package org.apache.jackrabbit.core.security.authentication;

import java.io.IOException;
import java.io.StringReader;
import java.util.Properties;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import javax.xml.parsers.DocumentBuilder;
import javax.xml.parsers.DocumentBuilderFactory;
import javax.xml.parsers.ParserConfigurationException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.core.config.ConfigurationEntityResolver;
import org.apache.jackrabbit.core.config.ConfigurationErrorHandler;
import org.apache.jackrabbit.core.config.ConfigurationException;
import org.apache.jackrabbit.core.config.LoginModuleConfig;
import org.apache.jackrabbit.core.config.RepositoryConfig;
import org.apache.jackrabbit.core.config.RepositoryConfigurationParser;
import org.apache.jackrabbit.core.security.principal.FallbackPrincipalProvider;
import org.apache.jackrabbit.core.security.principal.ProviderRegistryImpl;
import org.apache.jackrabbit.test.AbstractJCRTest;
import org.w3c.dom.Element;
import org.xml.sax.InputSource;
import org.xml.sax.SAXException;
import org.xml.sax.SAXParseException;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authentication/DefaultLoginModuleTest.class */
public class DefaultLoginModuleTest extends AbstractJCRTest {
    private static final String DEFAULT_CONFIG = "<Security appName=\"Jackrabbit\"><LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">\n   <param name=\"anonymousId\" value=\"anonymous\"/>\n   <param name=\"adminId\" value=\"admin\"/>\n</LoginModule></Security>";
    private static final String DISABLE_TOKEN_CONFIG = "<Security appName=\"Jackrabbit\"><LoginModule class=\"org.apache.jackrabbit.core.security.authentication.DefaultLoginModule\">\n   <param name=\"anonymousId\" value=\"anonymous\"/>\n   <param name=\"adminId\" value=\"admin\"/>\n   <param name=\"disableTokenAuth\" value=\"true\"/>\n</LoginModule></Security>";
    private SimpleCredentials simpleCredentials = new SimpleCredentials("admin", "admin".toCharArray());
    private Session securitySession;

    protected void setUp() throws Exception {
        super.setUp();
        RepositoryConfig config = this.superuser.getRepository().getConfig();
        String workspaceName = config.getSecurityConfig().getSecurityManagerConfig().getWorkspaceName();
        if (workspaceName == null) {
            workspaceName = config.getDefaultWorkspaceName();
        }
        this.securitySession = getHelper().getSuperuserSession(workspaceName);
    }

    protected void cleanUp() throws Exception {
        if (this.securitySession != null && this.securitySession.isLive()) {
            this.securitySession.logout();
        }
        super.cleanUp();
    }

    public void testSimpleCredentialsLogin() throws Exception {
        AuthContext authContext = getAuthContext(this.simpleCredentials, DEFAULT_CONFIG);
        authContext.login();
        authContext.logout();
    }

    public void testSimpleCredentialsLoginLogout() throws Exception {
        AuthContext authContext = getAuthContext(this.simpleCredentials, DEFAULT_CONFIG);
        authContext.login();
        Subject subject = authContext.getSubject();
        assertFalse(subject.getPrincipals().isEmpty());
        assertFalse(subject.getPublicCredentials().isEmpty());
        assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
        authContext.logout();
        assertTrue(subject.getPrincipals().isEmpty());
        assertTrue(subject.getPublicCredentials().isEmpty());
        assertTrue(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
    }

    public void testTokenCredentialsLoginLogout() throws Exception {
        this.simpleCredentials.setAttribute(".token", "");
        try {
            AuthContext authContext = getAuthContext(this.simpleCredentials, DEFAULT_CONFIG);
            authContext.login();
            Subject subject = authContext.getSubject();
            assertFalse(subject.getPrincipals().isEmpty());
            assertFalse(subject.getPublicCredentials().isEmpty());
            assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
            assertEquals(2, subject.getPublicCredentials(Credentials.class).size());
            TokenCredentials tokenCredentials = (TokenCredentials) subject.getPublicCredentials(TokenCredentials.class).iterator().next();
            authContext.logout();
            AuthContext authContext2 = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
            authContext2.login();
            Subject subject2 = authContext2.getSubject();
            assertFalse(subject2.getPrincipals().isEmpty());
            assertFalse(subject2.getPublicCredentials().isEmpty());
            assertFalse(subject2.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertFalse(subject2.getPublicCredentials(TokenCredentials.class).isEmpty());
            assertEquals(2, subject2.getPublicCredentials(Credentials.class).size());
            authContext2.logout();
            assertTrue(subject2.getPrincipals().isEmpty());
            assertTrue(subject2.getPublicCredentials().isEmpty());
            assertTrue(subject2.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertTrue(subject2.getPublicCredentials(TokenCredentials.class).isEmpty());
            this.simpleCredentials.removeAttribute(".token");
        } catch (Throwable th) {
            this.simpleCredentials.removeAttribute(".token");
            throw th;
        }
    }

    public void testDisabledTokenCredentials() throws Exception {
        this.simpleCredentials.setAttribute(".token", "");
        try {
            AuthContext authContext = getAuthContext(this.simpleCredentials, DISABLE_TOKEN_CONFIG);
            authContext.login();
            Subject subject = authContext.getSubject();
            assertFalse(subject.getPrincipals().isEmpty());
            assertFalse(subject.getPublicCredentials().isEmpty());
            assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertTrue(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
            assertEquals(1, subject.getPublicCredentials(Credentials.class).size());
            authContext.logout();
        } finally {
            this.simpleCredentials.removeAttribute(".token");
        }
    }

    public void testDisabledTokenCredentials2() throws Exception {
        this.simpleCredentials.setAttribute(".token", "");
        try {
            AuthContext authContext = getAuthContext(this.simpleCredentials, DEFAULT_CONFIG);
            authContext.login();
            Subject subject = authContext.getSubject();
            assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertFalse(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
            TokenCredentials tokenCredentials = (TokenCredentials) subject.getPublicCredentials(TokenCredentials.class).iterator().next();
            authContext.logout();
            AuthContext authContext2 = getAuthContext(tokenCredentials, DEFAULT_CONFIG);
            authContext2.login();
            authContext2.logout();
            try {
                AuthContext authContext3 = getAuthContext(tokenCredentials, DISABLE_TOKEN_CONFIG);
                authContext3.login();
                authContext3.logout();
                fail();
            } catch (LoginException e) {
            }
        } finally {
            this.simpleCredentials.removeAttribute(".token");
        }
    }

    public void testTokenConfigurationWithJaas() throws Exception {
        System.setProperty("java.security.auth.login.config", "target/test-classes/jaas.config");
        this.simpleCredentials.setAttribute(".token", "");
        try {
            AuthContext jAASAuthContext = getJAASAuthContext(this.simpleCredentials, "defaultLoginModuleTest");
            jAASAuthContext.login();
            Subject subject = jAASAuthContext.getSubject();
            assertFalse(subject.getPrincipals().isEmpty());
            assertFalse(subject.getPublicCredentials().isEmpty());
            assertFalse(subject.getPublicCredentials(SimpleCredentials.class).isEmpty());
            assertTrue(subject.getPublicCredentials(TokenCredentials.class).isEmpty());
            assertEquals(1, subject.getPublicCredentials(Credentials.class).size());
            jAASAuthContext.logout();
        } finally {
            this.simpleCredentials.removeAttribute(".token");
        }
    }

    private AuthContext getAuthContext(Credentials credentials, String str) throws RepositoryException {
        return new LocalAuthContext(getLoginModuleConfig(str), new CallbackHandlerImpl(credentials, this.securitySession, new ProviderRegistryImpl(new FallbackPrincipalProvider()), "admin", "anonymous"), (Subject) null);
    }

    private AuthContext getJAASAuthContext(Credentials credentials, String str) {
        return new JAASAuthContext(str, new CallbackHandlerImpl(credentials, this.securitySession, new ProviderRegistryImpl(new FallbackPrincipalProvider()), "admin", "anonymous"), (Subject) null);
    }

    private static LoginModuleConfig getLoginModuleConfig(String str) throws ConfigurationException {
        return new RepositoryConfigurationParser(new Properties()).parseLoginModuleConfig(parseXML(new InputSource(new StringReader(str)), false));
    }

    private static Element parseXML(InputSource inputSource, boolean z) throws ConfigurationException {
        try {
            DocumentBuilderFactory newInstance = DocumentBuilderFactory.newInstance();
            newInstance.setValidating(z);
            DocumentBuilder newDocumentBuilder = newInstance.newDocumentBuilder();
            if (z) {
                newDocumentBuilder.setErrorHandler(new ConfigurationErrorHandler());
            }
            newDocumentBuilder.setEntityResolver(ConfigurationEntityResolver.INSTANCE);
            return newDocumentBuilder.parse(inputSource).getDocumentElement();
        } catch (IOException e) {
            throw new ConfigurationException("Configuration file could not be read.", e);
        } catch (ParserConfigurationException e2) {
            throw new ConfigurationException("Unable to create configuration XML parser", e2);
        } catch (SAXParseException e3) {
            throw new ConfigurationException("Configuration file syntax error. (Line: " + e3.getLineNumber() + " Column: " + e3.getColumnNumber() + ")", e3);
        } catch (SAXException e4) {
            throw new ConfigurationException("Configuration file syntax error. ", e4);
        }
    }
}
