package org.jpasecurity.security;

import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.EntityManagerFactory;
import javax.persistence.FlushModeType;
import javax.persistence.Persistence;
import javax.persistence.PersistenceException;
import javax.persistence.Query;
import org.jpasecurity.model.FieldAccessAnnotationTestBean;
import org.jpasecurity.model.MethodAccessAnnotationTestBean;
import org.jpasecurity.persistence.ParentChildTestData;
import org.jpasecurity.security.authentication.TestSecurityContext;
import org.junit.After;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/jpasecurity/security/AccessCheckTest.class */
public class AccessCheckTest {
    private static final String CREATOR = "creator";
    private static final String USER = "user";
    private static final String USER1 = "user1";
    private static final String USER2 = "user2";
    private static final String ADMIN = "admin";
    private static final String CHILD = "child";
    private static final String GRANDCHILD = "grandchild";

    @Test
    public void create() {
        TestSecurityContext.authenticate(CREATOR, new Object[]{CREATOR});
        EntityManagerFactory createEntityManagerFactory = Persistence.createEntityManagerFactory("access-check");
        EntityManager createEntityManager = createEntityManagerFactory.createEntityManager();
        createEntityManager.getTransaction().begin();
        FieldAccessAnnotationTestBean fieldAccessAnnotationTestBean = new FieldAccessAnnotationTestBean("user");
        FieldAccessAnnotationTestBean fieldAccessAnnotationTestBean2 = new FieldAccessAnnotationTestBean(CHILD);
        FieldAccessAnnotationTestBean fieldAccessAnnotationTestBean3 = new FieldAccessAnnotationTestBean(GRANDCHILD);
        fieldAccessAnnotationTestBean2.setParentBean(fieldAccessAnnotationTestBean);
        fieldAccessAnnotationTestBean.getChildBeans().add(fieldAccessAnnotationTestBean2);
        fieldAccessAnnotationTestBean3.setParentBean(fieldAccessAnnotationTestBean2);
        fieldAccessAnnotationTestBean2.getChildBeans().add(fieldAccessAnnotationTestBean3);
        FieldAccessAnnotationTestBean fieldAccessAnnotationTestBean4 = (FieldAccessAnnotationTestBean) createEntityManager.merge(fieldAccessAnnotationTestBean);
        createEntityManager.getTransaction().commit();
        createEntityManager.close();
        try {
            try {
                createEntityManager = createEntityManagerFactory.createEntityManager();
                createEntityManager.getTransaction().begin();
                createEntityManager.merge(fieldAccessAnnotationTestBean4);
                createEntityManager.getTransaction().commit();
                Assert.fail("expected SecurityException");
                createEntityManager.close();
            } catch (SecurityException e) {
                createEntityManager.getTransaction().rollback();
                createEntityManager.close();
            }
        } catch (Throwable th) {
            createEntityManager.close();
            throw th;
        }
    }

    @Test
    public void update() {
        TestSecurityContext.authenticate(ADMIN, new Object[]{ADMIN});
        EntityManagerFactory createEntityManagerFactory = Persistence.createEntityManagerFactory("access-check");
        EntityManager createEntityManager = createEntityManagerFactory.createEntityManager();
        createEntityManager.getTransaction().begin();
        FieldAccessAnnotationTestBean fieldAccessAnnotationTestBean = new FieldAccessAnnotationTestBean("user");
        createEntityManager.persist(fieldAccessAnnotationTestBean);
        createEntityManager.getTransaction().commit();
        createEntityManager.close();
        TestSecurityContext.authenticate("user", new Object[0]);
        EntityManager createEntityManager2 = createEntityManagerFactory.createEntityManager();
        createEntityManager2.getTransaction().begin();
        try {
            ((FieldAccessAnnotationTestBean) createEntityManager2.find(FieldAccessAnnotationTestBean.class, Integer.valueOf(fieldAccessAnnotationTestBean.getIdentifier()))).setBeanName("new BeanName");
            createEntityManager2.getTransaction().commit();
            Assert.fail("expected security exception");
        } catch (PersistenceException e) {
            Assert.assertEquals(SecurityException.class, e.getCause().getClass());
            if (createEntityManager2.getTransaction().isActive()) {
                createEntityManager2.getTransaction().rollback();
            }
        }
        createEntityManager2.close();
    }

    @Test
    public void hibernateWith() {
        TestSecurityContext.authenticate(ADMIN, new Object[]{ADMIN});
        EntityManagerFactory createEntityManagerFactory = Persistence.createEntityManagerFactory("with-clause");
        EntityManager createEntityManager = createEntityManagerFactory.createEntityManager();
        createEntityManager.getTransaction().begin();
        new ParentChildTestData(createEntityManager).createPermutations("user1", "user2");
        createEntityManager.getTransaction().commit();
        createEntityManager.close();
        TestSecurityContext.authenticate("user1", new Object[0]);
        EntityManager createEntityManager2 = createEntityManagerFactory.createEntityManager();
        Query createQuery = createEntityManager2.createQuery("SELECT mbean FROM MethodAccessAnnotationTestBean mbean WHERE mbean.name = :name");
        createQuery.setParameter("name", "user1");
        List resultList = createQuery.getResultList();
        Assert.assertEquals(1L, resultList.size());
        TestSecurityContext.authenticate(ADMIN, new Object[]{ADMIN});
        MethodAccessAnnotationTestBean methodAccessAnnotationTestBean = (MethodAccessAnnotationTestBean) resultList.iterator().next();
        Assert.assertEquals("user1", methodAccessAnnotationTestBean.getName());
        Assert.assertEquals("user2", ((MethodAccessAnnotationTestBean) methodAccessAnnotationTestBean.getParent()).getName());
        try {
            TestSecurityContext.authenticate("user1", new Object[0]);
            createEntityManager2.getTransaction().begin();
            ((MethodAccessAnnotationTestBean) methodAccessAnnotationTestBean.getParent()).setName("user1");
            createEntityManager2.getTransaction().commit();
            Assert.fail("expected SecurityException");
        } catch (PersistenceException e) {
            Assert.assertEquals(SecurityException.class, e.getCause().getClass());
        }
        createEntityManager2.close();
    }

    @Test
    @Ignore("TODO replace persistence provider")
    public void aliasRules() {
        TestSecurityContext.authenticate("user", new Object[0]);
        EntityManager createEntityManager = Persistence.createEntityManagerFactory("alias").createEntityManager();
        EntityManager entityManager = (EntityManager) createEntityManager.getDelegate();
        Mockito.reset(new EntityManager[]{entityManager});
        Mockito.when(Boolean.valueOf(entityManager.isOpen())).thenReturn(true);
        Mockito.when(entityManager.getFlushMode()).thenReturn(FlushModeType.AUTO);
        Mockito.when(entityManager.createQuery(" SELECT c.text,  SUM(c.id)  AS cSum FROM Contact c WHERE (c.owner.name = :name) AND (c.owner.name = 'user') GROUP BY c.text  ORDER BY cSum")).thenReturn(Mockito.mock(Query.class));
        createEntityManager.createQuery("SELECT c.text, SUM(c.id) AS cSum FROM Contact AS c WHERE c.owner.name = :name GROUP BY c.text ORDER BY cSum");
        ((EntityManager) Mockito.verify(entityManager)).createQuery(" SELECT c.text,  SUM(c.id)  AS cSum FROM Contact c WHERE (c.owner.name = :name) AND (c.owner.name = 'user') GROUP BY c.text  ORDER BY cSum");
    }

    @After
    public void logout() {
        TestSecurityContext.authenticate(null, new Object[0]);
    }
}
