package org.apache.jackrabbit.api.security.user;

import java.security.Principal;
import java.util.Collections;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.security.auth.Subject;
import org.apache.jackrabbit.test.NotExecutableException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/apache/jackrabbit/api/security/user/ImpersonationTest.class */
public class ImpersonationTest extends AbstractUserTest {
    private static Logger log = LoggerFactory.getLogger(ImpersonationTest.class);
    private User newUser;
    private Impersonation impersonation;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.api.security.user.AbstractUserTest
    public void setUp() throws Exception {
        super.setUp();
        Principal testPrincipal = getTestPrincipal();
        this.newUser = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
        save(this.superuser);
        this.impersonation = this.newUser.getImpersonation();
    }

    protected void tearDown() throws Exception {
        this.newUser.remove();
        save(this.superuser);
        super.tearDown();
    }

    public void testUnknownCannotImpersonate() throws RepositoryException {
        assertFalse("An unknown principal should not be allowed to impersonate.", this.impersonation.allows(createSubject(getTestPrincipal())));
    }

    public void testGrantImpersonationUnknownUser() throws RepositoryException, NotExecutableException {
        Principal testPrincipal = getTestPrincipal();
        try {
            assertFalse("Granting impersonation to an unknown principal should not be successful.", this.impersonation.grantImpersonation(testPrincipal));
            this.impersonation.revokeImpersonation(testPrincipal);
            save(this.superuser);
        } catch (Throwable th) {
            this.impersonation.revokeImpersonation(testPrincipal);
            save(this.superuser);
            throw th;
        }
    }

    public void testImpersonateGroup() throws RepositoryException, NotExecutableException {
        Session readOnlySession = getHelper().getReadOnlySession();
        try {
            assertFalse("An group principal should not be allowed to impersonate.", this.impersonation.allows(createSubject(getTestGroup(readOnlySession).getPrincipal())));
            readOnlySession.logout();
        } catch (Throwable th) {
            readOnlySession.logout();
            throw th;
        }
    }

    public void testGrantImpersonationToGroupPrincipal() throws RepositoryException, NotExecutableException {
        Session readOnlySession = getHelper().getReadOnlySession();
        try {
            Principal principal = getTestGroup(readOnlySession).getPrincipal();
            try {
                assertFalse("Granting impersonation to a Group should not be successful.", this.impersonation.grantImpersonation(principal));
                this.impersonation.revokeImpersonation(principal);
                save(this.superuser);
            } catch (Throwable th) {
                this.impersonation.revokeImpersonation(principal);
                save(this.superuser);
                throw th;
            }
        } finally {
            readOnlySession.logout();
        }
    }

    public void testGrantImpersonation() throws RepositoryException, NotExecutableException {
        User user = null;
        Principal testPrincipal = getTestPrincipal();
        try {
            user = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.superuser);
            assertTrue("Admin should be allowed to edit impersonation and grant to another test-user.", this.impersonation.grantImpersonation(testPrincipal));
            this.impersonation.revokeImpersonation(testPrincipal);
            if (user != null) {
                user.remove();
            }
            save(this.superuser);
        } catch (Throwable th) {
            this.impersonation.revokeImpersonation(testPrincipal);
            if (user != null) {
                user.remove();
            }
            save(this.superuser);
            throw th;
        }
    }

    public void testGrantImpersonationTwice() throws RepositoryException, NotExecutableException {
        Principal testPrincipal = getTestPrincipal();
        User user = null;
        try {
            user = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.superuser);
            this.impersonation.grantImpersonation(testPrincipal);
            save(this.superuser);
            assertFalse("Granting impersonation twice should not succeed.", this.impersonation.grantImpersonation(testPrincipal));
            this.impersonation.revokeImpersonation(testPrincipal);
            if (user != null) {
                user.remove();
            }
            save(this.superuser);
        } catch (Throwable th) {
            this.impersonation.revokeImpersonation(testPrincipal);
            if (user != null) {
                user.remove();
            }
            save(this.superuser);
            throw th;
        }
    }

    public void testRevokeImpersonation() throws RepositoryException, NotExecutableException {
        User user = null;
        Principal testPrincipal = getTestPrincipal();
        try {
            user = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.superuser);
            this.impersonation.grantImpersonation(testPrincipal);
            save(this.superuser);
            assertTrue(this.impersonation.revokeImpersonation(testPrincipal));
            if (user != null) {
                user.remove();
            }
        } catch (Throwable th) {
            if (user != null) {
                user.remove();
            }
            throw th;
        }
    }

    public void testRevokeImpersonationTwice() throws RepositoryException, NotExecutableException {
        User user = null;
        Principal testPrincipal = getTestPrincipal();
        try {
            user = this.userMgr.createUser(testPrincipal.getName(), buildPassword(testPrincipal));
            save(this.superuser);
            this.impersonation.grantImpersonation(testPrincipal);
            save(this.superuser);
            this.impersonation.revokeImpersonation(testPrincipal);
            save(this.superuser);
            assertFalse("Revoking impersonation twice should not succeed.", this.impersonation.revokeImpersonation(testPrincipal));
            if (user != null) {
                user.remove();
            }
        } catch (Throwable th) {
            if (user != null) {
                user.remove();
            }
            throw th;
        }
    }

    public void testAdministratorCanImpersonate() throws RepositoryException, NotExecutableException {
        assertTrue(this.impersonation.allows(createSubject(getTestUser(this.superuser))));
    }

    public void testCannotGrantImpersonationForAdministrator() throws RepositoryException, NotExecutableException {
        User testUser = getTestUser(this.superuser);
        try {
            assertFalse(this.impersonation.grantImpersonation(testUser.getPrincipal()));
            this.impersonation.revokeImpersonation(testUser.getPrincipal());
        } catch (Throwable th) {
            this.impersonation.revokeImpersonation(testUser.getPrincipal());
            throw th;
        }
    }

    public void testCannotRevokeImpersonationForAdministrator() throws RepositoryException, NotExecutableException {
        assertFalse(this.impersonation.revokeImpersonation(getTestUser(this.superuser).getPrincipal()));
    }

    public void testImpersonatingOneself() throws RepositoryException {
        assertFalse(this.impersonation.allows(createSubject(this.newUser)));
    }

    public void testGrantImpersonatingForOneself() throws RepositoryException {
        Principal principal = this.newUser.getPrincipal();
        try {
            assertFalse(this.impersonation.grantImpersonation(principal));
            this.impersonation.revokeImpersonation(principal);
        } catch (Throwable th) {
            this.impersonation.revokeImpersonation(principal);
            throw th;
        }
    }

    public void testRevokeImpersonatingForOneself() throws RepositoryException {
        assertFalse(this.impersonation.revokeImpersonation(this.newUser.getPrincipal()));
    }

    private Subject createSubject(User user) throws RepositoryException {
        return createSubject(user.getPrincipal());
    }

    private Subject createSubject(Principal principal) throws RepositoryException {
        Set singleton = Collections.singleton(buildCredentials(principal.getName(), buildPassword(principal)));
        return new Subject(true, Collections.singleton(principal), singleton, singleton);
    }
}
