package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.PrincipalNameResolver;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest.class */
public class PrincipalResolutionTest extends DynamicSyncContextTest {

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/PrincipalResolutionTest$PrincipalResolvingIDP.class */
    private final class PrincipalResolvingIDP extends TestIdentityProvider implements PrincipalNameResolver {
        private PrincipalResolvingIDP() {
        }

        @NotNull
        public String fromExternalIdentityRef(@NotNull ExternalIdentityRef externalIdentityRef) throws ExternalIdentityException {
            ExternalIdentity identity = getIdentity(externalIdentityRef);
            if (identity == null) {
                throw new ExternalIdentityException();
            }
            return identity.getPrincipalName();
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    protected ExternalIdentityProvider createIDP() {
        return new PrincipalResolvingIDP();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContextTest
    @Test
    public void testSyncMembershipWithUserRef() throws Exception {
        TestIdentityProvider.TestUser testUser = (TestIdentityProvider.TestUser) this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        ImmutableSet copyOf = ImmutableSet.copyOf(testUser.getDeclaredGroups());
        testUser.withGroups(this.idp.getUser(TestIdentityProvider.ID_SECOND_USER).getExternalId());
        Assert.assertFalse(Iterables.elementsEqual(copyOf, testUser.getDeclaredGroups()));
        sync(testUser, SyncResult.Status.ADD);
        assertDynamicMembership(testUser, 1L);
    }
}
