package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.Iterator;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.NodeImpl;
import org.apache.jackrabbit.test.NotExecutableException;
import org.apache.jackrabbit.util.Text;

/* loaded from: input_file:org/apache/jackrabbit/core/security/user/GroupAdministratorTest.class */
public class GroupAdministratorTest extends AbstractUserTest {
    private String uID;
    private Session uSession;
    private String otherUID;
    private String otherUID2;
    private String grID;
    private String groupsPath;
    private Group groupAdmin;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.api.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        Principal testPrincipal = getTestPrincipal();
        UserImpl createUser = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
        save(this.superuser);
        this.otherUID = createUser.getID();
        Principal testPrincipal2 = getTestPrincipal();
        String buildPassword = buildPassword(testPrincipal2);
        Credentials buildCredentials = buildCredentials(testPrincipal2.getName(), buildPassword);
        User createUser2 = this.userMgr.createUser(testPrincipal2.getName(), buildPassword);
        save(this.superuser);
        this.uID = createUser2.getID();
        Group authorizable = this.userMgr.getAuthorizable("GroupAdmin");
        if (authorizable == null || !authorizable.isGroup()) {
            throw new NotExecutableException("Cannot execute test. No group-administrator group found.");
        }
        this.groupAdmin = authorizable;
        this.groupAdmin.addMember(createUser2);
        save(this.superuser);
        this.grID = this.groupAdmin.getID();
        this.uSession = getHelper().getRepository().login(buildCredentials);
        this.groupsPath = this.userMgr instanceof UserManagerImpl ? this.userMgr.getGroupsPath() : "/rep:security/rep:authorizables/rep:groups";
    }

    protected void tearDown() throws Exception {
        try {
            if (this.uSession != null) {
                this.uSession.logout();
            }
            super.tearDown();
        } finally {
            this.groupAdmin.removeMember(this.userMgr.getAuthorizable(this.uID));
            Authorizable authorizable = this.userMgr.getAuthorizable(this.otherUID);
            if (authorizable != null) {
                authorizable.remove();
            }
            save(this.superuser);
        }
    }

    private String getYetAnotherID() throws RepositoryException, NotExecutableException {
        if (this.otherUID2 == null) {
            Principal testPrincipal = getTestPrincipal();
            this.otherUID2 = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal)).getID();
            save(this.superuser);
        }
        return this.otherUID2;
    }

    public void testIsGroupAdmin() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        assertTrue(userManager.getAuthorizable(this.grID).isMember(userManager.getAuthorizable(this.uID)));
    }

    public void testCreateUser() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        UserImpl userImpl = null;
        try {
            Principal testPrincipal = getTestPrincipal();
            userImpl = (UserImpl) userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.uSession);
            fail("Group administrator should not be allowed to create a new user.");
            if (userImpl != null) {
                userImpl.remove();
                save(this.uSession);
            }
        } catch (AccessDeniedException e) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testRemoveSelf() throws RepositoryException, NotExecutableException {
        try {
            getUserManager(this.uSession).getAuthorizable(this.uID).remove();
            save(this.uSession);
            fail("A GroupAdministrator should not be allowed to remove the own authorizable.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRemoveGroupAdmin() throws RepositoryException, NotExecutableException {
        try {
            getUserManager(this.uSession).getAuthorizable(this.grID).remove();
            save(this.uSession);
            fail("A GroupAdministrator should not be allowed to remove the group admin.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testCreateGroup() throws RepositoryException, NotExecutableException {
        GroupImpl groupImpl = null;
        try {
            groupImpl = getUserManager(this.uSession).createGroup(getTestPrincipal());
            save(this.uSession);
            assertTrue(Text.isDescendant(this.groupsPath, groupImpl.getNode().getPath()));
            if (groupImpl != null) {
                groupImpl.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (groupImpl != null) {
                groupImpl.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testCreateGroupWithIntermediatePath() throws RepositoryException, NotExecutableException {
        GroupImpl groupImpl = null;
        try {
            groupImpl = getUserManager(this.uSession).createGroup(getTestPrincipal(), "/any/intermediate/path");
            save(this.uSession);
            assertTrue(Text.isDescendant(this.groupsPath + "/any/intermediate/path", groupImpl.getNode().getPath()));
            if (groupImpl != null) {
                groupImpl.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (groupImpl != null) {
                groupImpl.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testAddToGroup() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Authorizable authorizable = userManager.getAuthorizable(getYetAnotherID());
        Group authorizable2 = userManager.getAuthorizable(this.grID);
        try {
            assertTrue("Modifying group membership requires GroupAdmin membership.", authorizable2.addMember(authorizable));
            save(this.uSession);
            authorizable2.removeMember(authorizable);
            save(this.uSession);
        } catch (Throwable th) {
            authorizable2.removeMember(authorizable);
            save(this.uSession);
            throw th;
        }
    }

    public void testAddToGroup2() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Authorizable authorizable = userManager.getAuthorizable(getYetAnotherID());
        Group authorizable2 = userManager.getAuthorizable(this.groupAdmin.getID());
        assertTrue(authorizable2.addMember(authorizable));
        save(this.uSession);
        assertTrue(authorizable2.removeMember(authorizable));
        save(this.uSession);
    }

    public void testAddMembersToCreatedGroup() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Group group = null;
        User authorizable = userManager.getAuthorizable(this.uID);
        try {
            group = userManager.createGroup(getTestPrincipal(), "/a/b/c/d");
            save(this.uSession);
            assertTrue(group.addMember(authorizable));
            save(this.uSession);
            Authorizable authorizable2 = userManager.getAuthorizable(getYetAnotherID());
            assertFalse(group.isMember(authorizable2));
            assertTrue(group.addMember(authorizable2));
            save(this.uSession);
            if (group != null) {
                Iterator declaredMembers = group.getDeclaredMembers();
                while (declaredMembers.hasNext()) {
                    group.removeMember((Authorizable) declaredMembers.next());
                }
                group.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (group != null) {
                Iterator declaredMembers2 = group.getDeclaredMembers();
                while (declaredMembers2.hasNext()) {
                    group.removeMember((Authorizable) declaredMembers2.next());
                }
                group.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testAddMembersUserAdmins() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Group authorizable = userManager.getAuthorizable("UserAdmin");
        if (authorizable == null || !authorizable.isGroup()) {
            throw new NotExecutableException("Cannot execute test. No User-Admin group found.");
        }
        Group group = authorizable;
        Authorizable authorizable2 = null;
        User authorizable3 = userManager.getAuthorizable(this.uID);
        try {
            group.addMember(authorizable3);
            save(this.uSession);
            group.removeMember(authorizable3);
            save(this.uSession);
            fail("Group admin cannot add member to user-admins");
        } catch (AccessDeniedException e) {
        }
        try {
            authorizable2 = userManager.createGroup(getTestPrincipal(), "/a/b/c/d");
            save(this.uSession);
            group.addMember(authorizable2);
            save(this.uSession);
            group.removeMember(authorizable2);
            save(this.uSession);
            fail("Group admin cannot add member to user-admins");
            if (authorizable2 != null) {
                authorizable2.remove();
                save(this.uSession);
            }
        } catch (AccessDeniedException e2) {
            if (authorizable2 != null) {
                authorizable2.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (authorizable2 != null) {
                authorizable2.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testAddOtherUserToGroup() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Authorizable authorizable = userManager.getAuthorizable(this.otherUID);
        Group authorizable2 = userManager.getAuthorizable(this.groupAdmin.getID());
        try {
            assertTrue(authorizable2.addMember(authorizable));
            save(this.uSession);
            authorizable2.removeMember(authorizable);
            save(this.uSession);
        } catch (Throwable th) {
            authorizable2.removeMember(authorizable);
            save(this.uSession);
            throw th;
        }
    }

    public void testAddOwnAuthorizableAsGroupAdmin() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        assertFalse(userManager.getAuthorizable(this.groupAdmin.getID()).addMember(userManager.getAuthorizable(this.uID)));
    }

    public void testRemoveMembershipForOwnAuthorizable() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        assertTrue(userManager.getAuthorizable(this.groupAdmin.getID()).removeMember(userManager.getAuthorizable(this.uID)));
    }

    public void testAddOwnAuthorizableToForeignGroup() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Authorizable authorizable = userManager.getAuthorizable(this.uID);
        Group createGroup = this.userMgr.createGroup(getTestPrincipal());
        save(this.superuser);
        try {
            assertTrue(userManager.getAuthorizable(createGroup.getID()).addMember(authorizable));
            save(this.uSession);
            assertTrue(userManager.getAuthorizable(createGroup.getID()).removeMember(authorizable));
            save(this.uSession);
            createGroup.remove();
            save(this.superuser);
        } catch (Throwable th) {
            createGroup.remove();
            save(this.superuser);
            throw th;
        }
    }

    public void testRemoveMembersOfForeignGroup() throws RepositoryException, NotExecutableException {
        Group group = null;
        User user = null;
        User user2 = null;
        try {
            Group createGroup = this.userMgr.createGroup(getTestPrincipal());
            save(this.superuser);
            Principal testPrincipal = getTestPrincipal();
            User createUser = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.superuser);
            Principal testPrincipal2 = getTestPrincipal();
            User createUser2 = this.userMgr.createUser(testPrincipal2.getName(), buildPassword(testPrincipal2));
            save(this.superuser);
            createGroup.addMember(createUser);
            createGroup.addMember(createUser2);
            save(this.superuser);
            Group authorizable = getUserManager(this.uSession).getAuthorizable(createGroup.getID());
            Iterator members = authorizable.getMembers();
            if (members.hasNext()) {
                assertTrue("GroupAdmin must be able to modify group membership.", authorizable.removeMember((Authorizable) members.next()));
                save(this.uSession);
            } else {
                fail("Must contain members....");
            }
            if (createGroup != null) {
                createGroup.removeMember(createUser);
                createGroup.removeMember(createUser2);
                createGroup.remove();
            }
            if (createUser != null) {
                createUser.remove();
            }
            if (createUser2 != null) {
                createUser2.remove();
            }
            save(this.superuser);
        } catch (AccessDeniedException e) {
            if (0 != 0) {
                group.removeMember((Authorizable) null);
                group.removeMember((Authorizable) null);
                group.remove();
            }
            if (0 != 0) {
                user.remove();
            }
            if (0 != 0) {
                user2.remove();
            }
            save(this.superuser);
        } catch (Throwable th) {
            if (0 != 0) {
                group.removeMember((Authorizable) null);
                group.removeMember((Authorizable) null);
                group.remove();
            }
            if (0 != 0) {
                user.remove();
            }
            if (0 != 0) {
                user2.remove();
            }
            save(this.superuser);
            throw th;
        }
    }

    public void testRemoveAllMembersOfForeignGroup() throws RepositoryException, NotExecutableException {
        Group group = null;
        Authorizable authorizable = null;
        try {
            group = this.userMgr.createGroup(getTestPrincipal());
            save(this.superuser);
            Principal testPrincipal = getTestPrincipal();
            authorizable = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            group.addMember(authorizable);
            save(this.superuser);
            Group authorizable2 = getUserManager(this.uSession).getAuthorizable(group.getID());
            Iterator members = authorizable2.getMembers();
            while (members.hasNext()) {
                assertTrue("GroupAdmin must be able to remove a member of another group.", authorizable2.removeMember((Authorizable) members.next()));
                save(this.uSession);
            }
            if (group != null && authorizable != null) {
                group.removeMember(authorizable);
            }
            if (group != null) {
                group.remove();
            }
            if (authorizable != null) {
                authorizable.remove();
            }
            save(this.superuser);
        } catch (AccessDeniedException e) {
            if (group != null && authorizable != null) {
                group.removeMember(authorizable);
            }
            if (group != null) {
                group.remove();
            }
            if (authorizable != null) {
                authorizable.remove();
            }
            save(this.superuser);
        } catch (Throwable th) {
            if (group != null && authorizable != null) {
                group.removeMember(authorizable);
            }
            if (group != null) {
                group.remove();
            }
            if (authorizable != null) {
                authorizable.remove();
            }
            save(this.superuser);
            throw th;
        }
    }

    public void testImpersonationOfOtherUser() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.uSession);
        Principal principal = userManager.getAuthorizable(this.uID).getPrincipal();
        Impersonation impersonation = userManager.getAuthorizable(getYetAnotherID()).getImpersonation();
        assertFalse(impersonation.allows(buildSubject(principal)));
        try {
            assertFalse(impersonation.grantImpersonation(principal));
            save(this.uSession);
        } catch (AccessDeniedException e) {
        }
        assertFalse(impersonation.allows(buildSubject(principal)));
        Impersonation impersonation2 = userManager.getAuthorizable(this.otherUID).getImpersonation();
        assertFalse(impersonation2.allows(buildSubject(principal)));
        try {
            assertFalse(impersonation2.grantImpersonation(principal));
            save(this.uSession);
        } catch (AccessDeniedException e2) {
        }
        assertFalse(impersonation2.allows(buildSubject(principal)));
    }

    public void testPersisted() throws NotExecutableException, RepositoryException {
        Group group = null;
        try {
            group = getUserManager(this.uSession).createGroup(getTestPrincipal());
            save(this.uSession);
            Authorizable authorizable = this.userMgr.getAuthorizable(group.getID());
            assertNotNull(authorizable);
            assertEquals(group.getID(), authorizable.getID());
            if (group != null) {
                group.remove();
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                save(this.uSession);
            }
            throw th;
        }
    }

    public void testAddCustomNodeToGroupAdminNode() throws RepositoryException, NotExecutableException {
        NodeImpl node = getUserManager(this.uSession).getAuthorizable(this.grID).getNode();
        Session session = node.getSession();
        Node addNode = node.addNode(this.nodeName1, this.ntUnstructured);
        save(this.uSession);
        addNode.setProperty(this.propertyName1, session.getValueFactory().createValue("anyValue"));
        save(this.uSession);
        addNode.remove();
        save(this.uSession);
    }
}
