package org.apache.jackrabbit.oak.security.user;

import java.util.ArrayList;
import java.util.UUID;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.guava.common.base.Preconditions;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.UUIDUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.util.Text;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserValidatorTest.class */
public class UserValidatorTest extends AbstractSecurityTest implements UserConstants {
    private String userPath;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userPath = getTestUser().getPath();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        try {
            this.root.refresh();
        } finally {
            super.after();
        }
    }

    @NotNull
    private UserValidatorProvider createValidatorProvider() {
        return new UserValidatorProvider(getConfig(), getRootProvider(), getTreeProvider());
    }

    @NotNull
    private UserValidator createUserValidator(@NotNull Tree tree, @NotNull Tree tree2) {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        createValidatorProvider.getRootValidator(getTreeProvider().asNodeState(tree), getTreeProvider().asNodeState(tree2), new CommitInfo("sid", (String) null));
        return new UserValidator(tree, tree2, createValidatorProvider);
    }

    private void assertRemoveProperty(@NotNull String str, int i) throws CommitFailedException {
        try {
            this.root.getTree(this.userPath).removeProperty(str);
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(i, e.getCode());
            Assert.assertTrue(e.isConstraintViolation());
            throw e;
        }
    }

    private void assertChangeProperty(@NotNull String str, @NotNull String str2, int i) throws CommitFailedException {
        try {
            this.root.getTree(this.userPath).setProperty(str, str2);
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(i, e.getCode());
            Assert.assertTrue(e.isConstraintViolation());
            throw e;
        }
    }

    @NotNull
    private ConfigurationParameters getConfig() {
        return getUserConfiguration().getParameters();
    }

    @Test(expected = CommitFailedException.class)
    public void removePassword() throws Exception {
        assertRemoveProperty("rep:password", 25);
    }

    @Test(expected = CommitFailedException.class)
    public void removePrincipalName() throws Exception {
        assertRemoveProperty("rep:principalName", 22);
    }

    @Test(expected = CommitFailedException.class)
    public void removePrincipalName2() throws Exception {
        try {
            Tree tree = this.root.getTree(this.userPath);
            createUserValidator(tree, tree).propertyDeleted(tree.getProperty("rep:principalName"));
        } catch (CommitFailedException e) {
            Assert.assertEquals(25L, e.getCode());
            Assert.assertTrue(e.isConstraintViolation());
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void removeAuthorizableId() throws Exception {
        assertRemoveProperty("rep:authorizableId", 25);
    }

    @Test(expected = CommitFailedException.class)
    public void createWithoutPrincipalName() throws Exception {
        this.root.getTree(getUserManager(this.root).createUser("withoutPrincipalName", "pw").getPath()).removeProperty("rep:principalName");
        this.root.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void createWithoutPrincipalName2() throws Exception {
        Tree tree = this.root.getTree(this.userPath);
        tree.removeProperty("rep:principalName");
        NodeState asNodeState = getTreeProvider().asNodeState(tree);
        try {
            Tree parent = this.root.getTree(this.userPath).getParent();
            createUserValidator(parent, parent).childNodeAdded(tree.getName(), asNodeState);
        } catch (CommitFailedException e) {
            Assert.assertEquals(26L, e.getCode());
            throw e;
        }
    }

    @Test
    public void createWithoutAuthorizableId() throws Exception {
        this.root.getTree(getUserManager(this.root).createUser("withoutId", "pw").getPath()).removeProperty("rep:authorizableId");
        this.root.commit();
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable("withoutId"));
    }

    @Test(expected = CommitFailedException.class)
    public void createWithInvalidUUID() throws Exception {
        this.root.getTree(getUserManager(this.root).createUser("withInvalidUUID", "pw").getPath()).setProperty("jcr:uuid", UUID.randomUUID().toString());
        this.root.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void createSystemUserWithPw() throws Exception {
        try {
            this.root.getTree(getUserManager(this.root).createSystemUser("withPw", (String) null).getPath()).setProperty("rep:password", "pw", Type.STRING);
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(32L, e.getCode());
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void createSystemUserWithPwNode() throws Exception {
        try {
            TreeUtil.addChild(this.root.getTree(getUserManager(this.root).createSystemUser("withPwNode", (String) null).getPath()), "rep:pwd", "rep:Password");
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(33L, e.getCode());
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void changeUUID() throws Exception {
        assertChangeProperty("jcr:uuid", UUID.randomUUID().toString(), 23);
    }

    @Test
    public void changeUUIDValid() throws Exception {
        Tree tree = this.root.getTree(this.userPath);
        createUserValidator(tree, tree).propertyChanged(PropertyStates.createProperty("jcr:uuid", "invalidBefore"), tree.getProperty("jcr:uuid"));
    }

    @Test(expected = CommitFailedException.class)
    public void changePrincipalName() throws Exception {
        assertChangeProperty("rep:principalName", "another", 22);
    }

    @Test(expected = CommitFailedException.class)
    public void changeAuthorizableId() throws Exception {
        assertChangeProperty("rep:authorizableId", "modified", 22);
    }

    @Test(expected = CommitFailedException.class)
    public void changePasswordToPlainText() throws Exception {
        assertChangeProperty("rep:password", "plaintext", 24);
    }

    @Test(expected = CommitFailedException.class)
    public void changePasswordToPlainText2() throws Exception {
        Tree tree = (Tree) Mockito.when(((Tree) Mockito.mock(Tree.class)).getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "nt:unstructured", Type.NAME)).getMock();
        Tree tree2 = this.root.getTree(this.userPath);
        new UserValidator(tree, tree2, new UserValidatorProvider(ConfigurationParameters.EMPTY, getRootProvider(), getTreeProvider())).propertyChanged(tree2.getProperty("rep:password"), PropertyStates.createProperty("rep:password", "pw"));
    }

    @Test(expected = CommitFailedException.class)
    public void changePrimaryType() throws Exception {
        try {
            Tree tree = this.root.getTree(this.userPath);
            createUserValidator(tree, tree).propertyChanged(tree.getProperty("jcr:primaryType"), PropertyStates.createProperty("jcr:primaryType", "rep:Group"));
        } catch (CommitFailedException e) {
            Assert.assertEquals(28L, e.getCode());
            throw e;
        }
    }

    @Test
    public void changePrimaryTypeValid() throws Exception {
        Tree tree = this.root.getTree(this.userPath);
        createUserValidator(tree, tree).propertyChanged(PropertyStates.createProperty("jcr:primaryType", "rep:Group"), tree.getProperty("jcr:primaryType"));
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveAdminUser() throws Exception {
        String str = (String) getConfig().getConfigValue("adminId", "admin");
        UserManager userManager = getUserManager(this.root);
        User authorizable = userManager.getAuthorizable(str);
        if (authorizable == null) {
            authorizable = userManager.createUser(str, str);
            this.root.commit();
        }
        this.root.getTree(authorizable.getPath()).remove();
        this.root.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveAdminUserFolder() throws Exception {
        String str = (String) getConfig().getConfigValue("adminId", "admin");
        UserManager userManager = getUserManager(this.root);
        User authorizable = userManager.getAuthorizable(str);
        if (authorizable == null) {
            authorizable = userManager.createUser(str, str);
            this.root.commit();
        }
        try {
            this.root.getTree(authorizable.getPath()).getParent().remove();
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(27L, e.getCode());
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testDisableAdminUser() throws Exception {
        try {
            String str = (String) getConfig().getConfigValue("adminId", "admin");
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(str);
            if (authorizable == null) {
                authorizable = userManager.createUser(str, str);
                this.root.commit();
            }
            this.root.getTree(authorizable.getPath()).setProperty("rep:disabled", "disabled");
            this.root.commit();
        } catch (CommitFailedException e) {
            Assert.assertEquals(20L, e.getCode());
            throw e;
        }
    }

    @Test
    public void testDisableAdminUserNonExistingTree() throws Exception {
        Tree tree = this.root.getTree(((Authorizable) Preconditions.checkNotNull(getUserManager(this.root).getAuthorizable((String) getConfig().getConfigValue("adminId", "admin")))).getPath());
        UserValidator createUserValidator = createUserValidator(tree, tree);
        tree.remove();
        createUserValidator.propertyAdded(PropertyStates.createProperty("rep:disabled", "disabled"));
    }

    @Test
    public void testEnforceHierarchy() {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add(IdentifierManagerTest.ID_ROOT);
        arrayList.add("/jcr:system");
        arrayList.add((String) getConfig().getConfigValue("groupsPath", "/rep:security/rep:authorizables/rep:groups"));
        arrayList.add(Text.getRelativeParent((String) getConfig().getConfigValue("usersPath", "/rep:security/rep:authorizables/rep:users"), 1));
        arrayList.add(this.userPath);
        arrayList.add(this.userPath + "/folder");
        UserProvider userProvider = new UserProvider(this.root, getUserConfiguration().getParameters());
        for (String str : arrayList) {
            try {
                Tree tree = this.root.getTree(str);
                if (!tree.exists()) {
                    String[] explode = Text.explode(str, 47, false);
                    tree = this.root.getTree(IdentifierManagerTest.ID_ROOT);
                    for (String str2 : explode) {
                        if (!tree.getChild(str2).exists()) {
                            Tree addChild = tree.addChild(str2);
                            addChild.setProperty("jcr:primaryType", "rep:AuthorizableFolder", Type.NAME);
                            tree = addChild;
                        }
                    }
                }
                Tree addChild2 = tree.addChild("testUser");
                addChild2.setProperty("jcr:primaryType", "rep:User", Type.NAME);
                addChild2.setProperty("jcr:uuid", userProvider.getContentID("testUser"));
                addChild2.setProperty("rep:principalName", "testUser");
                this.root.commit();
                Assert.fail("Invalid hierarchy should be detected");
                this.root.refresh();
            } catch (CommitFailedException e) {
                this.root.refresh();
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testCreateNestedUser() throws Exception {
        Tree addChild = TreeUtil.addChild(TreeUtil.addChild(this.root.getTree(getTestUser().getPath()), "profile", "nt:unstructured"), "nested", "rep:User");
        addChild.setProperty("rep:principalName", "nested");
        addChild.setProperty("rep:authorizableId", "nested");
        addChild.setProperty("jcr:uuid", UUIDUtils.generateUUID("nested"));
        try {
            this.root.commit();
            Assert.fail("Creating nested users must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(29L, e.getCode());
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testCreateNestedUser2Steps() throws Exception {
        Tree addChild = TreeUtil.addChild(TreeUtil.addChild(this.root.getTree(getTestUser().getPath()), "profile", "nt:unstructured"), "nested", "nt:unstructured");
        addChild.setProperty("rep:principalName", "nested");
        addChild.setProperty("rep:authorizableId", "nested");
        addChild.setProperty("jcr:uuid", UUIDUtils.generateUUID("nested"));
        this.root.commit();
        try {
            addChild.setProperty("jcr:primaryType", "rep:User", Type.NAME);
            this.root.commit();
            Assert.fail("Creating nested users must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(29L, e.getCode());
            throw e;
        }
    }

    @Test
    public void hiddenNodeAdded() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeState root = new MemoryNodeStore().getRoot();
        NodeBuilder builder = root.builder();
        NodeBuilder child = builder.child("test");
        NodeBuilder child2 = child.child(":hidden");
        Validator childNodeAdded = createValidatorProvider.getRootValidator(root, builder.getNodeState(), CommitInfo.EMPTY).childNodeAdded("test", child.getNodeState());
        Assert.assertNotNull(childNodeAdded);
        Assert.assertNull(childNodeAdded.childNodeAdded(":hidden", child2.getNodeState()));
    }

    @Test
    public void hiddenNodeChanged() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeBuilder builder = new MemoryNodeStore().getRoot().builder();
        builder.child("test").child(":hidden");
        NodeState nodeState = builder.getNodeState();
        NodeBuilder child = nodeState.builder().child("test");
        NodeBuilder child2 = child.child(":hidden");
        child2.child("added");
        Validator childNodeChanged = createValidatorProvider.getRootValidator(nodeState, builder.getNodeState(), CommitInfo.EMPTY).childNodeChanged("test", nodeState.getChildNode("test"), child.getNodeState());
        Assert.assertNotNull(childNodeChanged);
        Assert.assertNull(childNodeChanged.childNodeChanged(":hidden", nodeState.getChildNode("test").getChildNode(":hidden"), child2.getNodeState()));
    }

    @Test
    public void hiddenNodeDeleted() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeBuilder builder = new MemoryNodeStore().getRoot().builder();
        builder.child("test").child(":hidden");
        NodeState nodeState = builder.getNodeState();
        NodeBuilder builder2 = nodeState.builder();
        NodeBuilder child = builder2.child("test");
        child.child(":hidden").remove();
        Validator childNodeChanged = createValidatorProvider.getRootValidator(nodeState, builder2.getNodeState(), CommitInfo.EMPTY).childNodeChanged("test", nodeState.getChildNode("test"), child.getNodeState());
        Assert.assertNotNull(childNodeChanged);
        Assert.assertNull(childNodeChanged.childNodeDeleted(":hidden", nodeState.getChildNode("test").getChildNode(":hidden")));
    }
}
