package org.rhq.enterprise.server.auth.test;

import java.util.ArrayList;
import java.util.Collection;
import java.util.HashSet;
import java.util.UUID;
import javax.security.auth.login.LoginException;
import org.rhq.core.domain.auth.Subject;
import org.rhq.core.domain.authz.Permission;
import org.rhq.core.domain.authz.Role;
import org.rhq.core.domain.configuration.Configuration;
import org.rhq.core.domain.configuration.PropertySimple;
import org.rhq.core.domain.criteria.SubjectCriteria;
import org.rhq.core.domain.util.PageList;
import org.rhq.core.domain.util.PageOrdering;
import org.rhq.enterprise.server.auth.SessionManager;
import org.rhq.enterprise.server.auth.SessionNotFoundException;
import org.rhq.enterprise.server.auth.SubjectManagerLocal;
import org.rhq.enterprise.server.authz.AuthorizationManagerLocal;
import org.rhq.enterprise.server.authz.PermissionException;
import org.rhq.enterprise.server.authz.RoleManagerLocal;
import org.rhq.enterprise.server.test.AbstractEJB3Test;
import org.rhq.enterprise.server.util.LookupUtil;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeClass;
import org.testng.annotations.Test;

@Test
/* loaded from: input_file:org/rhq/enterprise/server/auth/test/SubjectManagerBeanTest.class */
public class SubjectManagerBeanTest extends AbstractEJB3Test {
    private SubjectManagerLocal subjectManager;
    private AuthorizationManagerLocal authorizationManager;
    private RoleManagerLocal roleManager;
    static final /* synthetic */ boolean $assertionsDisabled;

    @BeforeClass
    public void beforeClass() {
        this.subjectManager = LookupUtil.getSubjectManager();
        this.authorizationManager = LookupUtil.getAuthorizationManager();
        this.roleManager = LookupUtil.getRoleManager();
    }

    @AfterMethod
    public void purgeAllSessions() {
        ArrayList arrayList = new ArrayList();
        arrayList.add("admin");
        arrayList.add("rhqadmin");
        arrayList.add("new_user");
        SessionManager sessionManager = SessionManager.getInstance();
        while (arrayList.size() > 0) {
            try {
                sessionManager.invalidate((String) arrayList.get(0));
                arrayList.remove(0);
            } catch (Throwable th) {
                arrayList.remove(0);
                throw th;
            }
        }
    }

    public void testUserConfiguration() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject createSubject = this.subjectManager.createSubject(overlord, new Subject("dummy-user", true, false));
            if (!$assertionsDisabled && createSubject.getUserConfiguration() != null) {
                throw new AssertionError("There should not be any configuration yet");
            }
            createSubject.setUserConfiguration(new Configuration());
            if (!$assertionsDisabled && createSubject.getUserConfiguration() == null) {
                throw new AssertionError("An empty configuration should have been set");
            }
            if (!$assertionsDisabled && createSubject.getUserConfiguration().getProperties().size() != 0) {
                throw new AssertionError("An empty config should have been set");
            }
            if (!$assertionsDisabled && createSubject.getUserConfiguration().getId() != 0) {
                throw new AssertionError("Configuration wasn't persisted - should not have an ID");
            }
            Subject updateSubject = this.subjectManager.updateSubject(overlord, createSubject);
            Configuration userConfiguration = updateSubject.getUserConfiguration();
            if (!$assertionsDisabled && userConfiguration == null) {
                throw new AssertionError("An empty configuration should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration.getProperties().size() != 0) {
                throw new AssertionError("An empty config should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration.getId() == 0) {
                throw new AssertionError("Configuration was persisted - should have an ID");
            }
            userConfiguration.put(new PropertySimple("firstname", "firstvalue"));
            userConfiguration.put(new PropertySimple("secondname", "secondvalue"));
            if (!$assertionsDisabled && updateSubject.getUserConfiguration() == null) {
                throw new AssertionError("A full configuration should have been set");
            }
            if (!$assertionsDisabled && updateSubject.getUserConfiguration().getProperties().size() != 2) {
                throw new AssertionError("A full config should have been set");
            }
            Subject createSession = createSession(updateSubject);
            Subject updateSubject2 = this.subjectManager.updateSubject(createSession, createSession);
            Configuration userConfiguration2 = updateSubject2.getUserConfiguration();
            if (!$assertionsDisabled && userConfiguration2 == null) {
                throw new AssertionError("A full configuration should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration2.getProperties().size() != 2) {
                throw new AssertionError("A full config should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration2.getId() == 0) {
                throw new AssertionError("Configuration was persisted - should have an ID");
            }
            if (!$assertionsDisabled && !userConfiguration2.getSimple("firstname").getStringValue().equals("firstvalue")) {
                throw new AssertionError("Configuration wasn't persisted properly");
            }
            if (!$assertionsDisabled && !userConfiguration2.getSimple("secondname").getStringValue().equals("secondvalue")) {
                throw new AssertionError("Configuration wasn't persisted properly!");
            }
            Configuration userConfiguration3 = this.subjectManager.loadUserConfiguration(Integer.valueOf(updateSubject2.getId())).getUserConfiguration();
            if (!$assertionsDisabled && userConfiguration3 == null) {
                throw new AssertionError("A full configuration should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration3.getProperties().size() != 2) {
                throw new AssertionError("A full config should have been persisted");
            }
            if (!$assertionsDisabled && userConfiguration3.getId() == 0) {
                throw new AssertionError("Configuration was persisted - should have an ID");
            }
            if (!$assertionsDisabled && !userConfiguration3.getSimple("firstname").getStringValue().equals("firstvalue")) {
                throw new AssertionError("Configuration wasn't persisted properly");
            }
            if (!$assertionsDisabled && !userConfiguration3.getSimple("secondname").getStringValue().equals("secondvalue")) {
                throw new AssertionError("Configuration wasn't persisted properly!");
            }
            updateSubject2.setUserConfiguration((Configuration) null);
            if (!$assertionsDisabled && updateSubject2.getUserConfiguration() != null) {
                throw new AssertionError("There should not be any configuration anymore");
            }
            Subject updateSubject3 = this.subjectManager.updateSubject(overlord, updateSubject2);
            if (!$assertionsDisabled && updateSubject3.getUserConfiguration() != null) {
                throw new AssertionError("An empty configuration should have been persisted");
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testTryToDisableSuperUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject createSession = createSession(this.subjectManager.getSubjectByName("rhqadmin"));
            try {
                overlord.setFactive(false);
                this.subjectManager.updateSubject(createSession, overlord);
            } catch (PermissionException e) {
                overlord.setFactive(true);
            }
            if (!$assertionsDisabled) {
                throw new AssertionError("You should not be able to disable the superuser");
            }
            getTransactionManager().begin();
            try {
                try {
                    createSession.setFactive(false);
                    this.subjectManager.updateSubject(overlord, createSession);
                } catch (PermissionException e2) {
                    createSession.setFactive(true);
                }
                if (!$assertionsDisabled) {
                    throw new AssertionError("You should not be able to delete the rhqadmin user");
                }
                getTransactionManager().rollback();
            } finally {
                getTransactionManager().rollback();
            }
        } finally {
        }
    }

    public void testTryToDeleteSuperUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject createSession = createSession(this.subjectManager.getOverlord());
            Subject createSession2 = createSession(this.subjectManager.getSubjectByName("rhqadmin"));
            try {
                this.subjectManager.deleteUsers(createSession, new int[]{createSession2.getId()});
            } catch (PermissionException e) {
            }
            if (!$assertionsDisabled) {
                throw new AssertionError("You should not be able to delete the rhqadmin user");
            }
            getTransactionManager().begin();
            try {
                this.subjectManager.deleteUsers(createSession2, new int[]{createSession.getId()});
            } catch (PermissionException e2) {
            } catch (Throwable th) {
                getTransactionManager().rollback();
                throw th;
            }
            if (!$assertionsDisabled) {
                throw new AssertionError("You should not be able to delete the superuser");
            }
            getTransactionManager().rollback();
            getTransactionManager().begin();
            try {
                this.subjectManager.changePassword(createSession2, createSession2.getName(), "change-me");
                getTransactionManager().rollback();
            } finally {
                getTransactionManager().rollback();
            }
        } finally {
        }
    }

    public void testSubjects() throws Exception {
        getTransactionManager().begin();
        ArrayList arrayList = new ArrayList();
        arrayList.add(Permission.MANAGE_SECURITY);
        arrayList.add(Permission.MANAGE_INVENTORY);
        arrayList.add(Permission.MANAGE_SETTINGS);
        Subject subjectById = this.subjectManager.getSubjectById(1);
        if (!$assertionsDisabled && subjectById.getId() != 1) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !subjectById.getName().equals("admin")) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.authorizationManager.getExplicitGlobalPermissions(subjectById).containsAll(arrayList)) {
            throw new AssertionError();
        }
        Subject subjectByName = this.subjectManager.getSubjectByName("rhqadmin");
        if (!$assertionsDisabled && subjectByName.getId() != 2) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !subjectByName.getName().equals("rhqadmin")) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.authorizationManager.getExplicitGlobalPermissions(subjectByName).containsAll(arrayList)) {
            throw new AssertionError();
        }
        Subject createSession = createSession(subjectByName);
        Collection<String> findAllUsersWithPrincipals = this.subjectManager.findAllUsersWithPrincipals();
        if (!$assertionsDisabled && findAllUsersWithPrincipals.contains(subjectById.getName())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !findAllUsersWithPrincipals.contains(createSession.getName())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && this.subjectManager.isUserWithPrincipal(subjectById.getName())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !this.subjectManager.isUserWithPrincipal(createSession.getName())) {
            throw new AssertionError();
        }
        SubjectManagerLocal subjectManager = LookupUtil.getSubjectManager();
        Subject subject = null;
        try {
            subject = subjectManager.loginUnauthenticated("rhqadmin");
        } catch (Exception e) {
            if (!$assertionsDisabled) {
                throw new AssertionError("There must be at least rhqadmin user");
            }
        }
        SubjectCriteria subjectCriteria = new SubjectCriteria();
        subjectCriteria.addFilterFsystem(false);
        subjectCriteria.addSortName(PageOrdering.ASC);
        PageList<Subject> findSubjectsByCriteria = subjectManager.findSubjectsByCriteria(subject, subjectCriteria);
        if (!$assertionsDisabled && findSubjectsByCriteria.size() < 1) {
            throw new AssertionError("There must be at least rhqadmin user");
        }
        if (!$assertionsDisabled && findSubjectsByCriteria.contains(subjectById)) {
            throw new AssertionError("The superuser should not have been returned in the list");
        }
        if (!$assertionsDisabled && !findSubjectsByCriteria.contains(createSession)) {
            throw new AssertionError("Missing user [" + createSession + "] from: " + findSubjectsByCriteria);
        }
        Subject subject2 = new Subject();
        subject2.setFsystem(false);
        subject2.setFactive(true);
        subject2.setName("dummy-user");
        subject2.setFirstName("my-firstname");
        subject2.setLastName("my-lastname");
        subject2.setEmailAddress("email@address.com");
        subject2.setPhoneNumber("1-800-555-1212");
        subject2.setSmsAddress("sms address");
        subject2.setDepartment("my-department");
        Subject createSession2 = createSession(subjectManager.createSubject(createSession, subject2));
        if (!$assertionsDisabled && subjectManager.isUserWithPrincipal(createSession2.getName())) {
            throw new AssertionError();
        }
        subjectManager.createPrincipal(subjectManager.getOverlord(), createSession2.getName(), "my-password");
        if (!$assertionsDisabled && !subjectManager.isUserWithPrincipal(createSession2.getName())) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && createSession2.getId() == 0) {
            throw new AssertionError();
        }
        Subject loginUnauthenticated = subjectManager.loginUnauthenticated(createSession2.getName());
        if (!$assertionsDisabled && !loginUnauthenticated.equals(createSession2)) {
            throw new AssertionError();
        }
        subjectManager.changePassword(loginUnauthenticated, loginUnauthenticated.getName(), "my-new-password");
        subjectManager.changePassword(createSession, loginUnauthenticated.getName(), "my-new-password");
        getTransactionManager().commit();
        getTransactionManager().begin();
        try {
            subjectManager.changePassword(loginUnauthenticated, createSession.getName(), "not-allowed");
        } catch (PermissionException e2) {
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
        if (!$assertionsDisabled) {
            throw new AssertionError("The new user does not have permission to change another's password");
        }
        getTransactionManager().rollback();
        getTransactionManager().begin();
        if (!$assertionsDisabled && this.authorizationManager.getExplicitGlobalPermissions(loginUnauthenticated).size() != 0) {
            throw new AssertionError();
        }
        try {
            subjectManager.deleteUsers(loginUnauthenticated, new int[]{loginUnauthenticated.getId()});
        } catch (PermissionException e3) {
            getTransactionManager().rollback();
        } catch (Throwable th2) {
            getTransactionManager().rollback();
            throw th2;
        }
        if (!$assertionsDisabled) {
            throw new AssertionError("The new user should not have had the permission to delete itself");
        }
        getTransactionManager().rollback();
        getTransactionManager().begin();
        if (!$assertionsDisabled && !subjectManager.getSubjectByName(loginUnauthenticated.getName()).equals(loginUnauthenticated)) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && !subjectManager.isUserWithPrincipal(loginUnauthenticated.getName())) {
            throw new AssertionError();
        }
        subjectManager.deleteUsers(createSession, new int[]{loginUnauthenticated.getId()});
        if (!$assertionsDisabled && subjectManager.getSubjectByName(loginUnauthenticated.getName()) != null) {
            throw new AssertionError();
        }
        if (!$assertionsDisabled && subjectManager.isUserWithPrincipal(loginUnauthenticated.getName())) {
            throw new AssertionError();
        }
        getTransactionManager().commit();
    }

    public void testGetSuperUser() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            if (!$assertionsDisabled && overlord.getId() != 1) {
                throw new AssertionError();
            }
            Subject overlord2 = this.subjectManager.getOverlord();
            if (!$assertionsDisabled && overlord2.getId() != 1) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !overlord.equals(overlord2)) {
                throw new AssertionError();
            }
            if (!$assertionsDisabled && !overlord.getSessionId().equals(overlord2.getSessionId())) {
                throw new AssertionError();
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testLoginUnauthenticated() throws Exception {
        getTransactionManager().begin();
        try {
            Subject loginUnauthenticated = this.subjectManager.loginUnauthenticated("rhqadmin");
            int intValue = loginUnauthenticated.getSessionId().intValue();
            Thread.sleep(500L);
            Subject loginUnauthenticated2 = this.subjectManager.loginUnauthenticated("rhqadmin");
            int intValue2 = loginUnauthenticated2.getSessionId().intValue();
            if (!$assertionsDisabled && intValue == intValue2) {
                throw new AssertionError("The same sessionId should never be assigned when logging in twice");
            }
            if (!$assertionsDisabled && !loginUnauthenticated.equals(loginUnauthenticated2)) {
                throw new AssertionError();
            }
            Subject subjectByNameAndSessionId = this.subjectManager.getSubjectByNameAndSessionId("rhqadmin", loginUnauthenticated.getSessionId().intValue());
            if (!$assertionsDisabled && subjectByNameAndSessionId.getSessionId().intValue() != intValue) {
                throw new AssertionError();
            }
            Subject subjectByNameAndSessionId2 = this.subjectManager.getSubjectByNameAndSessionId("rhqadmin", loginUnauthenticated2.getSessionId().intValue());
            if (!$assertionsDisabled && subjectByNameAndSessionId2.getSessionId().intValue() != intValue2) {
                throw new AssertionError();
            }
            this.subjectManager.logout(intValue);
            try {
                this.subjectManager.getSubjectByNameAndSessionId("rhqadmin", loginUnauthenticated.getSessionId().intValue());
            } catch (SessionNotFoundException e) {
            }
            if (!$assertionsDisabled) {
                throw new AssertionError("Session should be invalid");
            }
            Subject subjectByNameAndSessionId3 = this.subjectManager.getSubjectByNameAndSessionId("rhqadmin", loginUnauthenticated2.getSessionId().intValue());
            if (!$assertionsDisabled && subjectByNameAndSessionId3.getSessionId().intValue() != intValue2) {
                throw new AssertionError();
            }
            this.subjectManager.logout(intValue);
            this.subjectManager.logout(intValue2);
            try {
                this.subjectManager.getSubjectByNameAndSessionId("rhqadmin", loginUnauthenticated2.getSessionId().intValue());
                fail("Session should be invalid");
            } catch (SessionNotFoundException e2) {
            }
            try {
                this.subjectManager.loginUnauthenticated("rhqadminX");
            } catch (LoginException e3) {
            }
            if ($assertionsDisabled) {
            } else {
                throw new AssertionError("Should not have logged in - provided a bad username");
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testDeleteUser() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject createSubject = this.subjectManager.createSubject(overlord, new Subject("dummy-user", true, false));
            Role role = new Role("dummy-role");
            RoleManagerLocal roleManager = LookupUtil.getRoleManager();
            Role createRole = roleManager.createRole(overlord, role);
            int[] iArr = {createSubject.getId()};
            roleManager.addSubjectsToRole(overlord, createRole.getId(), iArr);
            if (!$assertionsDisabled && !createRole.getSubjects().contains(createSubject)) {
                throw new AssertionError("New_role does not contain new_user");
            }
            int size = createRole.getSubjects().size();
            this.subjectManager.deleteUsers(overlord, iArr);
            if (!$assertionsDisabled && createRole.getSubjects().size() != size - 1) {
                throw new AssertionError("User was not deleted from new_role");
            }
        } finally {
            getTransactionManager().rollback();
        }
    }

    public void testViewUsersPermission_subjectWithViewUsersRoleCanViewOtherUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject subjectByName = this.subjectManager.getSubjectByName("rhqadmin");
            Role role = new Role("role" + UUID.randomUUID());
            role.addPermission(Permission.VIEW_USERS);
            Role createRole = this.roleManager.createRole(overlord, role);
            Subject subject = new Subject("subject" + UUID.randomUUID(), true, false);
            subject.addRole(createRole);
            Subject loginUnauthenticated = this.subjectManager.loginUnauthenticated(this.subjectManager.createSubject(overlord, subject, "password").getName());
            Subject createSubject = this.subjectManager.createSubject(overlord, new Subject("subject" + UUID.randomUUID(), true, false), "password");
            HashSet hashSet = new HashSet((Collection) this.subjectManager.findSubjectsByCriteria(loginUnauthenticated, new SubjectCriteria()));
            assertTrue(hashSet.contains(loginUnauthenticated));
            assertTrue(hashSet.contains(createSubject));
            assertTrue(hashSet.contains(subjectByName));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    public void testViewUsersPermission_rhqadminCanViewOtherUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject loginUnauthenticated = this.subjectManager.loginUnauthenticated(this.subjectManager.getSubjectByName("rhqadmin").getName());
            Subject createSubject = this.subjectManager.createSubject(overlord, new Subject("subject" + UUID.randomUUID(), true, false), "password");
            HashSet hashSet = new HashSet((Collection) this.subjectManager.findSubjectsByCriteria(loginUnauthenticated, new SubjectCriteria()));
            assertTrue(hashSet.contains(createSubject));
            assertTrue(hashSet.contains(loginUnauthenticated));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    public void testViewUsersPermission_subjectWithNonViewUsersRoleCannotViewOtherUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Role createRole = this.roleManager.createRole(overlord, new Role("role" + UUID.randomUUID()));
            Subject subject = new Subject("subject" + UUID.randomUUID(), true, false);
            subject.addRole(createRole);
            Subject loginUnauthenticated = this.subjectManager.loginUnauthenticated(this.subjectManager.createSubject(overlord, subject, "password").getName());
            this.subjectManager.createSubject(overlord, new Subject("subject" + UUID.randomUUID(), true, false), "password");
            HashSet hashSet = new HashSet((Collection) this.subjectManager.findSubjectsByCriteria(loginUnauthenticated, new SubjectCriteria()));
            assertEquals(1, hashSet.size());
            assertTrue(hashSet.contains(loginUnauthenticated));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    public void testViewUsersPermission_subjectWithNoRolesCannotViewOtherUsers() throws Exception {
        getTransactionManager().begin();
        try {
            Subject overlord = this.subjectManager.getOverlord();
            Subject loginUnauthenticated = this.subjectManager.loginUnauthenticated(this.subjectManager.createSubject(overlord, new Subject("subject" + UUID.randomUUID(), true, false), "password").getName());
            this.subjectManager.createSubject(overlord, new Subject("subject" + UUID.randomUUID(), true, false), "password");
            HashSet hashSet = new HashSet((Collection) this.subjectManager.findSubjectsByCriteria(loginUnauthenticated, new SubjectCriteria()));
            assertEquals(1, hashSet.size());
            assertTrue(hashSet.contains(loginUnauthenticated));
            getTransactionManager().rollback();
        } catch (Throwable th) {
            getTransactionManager().rollback();
            throw th;
        }
    }

    static {
        $assertionsDisabled = !SubjectManagerBeanTest.class.desiredAssertionStatus();
    }
}
