package org.apache.jackrabbit.core.config;

import java.io.IOException;
import java.io.StringReader;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.Properties;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.UnsupportedRepositoryOperationException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.DefaultSecurityManager;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.core.security.AccessManager;
import org.apache.jackrabbit.core.security.DefaultAccessManager;
import org.apache.jackrabbit.core.security.JackrabbitSecurityManager;
import org.apache.jackrabbit.core.security.authentication.DefaultLoginModule;
import org.apache.jackrabbit.core.security.principal.PrincipalProvider;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.apache.jackrabbit.core.security.simple.SimpleAccessManager;
import org.apache.jackrabbit.core.security.simple.SimpleSecurityManager;
import org.apache.jackrabbit.core.security.user.UserManagerImpl;
import org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:org/apache/jackrabbit/core/config/SecurityConfigTest.class */
public class SecurityConfigTest extends AbstractJCRTest {
    private static Logger log = LoggerFactory.getLogger(SecurityConfigTest.class);
    private RepositoryConfigurationParser parser;
    private static final String CONFIG_1 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.security.simple.SimpleSecurityManager\"></SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.simple.SimpleAccessManager\"></AccessManager>    </Security>";
    private static final String CONFIG_2 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">        </SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">        </AccessManager>        <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">           <param name=\"anonymousId\" value=\"anonymous\"/>           <param name=\"adminId\" value=\"admin\"/>           <param name=\"principalProvider\" value=\"org.apache.jackrabbit.TestPrincipalProvider\"/>        </LoginModule>\n    </Security>";
    private static final String CONFIG_3 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"\">           <param name=\"defaultDepth\" value=\"4\"/>           <param name=\"autoExpandTree\" value=\"true\"/>           <param name=\"autoExpandSize\" value=\"2000\"/>           </UserManager>           <UserIdClass class=\"org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal\"/>        </SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">        </AccessManager>        <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">           <param name=\"anonymousId\" value=\"anonymous\"/>           <param name=\"adminId\" value=\"admin\"/>           <param name=\"principalProvider\" value=\"org.apache.jackrabbit.TestPrincipalProvider\"/>        </LoginModule>\n    </Security>";
    private static final String INVALID_CONFIG_1 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.security.simple.SimpleSecurityManager\"></SecurityManager>    </Security>";
    private static final String INVALID_CONFIG_2 = "    <Security>        <SecurityManager class=\"org.apache.jackrabbit.core.security.simple.SimpleSecurityManager\"></SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.simple.SimpleAccessManager\"></AccessManager>    </Security>";
    private static final String INVALID_CONFIG_3 = "    <Security appName=\"Jackrabbit\">        <AccessManager class=\"org.apache.jackrabbit.core.security.simple.SimpleAccessManager\"></AccessManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_INVALID = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.NonExisting\" />        </SecurityManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_IMPL = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.UserManagerImpl\" />        </SecurityManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_DERIVED = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.UserPerWorkspaceUserManager\" />        </SecurityManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_WITH_ACTIONS = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.UserManagerImpl\">              <AuthorizableAction class=\"org.apache.jackrabbit.core.security.user.action.AccessControlAction\">                 <param name=\"groupPrivilegeNames\" value=\"jcr:read, jcr:write\"/>                 <param name=\"userPrivilegeNames\" value=\" jcr:read    ,  jcr:readAccessControl  \"/>              </AuthorizableAction>              <AuthorizableAction class=\"org.apache.jackrabbit.core.security.user.action.ClearMembershipAction\"/>           </UserManager>           <UserIdClass class=\"org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal\"/>        </SecurityManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_WITH_INVALID_ACTIONS = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.UserManagerImpl\">              <AuthorizableAction class=\"org.apache.jackrabbit.core.security.user.action.NonExistingAction\"/>           </UserManager>           <UserIdClass class=\"org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal\"/>        </SecurityManager>    </Security>";
    private static final String USER_MANAGER_CONFIG_WITH_INVALID_ACTIONS_2 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">           <UserManager class=\"org.apache.jackrabbit.core.security.user.UserManagerImpl\">              <AuthorizableAction class=\"org.apache.jackrabbit.core.security.user.action.AccessControlAction\">                 <param name=\"invalidParam\" value=\"any value\"/>              </AuthorizableAction>           </UserManager>           <UserIdClass class=\"org.apache.jackrabbit.api.security.principal.ItemBasedPrincipal\"/>        </SecurityManager>    </Security>";
    private static final String PRINCIPAL_PROVIDER_CONFIG = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">        </SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">        </AccessManager>        <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">           <param name=\"anonymousId\" value=\"anonymous\"/>           <param name=\"adminId\" value=\"admin\"/>           <param name=\"principalProvider\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>        </LoginModule>\n    </Security>";
    private static final String PRINCIPAL_PROVIDER_CONFIG1 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">        </SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">        </AccessManager>        <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">           <param name=\"anonymousId\" value=\"anonymous\"/>           <param name=\"adminId\" value=\"admin\"/>           <param name=\"principalProvider\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>           <param name=\"principal_provider.name\" value=\"test\"/>        </LoginModule>\n    </Security>";
    private static final String PRINCIPAL_PROVIDER_CONFIG2 = "    <Security appName=\"Jackrabbit\">        <SecurityManager class=\"org.apache.jackrabbit.core.DefaultSecurityManager\" workspaceName=\"security\">        </SecurityManager>        <AccessManager class=\"org.apache.jackrabbit.core.security.DefaultAccessManager\">        </AccessManager>        <LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">           <param name=\"anonymousId\" value=\"anonymous\"/>           <param name=\"adminId\" value=\"admin\"/>           <param name=\"principal_provider.class\" value=\"org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider\"/>           <param name=\"principal_provider.name\" value=\"test2\"/>        </LoginModule>\n    </Security>";

    protected void setUp() throws Exception {
        super.setUp();
        this.parser = new RepositoryConfigurationParser(new Properties());
    }

    protected void tearDown() throws Exception {
        super.tearDown();
    }

    public void testConfig1() throws ConfigurationException {
        SecurityConfig parseSecurityConfig = this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(CONFIG_1)), true));
        assertNotNull(parseSecurityConfig.getAppName());
        assertEquals("Jackrabbit", parseSecurityConfig.getAppName());
        SecurityManagerConfig securityManagerConfig = parseSecurityConfig.getSecurityManagerConfig();
        assertNotNull(securityManagerConfig);
        assertTrue(securityManagerConfig.newInstance(JackrabbitSecurityManager.class) instanceof SimpleSecurityManager);
        assertNull(securityManagerConfig.getWorkspaceAccessConfig());
        assertNull(securityManagerConfig.getWorkspaceName());
        assertNotNull(parseSecurityConfig.getAccessManagerConfig());
        assertTrue(parseSecurityConfig.getAccessManagerConfig().newInstance(AccessManager.class) instanceof SimpleAccessManager);
        assertNull(parseSecurityConfig.getLoginModuleConfig());
    }

    public void testConfig2() throws ConfigurationException {
        SecurityConfig parseSecurityConfig = this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(CONFIG_2)), true));
        assertNotNull(parseSecurityConfig.getAppName());
        assertEquals("Jackrabbit", parseSecurityConfig.getAppName());
        SecurityManagerConfig securityManagerConfig = parseSecurityConfig.getSecurityManagerConfig();
        assertNotNull(securityManagerConfig);
        assertTrue(securityManagerConfig.newInstance(JackrabbitSecurityManager.class) instanceof DefaultSecurityManager);
        assertNull(securityManagerConfig.getWorkspaceAccessConfig());
        assertEquals("security", securityManagerConfig.getWorkspaceName());
        assertNull(securityManagerConfig.getUserManagerConfig());
        AccessManagerConfig accessManagerConfig = parseSecurityConfig.getAccessManagerConfig();
        assertNotNull(accessManagerConfig);
        assertTrue(accessManagerConfig.newInstance(AccessManager.class) instanceof DefaultAccessManager);
        LoginModuleConfig loginModuleConfig = parseSecurityConfig.getLoginModuleConfig();
        assertNotNull(loginModuleConfig);
        assertTrue(loginModuleConfig.getLoginModule() instanceof DefaultLoginModule);
        Properties parameters = loginModuleConfig.getParameters();
        assertNotNull(parameters);
        assertEquals("anonymous", parameters.getProperty("anonymousId"));
        assertEquals("admin", parameters.getProperty("adminId"));
        assertEquals("org.apache.jackrabbit.TestPrincipalProvider", parameters.getProperty("principalProvider"));
    }

    public void testConfig3() throws ConfigurationException {
        SecurityManagerConfig securityManagerConfig = this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(CONFIG_3)), true)).getSecurityManagerConfig();
        assertEquals(ItemBasedPrincipal.class, securityManagerConfig.getUserIdClass());
        UserManagerConfig userManagerConfig = securityManagerConfig.getUserManagerConfig();
        assertNotNull(userManagerConfig);
        Properties parameters = userManagerConfig.getParameters();
        assertNotNull(parameters);
        assertFalse(parameters.containsKey("compatibleJR16"));
        assertTrue(Boolean.parseBoolean(parameters.getProperty("autoExpandTree")));
        assertEquals(4, Integer.parseInt(parameters.getProperty("defaultDepth")));
        assertEquals(2000L, Long.parseLong(parameters.getProperty("autoExpandSize")));
    }

    public void testUserManagerConfig() throws RepositoryException, UnsupportedRepositoryOperationException {
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_INVALID)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserManagerImpl.class, new Class[]{String.class}, new Object[]{"invalid"});
            fail("Nonexisting umgr implementation -> instanciation must fail.");
        } catch (ConfigurationException e) {
        }
        UserManager userManager = this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_IMPL)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserManagerImpl.class, new Class[]{SessionImpl.class, String.class}, new Object[]{this.superuser, "admin"});
        assertNotNull(userManager);
        assertTrue(userManager instanceof UserManagerImpl);
        assertTrue(userManager.isAutoSave());
        try {
            userManager.autoSave(false);
            fail("must not be allowed");
        } catch (RepositoryException e2) {
        }
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_IMPL)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserPerWorkspaceUserManager.class, new Class[]{SessionImpl.class, String.class}, new Object[]{this.superuser, "admin"});
            fail("UserManagerImpl is not assignable from derived class");
        } catch (ConfigurationException e3) {
        }
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_IMPL)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserManagerImpl.class, new Class[]{Session.class}, new Object[]{this.superuser, "admin"});
            fail("Invalid parameter types -> must fail.");
        } catch (ConfigurationException e4) {
        }
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_IMPL)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserManagerImpl.class, new Class[]{SessionImpl.class, String.class}, new Object[]{this.superuser, 21});
            fail("Invalid init args -> must fail.");
        } catch (ConfigurationException e5) {
        }
        UserManager userManager2 = this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_DERIVED)), true)).getSecurityManagerConfig().getUserManagerConfig().getUserManager(UserManagerImpl.class, new Class[]{SessionImpl.class, String.class}, new Object[]{this.superuser, "admin"});
        assertNotNull(userManager2);
        assertTrue(userManager2 instanceof UserPerWorkspaceUserManager);
        assertTrue(userManager2.isAutoSave());
        userManager2.autoSave(false);
        assertEquals(2, this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_WITH_ACTIONS)), true)).getSecurityManagerConfig().getUserManagerConfig().getAuthorizableActions().length);
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_WITH_INVALID_ACTIONS)), true)).getSecurityManagerConfig().getUserManagerConfig().getAuthorizableActions();
            fail("Invalid configuration - must fail");
        } catch (ConfigurationException e6) {
        }
        try {
            this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(USER_MANAGER_CONFIG_WITH_INVALID_ACTIONS_2)), true)).getSecurityManagerConfig().getUserManagerConfig().getAuthorizableActions();
            fail("Invalid configuration - must fail");
        } catch (ConfigurationException e7) {
        }
    }

    public void testPrincipalProviderConfig() throws Exception {
        ProviderRegistryImpl providerRegistryImpl = new ProviderRegistryImpl((PrincipalProvider) null);
        PrincipalProvider registerProvider = providerRegistryImpl.registerProvider(this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG)), true)).getLoginModuleConfig().getParameters());
        assertEquals(registerProvider, providerRegistryImpl.getProvider(registerProvider.getClass().getName()));
        assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", registerProvider.getClass().getName());
        PrincipalProvider registerProvider2 = providerRegistryImpl.registerProvider(this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG1)), true)).getLoginModuleConfig().getParameters());
        assertEquals(registerProvider2, providerRegistryImpl.getProvider("test"));
        assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", registerProvider2.getClass().getName());
        PrincipalProvider registerProvider3 = providerRegistryImpl.registerProvider(this.parser.parseSecurityConfig(parseXML(new InputSource(new StringReader(PRINCIPAL_PROVIDER_CONFIG2)), true)).getLoginModuleConfig().getParameters());
        assertEquals(registerProvider3, providerRegistryImpl.getProvider("test2"));
        assertEquals("org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider", registerProvider3.getClass().getName());
        assertEquals(3, providerRegistryImpl.getProviders().length);
    }

    public void testInvalidConfig() {
        ArrayList arrayList = new ArrayList();
        arrayList.add(new InputSource(new StringReader(INVALID_CONFIG_1)));
        arrayList.add(new InputSource(new StringReader(INVALID_CONFIG_2)));
        arrayList.add(new InputSource(new StringReader(INVALID_CONFIG_3)));
        Iterator it = arrayList.iterator();
        while (it.hasNext()) {
            try {
                this.parser.parseSecurityConfig(parseXML((InputSource) it.next(), false));
                fail("Invalid config -> should fail.");
            } catch (ConfigurationException e) {
            }
        }
    }

    private static Element parseXML(InputSource inputSource, boolean z) throws ConfigurationException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setValidating(z);
            DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
            if (z) {
                newDocumentBuilder.setErrorHandler(new ConfigurationErrorHandler());
            }
            newDocumentBuilder.setEntityResolver(ConfigurationEntityResolver.INSTANCE);
            return newDocumentBuilder.parse(inputSource).getDocumentElement();
        } catch (IOException e) {
            throw new ConfigurationException("Configuration file could not be read.", e);
        } catch (ParserConfigurationException e2) {
            throw new ConfigurationException("Unable to create configuration XML parser", e2);
        } catch (SAXParseException e3) {
            throw new ConfigurationException("Configuration file syntax error. (Line: " + e3.getLineNumber() + " Column: " + e3.getColumnNumber() + ")", e3);
        } catch (SAXException e4) {
            throw new ConfigurationException("Configuration file syntax error. ", e4);
        }
    }
}
