package org.apache.jackrabbit.oak.security.user;

import java.text.ParseException;
import java.util.HashMap;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.NodeDefinition;
import javax.jcr.nodetype.NodeType;
import javax.jcr.nodetype.PropertyDefinition;
import org.apache.jackrabbit.oak.InitialContent;
import org.apache.jackrabbit.oak.InitialContentHelper;
import org.apache.jackrabbit.oak.Oak;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.index.property.PropertyIndexEditorProvider;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.nodetype.ReadOnlyNodeTypeManager;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.OpenSecurityProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserProviderTest.class */
public class UserProviderTest {
    private Root root;
    private ConfigurationParameters defaultConfig;
    private String defaultUserPath;
    private String defaultGroupPath;
    private Map<String, Object> customOptions;
    private final String customUserPath = "/home/users";
    private final String customGroupPath = "/home/groups";

    @Before
    public void setUp() throws Exception {
        this.root = new Oak(new MemoryNodeStore(InitialContentHelper.INITIAL_CONTENT)).with(new OpenSecurityProvider()).with(new InitialContent()).with(new PropertyIndexEditorProvider()).createRoot();
        this.defaultConfig = ConfigurationParameters.EMPTY;
        this.defaultUserPath = (String) this.defaultConfig.getConfigValue("usersPath", "/rep:security/rep:authorizables/rep:users");
        this.defaultGroupPath = (String) this.defaultConfig.getConfigValue("groupsPath", "/rep:security/rep:authorizables/rep:groups");
        this.customOptions = new HashMap();
        this.customOptions.put("groupsPath", "/home/groups");
        this.customOptions.put("usersPath", "/home/users");
    }

    @After
    public void tearDown() {
        this.root.refresh();
        this.root = null;
    }

    private UserProvider createUserProvider() {
        return new UserProvider(this.root, this.defaultConfig);
    }

    private UserProvider createUserProvider(int i) {
        HashMap hashMap = new HashMap(this.customOptions);
        hashMap.put("defaultDepth", Integer.valueOf(i));
        return new UserProvider(this.root, ConfigurationParameters.of(hashMap));
    }

    private UserProvider createUserProviderRFC7612() {
        HashMap hashMap = new HashMap(this.customOptions);
        hashMap.put("enableRFC7613UsercaseMappedProfile", true);
        return new UserProvider(this.root, ConfigurationParameters.of(hashMap));
    }

    @Test
    public void testCreateUser() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Tree createUser = createUserProvider.createUser("user1", (String) null);
        Assert.assertNotNull(createUser);
        Assert.assertTrue(Text.isDescendant(this.defaultUserPath, createUser.getPath()));
        Assert.assertEquals(this.defaultUserPath, Text.getRelativeParent(createUser.getPath(), ((Integer) this.defaultConfig.getConfigValue("defaultDepth", 2)).intValue() + 1));
        Assert.assertEquals(this.defaultUserPath + "/b/bb/b", createUserProvider.createUser("b", (String) null).getPath());
        HashMap hashMap = new HashMap();
        hashMap.put("bb", "/b/bb/bb");
        hashMap.put("bbb", "/b/bb/bbb");
        hashMap.put("bbbb", "/b/bb/bbbb");
        hashMap.put("bh", "/b/bh/bh");
        hashMap.put("bHbh", "/b/bH/bHbh");
        hashMap.put("b_Hb", "/b/b_/b_Hb");
        hashMap.put("basim", "/b/ba/basim");
        for (Map.Entry entry : hashMap.entrySet()) {
            Assert.assertEquals(this.defaultUserPath + ((String) entry.getValue()), createUserProvider.createUser((String) entry.getKey(), (String) null).getPath());
        }
    }

    @Test
    public void testCreateUserWithPath() throws Exception {
        Tree createUser = createUserProvider(1).createUser("nadine", "a/b/c");
        Assert.assertNotNull(createUser);
        Assert.assertTrue(Text.isDescendant("/home/users", createUser.getPath()));
        Assert.assertEquals("/home/users/a/b/c/nadine", createUser.getPath());
    }

    @Test(expected = AccessDeniedException.class)
    public void testCreateUserMissingAccessOnFolders() throws RepositoryException {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree.getParent()).thenReturn(tree);
        Mockito.when(Boolean.valueOf(tree.exists())).thenReturn(false);
        Mockito.when(Boolean.valueOf(tree.isRoot())).thenReturn(false, new Boolean[]{false, true});
        new UserProvider((Root) Mockito.when(((Root) Mockito.mock(Root.class)).getTree(ArgumentMatchers.anyString())).thenReturn(tree).getMock(), ConfigurationParameters.EMPTY).createUser("uid", (String) null);
    }

    @Test
    public void testCreateGroup() throws RepositoryException {
        Tree createGroup = createUserProvider().createGroup("group1", (String) null);
        Assert.assertNotNull(createGroup);
        Assert.assertTrue(Text.isDescendant(this.defaultGroupPath, createGroup.getPath()));
        Assert.assertEquals(this.defaultGroupPath, Text.getRelativeParent(createGroup.getPath(), ((Integer) this.defaultConfig.getConfigValue("defaultDepth", 2)).intValue() + 1));
    }

    @Test
    public void testCreateGroupWithPath() throws Exception {
        Tree createGroup = createUserProvider(4).createGroup("authors", "a/b/c");
        Assert.assertNotNull(createGroup);
        Assert.assertTrue(Text.isDescendant("/home/groups", createGroup.getPath()));
        Assert.assertEquals("/home/groups/a/b/c/authors", createGroup.getPath());
    }

    @Test
    public void testCreateWithCustomDepth() throws Exception {
        UserProvider createUserProvider = createUserProvider(3);
        Assert.assertEquals("/home/users/b/bb/bbb/b", createUserProvider.createUser("b", (String) null).getPath());
        HashMap hashMap = new HashMap();
        hashMap.put("bb", "/b/bb/bbb/bb");
        hashMap.put("bbb", "/b/bb/bbb/bbb");
        hashMap.put("bbbb", "/b/bb/bbb/bbbb");
        hashMap.put("bL", "/b/bL/bLL/bL");
        hashMap.put("bLbh", "/b/bL/bLb/bLbh");
        hashMap.put("b_Lb", "/b/b_/b_L/b_Lb");
        hashMap.put("basiL", "/b/ba/bas/basiL");
        for (Map.Entry entry : hashMap.entrySet()) {
            Assert.assertEquals("/home/users" + ((String) entry.getValue()), createUserProvider.createUser((String) entry.getKey(), (String) null).getPath());
        }
    }

    @Test
    public void testCreateWithCollision() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        createUserProvider.createUser("AmaLia", (String) null);
        HashMap hashMap = new HashMap();
        hashMap.put("AmaLia", null);
        hashMap.put("AmalIa", "s/ome/path");
        hashMap.put("amalia", null);
        hashMap.put("Amalia", "a/b/c");
        for (Map.Entry entry : hashMap.entrySet()) {
            try {
                createUserProvider.createUser((String) entry.getKey(), (String) entry.getValue());
                this.root.commit();
                Assert.fail("userID collision must be detected");
            } catch (CommitFailedException e) {
            }
        }
        for (Map.Entry entry2 : hashMap.entrySet()) {
            try {
                createUserProvider.createGroup((String) entry2.getKey(), (String) entry2.getValue());
                this.root.commit();
                Assert.fail("userID collision must be detected");
            } catch (CommitFailedException e2) {
            }
        }
    }

    @Test
    public void testCreateWithCollidingFolder() throws Exception {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Tree tree2 = (Tree) Mockito.mock(Tree.class);
        Mockito.when(tree2.getParent()).thenReturn(tree2);
        Mockito.when(Boolean.valueOf(tree2.exists())).thenReturn(true);
        Mockito.when(Boolean.valueOf(tree2.isRoot())).thenReturn(true);
        Mockito.when(Boolean.valueOf(tree2.hasChild("uid"))).thenReturn(true, new Boolean[]{false});
        Mockito.when(tree2.addChild("uid")).thenReturn(tree);
        Mockito.when(tree2.getChild(ArgumentMatchers.anyString())).thenReturn(tree2);
        Mockito.when(tree2.getPath()).thenReturn("/rep:security/rep:authorizables/rep:users");
        Mockito.when(tree2.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "rep:AuthorizableFolder", Type.NAME));
        Root root = (Root) Mockito.when(((Root) Mockito.mock(Root.class)).getTree(ArgumentMatchers.anyString())).thenReturn(tree2).getMock();
        Mockito.when(root.getContentSession()).thenReturn(this.root.getContentSession());
        Assert.assertSame(tree, new UserProvider(root, ConfigurationParameters.EMPTY).createUser("uid", (String) null));
    }

    @Test
    public void testCreateUserRFC7613Disabled() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Tree createUser = createUserProvider.createUser("Amalia", (String) null);
        Tree createUser2 = createUserProvider.createUser("Ａｍａｌｉａ", (String) null);
        this.root.commit();
        Assert.assertEquals("Amalia", UserUtil.getAuthorizableId(createUser));
        Assert.assertEquals("Ａｍａｌｉａ", UserUtil.getAuthorizableId(createUser2));
    }

    @Test
    public void testCreateUserRFC7613Enabled() throws Exception {
        UserProvider createUserProviderRFC7612 = createUserProviderRFC7612();
        createUserProviderRFC7612.createUser("Amalia", (String) null);
        try {
            createUserProviderRFC7612.createUser("Ａｍａｌｉａ", (String) null);
            this.root.commit();
            Assert.fail("userID collision must be detected");
        } catch (CommitFailedException e) {
        }
    }

    @Test
    public void testIllegalChars() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        HashMap hashMap = new HashMap();
        hashMap.put("z[x]", "/z/" + Text.escapeIllegalJcrChars("z[") + "/" + Text.escapeIllegalJcrChars("z[x]"));
        hashMap.put("z*x", "/z/" + Text.escapeIllegalJcrChars("z*") + "/" + Text.escapeIllegalJcrChars("z*x"));
        hashMap.put("z/x", "/z/" + Text.escapeIllegalJcrChars("z/") + "/" + Text.escapeIllegalJcrChars("z/x"));
        hashMap.put("%\r|", "/" + Text.escapeIllegalJcrChars("%") + "/" + Text.escapeIllegalJcrChars("%\r") + "/" + Text.escapeIllegalJcrChars("%\r|"));
        for (Map.Entry entry : hashMap.entrySet()) {
            String str = (String) entry.getKey();
            Tree createUser = createUserProvider.createUser(str, (String) null);
            this.root.commit();
            Assert.assertEquals(this.defaultUserPath + ((String) entry.getValue()), createUser.getPath());
            Assert.assertEquals(str, UserUtil.getAuthorizableId(createUser));
            Assert.assertNotNull("Tree with id " + str + " must exist.", createUserProvider.getAuthorizable(str));
        }
    }

    @Test
    public void testGetAuthorizable() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Tree createUser = createUserProvider.createUser("hannah", (String) null);
        Tree createGroup = createUserProvider.createGroup("cLevel", (String) null);
        this.root.commit();
        Tree authorizable = createUserProvider.getAuthorizable("hannah");
        Assert.assertNotNull(authorizable);
        Assert.assertEquals(createUser.getPath(), authorizable.getPath());
        Tree authorizable2 = createUserProvider.getAuthorizable("cLevel");
        Assert.assertNotNull(authorizable2);
        Assert.assertEquals(createGroup.getPath(), authorizable2.getPath());
    }

    @Test
    public void testGetAuthorizableByPath() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Tree createUser = createUserProvider.createUser("shams", (String) null);
        Tree authorizableByPath = createUserProvider.getAuthorizableByPath(createUser.getPath());
        Assert.assertNotNull(authorizableByPath);
        Assert.assertEquals(createUser.getPath(), authorizableByPath.getPath());
        Tree createGroup = createUserProvider.createGroup("devs", (String) null);
        Tree authorizableByPath2 = createUserProvider.getAuthorizableByPath(createGroup.getPath());
        Assert.assertNotNull(authorizableByPath2);
        Assert.assertEquals(createGroup.getPath(), authorizableByPath2.getPath());
    }

    @Test
    public void testGetAuthorizableByPrincipal() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        createUserProvider.createUser("uid", (String) null);
        Assert.assertNotNull(createUserProvider.getAuthorizableByPrincipal(new TreeBasedPrincipal("uid", "/path", NamePathMapper.DEFAULT) { // from class: org.apache.jackrabbit.oak.security.user.UserProviderTest.1
            @NotNull
            String getOakPath() {
                return "/path";
            }
        }));
    }

    @Test
    public void testGetAuthorizableByPrincipal2() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        createUserProvider.createUser("uid", (String) null);
        Assert.assertNull(createUserProvider.getAuthorizableByPrincipal(new TreeBasedPrincipal("uid", "/path", NamePathMapper.DEFAULT) { // from class: org.apache.jackrabbit.oak.security.user.UserProviderTest.2
            @NotNull
            String getOakPath() throws RepositoryException {
                throw new RepositoryException();
            }
        }));
    }

    @Test
    public void testGetAuthorizableByPrincipalQueryFails() throws Exception {
        QueryEngine queryEngine = (QueryEngine) Mockito.mock(QueryEngine.class);
        Mockito.when(queryEngine.executeQuery(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), ArgumentMatchers.anyLong(), ArgumentMatchers.anyLong(), (Map) ArgumentMatchers.any(Map.class), (Map) ArgumentMatchers.any(Map.class))).thenThrow(new Throwable[]{new ParseException("err", 0)});
        Assert.assertNull(new UserProvider((Root) Mockito.when(((Root) Mockito.mock(Root.class)).getQueryEngine()).thenReturn(queryEngine).getMock(), ConfigurationParameters.EMPTY).getAuthorizableByPrincipal(new PrincipalImpl("name")));
    }

    @Test
    public void testGetAuthorizableId() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Assert.assertEquals("Amanda", UserUtil.getAuthorizableId(createUserProvider.createUser("Amanda", (String) null)));
        Assert.assertEquals("visitors", UserUtil.getAuthorizableId(createUserProvider.createGroup("visitors", (String) null)));
    }

    @Test
    public void testRemoveParentTree() throws Exception {
        UserProvider createUserProvider = createUserProvider();
        Tree createUser = createUserProvider.createUser("b", "b");
        Tree createUser2 = createUserProvider.createUser("bb", "bb");
        this.root.getTree(Text.getRelativeParent(createUser.getPath(), 2)).remove();
        if (createUserProvider.getAuthorizable("b") != null) {
            Assert.fail("Removing the top authorizable folder must remove all users contained.");
            createUser.remove();
        }
        if (createUserProvider.getAuthorizable("bb") != null) {
            Assert.fail("Removing the top authorizable folder must remove all users contained.");
            createUser2.remove();
        }
    }

    @Test
    public void testCollisions() throws Exception {
        UserProvider userProvider = new UserProvider(this.root, ConfigurationParameters.of("authorizableNodeName", str -> {
            return "aaa";
        }));
        try {
            Assert.assertEquals("aaa", userProvider.createUser("a", (String) null).getName());
            Assert.assertEquals("aaa1", userProvider.createUser("b", (String) null).getName());
            Assert.assertEquals("aaa2", userProvider.createUser("c", (String) null).getName());
            Assert.assertEquals("aaa3", userProvider.createUser("d", (String) null).getName());
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testAutoCreatedItemsUponUserCreation() throws Exception {
        assertAutoCreatedItems(createUserProvider().createUser("c", (String) null), "rep:User", this.root);
    }

    @Test
    public void testAutoCreatedItemsUponSystemUserCreation() throws Exception {
        assertAutoCreatedItems(createUserProvider().createSystemUser("s", (String) null), "rep:SystemUser", this.root);
    }

    @Test
    public void testAutoCreatedItemsUponGroupCreation() throws Exception {
        assertAutoCreatedItems(createUserProvider().createGroup("g", (String) null), "rep:Group", this.root);
    }

    private static void assertAutoCreatedItems(@NotNull Tree tree, @NotNull String str, @NotNull Root root) throws Exception {
        NodeType nodeType = ReadOnlyNodeTypeManager.getInstance(root, NamePathMapper.DEFAULT).getNodeType(str);
        for (NodeDefinition nodeDefinition : nodeType.getChildNodeDefinitions()) {
            if (nodeDefinition.isAutoCreated()) {
                Assert.assertTrue(tree.hasChild(nodeDefinition.getName()));
            }
        }
        for (PropertyDefinition propertyDefinition : nodeType.getPropertyDefinitions()) {
            if (propertyDefinition.isAutoCreated()) {
                Assert.assertTrue(tree.hasProperty(propertyDefinition.getName()));
            }
        }
    }
}
