package org.apache.jackrabbit.oak.security.authentication.user;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import com.google.common.collect.Sets;
import java.io.IOException;
import java.security.Principal;
import java.util.Arrays;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.security.internal.SecurityProviderBuilder;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.Authentication;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.user.UserAuthenticationFactory;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest.class */
public class LoginModuleImplTest extends AbstractSecurityTest {
    private static final String USER_ID = "test";
    private static final String USER_ID_CASED = "TeSt";
    private static final String USER_PW = "pw";
    private User user;

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/user/LoginModuleImplTest$TestCallbackHandler.class */
    private class TestCallbackHandler implements CallbackHandler {
        private final SecurityProvider sp;

        private TestCallbackHandler(@Nullable UserAuthenticationFactory userAuthenticationFactory) {
            this.sp = new SecurityProviderBuilder().with(ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("userAuthenticationFactory", userAuthenticationFactory))).build();
        }

        @Override // javax.security.auth.callback.CallbackHandler
        public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
            for (Callback callback : callbackArr) {
                if (!(callback instanceof RepositoryCallback)) {
                    throw new UnsupportedCallbackException(callback);
                }
                ((RepositoryCallback) callback).setSecurityProvider(this.sp);
                ((RepositoryCallback) callback).setContentRepository(LoginModuleImplTest.this.getContentRepository());
            }
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        if (this.user != null) {
            this.user.remove();
            this.root.commit();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected Configuration getConfiguration() {
        return ConfigurationUtil.getDefaultConfiguration(ConfigurationParameters.EMPTY);
    }

    private User createTestUser() throws RepositoryException, CommitFailedException {
        if (this.user == null) {
            this.user = getUserManager(this.root).createUser("test", USER_PW);
            this.root.commit();
        }
        return this.user;
    }

    @Test
    public void testNullLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(null);
            Assert.fail("Null login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testGuestLogin() throws Exception {
        ContentSession login = login(new GuestCredentials());
        Throwable th = null;
        try {
            Assert.assertEquals(UserUtil.getAnonymousId(getUserConfiguration().getParameters()), login.getAuthInfo().getUserID());
            if (login != null) {
                if (0 == 0) {
                    login.close();
                    return;
                }
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (login != null) {
                if (0 != 0) {
                    try {
                        login.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    login.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAnonymousLogin() throws Exception {
        String anonymousId = UserUtil.getAnonymousId(getUserConfiguration().getParameters());
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(anonymousId);
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(this.root.getTree(authorizable.getPath()).hasProperty("rep:password"));
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials(anonymousId, new char[0]));
            Assert.fail("Login with anonymousID should fail since the initial setup doesn't provide a password.");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testUserLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            contentSession = login(new SimpleCredentials("test", USER_PW.toCharArray()));
            Assert.assertEquals("test", contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testAuthInfoContainsUserId() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            contentSession = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
            Assert.assertEquals(this.user.getID(), contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testUserLoginIsCaseInsensitive() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            contentSession = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(contentSession.getAuthInfo().getUserID());
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.getID().equalsIgnoreCase(USER_ID_CASED));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testUserLoginIsCaseInsensitive2() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            contentSession = login(new SimpleCredentials(USER_ID_CASED, USER_PW.toCharArray()));
            AuthInfo authInfo = contentSession.getAuthInfo();
            Assert.assertEquals(this.user.getID(), authInfo.getUserID());
            Assert.assertTrue(USER_ID_CASED.equalsIgnoreCase(authInfo.getUserID()));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testUnknownUserLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("unknown", "".toCharArray()));
            Assert.fail("Unknown user must not be able to login");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testSelfImpersonation() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            ContentSession login = login(new SimpleCredentials("test", USER_PW.toCharArray()));
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertEquals("test", authInfo.getUserID());
            login.close();
            contentSession = login(new ImpersonationCredentials(new SimpleCredentials("test", new char[0]), authInfo));
            Assert.assertEquals("test", contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidImpersonation() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            ContentSession login = login(new SimpleCredentials("test", USER_PW.toCharArray()));
            AuthInfo authInfo = login.getAuthInfo();
            Assert.assertEquals("test", authInfo.getUserID());
            login.close();
            contentSession = null;
            String adminId = UserUtil.getAdminId(((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getParameters());
            try {
                contentSession = login(new ImpersonationCredentials(new SimpleCredentials(adminId, new char[0]), authInfo));
                Assert.fail("User 'test' should not be allowed to impersonate " + adminId);
            } catch (LoginException e) {
            }
        } finally {
            if (contentSession != null) {
                contentSession.close();
            }
        }
    }

    @Test
    public void testLoginWithAttributes() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            SimpleCredentials simpleCredentials = new SimpleCredentials("test", USER_PW.toCharArray());
            simpleCredentials.setAttribute("attr", "value");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            Assert.assertTrue(Arrays.asList(authInfo.getAttributeNames()).contains("attr"));
            Assert.assertEquals("value", authInfo.getAttribute("attr"));
            contentSession.close();
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testImpersonationWithAttributes() throws Exception {
        ContentSession contentSession = null;
        try {
            createTestUser();
            ContentSession login = login(new SimpleCredentials("test", USER_PW.toCharArray()));
            AuthInfo authInfo = login.getAuthInfo();
            login.close();
            SimpleCredentials simpleCredentials = new SimpleCredentials("test", new char[0]);
            simpleCredentials.setAttribute("attr", "value");
            contentSession = login(new ImpersonationCredentials(simpleCredentials, authInfo));
            AuthInfo authInfo2 = contentSession.getAuthInfo();
            Assert.assertTrue(Arrays.asList(authInfo2.getAttributeNames()).contains("attr"));
            Assert.assertEquals("value", authInfo2.getAttribute("attr"));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testGetNullUserAuthentication() throws Exception {
        LoginModuleImpl loginModuleImpl = new LoginModuleImpl();
        loginModuleImpl.initialize(new Subject(), new TestCallbackHandler((UserAuthenticationFactory) Mockito.mock(UserAuthenticationFactory.class)), Maps.newHashMap(), Maps.newHashMap());
        Assert.assertFalse(loginModuleImpl.login());
        Assert.assertFalse(loginModuleImpl.commit());
    }

    @Test
    public void testCustomUserAuthentication() throws Exception {
        LoginModuleImpl loginModuleImpl = new LoginModuleImpl();
        TestCallbackHandler testCallbackHandler = new TestCallbackHandler(new UserAuthenticationFactory() { // from class: org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImplTest.1
            @CheckForNull
            public Authentication getAuthentication(@Nonnull UserConfiguration userConfiguration, @Nonnull Root root, @Nullable String str) {
                return new Authentication() { // from class: org.apache.jackrabbit.oak.security.authentication.user.LoginModuleImplTest.1.1
                    public boolean authenticate(@Nullable Credentials credentials) throws LoginException {
                        return true;
                    }

                    @CheckForNull
                    public String getUserId() {
                        return null;
                    }

                    @CheckForNull
                    public Principal getUserPrincipal() {
                        return null;
                    }
                };
            }
        });
        Subject subject = new Subject(false, Sets.newHashSet(), ImmutableSet.of(new SimpleCredentials("loginId", new char[0])), Sets.newHashSet());
        loginModuleImpl.initialize(subject, testCallbackHandler, Maps.newHashMap(), Maps.newHashMap());
        Assert.assertTrue(loginModuleImpl.login());
        Assert.assertTrue(loginModuleImpl.commit());
        Assert.assertEquals("loginId", ((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getUserID());
    }
}
