package org.apache.jackrabbit.oak.security.user;

import java.util.Iterator;
import java.util.UUID;
import javax.jcr.SimpleCredentials;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.SystemUserPrincipal;
import org.apache.jackrabbit.oak.spi.security.user.UserIdCredentials;
import org.apache.jackrabbit.oak.spi.security.user.action.AccessControlAction;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/SystemUserImplTest.class */
public class SystemUserImplTest extends AbstractSecurityTest {
    private UserManager userMgr;
    private String uid;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userMgr = getUserManager(this.root);
        this.uid = "testUser" + UUID.randomUUID();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            User authorizable = this.userMgr.getAuthorizable(this.uid, User.class);
            if (authorizable != null) {
                authorizable.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("authorizableActionProvider", securityProvider -> {
            AccessControlAction accessControlAction = new AccessControlAction();
            accessControlAction.init(securityProvider, ConfigurationParameters.of("userPrivilegeNames", new String[]{"jcr:all"}));
            return ImmutableList.of(accessControlAction);
        }));
    }

    private User createUser(@Nullable String str) throws Exception {
        User createSystemUser = this.userMgr.createSystemUser(this.uid, str);
        this.root.commit();
        return createSystemUser;
    }

    @Test
    public void testCreateSystemUser() throws Exception {
        Assert.assertTrue(createUser(null) instanceof SystemUserImpl);
    }

    @Test
    public void testIsAdmin() throws Exception {
        Assert.assertFalse(createUser(null).isAdmin());
    }

    @Test
    public void testIsSystemUser() throws Exception {
        Assert.assertTrue(createUser(null).isSystemUser());
    }

    @Test
    public void testIsGroup() throws Exception {
        Assert.assertFalse(createUser(null).isGroup());
    }

    @Test
    public void testSystemUserTree() throws Exception {
        Tree tree = this.root.getTree(createUser(null).getPath());
        Assert.assertFalse(tree.hasProperty("rep:password"));
        Assert.assertEquals("rep:SystemUser", TreeUtil.getPrimaryTypeName(tree));
    }

    @Test(expected = IllegalArgumentException.class)
    public void testCheckValidTree() throws Exception {
        User testUser = getTestUser();
        new SystemUserImpl(testUser.getID(), this.root.getTree(testUser.getPath()), this.userMgr);
    }

    @Test
    public void testGetCredentials() throws Exception {
        UserIdCredentials credentials = createUser(null).getCredentials();
        Assert.assertTrue(credentials instanceof UserIdCredentials);
        Assert.assertEquals(this.uid, credentials.getUserId());
    }

    @Test
    public void testHasNoPassword() throws Exception {
        Assert.assertFalse(this.root.getTree(createUser(null).getPath()).hasProperty("rep:password"));
    }

    @Test(expected = UnsupportedRepositoryOperationException.class)
    public void testChangePassword() throws Exception {
        createUser(null).changePassword("pw");
    }

    @Test(expected = UnsupportedRepositoryOperationException.class)
    public void testChangePassword2() throws Exception {
        createUser(null).changePassword("pw", "newPw");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testCreateUserWithAbsolutePath() throws Exception {
        createUser("/any/path/to/the/new/user");
    }

    @Test(expected = ConstraintViolationException.class)
    public void testCreateUserWithAbsolutePath2() throws Exception {
        createUser("/rep:security/rep:authorizables/rep:users/any/path/to/the/new/user");
    }

    @Test
    public void testCreateUserWithAbsolutePath3() throws Exception {
        String str = "/rep:security/rep:authorizables/rep:users/system" + "/any/path/to/the/new/user";
        Assert.assertTrue(createUser(str).getPath().startsWith(str));
    }

    @Test(expected = ConstraintViolationException.class)
    public void testCreateUserWithRelativePath() throws Exception {
        createUser("any/path");
    }

    @Test
    public void testCreateUserWithRelativePath2() throws Exception {
        User createUser = createUser("system/any/path");
        Assert.assertNotNull(createUser.getID());
        Assert.assertTrue(createUser.getPath().contains("any/path"));
    }

    @Test
    public void testCreateSystemUserWithOtherPath() throws Exception {
        String str = null;
        try {
            try {
                Tree addChild = TreeUtil.addChild(this.root.getTree("/rep:security/rep:authorizables/rep:users"), "systemUser", "rep:SystemUser");
                addChild.setProperty("rep:principalName", "systemUser");
                addChild.setProperty("rep:authorizableId", "systemUser");
                str = addChild.getPath();
                this.root.commit();
                Assert.fail();
                this.root.refresh();
                if (str != null) {
                    Tree tree = this.root.getTree(str);
                    if (tree.exists()) {
                        tree.remove();
                        this.root.commit();
                    }
                }
            } catch (CommitFailedException e) {
                Assert.assertTrue(e.isConstraintViolation());
                this.root.refresh();
                if (str != null) {
                    Tree tree2 = this.root.getTree(str);
                    if (tree2.exists()) {
                        tree2.remove();
                        this.root.commit();
                    }
                }
            }
        } catch (Throwable th) {
            this.root.refresh();
            if (str != null) {
                Tree tree3 = this.root.getTree(str);
                if (tree3.exists()) {
                    tree3.remove();
                    this.root.commit();
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAsSystemUser() throws Exception {
        createUser(null);
        try {
            login(new SimpleCredentials(this.uid, new char[0])).close();
            Assert.fail();
        } catch (LoginException e) {
        }
    }

    @Test(expected = LoginException.class)
    public void testLoginAsSystemUser2() throws Exception {
        login(createUser(null).getCredentials()).close();
    }

    @Test
    public void testImpersonateSystemUser() throws Exception {
        createUser(null);
        login(new ImpersonationCredentials(new SimpleCredentials(this.uid, new char[0]), this.adminSession.getAuthInfo())).close();
    }

    @Test
    public void testImpersonateDisabledSystemUser() throws Exception {
        createUser(null).disable("disabled");
        this.root.commit();
        try {
            login(new ImpersonationCredentials(new SimpleCredentials(this.uid, new char[0]), this.adminSession.getAuthInfo())).close();
            Assert.fail();
        } catch (LoginException e) {
        }
    }

    @Test
    public void testGetPrincipal() throws Exception {
        Assert.assertTrue(createUser(null).getPrincipal() instanceof SystemUserPrincipal);
    }

    @Test
    public void testAddToGroup() throws Exception {
        User createUser = createUser(null);
        Group group = null;
        try {
            group = this.userMgr.createGroup("testGroup");
            group.addMember(createUser);
            this.root.commit();
            Assert.assertTrue(group.isMember(createUser));
            Assert.assertTrue(group.isDeclaredMember(createUser));
            boolean z = false;
            Iterator declaredMemberOf = createUser.declaredMemberOf();
            while (declaredMemberOf.hasNext() && !z) {
                if (group.getID().equals(((Group) declaredMemberOf.next()).getID())) {
                    z = true;
                }
            }
            Assert.assertTrue(z);
            if (group != null) {
                group.remove();
                this.root.commit();
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                this.root.commit();
            }
            throw th;
        }
    }

    @Test
    public void testOnCreateOmitted() throws Exception {
        Assert.assertFalse(this.root.getTree(createUser(null).getPath()).hasChild("rep:policy"));
    }

    @Test
    public void testReplacesAdministrator() throws Exception {
        String str = (String) getUserConfiguration().getParameters().getConfigValue("adminId", "admin");
        this.root.getTree(this.userMgr.getAuthorizable(str, User.class).getPath()).remove();
        User createSystemUser = this.userMgr.createSystemUser(str, (String) null);
        Assert.assertTrue(createSystemUser.isAdmin());
        Assert.assertTrue(createSystemUser.getPrincipal() instanceof AdminPrincipal);
    }
}
