package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import java.util.HashMap;
import java.util.Iterator;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.core.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/user/UserAdministratorTest.class */
public class UserAdministratorTest extends AbstractUserTest {
    private String uID;
    private String otherUID;
    private Session otherSession;
    private Group uAdministrators;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.api.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        Principal testPrincipal = getTestPrincipal();
        UserImpl createUser = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
        save(this.superuser);
        this.uID = createUser.getID();
        Principal testPrincipal2 = getTestPrincipal();
        String buildPassword = buildPassword(testPrincipal2);
        Credentials buildCredentials = buildCredentials(testPrincipal2.getName(), buildPassword);
        User createUser2 = this.userMgr.createUser(testPrincipal2.getName(), buildPassword);
        save(this.superuser);
        this.otherUID = createUser2.getID();
        Group authorizable = this.userMgr.getAuthorizable("UserAdmin");
        if (authorizable == null || !authorizable.isGroup()) {
            throw new NotExecutableException("Cannot execute test. No user-administrator group found.");
        }
        this.uAdministrators = authorizable;
        this.uAdministrators.addMember(createUser2);
        this.otherSession = getHelper().getRepository().login(buildCredentials);
    }

    protected void tearDown() throws Exception {
        try {
            if (this.otherSession != null) {
                this.otherSession.logout();
            }
            super.tearDown();
        } finally {
            Authorizable authorizable = this.userMgr.getAuthorizable(this.otherUID);
            if (authorizable != null) {
                Iterator memberOf = authorizable.memberOf();
                while (memberOf.hasNext()) {
                    Group group = (Group) memberOf.next();
                    if (!group.getPrincipal().equals(EveryonePrincipal.getInstance())) {
                        group.removeMember(authorizable);
                    }
                }
                authorizable.remove();
            }
            Authorizable authorizable2 = this.userMgr.getAuthorizable(this.uID);
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            save(this.superuser);
        }
    }

    private Group getGroupAdminGroup(UserManager userManager) throws RepositoryException, NotExecutableException {
        Group authorizable = userManager.getAuthorizable("GroupAdmin");
        if (authorizable == null || !authorizable.isGroup()) {
            throw new NotExecutableException();
        }
        return authorizable;
    }

    public void testIsUserAdministrator() throws RepositoryException, NotExecutableException {
        boolean z = false;
        Iterator<Principal> it = getPrincipalSetFromSession(this.otherSession).iterator();
        while (it.hasNext() && !z) {
            z = "UserAdmin".equals(it.next().getName());
        }
        assertTrue(z);
    }

    public void testCreateUser() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.otherSession);
        UserImpl userImpl = null;
        try {
            Principal testPrincipal = getTestPrincipal();
            userImpl = (UserImpl) userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.otherSession);
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
        } catch (Throwable th) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
            throw th;
        }
    }

    public void testCreateUserWithIntermediatePath() throws RepositoryException, NotExecutableException {
        UserManagerImpl userManager = getUserManager(this.otherSession);
        UserImpl userImpl = null;
        Principal testPrincipal = getTestPrincipal();
        String usersPath = userManager.getUsersPath();
        HashMap hashMap = new HashMap();
        hashMap.put("/some/intermediate/path", usersPath + "/some/intermediate/path/" + testPrincipal.getName());
        hashMap.put("some/intermediate/path", usersPath + "/some/intermediate/path/" + testPrincipal.getName());
        hashMap.put("/", usersPath + "/" + testPrincipal.getName());
        hashMap.put("", usersPath + "/" + testPrincipal.getName());
        hashMap.put(usersPath + "/some/intermediate/path", usersPath + "/some/intermediate/path/" + testPrincipal.getName());
        for (String str : hashMap.keySet()) {
            try {
                userImpl = (UserImpl) userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal), testPrincipal, str);
                save(this.otherSession);
                assertEquals((String) hashMap.get(str), userImpl.getNode().getPath());
                if (userImpl != null) {
                    userImpl.remove();
                    save(this.otherSession);
                }
            } catch (Throwable th) {
                if (userImpl != null) {
                    userImpl.remove();
                    save(this.otherSession);
                }
                throw th;
            }
        }
    }

    public void testCreateNestedUsers() throws NotExecutableException, RepositoryException {
        UserManager userManager = getUserManager(this.otherSession);
        UserImpl userImpl = null;
        String path = userManager.getAuthorizable(this.otherUID).getNode().getPath();
        try {
            Principal testPrincipal = getTestPrincipal();
            userImpl = (UserImpl) userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal), testPrincipal, path);
            save(this.otherSession);
            fail("An attempt to create a user below an existing user must fail.");
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
        } catch (RepositoryException e) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
        } catch (Throwable th) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
            throw th;
        }
    }

    public void testRemoveHimSelf() throws RepositoryException, NotExecutableException {
        try {
            getUserManager(this.otherSession).getAuthorizable(this.otherUID).remove();
            save(this.otherSession);
            fail("A UserAdministrator should not be allowed to remove himself.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRemoveAnotherUser() throws RepositoryException, NotExecutableException {
        getUserManager(this.otherSession).getAuthorizable(this.uID).remove();
        save(this.otherSession);
    }

    public void testModifyImpersonationOfUser() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.otherSession);
        Principal principal = userManager.getAuthorizable(this.otherUID).getPrincipal();
        User user = null;
        try {
            Principal testPrincipal = getTestPrincipal();
            user = userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.otherSession);
            Impersonation impersonation = user.getImpersonation();
            assertFalse(impersonation.allows(buildSubject(principal)));
            assertTrue(impersonation.grantImpersonation(principal));
            save(this.otherSession);
            assertTrue(impersonation.allows(buildSubject(principal)));
            if (user != null) {
                user.remove();
                save(this.otherSession);
            }
            Impersonation impersonation2 = userManager.getAuthorizable(this.uID).getImpersonation();
            if (impersonation2.allows(buildSubject(principal))) {
                throw new NotExecutableException("Cannot execute test. OtherP can already impersonate UID-user.");
            }
            assertTrue(impersonation2.grantImpersonation(principal));
            save(this.otherSession);
            assertTrue(impersonation2.allows(buildSubject(principal)));
            impersonation2.revokeImpersonation(principal);
            save(this.otherSession);
        } catch (Throwable th) {
            if (user != null) {
                user.remove();
                save(this.otherSession);
            }
            throw th;
        }
    }

    public void testModifyGroupForHimSelf() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.otherSession);
        try {
            assertFalse(getGroupAdminGroup(userManager).addMember(userManager.getAuthorizable(this.otherUID)));
            if (getGroupAdminGroup(this.userMgr).removeMember(this.userMgr.getAuthorizable(this.otherUID))) {
                save(this.superuser);
            }
        } catch (RepositoryException e) {
            if (getGroupAdminGroup(this.userMgr).removeMember(this.userMgr.getAuthorizable(this.otherUID))) {
                save(this.superuser);
            }
        } catch (Throwable th) {
            if (getGroupAdminGroup(this.userMgr).removeMember(this.userMgr.getAuthorizable(this.otherUID))) {
                save(this.superuser);
            }
            throw th;
        }
    }

    public void testModifyGroup() throws RepositoryException, NotExecutableException {
        UserManager userManager = getUserManager(this.otherSession);
        User authorizable = userManager.getAuthorizable(this.uID);
        if (authorizable == null) {
            throw new NotExecutableException();
        }
        try {
            assertFalse("A UserAdmin must not be allowed to modify group memberships", getGroupAdminGroup(userManager).addMember(authorizable));
        } catch (RepositoryException e) {
        }
        Principal testPrincipal = getTestPrincipal();
        Authorizable authorizable2 = null;
        try {
            authorizable2 = userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.otherSession);
            try {
                assertFalse("A UserAdmin must not be allowed to modify group memberships", getGroupAdminGroup(userManager).addMember(authorizable2));
            } catch (RepositoryException e2) {
            }
            if (authorizable2 != null) {
                authorizable2.remove();
            }
        } catch (Throwable th) {
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            throw th;
        }
    }

    public void testCreateGroup() throws RepositoryException, NotExecutableException {
        Authorizable authorizable;
        Authorizable authorizable2;
        Authorizable authorizable3;
        String str = null;
        try {
            Group createGroup = getUserManager(this.otherSession).createGroup(getTestPrincipal());
            save(this.otherSession);
            str = createGroup.getID();
            fail("UserAdmin should not be allowed to create a new Group.");
            if (str == null || (authorizable3 = this.userMgr.getAuthorizable(str)) == null) {
                return;
            }
            authorizable3.remove();
            save(this.superuser);
        } catch (RepositoryException e) {
            if (str == null || (authorizable2 = this.userMgr.getAuthorizable(str)) == null) {
                return;
            }
            authorizable2.remove();
            save(this.superuser);
        } catch (Throwable th) {
            if (str != null && (authorizable = this.userMgr.getAuthorizable(str)) != null) {
                authorizable.remove();
                save(this.superuser);
            }
            throw th;
        }
    }

    public void testCreateGroupWithIntermediatePath() throws RepositoryException, NotExecutableException {
        Authorizable authorizable;
        Authorizable authorizable2;
        Authorizable authorizable3;
        String str = null;
        try {
            Group createGroup = getUserManager(this.otherSession).createGroup(getTestPrincipal(), "/any/intermediate/path");
            save(this.otherSession);
            str = createGroup.getID();
            fail("UserAdmin should not be allowed to create a new Group with intermediate path.");
            if (str == null || (authorizable3 = this.userMgr.getAuthorizable(str)) == null) {
                return;
            }
            authorizable3.remove();
            save(this.superuser);
        } catch (RepositoryException e) {
            if (str == null || (authorizable2 = this.userMgr.getAuthorizable(str)) == null) {
                return;
            }
            authorizable2.remove();
            save(this.superuser);
        } catch (Throwable th) {
            if (str != null && (authorizable = this.userMgr.getAuthorizable(str)) != null) {
                authorizable.remove();
                save(this.superuser);
            }
            throw th;
        }
    }

    public void testRemoveGroup() throws NotExecutableException, RepositoryException {
        UserManager userManager = getUserManager(this.otherSession);
        Group group = null;
        try {
            group = this.userMgr.createGroup(getTestPrincipal());
            save(this.superuser);
            userManager.getAuthorizable(group.getID()).remove();
            save(this.otherSession);
            fail("UserAdmin should not be allowed to remove a Group.");
            if (group != null) {
                group.remove();
                save(this.superuser);
            }
        } catch (RepositoryException e) {
            if (group != null) {
                group.remove();
                save(this.superuser);
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                save(this.superuser);
            }
            throw th;
        }
    }

    public void testAddToGroup() throws NotExecutableException, RepositoryException {
        UserManager userManager = getUserManager(this.otherSession);
        Group groupAdminGroup = getGroupAdminGroup(userManager);
        try {
            assertFalse(groupAdminGroup.addMember(userManager.getAuthorizable(this.uID)));
        } catch (AccessDeniedException e) {
        }
        try {
            assertFalse(groupAdminGroup.addMember(userManager.getAuthorizable(this.otherUID)));
        } catch (AccessDeniedException e2) {
        }
        try {
            assertFalse(userManager.getAuthorizable(this.uAdministrators.getID()).addMember(userManager.getAuthorizable(this.otherUID)));
        } catch (AccessDeniedException e3) {
        }
    }

    public void testPersisted() throws NotExecutableException, RepositoryException {
        UserManager userManager = getUserManager(this.otherSession);
        UserImpl userImpl = null;
        try {
            Principal testPrincipal = getTestPrincipal();
            userImpl = (UserImpl) userManager.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.otherSession);
            Authorizable authorizable = this.userMgr.getAuthorizable(userImpl.getID());
            assertNotNull(authorizable);
            assertEquals(userImpl.getID(), authorizable.getID());
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
        } catch (Throwable th) {
            if (userImpl != null) {
                userImpl.remove();
                save(this.otherSession);
            }
            throw th;
        }
    }
}
