package org.apache.jackrabbit.oak.security.authentication.token;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Date;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
import java.util.UUID;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.Future;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlList;
import org.apache.jackrabbit.api.security.JackrabbitAccessControlManager;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.commons.jackrabbit.authorization.AccessControlUtils;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.SimpleCredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest.class */
public class TokenProviderImplTest extends AbstractTokenTest {
    private String userId;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenProviderImplTest$DataFuture.class */
    public static class DataFuture {
        public Future<TokenInfo> future;

        DataFuture(Future<TokenInfo> future) {
            this.future = future;
        }
    }

    @Override // org.apache.jackrabbit.oak.security.authentication.token.AbstractTokenTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userId = getTestUser().getID();
    }

    @Test
    public void testDoCreateToken() throws Exception {
        Assert.assertFalse(this.tokenProvider.doCreateToken(new GuestCredentials()));
        Assert.assertFalse(this.tokenProvider.doCreateToken(new TokenCredentials("token")));
        Assert.assertFalse(this.tokenProvider.doCreateToken(getAdminCredentials()));
        SimpleCredentials simpleCredentials = new SimpleCredentials("uid", "pw".toCharArray());
        Assert.assertFalse(this.tokenProvider.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute("any_attribute", "value");
        Assert.assertFalse(this.tokenProvider.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute("rep:token_key", "value");
        Assert.assertFalse(this.tokenProvider.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute(".token", "existing");
        Assert.assertFalse(this.tokenProvider.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute(".token", "");
        Assert.assertTrue(this.tokenProvider.doCreateToken(simpleCredentials));
    }

    @Test
    public void testCreateTokenFromInvalidCredentials() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new GuestCredentials());
        arrayList.add(new TokenCredentials("sometoken"));
        arrayList.add(new ImpersonationCredentials(new GuestCredentials(), (AuthInfo) null));
        arrayList.add(new SimpleCredentials("unknownUserId", new char[0]));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Assert.assertNull(this.tokenProvider.createToken((Credentials) it.next()));
        }
    }

    @Test
    public void testCreateTokenFromCredentials() {
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        ArrayList arrayList = new ArrayList();
        arrayList.add(simpleCredentials);
        arrayList.add(new ImpersonationCredentials(simpleCredentials, (AuthInfo) null));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            assertTokenInfo(this.tokenProvider.createToken((Credentials) it.next()), this.userId);
        }
    }

    @Test
    public void testCreateTokenFromCredentialsSetsAttribute() {
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        this.tokenProvider.createToken(simpleCredentials);
        Assert.assertArrayEquals(new String[]{".token"}, simpleCredentials.getAttributeNames());
    }

    @Test
    public void testCreateTokenCredentialsSupportDoesntSetAttribute() {
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        CredentialsSupport credentialsSupport = (CredentialsSupport) Mockito.mock(CredentialsSupport.class);
        Mockito.when(credentialsSupport.getCredentialClasses()).thenReturn(SimpleCredentialsSupport.getInstance().getCredentialClasses());
        Mockito.when(credentialsSupport.getUserId(simpleCredentials)).thenReturn(SimpleCredentialsSupport.getInstance().getUserId(simpleCredentials));
        Mockito.when(Boolean.valueOf(credentialsSupport.setAttributes((Credentials) ArgumentMatchers.any(Credentials.class), (Map) ArgumentMatchers.any(Map.class)))).thenReturn(false);
        createTokenProvider(this.root, getTokenConfig(), getUserConfiguration(), credentialsSupport).createToken(simpleCredentials);
        Assert.assertEquals(0L, simpleCredentials.getAttributeNames().length);
    }

    @Test
    public void testCreateTokenInvalidAlgorithm() {
        Assert.assertNull(createTokenProvider(this.root, ConfigurationParameters.of("passwordHashAlgorithm", IdentifierManagerTest.ID_INVALID), getUserConfiguration(), SimpleCredentialsSupport.getInstance()).createToken(new SimpleCredentials(this.userId, new char[0])));
    }

    @Test
    public void testCreateTokenFromInvalidUserId() {
        Assert.assertNull(this.tokenProvider.createToken("unknownUserId", Collections.emptyMap()));
    }

    @Test
    public void testCreateTokenFromGroupId() throws Exception {
        getUserManager(this.root).createGroup("groupId");
        Assert.assertNull(this.tokenProvider.createToken("groupId", Collections.emptyMap()));
    }

    @Test
    public void testCreateTokenFromUserId() {
        assertTokenInfo(this.tokenProvider.createToken(this.userId, Collections.emptyMap()), this.userId);
    }

    @Test
    public void testTokenNode() {
        HashMap hashMap = new HashMap();
        hashMap.put(".token", "value");
        hashMap.put("rep:token.key", "value");
        hashMap.put("rep:token.exp", "value");
        HashMap hashMap2 = new HashMap();
        hashMap2.put(".token_exp", "value");
        hashMap2.put(".tokenTest", "value");
        hashMap2.put(".token_something", "value");
        HashMap hashMap3 = new HashMap();
        hashMap3.put("any", "value");
        hashMap3.put("another", "value");
        HashMap hashMap4 = new HashMap();
        hashMap4.putAll(hashMap);
        hashMap4.putAll(hashMap3);
        hashMap4.putAll(hashMap2);
        TokenInfo createToken = this.tokenProvider.createToken(this.userId, hashMap4);
        Assert.assertNotNull(createToken);
        Tree tokenTree = getTokenTree(createToken);
        PropertyState property = tokenTree.getProperty("rep:token.key");
        Assert.assertNotNull(property);
        Assert.assertEquals(Type.STRING, property.getType());
        PropertyState property2 = tokenTree.getProperty("rep:token.exp");
        Assert.assertNotNull(property2);
        Assert.assertEquals(Type.DATE, property2.getType());
        hashMap.forEach((str, str2) -> {
            PropertyState property3 = tokenTree.getProperty(str);
            if (property3 != null) {
                Assert.assertNotEquals(str2, property3.getValue(Type.STRING));
            }
        });
        hashMap2.forEach((str3, str4) -> {
            Assert.assertEquals(str4, tokenTree.getProperty(str3).getValue(Type.STRING));
        });
        hashMap3.forEach((str5, str6) -> {
            Assert.assertEquals(str6, tokenTree.getProperty(str5).getValue(Type.STRING));
        });
    }

    @Test
    public void testGetTokenInfoFromInvalidToken() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/invalid");
        arrayList.add(UUID.randomUUID().toString());
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            Assert.assertNull(this.tokenProvider.getTokenInfo((String) it.next()));
        }
        try {
            Assert.assertNull(this.tokenProvider.getTokenInfo("invalidToken"));
        } catch (Exception e) {
        }
    }

    @Test
    public void testGetTokenInfoFromDisabledUser() throws Exception {
        TokenInfo createTokenInfo = createTokenInfo(this.tokenProvider, this.userId);
        getTestUser().disable("disabled");
        Assert.assertNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
    }

    @Test
    public void testGetTokenInfoFromGroup() throws Exception {
        Tree addChild = TreeUtil.addChild(TreeUtil.addChild(this.root.getTree(getUserManager(this.root).createGroup("gr").getPath()), ".tokens", "rep:Unstructured"), "tokenName", "rep:Token");
        String uuid = UUID.randomUUID().toString();
        addChild.setProperty("jcr:uuid", uuid);
        String str = uuid + "_generatedKey";
        addChild.setProperty("rep:token.key", str);
        Assert.assertNull(this.tokenProvider.getTokenInfo(str));
    }

    @Test
    public void testGetTokenInfoFromRegularNode() throws Exception {
        Tree addChild = TreeUtil.addChild(TreeUtil.addChild(TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "testNode", "nt:unstructured"), ".tokens", "rep:Unstructured"), "tokenName", "rep:Token");
        String uuid = UUID.randomUUID().toString();
        addChild.setProperty("jcr:uuid", uuid);
        String str = uuid + "_generatedKey";
        addChild.setProperty("rep:token.key", str);
        Assert.assertNull(this.tokenProvider.getTokenInfo(str));
    }

    @Test
    public void testGetTokenInfoFromInvalidLocation() throws Exception {
        TokenInfo createTokenInfo = createTokenInfo(this.tokenProvider, this.userId);
        Assert.assertNotNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        Tree addChild = TreeUtil.addChild(this.root.getTree(IdentifierManagerTest.ID_ROOT), "testNode", "nt:unstructured");
        try {
            replaceTokenTree(createTokenInfo, addChild, "rep:Token");
            Assert.assertNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        } finally {
            addChild.remove();
            this.root.commit(CommitMarker.asCommitAttributes());
        }
    }

    @Test
    public void testGetTokenInfoFromInvalidLocation2() throws Exception {
        TokenInfo createTokenInfo = createTokenInfo(this.tokenProvider, this.userId);
        Assert.assertNotNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        try {
            replaceTokenTree(createTokenInfo, TreeUtil.addChild(getUserTree(this.userId), "testNode", "nt:unstructured"), "rep:Token");
            Assert.assertNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testGetTokenInfoFromInvalidLocation3() throws Exception {
        TokenInfo createTokenInfo = createTokenInfo(this.tokenProvider, this.userId);
        Assert.assertNotNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        try {
            replaceTokenTree(createTokenInfo, getUserTree(this.userId).getChild(".tokens"), "nt:unstructured");
            Assert.assertNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testGetTokenInfoFromInvalidLocation4() throws Exception {
        TokenInfo createTokenInfo = createTokenInfo(this.tokenProvider, this.userId);
        Tree tokenTree = getTokenTree(createTokenInfo);
        Assert.assertNotNull(this.tokenProvider.getTokenInfo(createTokenInfo.getToken()));
        try {
            Assert.assertTrue(this.root.move(tokenTree.getPath(), TreeUtil.getOrAddChild(getUserTree(this.adminSession.getAuthInfo().getUserID()), ".tokens", "nt:unstructured").getPath() + "/" + tokenTree.getName()));
            TokenInfo tokenInfo = this.tokenProvider.getTokenInfo(createTokenInfo.getToken());
            Assert.assertNotNull(tokenInfo);
            Assert.assertFalse(tokenInfo.matches(new TokenCredentials(createTokenInfo.getToken())));
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testGetTokenInfo() {
        assertTokenInfo(this.tokenProvider.getTokenInfo(createTokenInfo(this.tokenProvider, this.userId).getToken()), this.userId);
    }

    @Test
    public void testCreateTokenWithExpirationParam() {
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        simpleCredentials.setAttribute("tokenExpiration", 100000);
        TokenInfo createToken = this.tokenProvider.createToken(simpleCredentials);
        assertTokenInfo(createToken, this.userId);
        Tree tokenTree = getTokenTree(createToken);
        Assert.assertNotNull(tokenTree);
        Assert.assertTrue(tokenTree.exists());
        Assert.assertTrue(tokenTree.hasProperty("tokenExpiration"));
        Assert.assertEquals(100000L, ((Long) tokenTree.getProperty("tokenExpiration").getValue(Type.LONG)).longValue());
    }

    @Test
    public void testCreateTokenWithInvalidExpirationParam() {
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        simpleCredentials.setAttribute("tokenExpiration", IdentifierManagerTest.ID_INVALID);
        try {
            this.tokenProvider.createToken(simpleCredentials);
            Assert.fail();
        } catch (NumberFormatException e) {
        }
    }

    @Test
    public void testFailingCleanupExpired() throws Exception {
        User testUser = getTestUser();
        JackrabbitAccessControlManager accessControlManager = getAccessControlManager(this.root);
        JackrabbitAccessControlList accessControlList = AccessControlUtils.getAccessControlList(accessControlManager, testUser.getPath());
        accessControlList.addAccessControlEntry(testUser.getPrincipal(), privilegesFromNames("jcr:read", "jcr:addChildNodes", "jcr:modifyProperties"));
        accessControlManager.setPolicy(accessControlList.getPath(), accessControlList);
        this.root.commit();
        ContentSession login = login(new SimpleCredentials(testUser.getID(), testUser.getID().toCharArray()));
        try {
            TokenProviderImpl createTokenProvider = createTokenProvider(login.getLatestRoot(), ConfigurationParameters.of("tokenCleanupThreshold", 1), getUserConfiguration(), SimpleCredentialsSupport.getInstance());
            SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
            simpleCredentials.setAttribute("tokenExpiration", 1);
            TokenInfo createToken = createTokenProvider.createToken(simpleCredentials);
            waitUntilExpired(createToken);
            int i = 0;
            do {
                i++;
                if (createTokenProvider.createToken(simpleCredentials).getToken().charAt(0) < '2') {
                    break;
                }
            } while (i < 50);
            this.root.refresh();
            Assert.assertTrue(getTokenTree(createToken).exists());
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testCleanupThresholdNotReached() {
        TokenProviderImpl createTokenProvider = createTokenProvider(this.root, ConfigurationParameters.of("tokenCleanupThreshold", 100), getUserConfiguration(), SimpleCredentialsSupport.getInstance());
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.userId, new char[0]);
        simpleCredentials.setAttribute("tokenExpiration", 1);
        TokenInfo createToken = createTokenProvider.createToken(simpleCredentials);
        waitUntilExpired(createToken);
        int i = 0;
        do {
            i++;
            if (createTokenProvider.createToken(simpleCredentials).getToken().charAt(0) < '2') {
                break;
            }
        } while (i < 50);
        Assert.assertTrue(getTokenTree(createToken).exists());
    }

    @Test
    public void testValidTokenCredentialsWithConflict() throws Exception {
        ExecutorService newFixedThreadPool = Executors.newFixedThreadPool(10);
        ArrayList<ContentSession> arrayList = new ArrayList();
        try {
            TokenConfiguration tokenConfiguration = (TokenConfiguration) getSecurityProvider().getConfiguration(TokenConfiguration.class);
            SimpleCredentials adminCredentials = getAdminCredentials();
            ArrayList arrayList2 = new ArrayList();
            for (int i = 0; i < 10; i++) {
                ContentSession login = login(getAdminCredentials());
                arrayList2.add(tokenConfiguration.getTokenProvider(login.getLatestRoot()));
                arrayList.add(login);
            }
            ArrayList arrayList3 = new ArrayList();
            Iterator it = arrayList2.iterator();
            while (it.hasNext()) {
                arrayList3.add(createDataFuture(newFixedThreadPool, (TokenProvider) it.next(), adminCredentials.getUserID(), Collections.emptyMap()));
            }
            Iterator it2 = arrayList3.iterator();
            while (it2.hasNext()) {
                Assert.assertNotNull(((DataFuture) it2.next()).future.get());
            }
        } finally {
            for (ContentSession contentSession : arrayList) {
                if (contentSession != null) {
                    contentSession.close();
                }
            }
            if (newFixedThreadPool != null) {
                newFixedThreadPool.shutdown();
            }
        }
    }

    @Test
    public void testTokenValidationIsCaseInsensitive() {
        TokenProvider tokenProvider = ((TokenConfiguration) getSecurityProvider().getConfiguration(TokenConfiguration.class)).getTokenProvider(this.adminSession.getLatestRoot());
        String userID = getAdminCredentials().getUserID();
        TokenInfo createToken = tokenProvider.createToken(userID.toUpperCase(), Collections.emptyMap());
        Assert.assertTrue(createToken.matches(new TokenCredentials(createToken.getToken())));
        Assert.assertEquals(userID, createToken.getUserId());
        TokenInfo tokenInfo = tokenProvider.getTokenInfo(createToken.getToken());
        Assert.assertTrue(tokenInfo.matches(new TokenCredentials(tokenInfo.getToken())));
        Assert.assertEquals(userID, tokenInfo.getUserId());
    }

    private static void assertTokenInfo(TokenInfo tokenInfo, String str) {
        Assert.assertNotNull(tokenInfo);
        Assert.assertNotNull(tokenInfo.getToken());
        Assert.assertEquals(str, tokenInfo.getUserId());
        Assert.assertFalse(tokenInfo.isExpired(new Date().getTime()));
    }

    @NotNull
    private DataFuture createDataFuture(ExecutorService executorService, TokenProvider tokenProvider, String str, Map<String, ?> map) {
        return new DataFuture(executorService.submit(() -> {
            return tokenProvider.createToken(str, map);
        }));
    }
}
