package org.modeshape.jcr;

import java.security.AccessControlContext;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import javax.jcr.AccessDeniedException;
import javax.jcr.Credentials;
import javax.jcr.LoginException;
import javax.jcr.Session;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginContext;
import org.hamcrest.core.Is;
import org.hamcrest.core.IsNull;
import org.infinispan.schematic.Schematic;
import org.infinispan.schematic.document.Document;
import org.infinispan.schematic.document.EditableDocument;
import org.junit.After;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.modeshape.jcr.RepositoryConfiguration;
import org.modeshape.jcr.security.JaasSecurityContext;

/* loaded from: input_file:tests/modeshape-jcr-3.0.0.Alpha5-tests.jar:org/modeshape/jcr/AuthenticationAndAuthorizationTest.class */
public class AuthenticationAndAuthorizationTest {
    private static final String REPO_NAME = "testRepo";
    private Environment environment;
    protected JcrRepository repository;
    protected JcrSession session;

    @BeforeClass
    public static void beforeAll() {
        JaasTestUtil.initJaas("security/jaas.conf.xml");
    }

    @AfterClass
    public static void afterAll() {
        JaasTestUtil.releaseJaas();
    }

    @Before
    public void beforeEach() throws Exception {
        this.environment = new TestingEnvironment();
    }

    /* JADX WARN: Multi-variable type inference failed */
    @After
    public void afterEach() throws Exception {
        if (this.repository != null) {
            try {
                TestingUtil.killRepositories(this.repository);
                this.repository = null;
                this.session = null;
                this.environment.shutdown();
            } catch (Throwable th) {
                this.repository = null;
                this.session = null;
                this.environment.shutdown();
                throw th;
            }
        }
    }

    protected void startRepositoryWith(Document document, String str) throws Exception {
        this.repository = new JcrRepository(new RepositoryConfiguration(document, str, this.environment));
        this.repository.start();
    }

    protected Document createRepositoryConfiguration(String str, String str2, String... strArr) {
        EditableDocument newDocument = Schematic.newDocument("name", str);
        EditableDocument orCreateDocument = newDocument.getOrCreateDocument(RepositoryConfiguration.FieldName.SECURITY);
        if (strArr == null || strArr.length == 0) {
            orCreateDocument.getOrCreateDocument(RepositoryConfiguration.FieldName.ANONYMOUS).setArray(RepositoryConfiguration.FieldName.ANONYMOUS_ROLES);
        } else {
            EditableDocument orCreateDocument2 = orCreateDocument.getOrCreateDocument(RepositoryConfiguration.FieldName.ANONYMOUS);
            orCreateDocument2.setArray(RepositoryConfiguration.FieldName.ANONYMOUS_ROLES, strArr);
            orCreateDocument2.setBoolean(RepositoryConfiguration.FieldName.USE_ANONYMOUS_ON_FAILED_LOGINS, true);
        }
        if (str2 != null) {
            orCreateDocument.getOrCreateArray(RepositoryConfiguration.FieldName.PROVIDERS).addDocument(Schematic.newDocument(RepositoryConfiguration.FieldName.TYPE, "JAAS", RepositoryConfiguration.FieldName.JAAS_POLICY_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME));
        }
        return newDocument;
    }

    @Test
    public void shouldLogInAsAnonymousUsingNoCredentials() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, "modeshape-jcr-non-existant", ModeShapeRoles.READWRITE), REPO_NAME);
        this.session = this.repository.m1064login();
        this.session.getRootNode().getPath();
        this.session.getRootNode().addNode("someNewNode");
    }

    @Test
    public void shouldLogInAsAnonymousWithReadOnlyPrivilegesUsingNoCredentials() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, "modeshape-jcr-non-existant", ModeShapeRoles.READONLY), REPO_NAME);
        this.session = this.repository.m1064login();
        this.session.getRootNode().getPath();
        try {
            this.session.getRootNode().addNode("someNewNode");
            Assert.fail("Should not have been able to update content with a read-only user");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void shouldLogInAsUserWithReadOnlyRole() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        this.session = this.repository.m1066login((Credentials) new SimpleCredentials(ModeShapeRoles.READONLY, ModeShapeRoles.READONLY.toCharArray()));
        this.session.getRootNode().getPath();
        this.session.getRootNode().getDefinition();
        try {
            this.session.getRootNode().addNode("someNewNode");
            Assert.fail("Should not have been able to update content with a read-only user");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void shouldLogInAsUserWithReadWriteRole() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        this.session = this.repository.m1066login((Credentials) new SimpleCredentials(ModeShapeRoles.READWRITE, ModeShapeRoles.READWRITE.toCharArray()));
        this.session.getRootNode().getPath();
        this.session.getRootNode().getDefinition();
        this.session.getRootNode().addNode("someNewNode");
    }

    @Test
    public void shouldNotAllowAnonymousLoginsWhenUsingOnlyJaas() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        try {
            this.session = this.repository.m1064login();
            Assert.fail("Should not have been able to login anonymously if anonymous logins are disabled");
        } catch (LoginException e) {
        }
    }

    @Test
    public void shouldLogInAsAnonymousUserIfNoProviderAuthenticatesCredentials() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, ModeShapeRoles.READONLY), REPO_NAME);
        this.session = this.repository.m1066login((Credentials) new SimpleCredentials(ModeShapeRoles.READWRITE, "wrongpassword".toCharArray()));
        Assert.assertThat(Boolean.valueOf(this.session.isAnonymous()), Is.is(true));
        this.session.getRootNode().getPath();
        this.session.getRootNode().getDefinition();
        try {
            this.session.getRootNode().addNode("someNewNode");
            Assert.fail("Should not have been able to update content with a read-only user");
        } catch (AccessDeniedException e) {
        }
    }

    @Test
    public void shouldLogInAsWritableAnonymousUserIfNoProviderAuthenticatesCredentials() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, ModeShapeRoles.READWRITE), REPO_NAME);
        this.session = this.repository.m1066login((Credentials) new SimpleCredentials(ModeShapeRoles.READWRITE, "wrongpassword".toCharArray()));
        Assert.assertThat(Boolean.valueOf(this.session.isAnonymous()), Is.is(true));
        this.session.getRootNode().getPath();
        this.session.getRootNode().getDefinition();
        this.session.getRootNode().addNode("someNewNode");
    }

    @Test
    public void shouldAllowLoginWithNoCredentialsInPrivilegedBlock() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, ModeShapeRoles.READWRITE), REPO_NAME);
        this.session = this.repository.m1066login((Credentials) new SimpleCredentials(ModeShapeRoles.READWRITE, ModeShapeRoles.READWRITE.toCharArray()));
        LoginContext loginContext = new LoginContext(RepositoryConfiguration.Default.JAAS_POLICY_NAME, new JaasSecurityContext.UserPasswordCallbackHandler("superuser", "superuser".toCharArray()));
        loginContext.login();
        Session session = (Session) Subject.doAsPrivileged(loginContext.getSubject(), new PrivilegedExceptionAction<Session>() { // from class: org.modeshape.jcr.AuthenticationAndAuthorizationTest.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.security.PrivilegedExceptionAction
            public Session run() throws Exception {
                return AuthenticationAndAuthorizationTest.this.repository.m1064login();
            }
        }, AccessController.getContext());
        Assert.assertThat(session, Is.is(IsNull.notNullValue()));
        Assert.assertThat(session.getUserID(), Is.is("superuser"));
        loginContext.logout();
    }

    @Test(expected = LoginException.class)
    public void shouldNotAllowLoginIfCredentialsDoNotProvideJaasMethod() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        this.repository.m1066login(new Credentials() { // from class: org.modeshape.jcr.AuthenticationAndAuthorizationTest.2
            private static final long serialVersionUID = 1;
        });
    }

    @Test(expected = LoginException.class)
    public void shouldNotAllowLoginIfCredentialsReturnNullAccessControlContext() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        this.repository.m1066login(new Credentials() { // from class: org.modeshape.jcr.AuthenticationAndAuthorizationTest.3
            private static final long serialVersionUID = 1;

            public AccessControlContext getAccessControlContext() {
                return null;
            }
        });
    }

    @Test(expected = LoginException.class)
    public void shouldNotAllowLoginIfCredentialsReturnNullLoginContext() throws Exception {
        startRepositoryWith(createRepositoryConfiguration(REPO_NAME, RepositoryConfiguration.Default.JAAS_POLICY_NAME, new String[0]), REPO_NAME);
        this.repository.m1066login(new Credentials() { // from class: org.modeshape.jcr.AuthenticationAndAuthorizationTest.4
            private static final long serialVersionUID = 1;

            public LoginContext getLoginContext() {
                return null;
            }
        });
    }
}
