package org.apache.jackrabbit.oak.security.user;

import java.lang.reflect.Field;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import javax.jcr.RepositoryException;
import javax.jcr.nodetype.ConstraintViolationException;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.Iterables;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.user.UserConstants;
import org.apache.jackrabbit.oak.spi.security.user.util.PasswordUtil;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/PasswordHistoryTest.class */
public class PasswordHistoryTest extends AbstractSecurityTest implements UserConstants {
    private static final String[] PASSWORDS = {"abc", "def", "ghi", "jkl", "mno", "pqr", "stu", "vwx", "yz0", "123", "456", "789"};
    private static final ConfigurationParameters CONFIG = ConfigurationParameters.of("passwordHistorySize", 10);

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of(ImmutableMap.of("org.apache.jackrabbit.oak.user", CONFIG));
    }

    @NotNull
    private List<String> getHistory(@NotNull User user) throws RepositoryException {
        Iterable strings = TreeUtil.getStrings(this.root.getTree(user.getPath()).getChild("rep:pwd"), "rep:pwdHistory");
        return strings == null ? Collections.emptyList() : ImmutableList.copyOf(strings).reverse();
    }

    private static Integer getMaxSize(@NotNull PasswordHistory passwordHistory) throws Exception {
        Field declaredField = passwordHistory.getClass().getDeclaredField("maxSize");
        declaredField.setAccessible(true);
        return (Integer) declaredField.get(passwordHistory);
    }

    private static boolean isEnabled(@NotNull PasswordHistory passwordHistory) throws Exception {
        Field declaredField = passwordHistory.getClass().getDeclaredField("isEnabled");
        declaredField.setAccessible(true);
        return ((Boolean) declaredField.get(passwordHistory)).booleanValue();
    }

    @Test
    public void testNoPwdTreeOnUserCreation() throws Exception {
        Assert.assertFalse(this.root.getTree(getTestUser().getPath()).hasChild("rep:pwd"));
    }

    @Test
    public void testHistoryEmptyOnUserCreationWithPassword() throws Exception {
        Assert.assertFalse(this.root.getTree(getTestUser().getPath()).hasChild("rep:pwd"));
    }

    @Test
    public void testHistoryWithSinglePasswordChange() throws Exception {
        User testUser = getTestUser();
        String string = TreeUtil.getString(this.root.getTree(testUser.getPath()), "rep:password");
        testUser.changePassword("newPwd");
        this.root.commit();
        Assert.assertTrue(this.root.getTree(testUser.getPath()).hasChild("rep:pwd"));
        Assert.assertTrue(this.root.getTree(testUser.getPath()).getChild("rep:pwd").hasProperty("rep:pwdHistory"));
        List<String> history = getHistory(testUser);
        Assert.assertEquals(1L, history.size());
        Assert.assertEquals(string, history.iterator().next());
        Assert.assertNotSame(TreeUtil.getString(this.root.getTree(testUser.getPath()), "rep:password"), string);
    }

    @Test
    public void testHistoryMaxSize() throws Exception {
        User testUser = getTestUser();
        for (String str : PASSWORDS) {
            testUser.changePassword(str);
            this.root.commit();
        }
        Assert.assertEquals(10L, getHistory(testUser).size());
    }

    @Test
    public void testHistoryOrder() throws Exception {
        User testUser = getTestUser();
        for (String str : PASSWORDS) {
            testUser.changePassword(str);
        }
        int i = 1;
        Iterator<String> it = getHistory(testUser).iterator();
        while (it.hasNext()) {
            int i2 = i;
            i++;
            Assert.assertTrue(PasswordUtil.isSame(it.next(), PASSWORDS[i2]));
        }
    }

    @Test
    public void testRepeatedPwAfterHistorySizeReached() throws Exception {
        User testUser = getTestUser();
        for (String str : PASSWORDS) {
            testUser.changePassword(str);
        }
        testUser.changePassword(testUser.getID());
        for (String str2 : PASSWORDS) {
            testUser.changePassword(str2);
        }
    }

    @Test(expected = ConstraintViolationException.class)
    public void testHistoryViolationAtFirstChange() throws Exception {
        User testUser = getTestUser();
        testUser.changePassword(testUser.getID());
    }

    @Test(expected = ConstraintViolationException.class)
    public void testHistoryViolation() throws Exception {
        User testUser = getTestUser();
        testUser.changePassword("abc");
        testUser.changePassword("def");
        testUser.changePassword("abc");
    }

    @Test
    public void testNoHistoryUpdateOnViolation() throws Exception {
        User testUser = getTestUser();
        try {
            testUser.changePassword("abc");
            testUser.changePassword("def");
            testUser.changePassword("abc");
            Assert.fail("history violation not detected");
        } catch (ConstraintViolationException e) {
            String[] strArr = {testUser.getID(), "abc"};
            int i = 0;
            Iterator<String> it = getHistory(testUser).iterator();
            while (it.hasNext()) {
                int i2 = i;
                i++;
                Assert.assertTrue(PasswordUtil.isSame(it.next(), strArr[i2]));
            }
        }
    }

    @Test
    public void testEnabledPasswordHistory() throws Exception {
        PasswordHistory passwordHistory = new PasswordHistory(CONFIG);
        Assert.assertTrue(isEnabled(passwordHistory));
        Assert.assertEquals(10L, getMaxSize(passwordHistory).longValue());
    }

    @Test
    public void testHistoryUpperLimit() throws Exception {
        PasswordHistory passwordHistory = new PasswordHistory(ConfigurationParameters.of("passwordHistorySize", Integer.MAX_VALUE));
        Assert.assertTrue(isEnabled(passwordHistory));
        Assert.assertEquals(1000L, getMaxSize(passwordHistory).longValue());
    }

    @Test
    public void testDisabledPasswordHistory() throws Exception {
        User testUser = getTestUser();
        Tree tree = this.root.getTree(testUser.getPath());
        Iterator it = ImmutableList.of(ConfigurationParameters.EMPTY, ConfigurationParameters.of("passwordHistorySize", 0), ConfigurationParameters.of("passwordHistorySize", -1), ConfigurationParameters.of("passwordHistorySize", Integer.MIN_VALUE)).iterator();
        while (it.hasNext()) {
            PasswordHistory passwordHistory = new PasswordHistory((ConfigurationParameters) it.next());
            Assert.assertFalse(isEnabled(passwordHistory));
            Assert.assertFalse(passwordHistory.updatePasswordHistory(tree, testUser.getID()));
        }
    }

    @Test(expected = ConstraintViolationException.class)
    public void testCheckPasswordHistory() throws Exception {
        Tree tree = this.root.getTree(getTestUser().getPath());
        PasswordHistory passwordHistory = new PasswordHistory(CONFIG);
        Assert.assertTrue(isEnabled(passwordHistory));
        Assert.assertEquals(10L, getMaxSize(passwordHistory).longValue());
        passwordHistory.updatePasswordHistory(tree, getTestUser().getID());
    }

    @Test
    public void testConfigurationChange() throws Exception {
        User testUser = getTestUser();
        Tree tree = this.root.getTree(testUser.getPath());
        PasswordHistory passwordHistory = new PasswordHistory(CONFIG);
        for (String str : PASSWORDS) {
            Assert.assertTrue(passwordHistory.updatePasswordHistory(tree, str));
        }
        Assert.assertEquals(10L, getHistory(testUser).size());
        PasswordHistory passwordHistory2 = new PasswordHistory(ConfigurationParameters.of("passwordHistorySize", 5));
        List<String> history = getHistory(testUser);
        Assert.assertEquals(10L, history.size());
        Iterables.skip(history, 6);
        passwordHistory2.updatePasswordHistory(tree, history.iterator().next());
        Assert.assertEquals(5L, getHistory(testUser).size());
        new PasswordHistory(CONFIG).updatePasswordHistory(tree, "newPwd");
        Assert.assertEquals(6L, getHistory(testUser).size());
    }

    @Test
    public void testEnableDisable() throws Exception {
        Tree tree = this.root.getTree(getTestUser().getPath());
        PasswordHistory passwordHistory = new PasswordHistory(CONFIG);
        for (String str : PASSWORDS) {
            Assert.assertTrue(passwordHistory.updatePasswordHistory(tree, str));
        }
        Assert.assertEquals(10L, getHistory(r0).size());
        new PasswordHistory(ConfigurationParameters.EMPTY).updatePasswordHistory(tree, PASSWORDS[8]);
        Assert.assertEquals(10L, getHistory(r0).size());
    }

    @Test
    public void testSingleTypeHistoryProperty() throws Exception {
        Tree tree = this.root.getTree(getTestUser().getPath());
        Tree orAddChild = TreeUtil.getOrAddChild(tree, "rep:pwd", "rep:Password");
        orAddChild.setProperty("rep:pwdHistory", "singleValuedProperty");
        Assert.assertFalse(orAddChild.getProperty("rep:pwdHistory").isArray());
        Assert.assertFalse(orAddChild.getProperty("rep:pwdHistory").getType().isArray());
        Assert.assertTrue(new PasswordHistory(CONFIG).updatePasswordHistory(tree, "anyOtherPassword"));
        Assert.assertTrue(orAddChild.getProperty("rep:pwdHistory").isArray());
        Assert.assertTrue(orAddChild.getProperty("rep:pwdHistory").getType().isArray());
    }

    @Test
    public void testUpdateMissingPwHash() throws Exception {
        Assert.assertFalse(new PasswordHistory(ConfigurationParameters.of("passwordHistorySize", 1)).updatePasswordHistory(this.root.getTree(getUserManager(this.root).createUser("uid", (String) null).getPath()), "pw"));
    }
}
