package org.apache.jackrabbit.core.security.user;

import java.security.Principal;
import javax.jcr.AccessDeniedException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.user.AbstractUserTest;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.AuthorizableExistsException;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.Impersonation;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.test.NotExecutableException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/user/NotUserAdministratorTest.class */
public class NotUserAdministratorTest extends AbstractUserTest {
    private String uID;
    private Session uSession;
    private UserManager uMgr;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.api.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        Principal testPrincipal = getTestPrincipal();
        String buildPassword = buildPassword(testPrincipal);
        UserImpl createUser = this.userMgr.createUser(testPrincipal.getName(), buildPassword);
        save(this.superuser);
        this.uID = createUser.getID();
        this.uSession = getHelper().getRepository().login(new SimpleCredentials(this.uID, buildPassword.toCharArray()));
        this.uMgr = getUserManager(this.uSession);
    }

    protected void tearDown() throws Exception {
        try {
            if (this.uSession != null) {
                this.uSession.logout();
            }
            super.tearDown();
        } finally {
            Authorizable authorizable = this.userMgr.getAuthorizable(this.uID);
            if (authorizable != null) {
                authorizable.remove();
                save(this.superuser);
            }
        }
    }

    public void testCreateUser() throws NotExecutableException {
        try {
            Principal testPrincipal = getTestPrincipal();
            User createUser = this.uMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.uSession);
            fail("A non-UserAdmin should not be allowed to create a new User.");
            this.userMgr.getAuthorizable(createUser.getID()).remove();
        } catch (AuthorizableExistsException e) {
            fail(e.getMessage());
        } catch (RepositoryException e2) {
        }
    }

    public void testCreateUserWithItermediatePath() throws NotExecutableException {
        try {
            Principal testPrincipal = getTestPrincipal();
            User createUser = this.uMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal), testPrincipal, "/any/intermediate/path");
            save(this.uSession);
            fail("A non-UserAdmin should not be allowed to create a new User.");
            this.userMgr.getAuthorizable(createUser.getID()).remove();
        } catch (RepositoryException e) {
        } catch (AuthorizableExistsException e2) {
            fail(e2.getMessage());
        }
    }

    public void testRemoveOwnAuthorizable() throws RepositoryException, NotExecutableException {
        try {
            this.uMgr.getAuthorizable(this.uID).remove();
            save(this.uSession);
            fail("A user should not be allowed to remove him/herself.");
        } catch (AccessDeniedException e) {
        }
    }

    public void testRemoveUser() throws RepositoryException, NotExecutableException {
        Principal testPrincipal = getTestPrincipal();
        String id = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal)).getID();
        save(this.superuser);
        try {
            this.uMgr.getAuthorizable(id).remove();
            save(this.uSession);
            fail("A non-administrator user should not be allowed to remove another user.");
        } catch (AccessDeniedException e) {
        }
        Authorizable authorizable = this.userMgr.getAuthorizable(id);
        if (authorizable != null) {
            authorizable.remove();
            save(this.superuser);
        }
    }

    public void testRemoveOtherUser() throws RepositoryException, NotExecutableException {
        Principal testPrincipal = getTestPrincipal();
        String id = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal), testPrincipal, "/any/intermediate/path").getID();
        save(this.superuser);
        try {
            this.uMgr.getAuthorizable(id).remove();
            save(this.uSession);
            fail("A non-administrator user should not be allowed to remove another user.");
        } catch (AccessDeniedException e) {
        }
        Authorizable authorizable = this.userMgr.getAuthorizable(id);
        if (authorizable != null) {
            authorizable.remove();
            save(this.superuser);
        }
    }

    public void testModifyImpersonationOfAnotherUser() throws RepositoryException, NotExecutableException {
        Principal testPrincipal = getTestPrincipal();
        String id = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal)).getID();
        save(this.superuser);
        try {
            Impersonation impersonation = this.uMgr.getAuthorizable(id).getImpersonation();
            Principal principal = this.uMgr.getAuthorizable(this.uID).getPrincipal();
            assertFalse(impersonation.allows(buildSubject(principal)));
            impersonation.grantImpersonation(principal);
            save(this.uSession);
            fail("A non-administrator user should not be allowed modify Impersonation of another user.");
        } catch (AccessDeniedException e) {
        }
        Authorizable authorizable = this.userMgr.getAuthorizable(id);
        if (authorizable != null) {
            authorizable.remove();
            save(this.superuser);
        }
    }

    public void testAddToGroup() throws NotExecutableException, RepositoryException {
        Authorizable authorizable = this.uMgr.getAuthorizable("administrators");
        if (authorizable == null || !authorizable.isGroup()) {
            throw new NotExecutableException("Couldn't find 'administrators' group");
        }
        Group group = (Group) authorizable;
        try {
            authorizable = this.uMgr.getAuthorizable(this.uID);
            group.addMember(authorizable);
            save(this.uSession);
            fail("a common user should not be allowed to modify any groups.");
            if (group.removeMember(authorizable)) {
                save(this.uSession);
            }
        } catch (AccessDeniedException e) {
            if (group.removeMember(authorizable)) {
                save(this.uSession);
            }
        } catch (Throwable th) {
            if (group.removeMember(authorizable)) {
                save(this.uSession);
            }
            throw th;
        }
    }
}
