package org.apache.jackrabbit.oak.security.authentication;

import java.util.Collections;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.Configuration;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.plugins.identifier.IdentifierManagerTest;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.AuthInfoImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.ConfigurationUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenConfiguration;
import org.apache.jackrabbit.oak.spi.security.authentication.token.TokenProvider;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/Jackrabbit2ConfigurationTest.class */
public class Jackrabbit2ConfigurationTest extends AbstractSecurityTest {
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected Configuration getConfiguration() {
        return ConfigurationUtil.getJackrabbit2Configuration(ConfigurationParameters.EMPTY);
    }

    @Test
    public void testNullLogin() throws Exception {
        ContentSession login = login(null);
        try {
            Assert.assertEquals(UserUtil.getAnonymousId(getUserConfiguration().getParameters()), login.getAuthInfo().getUserID());
            login.close();
        } catch (Throwable th) {
            login.close();
            throw th;
        }
    }

    @Test
    public void testGuestLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new GuestCredentials());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidSimpleCredentials() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("test", new char[0]));
            Assert.fail("Invalid simple credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidSimpleCredentialsWithAttribute() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("test", new char[0]);
            simpleCredentials.setAttribute(".token", "");
            contentSession = login(simpleCredentials);
            Assert.fail("Invalid simple credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testSimpleCredentials() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(getAdminCredentials());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testSimpleCredentialsWithAttribute() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            contentSession = login(adminCredentials);
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testTokenAuthInfo() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            contentSession = login(adminCredentials);
            Assert.assertEquals("userid must be correct", "admin", contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testTokenCreationAndLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            ContentSession login = login(adminCredentials);
            String obj = adminCredentials.getAttribute(".token").toString();
            Assert.assertNotNull(obj);
            TokenCredentials tokenCredentials = new TokenCredentials(obj.toString());
            login.close();
            contentSession = login(tokenCredentials);
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testTokenCreationAndImpersonation() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            ContentSession login = login(new ImpersonationCredentials(adminCredentials, new AuthInfoImpl(getAdminCredentials().getUserID(), Collections.emptyMap(), Collections.emptySet())));
            String obj = adminCredentials.getAttribute(".token").toString();
            Assert.assertNotNull(obj);
            TokenCredentials tokenCredentials = new TokenCredentials(obj.toString());
            login.close();
            contentSession = login(tokenCredentials);
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testInvalidTokenCredentials() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new TokenCredentials(IdentifierManagerTest.ID_INVALID));
            Assert.fail("Invalid token credentials login should fail");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testValidTokenCredentials() throws Exception {
        TokenProvider tokenProvider = ((TokenConfiguration) getSecurityProvider().getConfiguration(TokenConfiguration.class)).getTokenProvider(this.adminSession.getLatestRoot());
        SimpleCredentials adminCredentials = getAdminCredentials();
        ContentSession login = login(new TokenCredentials(tokenProvider.createToken(adminCredentials.getUserID(), Collections.emptyMap()).getToken()));
        try {
            Assert.assertEquals(adminCredentials.getUserID(), login.getAuthInfo().getUserID());
            login.close();
        } catch (Throwable th) {
            login.close();
            throw th;
        }
    }

    @Test
    public void testTokenCreationWithAttributes() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            adminCredentials.setAttribute(".token.mandatory", "something");
            adminCredentials.setAttribute("attr", "val");
            contentSession = login(adminCredentials);
            ImmutableSet copyOf = ImmutableSet.copyOf(contentSession.getAuthInfo().getAttributeNames());
            Assert.assertTrue(copyOf.contains("attr"));
            Assert.assertFalse(copyOf.contains(".token"));
            Assert.assertFalse(copyOf.contains(".token.mandatory"));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testTokenCreationWithImpersonationAttributes() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials adminCredentials = getAdminCredentials();
            adminCredentials.setAttribute(".token", "");
            adminCredentials.setAttribute(".token.mandatory", "something");
            adminCredentials.setAttribute("attr", "val");
            contentSession = login(new ImpersonationCredentials(adminCredentials, new AuthInfoImpl(getAdminCredentials().getUserID(), Collections.emptyMap(), Collections.emptySet())));
            ImmutableSet copyOf = ImmutableSet.copyOf(contentSession.getAuthInfo().getAttributeNames());
            Assert.assertTrue(copyOf.contains("attr"));
            Assert.assertFalse(copyOf.contains(".token"));
            Assert.assertFalse(copyOf.contains(".token.mandatory"));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testTokenLoginForDisabledUser() throws Exception {
        ContentSession contentSession = null;
        try {
            User testUser = getTestUser();
            SimpleCredentials simpleCredentials = new SimpleCredentials(testUser.getID(), testUser.getID().toCharArray());
            simpleCredentials.setAttribute(".token", "");
            ContentSession login = login(simpleCredentials);
            testUser.disable("disabled");
            this.root.commit();
            String obj = simpleCredentials.getAttribute(".token").toString();
            Assert.assertNotNull(obj);
            TokenCredentials tokenCredentials = new TokenCredentials(obj.toString());
            login.close();
            contentSession = login(tokenCredentials);
            Assert.fail("token login for a disabled user must fail.");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }
}
