package org.apache.jackrabbit.oak.security.authentication.token;

import com.google.common.collect.ImmutableMap;
import java.io.IOException;
import java.util.Collections;
import java.util.Map;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.TokenProviderCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest.class */
public class TokenLoginModuleTest extends AbstractSecurityTest {

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest$TestCallbackHandler.class */
    private final class TestCallbackHandler implements CallbackHandler {
        private final TokenProvider tokenProvider;
        private final Class<? extends Exception> e;

        private TestCallbackHandler(@Nullable TokenProvider tokenProvider) {
            this.tokenProvider = tokenProvider;
            this.e = null;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof TokenProviderCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                ((TokenProviderCallback) callback).setTokenProvider(this.tokenProvider);
            }
        }
    }

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/token/TokenLoginModuleTest$ThrowingCallbackHandler.class */
    private final class ThrowingCallbackHandler implements CallbackHandler {
        private final Class<? extends Exception> e;

        private ThrowingCallbackHandler(@Nonnull Class<? extends Exception> cls) {
            this.e = cls;
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            if (this.e.getName().equals(UnsupportedCallbackException.class.getName())) {
                throw new UnsupportedCallbackException(new TokenProviderCallback());
            }
            if (this.e.getName().equals(IOException.class.getName())) {
                throw new IOException();
            }
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected Configuration getConfiguration() {
        return new Configuration() { // from class: org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModuleTest.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                return new AppConfigurationEntry[]{new AppConfigurationEntry(TokenLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.REQUIRED, Collections.emptyMap())};
            }
        };
    }

    @Test
    public void testNullLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(null);
            Assert.fail("Null login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testGuestLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new GuestCredentials());
            Assert.fail("GuestCredentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testSimpleCredentials() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("admin", "admin".toCharArray()));
            Assert.fail("Unsupported credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testSimpleCredentialsWithAttribute() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, new char[0]);
            simpleCredentials.setAttribute(".token", "");
            contentSession = login(simpleCredentials);
            Assert.fail("Unsupported credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidTokenCredentials() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new TokenCredentials(IdentifierManagerTest.ID_INVALID));
            Assert.fail("Invalid token credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testValidTokenCredentials() throws Exception {
        TokenProvider tokenProvider = ((TokenConfiguration) getSecurityProvider().getConfiguration(TokenConfiguration.class)).getTokenProvider(this.adminSession.getLatestRoot());
        SimpleCredentials adminCredentials = getAdminCredentials();
        ContentSession login = login(new TokenCredentials(tokenProvider.createToken(adminCredentials.getUserID(), Collections.emptyMap()).getToken()));
        try {
            Assert.assertEquals(adminCredentials.getUserID(), login.getAuthInfo().getUserID());
            login.close();
        } catch (Throwable th) {
            login.close();
            throw th;
        }
    }

    @Test
    public void testMissingTokenProvider() throws Exception {
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), (CallbackHandler) null, ImmutableMap.of(), ImmutableMap.of());
        Assert.assertFalse(tokenLoginModule.login());
    }

    @Test
    public void testMissingTokenProvider2() throws Exception {
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), new TestCallbackHandler(null), ImmutableMap.of(), ImmutableMap.of());
        Assert.assertFalse(tokenLoginModule.login());
    }

    @Test
    public void testTokenProviderCallback() throws Exception {
        TokenProviderImpl tokenProviderImpl = new TokenProviderImpl(this.root, ConfigurationParameters.EMPTY, getUserConfiguration());
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), new TestCallbackHandler(tokenProviderImpl), ImmutableMap.of(), ImmutableMap.of());
        Assert.assertFalse(tokenLoginModule.login());
    }

    @Test
    public void testUnsupportedCallbackException() throws Exception {
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), new ThrowingCallbackHandler(UnsupportedCallbackException.class), ImmutableMap.of(), ImmutableMap.of());
        Assert.assertFalse(tokenLoginModule.login());
    }

    @Test
    public void testIOException() throws Exception {
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), new ThrowingCallbackHandler(IOException.class), ImmutableMap.of(), ImmutableMap.of());
        Assert.assertFalse(tokenLoginModule.login());
    }

    @Test
    public void testCreateTokenFailed() throws Exception {
        TokenProvider tokenProvider = new TokenProvider() { // from class: org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModuleTest.2
            public boolean doCreateToken(@Nonnull Credentials credentials) {
                return true;
            }

            @CheckForNull
            public TokenInfo createToken(@Nonnull Credentials credentials) {
                return null;
            }

            @CheckForNull
            public TokenInfo createToken(@Nonnull String str, @Nonnull Map<String, ?> map) {
                return null;
            }

            @CheckForNull
            public TokenInfo getTokenInfo(@Nonnull String str) {
                return null;
            }
        };
        TokenLoginModule tokenLoginModule = new TokenLoginModule();
        tokenLoginModule.initialize(new Subject(), new TestCallbackHandler(tokenProvider), ImmutableMap.of("org.apache.jackrabbit.credentials", new Credentials() { // from class: org.apache.jackrabbit.oak.security.authentication.token.TokenLoginModuleTest.3
        }), ImmutableMap.of());
        tokenLoginModule.login();
        try {
            tokenLoginModule.commit();
            Assert.fail("LoginException expected");
        } catch (LoginException e) {
        }
    }
}
