package org.apache.jackrabbit.oak.security.user;

import java.util.ArrayList;
import java.util.UUID;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.UUIDUtils;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.plugins.memory.MemoryNodeStore;
import org.apache.jackrabbit.oak.security.authorization.accesscontrol.AccessControlManagerImplTest;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.state.NodeBuilder;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.apache.jackrabbit.util.Text;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/UserValidatorTest.class */
public class UserValidatorTest extends AbstractSecurityTest implements UserConstants {
    private String userPath;

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userPath = getTestUser().getPath();
    }

    private UserValidatorProvider createValidatorProvider() {
        return new UserValidatorProvider(getConfig(), getRootProvider(), getTreeProvider());
    }

    @Test
    public void removePassword() throws Exception {
        try {
            this.root.getTree(this.userPath).removeProperty("rep:password");
            this.root.commit();
            Assert.fail("removing password should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void removePrincipalName() throws Exception {
        try {
            this.root.getTree(this.userPath).removeProperty("rep:principalName");
            this.root.commit();
            Assert.fail("removing principal name should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void removeAuthorizableId() throws Exception {
        try {
            this.root.getTree(this.userPath).removeProperty("rep:authorizableId");
            this.root.commit();
            Assert.fail("removing authorizable id should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void createWithoutPrincipalName() throws Exception {
        try {
            this.root.getTree(getUserManager(this.root).createUser("withoutPrincipalName", "pw").getPath()).removeProperty("rep:principalName");
            this.root.commit();
            Assert.fail("creating user with invalid jcr:uuid should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void createWithInvalidUUID() throws Exception {
        try {
            this.root.getTree(getUserManager(this.root).createUser("withInvalidUUID", "pw").getPath()).setProperty("jcr:uuid", UUID.randomUUID().toString());
            this.root.commit();
            Assert.fail("creating user with invalid jcr:uuid should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void changeUUID() throws Exception {
        try {
            this.root.getTree(this.userPath).setProperty("jcr:uuid", UUID.randomUUID().toString());
            this.root.commit();
            Assert.fail("changing jcr:uuid should fail if it the uuid valid is invalid");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void changePrincipalName() throws Exception {
        try {
            this.root.getTree(this.userPath).setProperty("rep:principalName", "another");
            this.root.commit();
            Assert.fail("changing the principal name should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void changeAuthorizableId() throws Exception {
        try {
            this.root.getTree(this.userPath).setProperty("rep:authorizableId", "modified");
            this.root.commit();
            Assert.fail("changing the authorizable id should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void changePasswordToPlainText() throws Exception {
        try {
            this.root.getTree(this.userPath).setProperty("rep:password", "plaintext");
            this.root.commit();
            Assert.fail("storing a plaintext password should fail");
        } catch (CommitFailedException e) {
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testRemoveAdminUser() throws Exception {
        try {
            String str = (String) getConfig().getConfigValue("adminId", "admin");
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(str);
            if (authorizable == null) {
                authorizable = userManager.createUser(str, str);
                this.root.commit();
            }
            this.root.getTree(authorizable.getPath()).remove();
            this.root.commit();
            Assert.fail("Admin user cannot be removed");
            this.root.refresh();
        } catch (CommitFailedException e) {
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testRemoveAdminUserFolder() throws Exception {
        try {
            String str = (String) getConfig().getConfigValue("adminId", "admin");
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(str);
            if (authorizable == null) {
                authorizable = userManager.createUser(str, str);
                this.root.commit();
            }
            this.root.getTree(authorizable.getPath()).getParent().remove();
            this.root.commit();
            Assert.fail("Admin user cannot be removed");
            this.root.refresh();
        } catch (CommitFailedException e) {
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testDisableAdminUser() throws Exception {
        try {
            String str = (String) getConfig().getConfigValue("adminId", "admin");
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(str);
            if (authorizable == null) {
                authorizable = userManager.createUser(str, str);
                this.root.commit();
            }
            this.root.getTree(authorizable.getPath()).setProperty("rep:disabled", "disabled");
            this.root.commit();
            Assert.fail("Admin user cannot be disabled");
            this.root.refresh();
        } catch (CommitFailedException e) {
            this.root.refresh();
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testEnforceHierarchy() throws RepositoryException, CommitFailedException {
        ArrayList<String> arrayList = new ArrayList();
        arrayList.add(IdentifierManagerTest.ID_ROOT);
        arrayList.add("/jcr:system");
        arrayList.add((String) getConfig().getConfigValue("groupsPath", "/rep:security/rep:authorizables/rep:groups"));
        arrayList.add(Text.getRelativeParent((String) getConfig().getConfigValue("usersPath", "/rep:security/rep:authorizables/rep:users"), 1));
        arrayList.add(this.userPath);
        arrayList.add(this.userPath + "/folder");
        UserProvider userProvider = new UserProvider(this.root, getUserConfiguration().getParameters());
        for (String str : arrayList) {
            try {
                Tree tree = this.root.getTree(str);
                if (!tree.exists()) {
                    String[] explode = Text.explode(str, 47, false);
                    tree = this.root.getTree(IdentifierManagerTest.ID_ROOT);
                    for (String str2 : explode) {
                        if (!tree.getChild(str2).exists()) {
                            Tree addChild = tree.addChild(str2);
                            addChild.setProperty("jcr:primaryType", "rep:AuthorizableFolder", Type.NAME);
                            tree = addChild;
                        }
                    }
                }
                Tree addChild2 = tree.addChild("testUser");
                addChild2.setProperty("jcr:primaryType", "rep:User", Type.NAME);
                addChild2.setProperty("jcr:uuid", userProvider.getContentID("testUser"));
                addChild2.setProperty("rep:principalName", "testUser");
                this.root.commit();
                Assert.fail("Invalid hierarchy should be detected");
                this.root.refresh();
            } catch (CommitFailedException e) {
                this.root.refresh();
            } catch (Throwable th) {
                this.root.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCreateNestedUser() throws Exception {
        NodeUtil addChild = new NodeUtil(this.root.getTree(getTestUser().getPath())).addChild("profile", "nt:unstructured").addChild("nested", "rep:User");
        addChild.setString("rep:principalName", "nested");
        addChild.setString("rep:authorizableId", "nested");
        addChild.setString("jcr:uuid", UUIDUtils.generateUUID("nested"));
        try {
            try {
                this.root.commit();
                Assert.fail("Creating nested users must be detected.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertEquals(29L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testCreateNestedUser2Steps() throws Exception {
        NodeUtil addChild = new NodeUtil(this.root.getTree(getTestUser().getPath())).addChild("profile", "nt:unstructured").addChild("nested", "nt:unstructured");
        addChild.setString("rep:principalName", "nested");
        addChild.setString("rep:authorizableId", "nested");
        addChild.setString("jcr:uuid", UUIDUtils.generateUUID("nested"));
        this.root.commit();
        try {
            try {
                addChild.setName("jcr:primaryType", "rep:User");
                this.root.commit();
                Assert.fail("Creating nested users must be detected.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertEquals(29L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void hiddenNodeAdded() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeState root = new MemoryNodeStore().getRoot();
        NodeBuilder builder = root.builder();
        NodeBuilder child = builder.child(AccessControlManagerImplTest.TEST_LOCAL_PREFIX);
        NodeBuilder child2 = child.child(":hidden");
        Validator childNodeAdded = createValidatorProvider.getRootValidator(root, builder.getNodeState(), CommitInfo.EMPTY).childNodeAdded(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, child.getNodeState());
        Assert.assertNotNull(childNodeAdded);
        Assert.assertNull(childNodeAdded.childNodeAdded(":hidden", child2.getNodeState()));
    }

    @Test
    public void hiddenNodeChanged() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeBuilder builder = new MemoryNodeStore().getRoot().builder();
        builder.child(AccessControlManagerImplTest.TEST_LOCAL_PREFIX).child(":hidden");
        NodeState nodeState = builder.getNodeState();
        NodeBuilder child = nodeState.builder().child(AccessControlManagerImplTest.TEST_LOCAL_PREFIX);
        NodeBuilder child2 = child.child(":hidden");
        child2.child("added");
        Validator childNodeChanged = createValidatorProvider.getRootValidator(nodeState, builder.getNodeState(), CommitInfo.EMPTY).childNodeChanged(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, nodeState.getChildNode(AccessControlManagerImplTest.TEST_LOCAL_PREFIX), child.getNodeState());
        Assert.assertNotNull(childNodeChanged);
        Assert.assertNull(childNodeChanged.childNodeChanged(":hidden", nodeState.getChildNode(AccessControlManagerImplTest.TEST_LOCAL_PREFIX).getChildNode(":hidden"), child2.getNodeState()));
    }

    @Test
    public void hiddenNodeDeleted() throws CommitFailedException {
        UserValidatorProvider createValidatorProvider = createValidatorProvider();
        NodeBuilder builder = new MemoryNodeStore().getRoot().builder();
        builder.child(AccessControlManagerImplTest.TEST_LOCAL_PREFIX).child(":hidden");
        NodeState nodeState = builder.getNodeState();
        NodeBuilder builder2 = nodeState.builder();
        NodeBuilder child = builder2.child(AccessControlManagerImplTest.TEST_LOCAL_PREFIX);
        child.child(":hidden").remove();
        Validator childNodeChanged = createValidatorProvider.getRootValidator(nodeState, builder2.getNodeState(), CommitInfo.EMPTY).childNodeChanged(AccessControlManagerImplTest.TEST_LOCAL_PREFIX, nodeState.getChildNode(AccessControlManagerImplTest.TEST_LOCAL_PREFIX), child.getNodeState());
        Assert.assertNotNull(childNodeChanged);
        Assert.assertNull(childNodeChanged.childNodeDeleted(":hidden", nodeState.getChildNode(AccessControlManagerImplTest.TEST_LOCAL_PREFIX).getChildNode(":hidden")));
    }

    private ConfigurationParameters getConfig() {
        return getUserConfiguration().getParameters();
    }
}
