package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Maps;
import java.security.Principal;
import java.util.Collections;
import java.util.HashMap;
import javax.jcr.Credentials;
import javax.jcr.GuestCredentials;
import javax.jcr.SimpleCredentials;
import javax.security.auth.Subject;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.AbstractLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.ImpersonationCredentials;
import org.apache.jackrabbit.oak.spi.security.authentication.PreAuthenticatedLogin;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.CredentialsCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.RepositoryCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.callback.WhiteboardCallback;
import org.apache.jackrabbit.oak.spi.security.authentication.credentials.CredentialsSupport;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProviderManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.principal.EmptyPrincipalProvider;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalConfiguration;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.apache.jackrabbit.oak.spi.whiteboard.DefaultWhiteboard;
import org.apache.jackrabbit.oak.spi.whiteboard.Whiteboard;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/ExternalLoginModuleTest.class */
public class ExternalLoginModuleTest extends AbstractSecurityTest {
    private final ExternalLoginModule loginModule = new ExternalLoginModule();
    private final Whiteboard wb = (Whiteboard) Mockito.spy(new DefaultWhiteboard());
    private final ExternalIdentityProviderManager extIPMgr = (ExternalIdentityProviderManager) Mockito.mock(ExternalIdentityProviderManager.class);
    private final SyncManager syncManager = (SyncManager) Mockito.mock(SyncManager.class);

    private CallbackHandler createCallbackHandler(@Nullable Whiteboard whiteboard, @Nullable ContentRepository contentRepository, @Nullable SecurityProvider securityProvider, @Nullable Credentials credentials) {
        return callbackArr -> {
            for (Callback callback : callbackArr) {
                if (callback instanceof WhiteboardCallback) {
                    ((WhiteboardCallback) callback).setWhiteboard(whiteboard);
                } else if (callback instanceof RepositoryCallback) {
                    ((RepositoryCallback) callback).setContentRepository(contentRepository);
                    ((RepositoryCallback) callback).setSecurityProvider(securityProvider);
                } else {
                    if (!(callback instanceof CredentialsCallback)) {
                        throw new UnsupportedCallbackException(callback);
                    }
                    ((CredentialsCallback) callback).setCredentials(credentials);
                }
            }
        };
    }

    @Test
    public void testInitializeMissingWhiteboard() throws LoginException {
        this.loginModule.setIdpManager(this.extIPMgr);
        this.loginModule.setSyncManager(this.syncManager);
        this.loginModule.initialize(new Subject(), (CallbackHandler) Mockito.mock(CallbackHandler.class), Collections.emptyMap(), ImmutableMap.of("idp.name", "idp", "sync.handlerName", "syncHandler"));
        ((ExternalIdentityProviderManager) Mockito.verify(this.extIPMgr, Mockito.never())).getProvider("idp");
        ((SyncManager) Mockito.verify(this.syncManager, Mockito.never())).getSyncHandler("syncHandler");
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testInitializeMissingIdpSyncHandler() throws LoginException {
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), Collections.emptyMap(), ImmutableMap.of("idp.name", "idp", "sync.handlerName", "syncHandler"));
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testInitializedUnknownIdpSyncHandlerNames() throws LoginException {
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), Collections.emptyMap(), ImmutableMap.of("idp.name", "idp", "sync.handlerName", "syncHandler"));
        ((ExternalIdentityProviderManager) Mockito.verify(this.extIPMgr, Mockito.times(1))).getProvider("idp");
        ((SyncManager) Mockito.verify(this.syncManager, Mockito.times(1))).getSyncHandler("syncHandler");
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testInitializEmptyIdpName() {
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), Collections.emptyMap(), Collections.singletonMap("idp.name", ""));
        ((ExternalIdentityProviderManager) Mockito.verify(this.extIPMgr, Mockito.never())).getProvider("");
    }

    @Test
    public void testInitializEmptySyncHanderName() {
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), Collections.emptyMap(), Collections.singletonMap("sync.handlerName", ""));
        ((SyncManager) Mockito.verify(this.syncManager, Mockito.never())).getSyncHandler("");
    }

    @Test
    public void testLoginWithoutInit() throws Exception {
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testLoginMissingSyncHandler() throws Exception {
        Mockito.when(this.extIPMgr.getProvider("idpName")).thenReturn(new TestIdentityProvider());
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), Collections.emptyMap(), Collections.singletonMap("idp.name", "idpName"));
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testLoginMissingUserId() throws Exception {
        CredentialsSupport credentialsSupport = (ExternalIdentityProvider) Mockito.mock(ExternalIdentityProvider.class, Mockito.withSettings().extraInterfaces(new Class[]{CredentialsSupport.class}));
        Mockito.when(credentialsSupport.getName()).thenReturn(TestIdentityProvider.DEFAULT_IDP_NAME);
        Mockito.when(credentialsSupport.getUserId((Credentials) ArgumentMatchers.any(Credentials.class))).thenReturn((Object) null);
        Mockito.when(credentialsSupport.getCredentialClasses()).thenReturn(ImmutableSet.of(GuestCredentials.class));
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(credentialsSupport);
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, getContentRepository(), getSecurityProvider(), new GuestCredentials()), new HashMap(), ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertFalse(this.loginModule.login());
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test
    public void testLoginCommitUpdatesSubject() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        newHashMap.put("javax.security.auth.login.attributes", Collections.singletonMap("att", "value"));
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, getContentRepository(), getSecurityProvider(), null);
        Subject subject = new Subject();
        this.loginModule.initialize(subject, createCallbackHandler, newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertTrue(this.loginModule.login());
        Assert.assertTrue(this.loginModule.commit());
        Assert.assertEquals("value", ((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getAttribute("att"));
        this.root.refresh();
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER));
        Assert.assertTrue(this.loginModule.logout());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
    }

    @Test
    public void testLoginCommitEmptyPrincipalSet() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        newHashMap.put("javax.security.auth.login.attributes", Collections.singletonMap("att", "value"));
        PrincipalConfiguration principalConfiguration = (PrincipalConfiguration) Mockito.when(((PrincipalConfiguration) Mockito.mock(PrincipalConfiguration.class)).getPrincipalProvider((Root) ArgumentMatchers.any(Root.class), (NamePathMapper) ArgumentMatchers.any(NamePathMapper.class))).thenReturn(EmptyPrincipalProvider.INSTANCE).getMock();
        SecurityProvider securityProvider = (SecurityProvider) Mockito.spy(getSecurityProvider());
        Mockito.when(securityProvider.getConfiguration(PrincipalConfiguration.class)).thenReturn(principalConfiguration);
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, getContentRepository(), securityProvider, null);
        Principal principalImpl = new PrincipalImpl("preset");
        Subject subject = new Subject();
        subject.getPrincipals().add(principalImpl);
        this.loginModule.initialize(subject, createCallbackHandler, newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertTrue(this.loginModule.login());
        Assert.assertTrue(this.loginModule.commit());
        Assert.assertTrue(subject.getPrincipals().contains(principalImpl));
        Assert.assertFalse(subject.getPublicCredentials(AuthInfo.class).isEmpty());
        Assert.assertTrue(((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getPrincipals().contains(principalImpl));
        Assert.assertTrue(this.loginModule.logout());
        Assert.assertTrue(subject.getPublicCredentials(AuthInfo.class).isEmpty());
        Assert.assertTrue(subject.getPrincipals().contains(principalImpl));
    }

    @Test
    public void testLoginCommitImpersonationCredentials() throws Exception {
        SimpleCredentials simpleCredentials = new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]);
        ImpersonationCredentials impersonationCredentials = new ImpersonationCredentials(simpleCredentials, AuthInfo.EMPTY);
        CredentialsSupport credentialsSupport = (ExternalIdentityProvider) Mockito.mock(ExternalIdentityProvider.class, Mockito.withSettings().extraInterfaces(new Class[]{CredentialsSupport.class}));
        Mockito.when(credentialsSupport.getName()).thenReturn(TestIdentityProvider.DEFAULT_IDP_NAME);
        Mockito.when(credentialsSupport.authenticate(impersonationCredentials)).thenReturn(new TestIdentityProvider.TestUser(TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.DEFAULT_IDP_NAME));
        Mockito.when(credentialsSupport.getUserId((Credentials) ArgumentMatchers.any(Credentials.class))).thenReturn(TestIdentityProvider.ID_TEST_USER);
        Mockito.when(credentialsSupport.getCredentialClasses()).thenReturn(ImmutableSet.of(ImpersonationCredentials.class));
        Mockito.when(credentialsSupport.getAttributes(impersonationCredentials)).thenReturn(ImmutableMap.of("attr", "value"));
        Mockito.when(credentialsSupport.getAttributes(simpleCredentials)).thenReturn(Collections.emptyMap());
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(credentialsSupport);
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, getContentRepository(), getSecurityProvider(), impersonationCredentials);
        Subject subject = new Subject();
        this.loginModule.initialize(subject, createCallbackHandler, Maps.newHashMap(), ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertTrue(this.loginModule.login());
        Assert.assertTrue(this.loginModule.commit());
        Assert.assertNull(((AuthInfo) subject.getPublicCredentials(AuthInfo.class).iterator().next()).getAttribute("attr"));
        Assert.assertTrue(this.loginModule.logout());
        Assert.assertTrue(subject.getPublicCredentials().isEmpty());
        Assert.assertTrue(subject.getPrincipals().isEmpty());
    }

    @Test
    public void testLoginCommitReadonlySubject() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        newHashMap.put("javax.security.auth.login.attributes", Collections.singletonMap("att", "value"));
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, getContentRepository(), getSecurityProvider(), null);
        this.loginModule.initialize(new Subject(true, Collections.emptySet(), Collections.emptySet(), Collections.emptySet()), createCallbackHandler, newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertTrue(this.loginModule.login());
        Assert.assertTrue(this.loginModule.commit());
        this.root.refresh();
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER));
        Assert.assertTrue(this.loginModule.logout());
    }

    @Test(expected = LoginException.class)
    public void testSyncUserMissingRoot() throws LoginException {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, null, null, null), newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        try {
            this.loginModule.login();
        } catch (LoginException e) {
            Assert.assertTrue(e.getCause() instanceof SyncException);
            throw e;
        }
    }

    @Test(expected = LoginException.class)
    public void testSyncUserMissingUserManager() throws LoginException {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, getContentRepository(), (SecurityProvider) Mockito.when(((SecurityProvider) Mockito.mock(SecurityProvider.class)).getConfiguration(UserConfiguration.class)).thenReturn((UserConfiguration) Mockito.mock(UserConfiguration.class)).getMock(), null);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        this.loginModule.initialize(new Subject(), createCallbackHandler, newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        try {
            this.loginModule.login();
        } catch (LoginException e) {
            Assert.assertTrue(e.getCause() instanceof SyncException);
            throw e;
        }
    }

    @Test(expected = LoginException.class)
    public void testSyncUserFailsCommit() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        ContentRepository contentRepository = (ContentRepository) Mockito.spy(getContentRepository());
        ContentSession contentSession = (ContentSession) Mockito.spy(this.adminSession);
        Root root = (Root) Mockito.spy(this.root);
        ((Root) Mockito.doThrow(new Throwable[]{new CommitFailedException("Oak", -1, "error")}).when(root)).commit();
        Mockito.when(Boolean.valueOf(root.hasPendingChanges())).thenReturn(true);
        ((ContentRepository) Mockito.doReturn(contentSession).when(contentRepository)).login((Credentials) null, (String) null);
        Mockito.when(contentSession.getLatestRoot()).thenReturn(root);
        CallbackHandler createCallbackHandler = createCallbackHandler(this.wb, contentRepository, getSecurityProvider(), null);
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin(TestIdentityProvider.ID_TEST_USER));
        this.loginModule.initialize(new Subject(), createCallbackHandler, newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        try {
            this.loginModule.login();
        } catch (LoginException e) {
            Assert.assertTrue(e.getCause() instanceof SyncException);
            throw e;
        }
    }

    @Test
    public void testValidateUser() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin("local"));
        getUserManager(this.root).createUser("local", (String) null).setProperty("rep:externalId", getValueFactory().createValue("local;test"));
        this.root.commit();
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, getContentRepository(), getSecurityProvider(), null), newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        Assert.assertFalse(this.loginModule.login());
        this.root.refresh();
        Assert.assertNull(getUserManager(this.root).getAuthorizable("local"));
        Assert.assertFalse(this.loginModule.commit());
        Assert.assertFalse(this.loginModule.logout());
    }

    @Test(expected = LoginException.class)
    public void testValidateUserFailsCommit() throws Exception {
        Mockito.when(this.extIPMgr.getProvider(TestIdentityProvider.DEFAULT_IDP_NAME)).thenReturn(new TestIdentityProvider());
        Mockito.when(this.syncManager.getSyncHandler("syncHandler")).thenReturn(new DefaultSyncHandler(new DefaultSyncConfigImpl().setName("syncHandler")));
        this.wb.register(ExternalIdentityProviderManager.class, this.extIPMgr, Collections.emptyMap());
        this.wb.register(SyncManager.class, this.syncManager, Collections.emptyMap());
        HashMap newHashMap = Maps.newHashMap();
        newHashMap.put(AbstractLoginModule.SHARED_KEY_PRE_AUTH_LOGIN, new PreAuthenticatedLogin("local"));
        getUserManager(this.root).createUser("local", (String) null).setProperty("rep:externalId", getValueFactory().createValue("local;test"));
        ContentRepository contentRepository = (ContentRepository) Mockito.spy(getContentRepository());
        ContentSession contentSession = (ContentSession) Mockito.spy(this.adminSession);
        Root root = (Root) Mockito.spy(this.root);
        ((Root) Mockito.doThrow(new Throwable[]{new CommitFailedException("Oak", -1, "error")}).when(root)).commit();
        Mockito.when(Boolean.valueOf(root.hasPendingChanges())).thenReturn(true);
        ((ContentRepository) Mockito.doReturn(contentSession).when(contentRepository)).login((Credentials) null, (String) null);
        Mockito.when(contentSession.getLatestRoot()).thenReturn(root);
        this.loginModule.initialize(new Subject(), createCallbackHandler(this.wb, contentRepository, getSecurityProvider(), null), newHashMap, ImmutableMap.of("idp.name", TestIdentityProvider.DEFAULT_IDP_NAME, "sync.handlerName", "syncHandler"));
        try {
            this.loginModule.login();
        } catch (LoginException e) {
            Assert.assertTrue(e.getCause() instanceof SyncException);
            throw e;
        }
    }
}
