package org.apache.jackrabbit.core.security.authentication.token;

import java.util.UUID;
import javax.jcr.Credentials;
import javax.jcr.ItemNotFoundException;
import javax.jcr.Node;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import javax.jcr.lock.LockException;
import javax.jcr.nodetype.ConstraintViolationException;
import javax.jcr.version.VersionException;
import org.apache.jackrabbit.api.security.authentication.token.TokenCredentials;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.core.SessionImpl;
import org.apache.jackrabbit.test.AbstractJCRTest;

/* loaded from: input_file:org/apache/jackrabbit/core/security/authentication/token/TokenBasedAuthenticationTest.class */
public class TokenBasedAuthenticationTest extends AbstractJCRTest {
    private SessionImpl adminSession;
    private User testUser;
    private String token;
    private Node tokenNode;
    private TokenCredentials tokenCreds;
    private String expiredToken;
    private Node expiredNode;
    private TokenCredentials expiredCreds;
    private TokenBasedAuthentication nullTokenAuth;
    private TokenBasedAuthentication validTokenAuth;
    private Credentials simpleCreds = new SimpleCredentials("uid", "pw".toCharArray());
    private Credentials creds = new Credentials() { // from class: org.apache.jackrabbit.core.security.authentication.token.TokenBasedAuthenticationTest.1
    };

    protected void setUp() throws Exception {
        super.setUp();
        this.adminSession = getHelper().getSuperuserSession("security");
        this.testUser = this.adminSession.getUserManager().createUser(UUID.randomUUID().toString(), "pw");
        this.adminSession.save();
        SimpleCredentials simpleCredentials = new SimpleCredentials(this.testUser.getID(), "pw".toCharArray());
        simpleCredentials.setAttribute(".token", "");
        simpleCredentials.setAttribute(".token.any", "correct");
        simpleCredentials.setAttribute("informative", "value");
        this.tokenCreds = new TokenProvider(this.adminSession, 7200000L).createToken(this.testUser, simpleCredentials).getCredentials();
        this.token = this.tokenCreds.getToken();
        this.tokenNode = TokenProvider.getTokenNode(this.token, this.adminSession);
        this.expiredCreds = new TokenProvider(this.adminSession, 1L).createToken(this.testUser, simpleCredentials).getCredentials();
        this.expiredToken = this.expiredCreds.getToken();
        long currentTimeMillis = System.currentTimeMillis() + 1;
        this.expiredNode = TokenProvider.getTokenNode(this.expiredToken, this.adminSession);
        this.nullTokenAuth = new TokenBasedAuthentication((String) null, -1L, this.adminSession);
        this.validTokenAuth = new TokenBasedAuthentication(this.token, 7200L, this.adminSession);
        do {
        } while (System.currentTimeMillis() <= currentTimeMillis);
    }

    protected void tearDown() throws Exception {
        try {
            this.testUser.remove();
            this.adminSession.save();
            this.adminSession.logout();
        } finally {
            super.tearDown();
        }
    }

    private TokenBasedAuthentication createAuthenticationForExpiredToken() throws RepositoryException, LockException, ConstraintViolationException, VersionException {
        return new TokenBasedAuthentication(this.expiredToken, 7200000L, this.adminSession);
    }

    private TokenBasedAuthentication createAuthentication() throws RepositoryException {
        return new TokenBasedAuthentication(this.token, 7200000L, this.adminSession);
    }

    public void testCanHandle() throws RepositoryException {
        assertTrue(this.validTokenAuth.canHandle(this.tokenCreds));
        assertFalse(this.nullTokenAuth.canHandle(this.tokenCreds));
        assertFalse(this.validTokenAuth.canHandle(this.simpleCreds));
        assertFalse(this.nullTokenAuth.canHandle(this.simpleCreds));
        assertFalse(this.validTokenAuth.canHandle(this.creds));
        assertFalse(this.nullTokenAuth.canHandle(this.creds));
    }

    public void testCanHandleExpiredToken() throws RepositoryException {
        assertTrue(createAuthenticationForExpiredToken().canHandle(this.expiredCreds));
    }

    public void testExpiry() throws RepositoryException {
        assertFalse(createAuthenticationForExpiredToken().authenticate(this.expiredCreds));
    }

    public void testRemoval() throws RepositoryException {
        String identifier = this.expiredNode.getIdentifier();
        assertFalse(createAuthenticationForExpiredToken().authenticate(this.expiredCreds));
        try {
            this.superuser.getNodeByIdentifier(identifier);
            fail("expired token node should be removed.");
        } catch (ItemNotFoundException e) {
        }
    }

    public void testInvalidCredentials() throws RepositoryException {
        try {
            this.validTokenAuth.authenticate(this.creds);
            fail("RepositoryException expected");
        } catch (RepositoryException e) {
        }
        try {
            assertFalse(this.validTokenAuth.authenticate(this.simpleCreds));
            fail("RepositoryException expected");
        } catch (RepositoryException e2) {
        }
    }

    public void testAttributes() throws RepositoryException {
        TokenBasedAuthentication createAuthentication = createAuthentication();
        assertFalse(createAuthentication.authenticate(new TokenCredentials(this.token)));
        TokenCredentials tokenCredentials = new TokenCredentials(this.token);
        tokenCredentials.setAttribute(".token.any", "wrong");
        assertFalse(createAuthentication.authenticate(tokenCredentials));
        new TokenCredentials(this.token).setAttribute(".token.any", "correct");
        assertTrue(createAuthentication.authenticate(this.tokenCreds));
    }

    public void testUpdateAttributes() throws RepositoryException {
        TokenBasedAuthentication createAuthentication = createAuthentication();
        TokenCredentials tokenCredentials = new TokenCredentials(this.token);
        tokenCredentials.setAttribute(".token.any", "correct");
        assertTrue(createAuthentication.authenticate(tokenCredentials));
        assertEquals("value", tokenCredentials.getAttribute("informative"));
        TokenBasedAuthentication createAuthentication2 = createAuthentication();
        tokenCredentials.setAttribute("informative2", "value2");
        assertTrue(createAuthentication2.authenticate(tokenCredentials));
        assertFalse(this.tokenNode.hasProperty("informative2"));
        TokenBasedAuthentication createAuthentication3 = createAuthentication();
        tokenCredentials.setAttribute("informative", "otherValue");
        assertTrue(createAuthentication3.authenticate(tokenCredentials));
        assertTrue(this.tokenNode.hasProperty("informative"));
        assertEquals("value", this.tokenNode.getProperty("informative").getString());
        TokenBasedAuthentication createAuthentication4 = createAuthentication();
        tokenCredentials.setAttribute(".token.toIgnore", "ignore");
        assertTrue(createAuthentication4.authenticate(this.tokenCreds));
        assertFalse(this.tokenNode.hasProperty(".token.toIgnore"));
    }

    public void testIsTokenBasedLogin() {
        assertFalse(TokenBasedAuthentication.isTokenBasedLogin(this.simpleCreds));
        assertFalse(TokenBasedAuthentication.isTokenBasedLogin(this.creds));
        assertTrue(TokenBasedAuthentication.isTokenBasedLogin(this.tokenCreds));
    }

    public void testIsMandatoryAttribute() {
        assertFalse(TokenBasedAuthentication.isMandatoryAttribute("noMatchRequired"));
        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(".token.exp"));
        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(".token.custom"));
        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(".token_custom"));
        assertTrue(TokenBasedAuthentication.isMandatoryAttribute(".tokencustom"));
    }

    public void testDoCreateToken() {
        assertFalse(TokenBasedAuthentication.doCreateToken(this.creds));
        assertFalse(TokenBasedAuthentication.doCreateToken(this.simpleCreds));
        assertFalse(TokenBasedAuthentication.doCreateToken(this.tokenCreds));
        SimpleCredentials simpleCredentials = new SimpleCredentials("uid", "pw".toCharArray());
        simpleCredentials.setAttribute(".token", (Object) null);
        assertFalse(TokenBasedAuthentication.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute(".token", "somevalue");
        assertFalse(TokenBasedAuthentication.doCreateToken(simpleCredentials));
        simpleCredentials.setAttribute(".token", "");
        assertTrue(TokenBasedAuthentication.doCreateToken(simpleCredentials));
    }
}
