package org.apache.jackrabbit.oak.spi.security.authentication.external.basic;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.annotation.CheckForNull;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.plugins.value.ValueFactoryImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest.class */
public class DefaultSyncContextTest extends AbstractSecurityTest {
    private DefaultSyncContext syncCtx;
    private TestIdentityProvider idp = new TestIdentityProvider();
    private DefaultSyncConfig config = new DefaultSyncConfig();
    private List<String> authorizableIds = new ArrayList();

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/basic/DefaultSyncContextTest$TestExternalIdentity.class */
    private final class TestExternalIdentity implements ExternalIdentity {
        private TestExternalIdentity() {
        }

        @Nonnull
        public ExternalIdentityRef getExternalId() {
            return new ExternalIdentityRef(getId(), DefaultSyncContextTest.this.idp.getName());
        }

        @Nonnull
        public String getId() {
            return "externalId";
        }

        @Nonnull
        public String getPrincipalName() {
            return "principalName";
        }

        @CheckForNull
        public String getIntermediatePath() {
            return null;
        }

        @Nonnull
        public Iterable<ExternalIdentityRef> getDeclaredGroups() {
            return ImmutableSet.of();
        }

        @Nonnull
        public Map<String, ?> getProperties() {
            return ImmutableMap.of();
        }
    }

    @Before
    public void before() throws Exception {
        super.before();
        this.syncCtx = new DefaultSyncContext(this.config, this.idp, getUserManager(this.root), new ValueFactoryImpl(this.root, NamePathMapper.DEFAULT));
    }

    @After
    public void after() throws Exception {
        try {
            this.syncCtx.close();
            UserManager userManager = getUserManager(this.root);
            Iterator concat = Iterators.concat(this.idp.listGroups(), this.idp.listUsers());
            while (concat.hasNext()) {
                Authorizable authorizable = userManager.getAuthorizable(((ExternalIdentity) concat.next()).getId());
                if (authorizable != null) {
                    authorizable.remove();
                }
            }
            Iterator<String> it = this.authorizableIds.iterator();
            while (it.hasNext()) {
                Authorizable authorizable2 = userManager.getAuthorizable(it.next());
                if (authorizable2 != null) {
                    authorizable2.remove();
                }
            }
            this.root.commit();
            super.after();
        } catch (Throwable th) {
            super.after();
            throw th;
        }
    }

    private Group createTestGroup() throws Exception {
        Group createGroup = getUserManager(this.root).createGroup("group" + UUID.randomUUID());
        this.authorizableIds.add(createGroup.getID());
        return createGroup;
    }

    private void setExternalID(@Nonnull Authorizable authorizable, @Nullable String str) throws RepositoryException {
        authorizable.setProperty("rep:externalId", getValueFactory().createValue(authorizable.getID() + ';' + str));
    }

    @Test(expected = IllegalArgumentException.class)
    public void testSyncInvalidExternalIdentity() throws Exception {
        this.syncCtx.sync(new TestExternalIdentity());
    }

    @Test
    public void testSyncExternalUser() throws Exception {
        ExternalUser next = this.idp.listUsers().next();
        Assert.assertNotNull(next);
        Assert.assertEquals(SyncResult.Status.ADD, this.syncCtx.sync(next).getStatus());
        Assert.assertEquals(SyncResult.Status.NOP, this.syncCtx.sync(next).getStatus());
        this.syncCtx.setForceUserSync(true);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(next).getStatus());
    }

    @Test
    public void testSyncExternalGroup() throws Exception {
        ExternalGroup next = this.idp.listGroups().next();
        Assert.assertNotNull(next);
        Assert.assertEquals(SyncResult.Status.ADD, this.syncCtx.sync(next).getStatus());
        Assert.assertEquals(SyncResult.Status.NOP, this.syncCtx.sync(next).getStatus());
        this.syncCtx.setForceGroupSync(true);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(next).getStatus());
    }

    @Test
    public void testSyncUserById() throws Exception {
        ExternalIdentity next = this.idp.listUsers().next();
        Assert.assertEquals(SyncResult.Status.NO_SUCH_AUTHORIZABLE, this.syncCtx.sync(next.getId()).getStatus());
        this.syncCtx.sync(next);
        this.syncCtx.setForceUserSync(true);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(next.getId()).getStatus());
    }

    @Test
    public void testSyncRemovedUserById() throws Exception {
        User createUser = getUserManager(this.root).createUser("test" + UUID.randomUUID(), (String) null);
        String id = createUser.getID();
        this.authorizableIds.add(id);
        setExternalID(createUser, this.idp.getName());
        this.syncCtx.setKeepMissing(true);
        Assert.assertEquals(SyncResult.Status.MISSING, this.syncCtx.sync(id).getStatus());
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(id));
        this.syncCtx.setKeepMissing(false);
        Assert.assertEquals(SyncResult.Status.DELETE, this.syncCtx.sync(id).getStatus());
        Assert.assertNull(getUserManager(this.root).getAuthorizable(id));
    }

    @Test
    public void testSyncGroupById() throws Exception {
        ExternalIdentity next = this.idp.listGroups().next();
        Assert.assertEquals(SyncResult.Status.NO_SUCH_AUTHORIZABLE, this.syncCtx.sync(next.getId()).getStatus());
        this.syncCtx.sync(next);
        this.syncCtx.setForceGroupSync(true);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(next.getId()).getStatus());
    }

    @Test
    public void testSyncRemovedGroupById() throws Exception {
        Group createTestGroup = createTestGroup();
        String id = createTestGroup.getID();
        setExternalID(createTestGroup, this.idp.getName());
        this.syncCtx.setKeepMissing(true);
        Assert.assertEquals(SyncResult.Status.MISSING, this.syncCtx.sync(id).getStatus());
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(id));
        this.syncCtx.setKeepMissing(false);
        Assert.assertEquals(SyncResult.Status.DELETE, this.syncCtx.sync(id).getStatus());
        Assert.assertNull(getUserManager(this.root).getAuthorizable(id));
    }

    @Test
    public void testSyncRemovedGroupWithMembers() throws Exception {
        Group createTestGroup = createTestGroup();
        createTestGroup.addMember(getTestUser());
        String id = createTestGroup.getID();
        setExternalID(createTestGroup, this.idp.getName());
        this.syncCtx.setKeepMissing(true);
        Assert.assertEquals(SyncResult.Status.NOP, this.syncCtx.sync(id).getStatus());
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(id));
        this.syncCtx.setKeepMissing(false);
        Assert.assertEquals(SyncResult.Status.NOP, this.syncCtx.sync(id).getStatus());
        Assert.assertNotNull(getUserManager(this.root).getAuthorizable(id));
    }

    @Test
    public void testSyncByForeignId() throws Exception {
        Assert.assertEquals(SyncResult.Status.FOREIGN, this.syncCtx.sync(getTestUser().getID()).getStatus());
    }

    @Test
    public void testSyncByForeignId2() throws Exception {
        User testUser = getTestUser();
        setExternalID(testUser, "differentIDP");
        Assert.assertEquals(SyncResult.Status.FOREIGN, this.syncCtx.sync(testUser.getID()).getStatus());
    }

    @Test
    public void testSyncAutoMembership() throws Exception {
        Group createTestGroup = createTestGroup();
        this.config.user().setAutoMembership(new String[]{createTestGroup.getID()});
        SyncResult sync = this.syncCtx.sync(this.idp.listUsers().next());
        Assert.assertEquals(SyncResult.Status.ADD, sync.getStatus());
        Assert.assertTrue(createTestGroup.isDeclaredMember(getUserManager(this.root).getAuthorizable(sync.getIdentity().getId())));
    }

    @Test
    public void testSyncAutoMembershipListsNonExistingGroup() throws Exception {
        this.config.user().setAutoMembership(new String[]{"nonExistingGroup"});
        Assert.assertEquals(SyncResult.Status.ADD, this.syncCtx.sync(this.idp.listUsers().next()).getStatus());
    }

    @Test
    public void testSyncAutoMembershipListsUser() throws Exception {
        this.config.user().setAutoMembership(new String[]{getTestUser().getID()});
        this.syncCtx.sync(this.idp.listUsers().next());
    }

    @Test
    public void testLostMembership() throws Exception {
        Group createTestGroup = createTestGroup();
        setExternalID(createTestGroup, this.idp.getName());
        User authorizable = getUserManager(this.root).getAuthorizable(this.syncCtx.sync(this.idp.listUsers().next()).getIdentity().getId(), User.class);
        createTestGroup.addMember(authorizable);
        this.root.commit();
        this.syncCtx.setForceUserSync(true);
        this.config.user().setMembershipExpirationTime(-1L);
        this.config.user().setMembershipNestingDepth(-1L);
        this.syncCtx.sync(authorizable.getID()).getStatus();
        Assert.assertTrue(createTestGroup.isDeclaredMember(authorizable));
        this.config.user().setMembershipNestingDepth(1L);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(authorizable.getID()).getStatus());
        Assert.assertFalse(createTestGroup.isDeclaredMember(authorizable));
    }

    @Test
    public void testLostMembershipDifferentIDP() throws Exception {
        Group createTestGroup = createTestGroup();
        setExternalID(createTestGroup, "differentIDP");
        User authorizable = getUserManager(this.root).getAuthorizable(this.syncCtx.sync(this.idp.listUsers().next()).getIdentity().getId(), User.class);
        createTestGroup.addMember(authorizable);
        this.root.commit();
        this.syncCtx.setForceUserSync(true);
        this.config.user().setMembershipExpirationTime(-1L);
        this.config.user().setMembershipNestingDepth(1L);
        Assert.assertEquals(SyncResult.Status.UPDATE, this.syncCtx.sync(authorizable.getID()).getStatus());
        Assert.assertTrue(createTestGroup.isDeclaredMember(authorizable));
    }
}
