package org.apache.jackrabbit.oak.security.authentication.user;

import java.lang.reflect.Field;
import java.security.Principal;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Maps;
import org.apache.jackrabbit.guava.common.collect.Sets;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.commons.junit.LogCustomizer;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.security.user.UserAuthenticationFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.LoginModuleMonitor;
import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;
import org.slf4j.event.Level;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.class */
public class LoginModuleImplTest extends AbstractSecurityTest {
    private static final String USER_ID = "test";
    private static final String USER_ID_CASED = "TeSt";
    private static final String USER_PW = "pw";
    private final LoginModuleMonitor monitor = (LoginModuleMonitor) Mockito.mock(LoginModuleMonitor.class);
    private User user;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            Mockito.clearInvocations(new LoginModuleMonitor[]{this.monitor});
            if (this.user != null) {
                this.user.remove();
                this.root.commit();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected Configuration getConfiguration() {
        return ConfigurationUtil.getDefaultConfiguration(ConfigurationParameters.EMPTY);
    }

    private void createTestUser() throws RepositoryException, CommitFailedException {
        if (this.user == null) {
            this.user = getUserManager(this.root).createUser(USER_ID, USER_PW);
            this.root.commit();
        }
    }

    @NotNull
    private CallbackHandler createCallbackHandler(@Nullable ContentRepository contentRepository, @Nullable SecurityProvider securityProvider) {
        return callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof RepositoryCallback) {
                    ((RepositoryCallback) callback).setSecurityProvider(securityProvider);
                    ((RepositoryCallback) callback).setContentRepository(contentRepository);
                    ((RepositoryCallback) callback).setLoginModuleMonitor(this.monitor);
                } else if (!(callback instanceof CredentialsCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
            }
        };
    }

    @NotNull
    private CallbackHandler createCallbackHandler(@NotNull UserAuthenticationFactory userAuthenticationFactory) {
        return createCallbackHandler(getContentRepository(), SecurityProviderBuilder.newBuilder().with(ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("userAuthenticationFactory", userAuthenticationFactory))).build());
    }

    private LoginModuleImpl createLoginModule(@NotNull Subject subject, @Nullable CallbackHandler callbackHandler, @NotNull Map<String, ?> map) {
        LoginModuleImpl loginModuleImpl = new LoginModuleImpl();
        loginModuleImpl.initialize(subject, callbackHandler, map, Maps.newHashMap());
        return loginModuleImpl;
    }

    @Test(expected = LoginException.class)
    public void testNullLogin() throws Exception {
        ContentSession login = login(null);
        try {
            Assert.fail("Null login should fail");
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testGuestLogin() throws Exception {
        ContentSession login = login(new GuestCredentials());
        try {
            Assert.assertEquals(UserUtil.getAnonymousId(getUserConfiguration().getParameters()), login.getAuthInfo().getUserID());
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test(expected = LoginException.class)
    public void testAnonymousLogin() throws Exception {
        String anonymousId = UserUtil.getAnonymousId(getUserConfiguration().getParameters());
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(anonymousId);
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(this.root.getTree(authorizable.getPath()).hasProperty("rep:password"));
        ContentSession login = login(new SimpleCredentials(anonymousId, new char[0]));
        try {
            Assert.fail("Login with anonymousID should fail since the initial setup doesn't provide a password.");
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserLogin() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
        try {
            Assert.assertEquals(USER_ID, login.getAuthInfo().getUserID());
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testAuthInfoContainsUserId() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
        try {
            Assert.assertEquals(this.user.getID(), login.getAuthInfo().getUserID());
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserLoginIsCaseInsensitive() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
        try {
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(login.getAuthInfo().getUserID());
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.getID().equalsIgnoreCase(USER_ID_CASED));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testUserLoginIsCaseInsensitive2() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
        try {
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertEquals(this.user.getID(), authInfo.getUserID());
            Assert.assertTrue(USER_ID_CASED.equalsIgnoreCase(authInfo.getUserID()));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test(expected = LoginException.class)
    public void testUnknownUserLogin() throws Exception {
        ContentSession login = login(new SimpleCredentials("unknown", "".toCharArray()));
        try {
            Assert.fail("Unknown user must not be able to login");
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testSelfImpersonation() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
        try {
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertEquals(USER_ID, authInfo.getUserID());
            if (login != null) {
                login.close();
            }
            login = login(new ImpersonationCredentials(new SimpleCredentials(USER_ID, new char[0]), authInfo));
            try {
                Assert.assertEquals(USER_ID, login.getAuthInfo().getUserID());
                if (login != null) {
                    login.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test(expected = LoginException.class)
    public void testInvalidImpersonation() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
        try {
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertEquals(USER_ID, authInfo.getUserID());
            if (login != null) {
                login.close();
            }
            String adminId = UserUtil.getAdminId(((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getParameters());
            login = login(new ImpersonationCredentials(new SimpleCredentials(adminId, new char[0]), authInfo));
            try {
                Assert.fail("User 'test' should not be allowed to impersonate " + adminId);
                if (login != null) {
                    login.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testLoginWithAttributes() throws Exception {
        createTestUser();
        SimpleCredentials simpleCredentials = new SimpleCredentials(USER_ID, USER_PW.toCharArray());
        simpleCredentials.setAttribute("attr", "value");
        ContentSession login = login(simpleCredentials);
        try {
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertTrue(Arrays.asList(authInfo.getAttributeNames()).contains("attr"));
            Assert.assertEquals("value", authInfo.getAttribute("attr"));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testImpersonationWithAttributes() throws Exception {
        createTestUser();
        ContentSession login = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
        try {
            AuthInfo authInfo = login.getAuthInfo();
            if (login != null) {
                login.close();
            }
            SimpleCredentials simpleCredentials = new SimpleCredentials(USER_ID, new char[0]);
            simpleCredentials.setAttribute("attr", "value");
            login = login(new ImpersonationCredentials(simpleCredentials, authInfo));
            try {
                AuthInfo authInfo2 = login.getAuthInfo();
                Assert.assertTrue(Arrays.asList(authInfo2.getAttributeNames()).contains("attr"));
                Assert.assertEquals("value", authInfo2.getAttribute("attr"));
                if (login != null) {
                    login.close();
                }
            } finally {
            }
        } finally {
        }
    }

    @Test(expected = LoginException.class)
    public void testImpersonationWithUnsupportedBaseCredentials() throws Exception {
        ContentSession login = login(new ImpersonationCredentials((Credentials) Mockito.mock(Credentials.class), new AuthInfoImpl(USER_ID, (Map) null, (Set) null)));
        try {
            Assert.fail("Base credentials of ImpersonationCredentials can only be SimpleCredentials.");
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test(expected = LoginException.class)
    public void testFailedLoginWithMonitor() throws Exception {
        createTestUser();
        SimpleCredentials simpleCredentials = new SimpleCredentials(USER_ID, "wrongPw".toCharArray());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("org.apache.jackrabbit.credentials", simpleCredentials);
        try {
            createLoginModule(new Subject(), createCallbackHandler(getContentRepository(), getSecurityProvider()), newHashMap).login();
            ((LoginModuleMonitor) Mockito.verify(this.monitor)).loginFailed((LoginException) ArgumentMatchers.any(LoginException.class), (Credentials) ArgumentMatchers.eq(simpleCredentials));
        } catch (Throwable th) {
            ((LoginModuleMonitor) Mockito.verify(this.monitor)).loginFailed((LoginException) ArgumentMatchers.any(LoginException.class), (Credentials) ArgumentMatchers.eq(simpleCredentials));
            throw th;
        }
    }

    @Test
    public void LoginUnsupportedCredentials() throws Exception {
        Credentials credentials = (Credentials) Mockito.mock(Credentials.class);
        Assert.assertFalse(createLoginModule(new Subject(false, ImmutableSet.of(), ImmutableSet.of(credentials), ImmutableSet.of()), callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof RepositoryCallback) {
                    ((RepositoryCallback) callback).setSecurityProvider(getSecurityProvider());
                    ((RepositoryCallback) callback).setContentRepository(getContentRepository());
                } else {
                    if (!(callback instanceof CredentialsCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((CredentialsCallback) callback).setCredentials(credentials);
                }
            }
        }, Maps.newHashMap()).login());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testLoginPreAuthenticated() throws Exception {
        User testUser = getTestUser();
        Set principals = ((PrincipalConfiguration) getConfig(PrincipalConfiguration.class)).getPrincipalProvider(this.root, NamePathMapper.DEFAULT).getPrincipals(testUser.getID());
        Authentication authentication = (Authentication) Mockito.mock(Authentication.class);
        Mockito.when(Boolean.valueOf(authentication.authenticate((Credentials) ArgumentMatchers.any(Credentials.class)))).thenReturn(true).getMock();
        Mockito.when(authentication.getUserId()).thenReturn(testUser.getID());
        PrincipalImpl principalImpl = new PrincipalImpl("foreign");
        UserAuthenticationFactory userAuthenticationFactory = (UserAuthenticationFactory) Mockito.when(((UserAuthenticationFactory) Mockito.mock(UserAuthenticationFactory.class)).getAuthentication((UserConfiguration) ArgumentMatchers.any(UserConfiguration.class), (Root) ArgumentMatchers.any(Root.class), ArgumentMatchers.anyString())).thenReturn(authentication).getMock();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin("uid"));
        Subject subject = new Subject(false, ImmutableSet.of(principalImpl), ImmutableSet.of(), ImmutableSet.of());
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler(userAuthenticationFactory), newHashMap);
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        ImmutableSet build = new ImmutableSet.Builder().add(principalImpl).addAll(principals).build();
        Assert.assertEquals(build, subject.getPrincipals());
        Assert.assertEquals(1L, subject.getPublicCredentials().size());
        Set publicCredentials = subject.getPublicCredentials(AuthInfo.class);
        Assert.assertFalse(publicCredentials.isEmpty());
        AuthInfo authInfo = (AuthInfo) publicCredentials.iterator().next();
        Assert.assertEquals(testUser.getID(), authInfo.getUserID());
        Assert.assertEquals(build, authInfo.getPrincipals());
        Assert.assertTrue(createLoginModule.logout());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        Assert.assertTrue(subject.getPrincipals().contains(principalImpl));
        Assert.assertFalse(subject.getPrincipals().containsAll(principals));
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testLoginPreAuthenticatedWithReadOnlySubject() throws Exception {
        UserAuthenticationFactory userAuthenticationFactory = (UserAuthenticationFactory) Mockito.when(((UserAuthenticationFactory) Mockito.mock(UserAuthenticationFactory.class)).getAuthentication((UserConfiguration) ArgumentMatchers.any(UserConfiguration.class), (Root) ArgumentMatchers.any(Root.class), ArgumentMatchers.anyString())).thenReturn((Authentication) Mockito.when(Boolean.valueOf(((Authentication) Mockito.mock(Authentication.class)).authenticate((Credentials) ArgumentMatchers.any(Credentials.class)))).thenReturn(true).getMock()).getMock();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin("uid"));
        Subject subject = new Subject();
        subject.setReadOnly();
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler(userAuthenticationFactory), newHashMap);
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        Assert.assertTrue(createLoginModule.logout());
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test(expected = LoginException.class)
    public void testLoginPreAuthenticatedFails() throws Exception {
        LoginException loginException = new LoginException();
        UserAuthenticationFactory userAuthenticationFactory = (UserAuthenticationFactory) Mockito.when(((UserAuthenticationFactory) Mockito.mock(UserAuthenticationFactory.class)).getAuthentication((UserConfiguration) ArgumentMatchers.any(UserConfiguration.class), (Root) ArgumentMatchers.any(Root.class), ArgumentMatchers.anyString())).thenReturn((Authentication) Mockito.when(Boolean.valueOf(((Authentication) Mockito.mock(Authentication.class)).authenticate(PreAuthenticatedLogin.PRE_AUTHENTICATED))).thenThrow(new Throwable[]{loginException}).getMock()).getMock();
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin("uid"));
        try {
            createLoginModule(new Subject(), createCallbackHandler(userAuthenticationFactory), newHashMap).login();
            ((LoginModuleMonitor) Mockito.verify(this.monitor)).loginFailed(loginException, PreAuthenticatedLogin.PRE_AUTHENTICATED);
            Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
        } catch (Throwable th) {
            ((LoginModuleMonitor) Mockito.verify(this.monitor)).loginFailed(loginException, PreAuthenticatedLogin.PRE_AUTHENTICATED);
            Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
            throw th;
        }
    }

    @Test
    public void testLoginWithReadOnlySubject() throws Exception {
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("org.apache.jackrabbit.credentials", getAdminCredentials());
        Subject subject = new Subject(true, Collections.singleton(new PrincipalImpl("unknown")), Collections.emptySet(), Collections.emptySet());
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler(new UserAuthenticationFactoryImpl()), newHashMap);
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        Assert.assertFalse(subject.getPrincipals().isEmpty());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        Assert.assertTrue(createLoginModule.logout());
        Assert.assertFalse(subject.getPrincipals().isEmpty());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testNullUserAuthentication() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), createCallbackHandler((UserAuthenticationFactory) Mockito.mock(UserAuthenticationFactory.class)), Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingUserAuthenticationFactory() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), createCallbackHandler(getContentRepository(), (SecurityProvider) Mockito.when((UserConfiguration) ((SecurityProvider) Mockito.mock(SecurityProvider.class)).getConfiguration(UserConfiguration.class)).thenReturn((UserConfiguration) Mockito.when(((UserConfiguration) Mockito.mock(UserConfiguration.class)).getParameters()).thenReturn(ConfigurationParameters.EMPTY).getMock()).getMock()), Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingSecurityProviderGuestLogin() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(false, ImmutableSet.of(), ImmutableSet.of(new GuestCredentials()), ImmutableSet.of()), createCallbackHandler(getContentRepository(), null), Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingSecurityProvider() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), createCallbackHandler(getContentRepository(), null), Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingRoot() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), createCallbackHandler(null, getSecurityProvider()), Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingCallbackHandler() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), null, Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testUnsupportedCredentialsCallback() throws Exception {
        LoginModuleImpl createLoginModule = createLoginModule(new Subject(), callbackArr -> {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof RepositoryCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                RepositoryCallback repositoryCallback = (RepositoryCallback) callback;
                repositoryCallback.setLoginModuleMonitor(this.monitor);
                repositoryCallback.setContentRepository(getContentRepository());
                repositoryCallback.setSecurityProvider(getSecurityProvider());
            }
        }, Maps.newHashMap());
        Assert.assertFalse(createLoginModule.login());
        Assert.assertFalse(createLoginModule.commit());
        Assert.assertFalse(createLoginModule.logout());
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).loginError();
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testLoginCustomUserAuthenticationFactory() throws Exception {
        CallbackHandler createCallbackHandler = createCallbackHandler((userConfiguration, root, str) -> {
            return new Authentication() { // from class: org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImplTest.1
                public boolean authenticate(@Nullable Credentials credentials) {
                    return true;
                }

                @Nullable
                public String getUserId() {
                    return null;
                }

                @Nullable
                public Principal getUserPrincipal() {
                    return null;
                }
            };
        });
        Subject subject = new Subject(false, Sets.newHashSet(), ImmutableSet.of(new SimpleCredentials("loginId", new char[0])), Sets.newHashSet());
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler, Maps.newHashMap());
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        Assert.assertEquals("loginId", ((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getUserID());
        Assert.assertTrue(createLoginModule.logout());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testMissingUserId() throws Exception {
        CallbackHandler createCallbackHandler = createCallbackHandler((userConfiguration, root, str) -> {
            return new Authentication() { // from class: org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImplTest.2
                public boolean authenticate(@Nullable Credentials credentials) {
                    return true;
                }

                @Nullable
                public String getUserId() {
                    return null;
                }

                @Nullable
                public Principal getUserPrincipal() {
                    return null;
                }
            };
        });
        Subject subject = new Subject(false, Sets.newHashSet(), ImmutableSet.of(), Sets.newHashSet());
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler, Maps.newHashMap());
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        Assert.assertNull(((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getUserID());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
        Assert.assertTrue(createLoginModule.logout());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
        ((LoginModuleMonitor) Mockito.verify(this.monitor, Mockito.never())).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testCommitReadOnlySubject() throws Exception {
        PrincipalImpl principalImpl = new PrincipalImpl("subjetPrincipal");
        Subject subject = new Subject(true, ImmutableSet.of(principalImpl), ImmutableSet.of(), ImmutableSet.of());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put("org.apache.jackrabbit.credentials", new SimpleCredentials(getTestUser().getID(), getTestUser().getID().toCharArray()));
        LoginModuleImpl createLoginModule = createLoginModule(subject, createCallbackHandler(new UserAuthenticationFactoryImpl()), newHashMap);
        Assert.assertTrue(createLoginModule.login());
        Assert.assertTrue(createLoginModule.commit());
        Field declaredField = LoginModuleImpl.class.getDeclaredField("authInfo");
        declaredField.setAccessible(true);
        AuthInfo authInfo = (AuthInfo) declaredField.get(createLoginModule);
        Assert.assertNotNull(authInfo);
        Assert.assertTrue(authInfo.getPrincipals().contains(principalImpl));
        Assert.assertTrue(authInfo.getPrincipals().contains(getTestUser().getPrincipal()));
        ((LoginModuleMonitor) Mockito.verify(this.monitor)).principalsCollected(ArgumentMatchers.anyLong(), ArgumentMatchers.anyInt());
        Mockito.verifyNoMoreInteractions(new Object[]{this.monitor});
    }

    @Test
    public void testLoginLogoutPreexistingReadonlySubject() throws Exception {
        createTestUser();
        Subject.doAs(new Subject(true, Collections.singleton(() -> {
            return "JMXPrincipal: foo";
        }), Collections.EMPTY_SET, Collections.EMPTY_SET), () -> {
            LogCustomizer create = LogCustomizer.forLogger("org.apache.jackrabbit.oak.core.ContentSessionImpl").enable(Level.ERROR).create();
            ContentSession login = login(new SimpleCredentials(USER_ID, USER_PW.toCharArray()));
            try {
                create.starting();
                login.close();
                Assert.assertEquals(0L, create.getLogs().size());
                create.finished();
                return null;
            } catch (Throwable th) {
                Assert.assertEquals(0L, create.getLogs().size());
                create.finished();
                throw th;
            }
        });
    }
}
