package org.apache.jackrabbit.oak.security.user;

import java.security.Principal;
import java.util.Collections;
import java.util.Enumeration;
import java.util.Map;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeAware;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UtilsTest.class */
public class UtilsTest extends AbstractSecurityTest {
    private Tree tree;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.tree = this.root.getTree(IdentifierManagerTest.ID_ROOT);
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
        } finally {
            super.after();
        }
    }

    private void assertEqualPath(@NotNull Tree tree, @NotNull Tree tree2) {
        Assert.assertEquals(tree.getPath(), tree2.getPath());
    }

    @NotNull
    private Principal getAdminPrincipal(@NotNull UserManager userManager) throws Exception {
        User authorizable = userManager.getAuthorizable((String) ((UserConfiguration) getConfig(UserConfiguration.class)).getParameters().getConfigValue("adminId", "admin"), User.class);
        Assert.assertNotNull(authorizable);
        return authorizable.getPrincipal();
    }

    @Test
    public void testGetOrAddTreeCurrentElement() throws Exception {
        Assert.assertSame(this.tree, Utils.getOrAddTree(this.tree, ".", "oak:Unstructured"));
    }

    @Test
    public void testGetOrAddTreeParentElement() throws Exception {
        assertEqualPath(this.tree, Utils.getOrAddTree(Utils.getOrAddTree(this.tree, "child", "oak:Unstructured"), "..", "oak:Unstructured"));
    }

    @Test(expected = IllegalStateException.class)
    public void testGetOrAddTreeParentElementFromRoot() throws Exception {
        Utils.getOrAddTree(this.tree, "..", "oak:Unstructured");
    }

    @Test
    public void testGetOrAddTreeSingleElement() throws Exception {
        assertEqualPath(this.root.getTree("/child"), Utils.getOrAddTree(this.tree, "child", "oak:Unstructured"));
    }

    @Test
    public void testGetOrAddTree() throws Exception {
        for (Map.Entry entry : ImmutableMap.of("a/b/c", "/a/b/c", "a/../b/c", "/b/c", "a/b/c/../..", "/a", "a/././././b/c", "/a/b/c").entrySet()) {
            assertEqualPath(this.root.getTree((String) entry.getValue()), Utils.getOrAddTree(this.tree, (String) entry.getKey(), "oak:Unstructured"));
        }
    }

    @Test(expected = IllegalStateException.class)
    public void testGetOrAddTreeReachesParentOfRoot() throws Exception {
        Utils.getOrAddTree(this.tree, "a/../../b", "oak:Unstructured");
    }

    @Test(expected = AccessDeniedException.class)
    public void testGetOrAddTreeTargetNotAccessible() throws Exception {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree.exists())).thenReturn(false);
        Tree tree2 = (Tree) Mockito.mock(Tree.class);
        Mockito.when(Boolean.valueOf(tree2.exists())).thenReturn(true);
        Mockito.when(tree2.getParent()).thenReturn(tree2);
        Mockito.when(tree2.getChild("a")).thenReturn(tree2);
        Mockito.when(tree2.getChild("b")).thenReturn(tree);
        Mockito.when(tree2.addChild("b")).thenReturn(tree);
        Utils.getOrAddTree(tree2, "a/a/b", "oak:Unstructured");
    }

    @Test
    public void testIsEveryoneUser() throws Exception {
        AuthorizableImpl authorizableImpl = (AuthorizableImpl) Mockito.when(((AuthorizableImpl) Mockito.mock(AuthorizableImpl.class)).getPrincipal()).thenReturn(EveryonePrincipal.getInstance()).getMock();
        Mockito.when(Boolean.valueOf(authorizableImpl.isGroup())).thenReturn(false);
        Assert.assertFalse(Utils.isEveryone(authorizableImpl));
    }

    @Test
    public void testIsEveryoneGroup() throws Exception {
        Assert.assertTrue(Utils.isEveryone(getUserManager(this.root).createGroup(EveryonePrincipal.getInstance())));
    }

    @Test
    public void testIsEveryoneOtherAuthorizable() throws Exception {
        Authorizable authorizable = (Authorizable) Mockito.when(((Authorizable) Mockito.mock(Authorizable.class)).getPrincipal()).thenReturn(EveryonePrincipal.getInstance()).getMock();
        Mockito.when(Boolean.valueOf(authorizable.isGroup())).thenReturn(false);
        Assert.assertFalse(Utils.isEveryone(authorizable));
        Mockito.when(Boolean.valueOf(authorizable.isGroup())).thenReturn(true);
        Assert.assertTrue(Utils.isEveryone(authorizable));
    }

    @Test
    public void testIsEveryoneGetPrincipalFails() throws Exception {
        Authorizable authorizable = (Authorizable) Mockito.when(((Authorizable) Mockito.mock(Authorizable.class)).getPrincipal()).thenThrow(new Throwable[]{new RepositoryException()}).getMock();
        Mockito.when(Boolean.valueOf(authorizable.isGroup())).thenReturn(true);
        Assert.assertFalse(Utils.isEveryone(authorizable));
    }

    @Test
    public void testCanImpersonateAllNonExisting() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl("nonExisting");
        UserManager userManager = getUserManager(this.root);
        Assert.assertNull(userManager.getAuthorizable(principalImpl));
        Assert.assertFalse(Utils.canImpersonateAllUsers(principalImpl, userManager));
    }

    @Test
    public void testCanImpersonateAllForGroup() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl("aGroup");
        getUserManager(this.root).createGroup(principalImpl);
        Assert.assertFalse(Utils.canImpersonateAllUsers(principalImpl, (UserManager) Mockito.spy(getUserManager(this.root))));
    }

    @Test
    public void testCanImpersonateAllForAdminUser() throws Exception {
        UserManager userManager = getUserManager(this.root);
        Principal adminPrincipal = getAdminPrincipal(userManager);
        Assert.assertTrue(Utils.canImpersonateAllUsers(adminPrincipal, userManager));
        Assert.assertTrue(Utils.canImpersonateAllUsers(new PrincipalImpl(adminPrincipal.getName()), userManager));
        Assert.assertTrue(Utils.canImpersonateAllUsers((GroupPrincipal) Mockito.when(((GroupPrincipal) Mockito.mock(GroupPrincipal.class)).getName()).thenReturn(adminPrincipal.getName()).getMock(), userManager));
    }

    @Test
    public void testCanImpersonateAllForNonAdminUser() throws Exception {
        User testUser = getTestUser();
        UserManager userManager = getUserManager(this.root);
        String name = testUser.getPrincipal().getName();
        Assert.assertFalse(Utils.canImpersonateAllUsers(testUser.getPrincipal(), userManager));
        Assert.assertFalse(Utils.canImpersonateAllUsers(new PrincipalImpl(name), userManager));
        Assert.assertFalse(Utils.canImpersonateAllUsers(() -> {
            return name;
        }, userManager));
    }

    @Test
    public void testCanImpersonateAllLookupFails() throws Exception {
        Assert.assertFalse(Utils.canImpersonateAllUsers(getAdminPrincipal(getUserManager(this.root)), (UserManager) Mockito.when(((UserManager) Mockito.mock(UserManager.class)).getAuthorizable((Principal) ArgumentMatchers.any(Principal.class))).thenThrow(new Throwable[]{new RepositoryException()}).getMock()));
    }

    @Test
    public void testCanImpersonateAllByImpersonatorMember() throws Exception {
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getConfig()).thenReturn(ImpersonationTestUtil.getMockedConfigs(userManagerImpl.getConfig(), "impersonator-group"));
        Group createGroup = userManagerImpl.createGroup("impersonator-group");
        Authorizable authorizable = userManagerImpl.getAuthorizable(getTestUser().getID());
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(Utils.canImpersonateAllUsers(authorizable.getPrincipal(), userManagerImpl));
        createGroup.addMember(authorizable);
        this.root.commit();
        Assert.assertTrue(Utils.canImpersonateAllUsers(authorizable.getPrincipal(), userManagerImpl));
    }

    @Test
    public void testCanImpersonateAllConfiguredNonExistingPrincipal() throws Exception {
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getConfig()).thenReturn(ImpersonationTestUtil.getMockedConfigs(userManagerImpl.getConfig(), "nonExisting"));
        Authorizable authorizable = userManagerImpl.getAuthorizable(getTestUser().getID());
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(Utils.canImpersonateAllUsers(authorizable.getPrincipal(), userManagerImpl));
    }

    @Test
    public void testIsImpersonatorByPrincipal() throws Exception {
        Principal principal = getTestUser().getPrincipal();
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getConfig()).thenReturn(ImpersonationTestUtil.getMockedConfigs(userManagerImpl.getConfig(), principal.getName()));
        User authorizable = userManagerImpl.getAuthorizable(getTestUser().getID(), User.class);
        Assert.assertNotNull(authorizable);
        Assert.assertTrue(Utils.canImpersonateAllUsers(authorizable.getPrincipal(), userManagerImpl));
    }

    @Test
    public void testIsImpersonatorByNonMatchingPrincipal() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl("impersonator");
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getConfig()).thenReturn(ImpersonationTestUtil.getMockedConfigs(userManagerImpl.getConfig(), "impersonator"));
        Mockito.when(userManagerImpl.getPrincipalManager()).thenReturn(ImpersonationTestUtil.getMockedPrincipalManager("impersonator", principalImpl));
        User authorizable = userManagerImpl.getAuthorizable(getTestUser().getID(), User.class);
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(Utils.canImpersonateAllUsers(authorizable.getPrincipal(), userManagerImpl));
    }

    @Test
    public void testIsImpersonatorOtherMgrImpl() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl("mockPrincipal");
        User user = (User) Mockito.when(((User) Mockito.mock(User.class)).getPrincipal()).thenReturn(principalImpl).getMock();
        UserManager userManager = (UserManager) Mockito.when(((UserManager) Mockito.mock(UserManager.class)).getAuthorizable(principalImpl)).thenReturn(user).getMock();
        Assert.assertFalse(Utils.canImpersonateAllUsers(principalImpl, userManager));
        ((UserManager) Mockito.verify(userManager)).getAuthorizable(principalImpl);
        ((User) Mockito.verify(user)).isGroup();
        ((User) Mockito.verify(user)).isAdmin();
        Mockito.verifyNoMoreInteractions(new Object[]{user, userManager});
    }

    @Test
    public void testIsImpersonatorByGroup() throws Exception {
        final String str = "impersonator_group";
        final Principal principal = getTestUser().getPrincipal();
        GroupPrincipal groupPrincipal = new GroupPrincipal() { // from class: org.apache.jackrabbit.oak.security.user.UtilsTest.1
            public boolean isMember(@NotNull Principal principal2) {
                return principal2.getName().equals(principal.getName());
            }

            @NotNull
            public Enumeration<? extends Principal> members() {
                return Collections.emptyEnumeration();
            }

            public String getName() {
                return str;
            }
        };
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getConfig()).thenReturn(ImpersonationTestUtil.getMockedConfigs(userManagerImpl.getConfig(), "impersonator_group"));
        Mockito.when(userManagerImpl.getPrincipalManager()).thenReturn(ImpersonationTestUtil.getMockedPrincipalManager("impersonator_group", groupPrincipal));
        Assert.assertTrue(Utils.canImpersonateAllUsers(principal, userManagerImpl));
    }

    @Test
    public void testGetTreeFromTreeAware() throws Exception {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Root root = (Root) Mockito.mock(Root.class);
        TreeAware treeAware = (Authorizable) Mockito.mock(Authorizable.class, Mockito.withSettings().extraInterfaces(new Class[]{TreeAware.class}));
        Mockito.when(treeAware.getTree()).thenReturn(tree);
        Assert.assertSame(tree, Utils.getTree(treeAware, root));
        Mockito.verifyNoInteractions(new Object[]{root});
        ((TreeAware) Mockito.verify(treeAware)).getTree();
        Mockito.verifyNoMoreInteractions(new Object[]{treeAware});
    }

    @Test
    public void testGetTree() throws Exception {
        Tree tree = (Tree) Mockito.mock(Tree.class);
        Root root = (Root) Mockito.when(((Root) Mockito.mock(Root.class)).getTree("/user/path")).thenReturn(tree).getMock();
        Authorizable authorizable = (Authorizable) Mockito.mock(Authorizable.class);
        Mockito.when(authorizable.getPath()).thenReturn("/user/path");
        Assert.assertSame(tree, Utils.getTree(authorizable, root));
        ((Root) Mockito.verify(root)).getTree(ArgumentMatchers.anyString());
        ((Authorizable) Mockito.verify(authorizable)).getPath();
        Mockito.verifyNoMoreInteractions(new Object[]{authorizable, root});
    }
}
