package org.modeshape.test.integration;

import java.io.File;
import java.util.Arrays;
import java.util.Iterator;
import javax.annotation.Resource;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.junit.Arquillian;
import org.jboss.shrinkwrap.api.ArchivePaths;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.EmptyAsset;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.modeshape.jcr.JcrRepository;
import org.modeshape.jcr.JcrSession;
import org.modeshape.jcr.ModeShapePermissions;

@RunWith(Arquillian.class)
/* loaded from: input_file:org/modeshape/test/integration/SecurityIntegrationTest.class */
public class SecurityIntegrationTest {

    @Resource(mappedName = "java:/jcr/sample")
    private JcrRepository sampleRepo;

    @Deployment
    public static WebArchive createDeployment() {
        WebArchive addAsWebInfResource = ShrinkWrap.create(WebArchive.class, "security-test.war").addAsWebInfResource(EmptyAsset.INSTANCE, ArchivePaths.create("beans.xml"));
        addAsWebInfResource.setManifest(new File("src/main/webapp/META-INF/MANIFEST.MF"));
        return addAsWebInfResource;
    }

    @Before
    public void before() {
        Assert.assertNotNull(this.sampleRepo);
    }

    @Test
    public void shouldAuthenticateUsingJAASProvider() throws Exception {
        JcrSession login = this.sampleRepo.login(new SimpleCredentials("admin", "admin".toCharArray()));
        Assert.assertNotNull(login);
        Assert.assertTrue(login.hasPermission("/", permissionsString(ModeShapePermissions.ALL_PERMISSIONS)));
        JcrSession login2 = this.sampleRepo.login(new SimpleCredentials("guest", "guest".toCharArray()));
        Assert.assertNotNull(login2);
        Assert.assertTrue(login2.hasPermission("/", "read"));
        Assert.assertFalse(login2.hasPermission("/", permissionsString(ModeShapePermissions.ALL_CHANGE_PERMISSIONS)));
        try {
            this.sampleRepo.login(new SimpleCredentials("admin", "invalid".toCharArray()));
            Assert.fail("JAAS provider should not allow login with invalid credentials");
        } catch (RepositoryException e) {
        }
        try {
            this.sampleRepo.login(new SimpleCredentials("guest", "invalid".toCharArray()));
            Assert.fail("JAAS provider should not allow login with invalid credentials");
        } catch (RepositoryException e2) {
        }
        try {
            this.sampleRepo.login(new SimpleCredentials("invalid", "invalid".toCharArray()));
            Assert.fail("JAAS provider should not allow login with invalid credentials");
        } catch (RepositoryException e3) {
        }
    }

    private String permissionsString(String... strArr) {
        StringBuilder sb = new StringBuilder();
        Iterator it = Arrays.asList(strArr).iterator();
        while (it.hasNext()) {
            sb.append((String) it.next());
            if (it.hasNext()) {
                sb.append(",");
            }
        }
        return sb.toString();
    }

    @Test
    public void shouldAuthenticateUsingAnonymousProvider() throws Exception {
        JcrSession login = this.sampleRepo.login();
        Assert.assertNotNull(login);
        Assert.assertTrue(login.isAnonymous());
        Assert.assertTrue(login.hasPermission("/", permissionsString(ModeShapePermissions.ALL_PERMISSIONS)));
    }
}
