package org.apache.jackrabbit.oak.security.user;

import java.security.Principal;
import java.util.Enumeration;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.principal.PrincipalIterator;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/ImpersonationImplTest.class */
public class ImpersonationImplTest extends ImpersonationImplEmptyTest {
    private User impersonator;

    @Override // org.apache.jackrabbit.oak.security.user.ImpersonationImplEmptyTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        super.before();
        this.impersonator = getUserManager(this.root).createUser("impersonator" + UUID.randomUUID().toString(), (String) null);
        this.impersonation.grantImpersonation(this.impersonator.getPrincipal());
        this.root.commit();
    }

    @Override // org.apache.jackrabbit.oak.security.user.ImpersonationImplEmptyTest, org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            this.impersonator.remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.security.user.ImpersonationImplEmptyTest
    @Test
    public void testGetImpersonators() throws Exception {
        PrincipalIterator impersonators = this.impersonation.getImpersonators();
        Assert.assertTrue(impersonators.hasNext());
        Assert.assertTrue(Iterators.contains(impersonators, this.impersonator.getPrincipal()));
    }

    @Test
    public void testGetImpersonatorsImpersonatorRemoved() throws Exception {
        Principal principal = this.impersonator.getPrincipal();
        this.impersonator.remove();
        PrincipalIterator impersonators = this.impersonation.getImpersonators();
        Assert.assertTrue(impersonators.hasNext());
        Assert.assertTrue(Iterators.contains(impersonators, principal));
    }

    @Test
    public void testContentRepresentation() throws Exception {
        PropertyState property = this.root.getTree(this.user.getPath()).getProperty("rep:impersonators");
        Assert.assertNotNull(property);
        Assert.assertEquals(ImmutableList.of(this.impersonator.getPrincipal().getName()), property.getValue(Type.STRINGS));
    }

    @Test
    public void testAllows() throws Exception {
        Assert.assertTrue(this.impersonation.allows(createSubject(this.impersonator.getPrincipal())));
    }

    @Test
    public void testAllowsIncludingGroup() throws Exception {
        Assert.assertTrue(this.impersonation.allows(createSubject(this.impersonator.getPrincipal(), getUserManager(this.root).createGroup("gId").getPrincipal())));
    }

    @Test
    public void testAllowsExistingGroup() throws Exception {
        Group createGroup = getUserManager(this.root).createGroup("gId");
        try {
            this.root.commit();
            Assert.assertFalse(this.impersonation.allows(createSubject(new PrincipalImpl(createGroup.getPrincipal().getName()))));
        } finally {
            createGroup.remove();
            this.root.commit();
        }
    }

    @Test
    public void testAllowsIncludingNonExistingGroup() throws Exception {
        Assert.assertTrue(this.impersonation.allows(createSubject(this.impersonator.getPrincipal(), this.groupPrincipal)));
    }

    @Test
    public void testAllowsImpersonatorRemoved() throws Exception {
        Subject createSubject = createSubject(this.impersonator.getPrincipal());
        this.impersonator.remove();
        Assert.assertTrue(this.impersonation.allows(createSubject));
    }

    @Test
    public void testAllowsNonExistingUser() {
        Assert.assertFalse(this.impersonation.allows(createSubject(new PrincipalImpl("nonExisting"))));
    }

    @Test
    public void testAllowsUserLookupFails() throws Exception {
        Principal principalImpl = new PrincipalImpl("nonExisting");
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getAuthorizable(principalImpl)).thenThrow(new Throwable[]{new RepositoryException()});
        Assert.assertFalse(new ImpersonationImpl(new UserImpl(this.user.getID(), this.user.getTree(), userManagerImpl)).allows(createSubject(principalImpl)));
    }

    @Test
    public void testGrantImpersonationUserLookupFails() throws Exception {
        TreeBasedPrincipal treeBasedPrincipal = new TreeBasedPrincipal("nonExisting", this.user.getTree(), getNamePathMapper());
        UserManagerImpl userManagerImpl = (UserManagerImpl) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManagerImpl.getAuthorizable(treeBasedPrincipal)).thenThrow(new Throwable[]{new RepositoryException()});
        Assert.assertFalse(new ImpersonationImpl(new UserImpl(this.user.getID(), this.user.getTree(), userManagerImpl)).grantImpersonation(treeBasedPrincipal));
    }

    @Test
    public void testRevoke() throws Exception {
        Assert.assertTrue(this.impersonation.revokeImpersonation(this.impersonator.getPrincipal()));
    }

    @Test
    public void testContentRepresentationAfterModification() throws Exception {
        Principal principal = getTestUser().getPrincipal();
        this.impersonation.grantImpersonation(principal);
        Tree tree = this.root.getTree(this.user.getPath());
        PropertyState property = tree.getProperty("rep:impersonators");
        Assert.assertNotNull(property);
        Assert.assertEquals(ImmutableSet.of(this.impersonator.getPrincipal().getName(), principal.getName()), ImmutableSet.copyOf((Iterable) property.getValue(Type.STRINGS)));
        this.impersonation.revokeImpersonation(this.impersonator.getPrincipal());
        PropertyState property2 = tree.getProperty("rep:impersonators");
        Assert.assertNotNull(property2);
        Assert.assertEquals(ImmutableSet.of(principal.getName()), ImmutableSet.copyOf((Iterable) property2.getValue(Type.STRINGS)));
        this.impersonation.revokeImpersonation(principal);
        Assert.assertNull(tree.getProperty("rep:impersonators"));
    }

    @Test
    public void testImpersonationAllowByImpersonationGroupMember() throws Exception {
        final String str = "impersonators-group";
        final String str2 = "member-of-impersonator-group";
        this.impersonation = new ImpersonationImpl(ImpersonationTestUtil.getUserWithMockedConfigs("impersonators-group", this.user));
        Subject createSubject = createSubject(this.impersonator.getPrincipal(), new PrincipalImpl("impersonators-group"));
        Subject createSubject2 = createSubject(this.impersonator.getPrincipal(), new PrincipalImpl("member-of-impersonator-group"), new GroupPrincipal() { // from class: org.apache.jackrabbit.oak.security.user.ImpersonationImplTest.1
            public boolean isMember(@NotNull Principal principal) {
                return principal.getName().equals(str2);
            }

            @NotNull
            public Enumeration<? extends Principal> members() {
                return null;
            }

            public String getName() {
                return str;
            }
        });
        Subject createSubject3 = createSubject(new PrincipalImpl("simple-user"));
        Assert.assertTrue(this.impersonation.allows(createSubject));
        Assert.assertTrue(this.impersonation.allows(createSubject2));
        Assert.assertFalse(this.impersonation.allows(createSubject3));
    }
}
