
            }
        }), this.user);
    }

    @Test
    public void testQueryNoScope() throws Exception {
        Authorizable createGroup = createGroup(null, EveryonePrincipal.getInstance());
        createGroup.setProperty(this.propertyName, this.v);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.5
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
            }
        }), this.user, createGroup);
    }

    @Test
    public void testQueryScopeNotMember() throws Exception {
        createGroup("g1", null);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.6
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("g1", false);
            }
        }), new Authorizable[0]);
    }

    @Test
    public void testQueryScopeDeclaredMember() throws Exception {
        createGroup("g1", null).addMember(this.user);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.7
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("g1", false);
            }
        }), this.user);
    }

    @Test
    public void testQueryScopeDeclaredMembership() throws Exception {
        Group createGroup = createGroup("g1", null);
        Group createGroup2 = createGroup("g2", null);
        createGroup.addMember(createGroup2);
        createGroup2.addMember(this.user);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.8
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("g1", true);
            }
        }), new Authorizable[0]);
    }

    @Test
    public void testQueryScopeInheritedMembership() throws Exception {
        Group createGroup = createGroup("g1", null);
        Group createGroup2 = createGroup("g2", null);
        createGroup.addMember(createGroup2);
        createGroup2.addMember(this.user);
        this.user.setProperty(this.propertyName, this.v);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.9
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.eq(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.v));
                queryBuilder.setScope("g1", false);
            }
        }), this.user);
    }

    @Test
    public void testQueryBoundWithoutSortOrder() throws Exception {
        Authorizable createGroup = createGroup("g1", null);
        createGroup.setProperty(this.propertyName, this.valueFactory.createValue(50L));
        Authorizable createGroup2 = createGroup("g2", null);
        createGroup2.setProperty(this.propertyName, this.valueFactory.createValue(60L));
        this.user.setProperty(this.propertyName, this.valueFactory.createValue(101L));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.10
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setLimit(UserQueryManagerTest.this.valueFactory.createValue(100L), Long.MAX_VALUE);
                queryBuilder.setCondition(queryBuilder.gt(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.valueFactory.createValue(20L)));
            }
        }), this.user, createGroup, createGroup2);
    }

    @Test
    public void testQueryBoundWithSortOrder() throws Exception {
        createGroup("g1", null).setProperty(this.propertyName, this.valueFactory.createValue(50L));
        createGroup("g2", null).setProperty(this.propertyName, this.valueFactory.createValue(60L));
        this.user.setProperty(this.propertyName, this.valueFactory.createValue(101L));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.11
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setLimit(UserQueryManagerTest.this.valueFactory.createValue(100L), Long.MAX_VALUE);
                queryBuilder.setSortOrder(UserQueryManagerTest.this.propertyName, QueryBuilder.Direction.ASCENDING);
                queryBuilder.setCondition(queryBuilder.gt(UserQueryManagerTest.this.propertyName, UserQueryManagerTest.this.valueFactory.createValue(20L)));
            }
        }), this.user);
    }

    @Test
    public void testQueryBoundWithSortOrderMissingCondition() throws Exception {
        createGroup("g1", null).setProperty(this.propertyName, this.valueFactory.createValue(50L));
        createGroup("g2", null).setProperty(this.propertyName, this.valueFactory.createValue(60L));
        this.user.setProperty(this.propertyName, this.valueFactory.createValue(101L));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.12
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setLimit(UserQueryManagerTest.this.valueFactory.createValue(100L), Long.MAX_VALUE);
                queryBuilder.setSortOrder(UserQueryManagerTest.this.propertyName, QueryBuilder.Direction.ASCENDING);
            }
        }), this.user);
    }

    @Test
    public void testQuerySortIgnoreCase() throws Exception {
        Group createGroup = createGroup("g1", null);
        createGroup.setProperty(this.propertyName, this.valueFactory.createValue("aaa"));
        Group createGroup2 = createGroup("g2", null);
        createGroup2.setProperty(this.propertyName, this.valueFactory.createValue("BBB"));
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("c"));
        this.root.commit();
        Assert.assertEquals(ImmutableList.of(this.user, createGroup2, createGroup), ImmutableList.copyOf(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.13
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.exists(UserQueryManagerTest.this.propertyName));
                queryBuilder.setSortOrder(UserQueryManagerTest.this.propertyName, QueryBuilder.Direction.DESCENDING, true);
            }
        })));
    }

    @Test
    public void testQuerySortRespectCase() throws Exception {
        Group createGroup = createGroup("g1", null);
        createGroup.setProperty(this.propertyName, this.valueFactory.createValue("aaa"));
        Group createGroup2 = createGroup("g2", null);
        createGroup2.setProperty(this.propertyName, this.valueFactory.createValue("BBB"));
        this.user.setProperty(this.propertyName, this.valueFactory.createValue("c"));
        this.root.commit();
        Assert.assertEquals(ImmutableList.of(this.user, createGroup, createGroup2), ImmutableList.copyOf(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.14
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.exists(UserQueryManagerTest.this.propertyName));
                queryBuilder.setSortOrder(UserQueryManagerTest.this.propertyName, QueryBuilder.Direction.DESCENDING, false);
            }
        })));
    }

    @Test
    public void testQueryNameMatchesWithUnderscoreId() throws Exception {
        Authorizable createGroup = createGroup("group_with_underscore", null);
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.15
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.nameMatches("group_with_underscore"));
            }
        }), createGroup);
    }

    @Test
    public void testQueryNameMatchesWithUnderscorePrincipalName() throws Exception {
        Authorizable createGroup = createGroup("g", new PrincipalImpl("group_with_underscore"));
        this.root.commit();
        assertResultContainsAuthorizables(this.queryMgr.findAuthorizables(new Query() { // from class: org.apache.jackrabbit.oak.security.user.query.UserQueryManagerTest.16
            public <T> void build(@NotNull QueryBuilder<T> queryBuilder) {
                queryBuilder.setCondition(queryBuilder.nameMatches("group_with_underscore"));
            }
        }), createGroup);
    }

    @Test
    public void testFindWhenRootTreeIsSearchRoot() throws Exception {
        ConfigurationParameters of = ConfigurationParameters.of("groupsPath", IdentifierManagerTest.ID_ROOT);
        SecurityProviderBuilder.newBuilder().with(ConfigurationParameters.of("org.apache.jackrabbit.oak.user", of)).withRootProvider(getRootProvider()).withTreeProvider(getTreeProvider()).build();
        Assert.assertTrue(new UserQueryManager(createUserManagerImpl(this.root), getNamePathMapper(), of, this.root).findAuthorizables("rep:authorizableId", "admin", AuthorizableType.AUTHORIZABLE).hasNext());
    }

    @Test
    public void testFindReservedProperty() throws Exception {
        this.user.setProperty("subtree/rep:disabled", this.valueFactory.createValue("disabled"));
        Assert.assertFalse(this.queryMgr.findAuthorizables("rep:disabled", "disabled", AuthorizableType.USER).hasNext());
        this.user.removeProperty("subtree/rep:disabled");
        this.user.disable("disabled");
        Assert.assertTrue(this.queryMgr.findAuthorizables("rep:disabled", "disabled", AuthorizableType.USER).hasNext());
    }

    @Test
    public void testFindResultNotAccessible() throws Exception {
        this.user.setProperty("profile/name", this.valueFactory.createValue("userName"));
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, PathUtils.concat(this.user.getPath(), "profile"));
        if (accessControlList != null && accessControlList.addAccessControlEntry(this.user.getPrincipal(), privilegesFromNames("jcr:read"))) {
            accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        }
        this.root.commit();
        ContentSession login = login(new SimpleCredentials(this.user.getID(), this.user.getID().toCharArray()));
        Throwable th = null;
        try {
            try {
                Root latestRoot = login.getLatestRoot();
                Assert.assertFalse(new UserQueryManager(createUserManagerImpl(latestRoot), getNamePathMapper(), ConfigurationParameters.EMPTY, latestRoot).findAuthorizables("name", "userName", AuthorizableType.USER).hasNext());
                if (login != null) {
                    if (0 == 0) {
                        login.close();
                        return;
                    }
                    try {
                        login.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (login != null) {
                if (th != null) {
                    try {
                        login.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    login.close();
                }
            }
            throw th4;
        }
    }
}
