package org.apache.jackrabbit.oak.spi.security.authentication.external;

import com.google.common.base.Predicates;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
import java.security.PrivilegedExceptionAction;
import java.util.Calendar;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.Credentials;
import javax.jcr.NoSuchWorkspaceException;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalPrincipalConfiguration;
import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/AbstractExternalAuthTest.class */
public abstract class AbstractExternalAuthTest extends AbstractSecurityTest {
    protected static final String USER_ID = "testUser";
    protected static final String TEST_CONSTANT_PROPERTY_NAME = "profile/constantProperty";
    protected static final String TEST_CONSTANT_PROPERTY_VALUE = "constant-value";
    protected ExternalIdentityProvider idp;
    protected DefaultSyncConfig syncConfig;
    private Set<String> ids;
    private ContentSession systemSession;
    private Root systemRoot;

    @Rule
    public final OsgiContext context = new OsgiContext();
    protected ExternalPrincipalConfiguration externalPrincipalConfiguration = new ExternalPrincipalConfiguration();

    @Before
    public void before() throws Exception {
        super.before();
        getTestUser();
        this.ids = Sets.newHashSet(getAllAuthorizableIds(getUserManager(this.root)));
        this.idp = createIDP();
        this.syncConfig = createSyncConfig();
    }

    @After
    public void after() throws Exception {
        Authorizable authorizable;
        try {
            destroyIDP();
            this.idp = null;
            if (this.systemSession != null) {
                this.systemSession.close();
            }
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            Iterator<String> allAuthorizableIds = getAllAuthorizableIds(userManager);
            while (allAuthorizableIds.hasNext()) {
                String next = allAuthorizableIds.next();
                if (!this.ids.remove(next) && (authorizable = userManager.getAuthorizable(next)) != null) {
                    authorizable.remove();
                }
            }
            this.root.commit();
            this.root.refresh();
            super.after();
        } catch (Throwable th) {
            this.root.refresh();
            super.after();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void assertException(@NotNull CommitFailedException commitFailedException, @NotNull String str, int i) throws CommitFailedException {
        Assert.assertEquals(str, commitFailedException.getType());
        Assert.assertEquals(i, commitFailedException.getCode());
        throw commitFailedException;
    }

    @NotNull
    private static Iterator<String> getAllAuthorizableIds(@NotNull UserManager userManager) throws Exception {
        return Iterators.filter(Iterators.transform(userManager.findAuthorizables("jcr:primaryType", (String) null), authorizable -> {
            if (authorizable == null) {
                return null;
            }
            try {
                return authorizable.getID();
            } catch (RepositoryException e) {
                return null;
            }
        }), Predicates.notNull());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public SecurityProvider getSecurityProvider() {
        if (this.securityProvider == null) {
            this.securityProvider = TestSecurityProvider.newTestSecurityProvider(getSecurityConfigParameters(), this.externalPrincipalConfiguration);
            this.context.registerInjectActivateService(this.externalPrincipalConfiguration);
        }
        return this.securityProvider;
    }

    @NotNull
    protected ExternalIdentityProvider createIDP() {
        return new TestIdentityProvider();
    }

    protected void destroyIDP() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void addIDPUser(String str) {
        ((TestIdentityProvider) this.idp).addUser(new TestIdentityProvider.TestUser(str, this.idp.getName()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig defaultSyncConfig = new DefaultSyncConfig();
        HashMap hashMap = new HashMap();
        hashMap.put("name", "name");
        hashMap.put("email", "email");
        hashMap.put("profile/name", "profile/name");
        hashMap.put("profile/age", "profile/age");
        hashMap.put(TEST_CONSTANT_PROPERTY_NAME, "\"constant-value\"");
        defaultSyncConfig.user().setPropertyMapping(hashMap);
        defaultSyncConfig.user().setMembershipNestingDepth(1L);
        return defaultSyncConfig;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public Root getSystemRoot() throws Exception {
        if (this.systemRoot == null) {
            this.systemSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, new PrivilegedExceptionAction<ContentSession>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest.1
                /* JADX WARN: Can't rename method to resolve collision */
                @Override // java.security.PrivilegedExceptionAction
                public ContentSession run() throws LoginException, NoSuchWorkspaceException {
                    return AbstractExternalAuthTest.this.getContentRepository().login((Credentials) null, (String) null);
                }
            });
            this.systemRoot = this.systemSession.getLatestRoot();
        }
        return this.systemRoot;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static void waitUntilExpired(@NotNull User user, @NotNull Root root, long j) throws RepositoryException {
        PropertyState property = root.getTree(user.getPath()).getProperty("rep:lastSynced");
        if (property == null || property.count() == 0) {
            return;
        }
        long longValue = ((Long) property.getValue(Type.LONG)).longValue();
        for (long timeInMillis = Calendar.getInstance().getTimeInMillis(); timeInMillis - longValue <= j; timeInMillis = Calendar.getInstance().getTimeInMillis()) {
        }
    }
}
