package org.apache.jackrabbit.oak.security.authentication;

import java.security.Principal;
import java.util.ArrayList;
import java.util.List;
import javax.jcr.LoginException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.JackrabbitSession;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.security.ExerciseUtility;
import org.apache.jackrabbit.test.AbstractJCRTest;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/L7_ImpersonationTest.class */
public class L7_ImpersonationTest extends AbstractJCRTest {
    private UserManager userManager;
    private User testUser;
    private User anotherUser;
    private List<Session> sessionList = new ArrayList();

    protected void setUp() throws Exception {
        super.setUp();
        this.userManager = this.superuser.getUserManager();
        this.testUser = ExerciseUtility.createTestUser(this.userManager);
        this.anotherUser = ExerciseUtility.createTestUser(this.userManager);
        this.superuser.save();
    }

    protected void tearDown() throws Exception {
        try {
            for (Session session : this.sessionList) {
                if (session.isLive()) {
                    session.logout();
                }
            }
            if (this.testUser != null) {
                this.testUser.remove();
            }
            if (this.anotherUser != null) {
                this.anotherUser.remove();
            }
            this.superuser.save();
        } finally {
            super.tearDown();
        }
    }

    public void testImpersonateTestUser() throws RepositoryException {
        this.anotherUser.getImpersonation().grantImpersonation((Principal) null);
        this.superuser.save();
        Session login = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
        this.sessionList.add(login);
        Session impersonate = login.impersonate(new SimpleCredentials(this.anotherUser.getID(), new char[0]));
        this.sessionList.add(impersonate);
        assertEquals(this.anotherUser.getID(), impersonate.getUserID());
    }

    public void testImpersonateOneSelf() throws RepositoryException {
        Session login = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
        this.sessionList.add(login);
        Session impersonate = login.impersonate(new SimpleCredentials(this.testUser.getID(), new char[0]));
        this.sessionList.add(impersonate);
        assertEquals(this.testUser.getID(), impersonate.getUserID());
    }

    public void testAdminCanImpersonateEveryone() throws RepositoryException {
        Session impersonate = this.superuser.impersonate(new SimpleCredentials(this.anotherUser.getID(), new char[0]));
        this.sessionList.add(impersonate);
        assertEquals(this.anotherUser.getID(), impersonate.getUserID());
    }

    public void testAdvancedImpersonationTest() throws RepositoryException {
        JackrabbitSession login = this.superuser.getRepository().login(ExerciseUtility.getTestCredentials(this.testUser.getID()));
        this.sessionList.add(login);
        UserManager userManager = login.getUserManager();
        User authorizable = userManager.getAuthorizable(this.anotherUser.getID(), User.class);
        assertNotNull(authorizable);
        authorizable.getImpersonation().grantImpersonation(userManager.getAuthorizable(this.testUser.getID()).getPrincipal());
        login.save();
        login.impersonate(new SimpleCredentials(this.anotherUser.getID(), new char[0])).logout();
        try {
            this.sessionList.add(login.impersonate(new SimpleCredentials(this.anotherUser.getID(), new char[0])));
            fail("Test user must no longer be able to edit the impersonation of the test user");
        } catch (LoginException e) {
        }
    }
}
