package org.apache.jackrabbit.oak.spi.security.user.action;

import com.google.common.collect.ImmutableList;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest.class */
public class PasswordValidationActionTest extends AbstractSecurityTest {
    private final PasswordValidationAction pwAction = new PasswordValidationAction();
    private final TestAction testAction = new TestAction();
    private final AuthorizableActionProvider actionProvider = new AuthorizableActionProvider() { // from class: org.apache.jackrabbit.oak.spi.security.user.action.PasswordValidationActionTest.1
        @Nonnull
        public List<? extends AuthorizableAction> getAuthorizableActions(@Nonnull SecurityProvider securityProvider) {
            return ImmutableList.of(PasswordValidationActionTest.this.pwAction, PasswordValidationActionTest.this.testAction);
        }
    };
    private User user;
    private User testUser;

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/user/action/PasswordValidationActionTest$TestAction.class */
    private class TestAction extends AbstractAuthorizableAction {
        private int onCreateCalled;
        private int onPasswordChangeCalled;

        private TestAction() {
            this.onCreateCalled = 0;
            this.onPasswordChangeCalled = 0;
        }

        void reset() {
            this.onCreateCalled = 0;
            this.onPasswordChangeCalled = 0;
        }

        public void onCreate(@Nonnull User user, @Nullable String str, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
            this.onCreateCalled++;
        }

        public void onPasswordChange(@Nonnull User user, @Nullable String str, @Nonnull Root root, @Nonnull NamePathMapper namePathMapper) throws RepositoryException {
            this.onPasswordChangeCalled++;
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.user = getUserManager(this.root).getAuthorizable(this.adminSession.getAuthInfo().getUserID());
        this.testAction.reset();
        this.pwAction.init(getSecurityProvider(), ConfigurationParameters.of("constraint", "^.*(?=.{8,})(?=.*[a-z])(?=.*[A-Z]).*"));
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @After
    public void after() throws Exception {
        if (this.testUser != null) {
            this.testUser.remove();
            this.root.commit();
        }
        this.root = null;
        super.after();
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("authorizableActionProvider", this.actionProvider));
    }

    @Test
    public void testActionIsCalled() throws Exception {
        this.testUser = getUserManager(this.root).createUser("testUser", "testUser12345");
        this.root.commit();
        Assert.assertEquals(1L, this.testAction.onCreateCalled);
        this.testUser.changePassword("pW12345678");
        Assert.assertEquals(1L, this.testAction.onPasswordChangeCalled);
        this.testUser.changePassword("pW1234567890", "pW12345678");
        Assert.assertEquals(2L, this.testAction.onPasswordChangeCalled);
    }

    @Test
    public void testPasswordValidationAction() throws Exception {
        ArrayList arrayList = new ArrayList();
        arrayList.add("pw1");
        arrayList.add("only6C");
        arrayList.add("12345678");
        arrayList.add("WITHOUTLOWERCASE");
        arrayList.add("withoutuppercase");
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                this.pwAction.onPasswordChange(this.user, (String) it.next(), this.root, NamePathMapper.DEFAULT);
                Assert.fail("should throw constraint violation");
            } catch (ConstraintViolationException e) {
            }
        }
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add("abCDefGH");
        arrayList2.add("Abbbbbbbbbbbb");
        arrayList2.add("cDDDDDDDDDDDDDDDDD");
        arrayList2.add("gH%%%%%%%%%%%%%%%%^^");
        arrayList2.add("&)(*&^%23qW");
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            this.pwAction.onPasswordChange(this.user, (String) it2.next(), this.root, NamePathMapper.DEFAULT);
        }
    }

    @Test
    public void testPasswordValidationActionOnCreate() throws Exception {
        String buildPasswordHash = PasswordUtil.buildPasswordHash("DWkej32H");
        this.testUser = getUserManager(this.root).createUser("testuser", buildPasswordHash);
        this.root.commit();
        String str = (String) this.root.getTree(this.testUser.getPath()).getProperty("rep:password").getValue(Type.STRING);
        Assert.assertFalse(PasswordUtil.isPlainTextPassword(str));
        Assert.assertTrue(PasswordUtil.isSame(str, buildPasswordHash));
    }

    @Test
    public void testPasswordValidationActionOnChange() throws Exception {
        this.testUser = getUserManager(this.root).createUser("testuser", "testPw123456");
        this.root.commit();
        try {
            this.pwAction.init(getSecurityProvider(), ConfigurationParameters.of("constraint", "abc"));
            this.testUser.changePassword(PasswordUtil.buildPasswordHash("abc"));
            Assert.fail("Password change must always enforce password validation.");
        } catch (ConstraintViolationException e) {
        }
    }
}
