package org.apache.jackrabbit.oak.jcr.security.user;

import java.security.Principal;
import java.util.Collections;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.oak.spi.security.principal.AdminPrincipal;
import org.apache.jackrabbit.test.NotExecutableException;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/jcr/security/user/ImpersonationTest.class */
public class ImpersonationTest extends AbstractUserTest {
    private User user2;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        this.user2 = this.userMgr.createUser("user2", "pw");
        this.superuser.save();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.jcr.security.user.AbstractUserTest
    public void tearDown() throws Exception {
        try {
            this.user2.remove();
            this.superuser.save();
            super.tearDown();
        } catch (Throwable th) {
            super.tearDown();
            throw th;
        }
    }

    @Test
    public void testImpersonation() throws RepositoryException, NotExecutableException {
        Principal principal = this.user2.getPrincipal();
        Subject subject = new Subject(true, Collections.singleton(principal), Collections.emptySet(), Collections.emptySet());
        Impersonation impersonation = this.user.getImpersonation();
        assertFalse(impersonation.allows(subject));
        assertTrue(impersonation.grantImpersonation(principal));
        assertFalse(impersonation.grantImpersonation(principal));
        this.superuser.save();
        assertTrue(impersonation.allows(subject));
        assertTrue(impersonation.revokeImpersonation(principal));
        assertFalse(impersonation.revokeImpersonation(principal));
        this.superuser.save();
        assertFalse(impersonation.allows(subject));
    }

    @Test
    public void testAdminAsImpersonator() throws RepositoryException, NotExecutableException {
        String userID = this.superuser.getUserID();
        User authorizable = this.userMgr.getAuthorizable(userID);
        if (authorizable == null || authorizable.isGroup() || !authorizable.isAdmin()) {
            throw new NotExecutableException(userID + " is not administators ID");
        }
        Principal principal = authorizable.getPrincipal();
        Impersonation impersonation = this.user.getImpersonation();
        assertFalse(impersonation.grantImpersonation(principal));
        assertFalse(impersonation.revokeImpersonation(principal));
        assertTrue(impersonation.allows(buildSubject(principal)));
        Impersonation impersonation2 = authorizable.getImpersonation();
        assertFalse(impersonation2.grantImpersonation(principal));
        assertFalse(impersonation2.revokeImpersonation(principal));
        assertTrue(impersonation.allows(buildSubject(principal)));
    }

    public void testAdminPrincipalAsImpersonator() throws RepositoryException, NotExecutableException {
        AdminPrincipal adminPrincipal = new AdminPrincipal() { // from class: org.apache.jackrabbit.oak.jcr.security.user.ImpersonationTest.1
            public String getName() {
                return "some-admin-name";
            }
        };
        Impersonation impersonation = this.user.getImpersonation();
        assertFalse(impersonation.grantImpersonation(adminPrincipal));
        assertFalse(impersonation.revokeImpersonation(adminPrincipal));
        assertTrue(impersonation.allows(buildSubject(adminPrincipal)));
    }
}
