package org.apache.jackrabbit.oak.security.authentication.ldap;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.jcr.ValueFactoryImpl;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapIdentityProvider;
import org.apache.jackrabbit.oak.security.authentication.ldap.impl.LdapProviderConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/LdapLoginTestBase.class */
public abstract class LdapLoginTestBase extends ExternalLoginTestBase {
    protected static final String USER_ID = "foobar";
    protected static final String USER_PWD = "foobar";
    protected static final String USER_FIRSTNAME = "Foo";
    protected static final String USER_LASTNAME = "Bar";
    protected static final String USER_ATTR = "givenName";
    protected static final String USER_PROP = "profile/name";
    protected static final String GROUP_NAME = "foobargroup";
    protected static String GROUP_DN;
    protected static final boolean USE_COMMON_LDAP_FIXTURE = true;
    protected UserManager userManager;
    protected static final InternalLdapServer LDAP_SERVER = new InternalLdapServer();
    protected static int NUM_CONCURRENT_LOGINS = 10;
    private static String[] CONCURRENT_TEST_USERS = new String[NUM_CONCURRENT_LOGINS];
    private static String[] CONCURRENT_GROUP_TEST_USERS = new String[NUM_CONCURRENT_LOGINS];

    @BeforeClass
    public static void beforeClass() throws Exception {
        LDAP_SERVER.setUp();
        createLdapFixture();
    }

    @AfterClass
    public static void afterClass() throws Exception {
        LDAP_SERVER.tearDown();
    }

    @Before
    public void before() throws Exception {
        super.before();
        this.userManager = ((UserConfiguration) this.securityProvider.getConfiguration(UserConfiguration.class)).getUserManager(this.root, NamePathMapper.DEFAULT);
    }

    @After
    public void after() throws Exception {
        Authorizable authorizable;
        try {
            Authorizable authorizable2 = this.userManager.getAuthorizable("foobar");
            if (authorizable2 != null) {
                authorizable2.remove();
            }
            if (GROUP_DN != null && (authorizable = this.userManager.getAuthorizable(GROUP_DN)) != null) {
                authorizable.remove();
            }
            this.root.commit();
        } finally {
            this.root.refresh();
            super.after();
        }
    }

    protected void setSyncConfig(DefaultSyncConfig defaultSyncConfig) {
        if (defaultSyncConfig != null) {
            defaultSyncConfig.user().getPropertyMapping().put(USER_PROP, USER_ATTR);
        }
        super.setSyncConfig(defaultSyncConfig);
    }

    @NotNull
    protected ExternalIdentityProvider createIDP() {
        LdapProviderConfig groupMemberAttribute = new LdapProviderConfig().setName("ldap").setHostname("127.0.0.1").setPort(LDAP_SERVER.getPort()).setBindDN("uid=admin,ou=system").setBindPassword(InternalLdapServer.ADMIN_PW).setGroupMemberAttribute(InternalLdapServer.GROUP_MEMBER_ATTR);
        groupMemberAttribute.getUserConfig().setBaseDN(AbstractServer.EXAMPLE_DN).setObjectClasses(new String[]{"inetOrgPerson"});
        groupMemberAttribute.getGroupConfig().setBaseDN(AbstractServer.EXAMPLE_DN).setObjectClasses(new String[]{InternalLdapServer.GROUP_CLASS_ATTR});
        groupMemberAttribute.getAdminPoolConfig().setMaxActive(0);
        groupMemberAttribute.getUserPoolConfig().setMaxActive(0);
        return new LdapIdentityProvider(groupMemberAttribute);
    }

    protected void destroyIDP() {
        this.idp.close();
    }

    @Test
    public void testNullLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(null);
            Assert.fail("Expected null login to fail.");
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (LoginException e) {
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testLoginFailed() throws Exception {
        try {
            login(new SimpleCredentials("foobar", new char[0])).close();
            Assert.fail("login failure expected");
        } catch (LoginException e) {
        } finally {
            Assert.assertNull(this.userManager.getAuthorizable("foobar"));
        }
    }

    @Test
    public void testSyncCreateUser() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Assert.assertFalse(contentSession.getLatestRoot().getTree(authorizable.getPath()).hasProperty("rep:password"));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncCreateUserCaseInsensitive() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("foobar".toUpperCase(), "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Assert.assertFalse(contentSession.getLatestRoot().getTree(authorizable.getPath()).hasProperty("rep:password"));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncCreateGroup() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Assert.assertNotNull(this.userManager.getAuthorizable("foobar"));
            Assert.assertNotNull(this.userManager.getAuthorizable(GROUP_NAME));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncUpdate() throws Exception {
        this.userManager.createUser("foobar", (String) null).setProperty("rep:externalId", new ValueFactoryImpl(this.root, NamePathMapper.DEFAULT).createValue(this.idp.getUser("foobar").getExternalId().getString()));
        this.root.commit();
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertTrue(authorizable.hasProperty(USER_PROP));
            Assert.assertNull(this.userManager.getAuthorizable(GROUP_DN));
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testLoginSetsAuthInfo() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("foobar", "foobar".toCharArray());
            simpleCredentials.setAttribute("attr", "val");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            Assert.assertEquals("foobar", authInfo.getUserID());
            Assert.assertEquals("val", authInfo.getAttribute("attr"));
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testPrincipalsFromAuthInfo() throws Exception {
        ContentSession contentSession = null;
        try {
            SimpleCredentials simpleCredentials = new SimpleCredentials("foobar", "foobar".toCharArray());
            simpleCredentials.setAttribute("attr", "val");
            contentSession = login(simpleCredentials);
            AuthInfo authInfo = contentSession.getAuthInfo();
            this.root.refresh();
            Set principals = ((PrincipalConfiguration) getSecurityProvider().getConfiguration(PrincipalConfiguration.class)).getPrincipalProvider(this.root, NamePathMapper.DEFAULT).getPrincipals("foobar");
            Assert.assertEquals(3L, principals.size());
            Assert.assertEquals(principals, authInfo.getPrincipals());
            if (contentSession != null) {
                contentSession.close();
            }
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            throw th;
        }
    }

    @Test
    public void testReLogin() throws Exception {
        ContentSession contentSession = null;
        try {
            ContentSession login = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Authorizable authorizable = this.userManager.getAuthorizable("foobar");
            Assert.assertNotNull(authorizable);
            Assert.assertFalse(this.root.getTree(authorizable.getPath()).hasProperty("rep:password"));
            login.close();
            contentSession = login(new SimpleCredentials("foobar", "foobar".toCharArray()));
            this.root.refresh();
            Assert.assertEquals("foobar", contentSession.getAuthInfo().getUserID());
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testConcurrentLogin() throws Exception {
        concurrentLogin(CONCURRENT_TEST_USERS);
    }

    @Test
    public void testConcurrentLoginSameGroup() throws Exception {
        concurrentLogin(CONCURRENT_GROUP_TEST_USERS);
    }

    private void concurrentLogin(String[] strArr) throws Exception {
        final ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList();
        int length = strArr.length;
        for (int i = 0; i < length; i += USE_COMMON_LDAP_FIXTURE) {
            final String str = strArr[i];
            arrayList2.add(new Thread(new Runnable() { // from class: org.apache.jackrabbit.oak.security.authentication.ldap.LdapLoginTestBase.1
                @Override // java.lang.Runnable
                public void run() {
                    try {
                        LdapLoginTestBase.this.login(new SimpleCredentials(str, "foobar".toCharArray())).close();
                    } catch (Exception e) {
                        arrayList.add(e);
                    }
                }
            }));
        }
        Iterator it = arrayList2.iterator();
        while (it.hasNext()) {
            ((Thread) it.next()).start();
        }
        Iterator it2 = arrayList2.iterator();
        while (it2.hasNext()) {
            ((Thread) it2.next()).join();
        }
        Iterator it3 = arrayList.iterator();
        while (it3.hasNext()) {
            ((Exception) it3.next()).printStackTrace();
        }
        if (!arrayList.isEmpty()) {
            throw ((Exception) arrayList.get(0));
        }
    }

    protected static void createLdapFixture() throws Exception {
        GROUP_DN = LDAP_SERVER.addGroup(GROUP_NAME, LDAP_SERVER.addUser(USER_FIRSTNAME, USER_LASTNAME, "foobar", "foobar"));
        for (int i = 0; i < NUM_CONCURRENT_LOGINS * 2; i += USE_COMMON_LDAP_FIXTURE) {
            String str = "user-" + i;
            String addUser = LDAP_SERVER.addUser(str, "test", str, "foobar");
            if (i % 2 == 0) {
                CONCURRENT_GROUP_TEST_USERS[i / 2] = str;
                LDAP_SERVER.addMember(GROUP_DN, addUser);
            } else {
                CONCURRENT_TEST_USERS[i / 2] = str;
            }
        }
    }
}
