package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import java.security.Principal;
import java.util.Collections;
import java.util.Iterator;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.stream.Stream;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.AutoMembershipConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/PrincipalProviderAutoMembershipTest.class */
public class PrincipalProviderAutoMembershipTest extends ExternalGroupPrincipalProviderTest {
    private static final String USER_AUTO_MEMBERSHIP_GROUP_ID = "testGroup-" + UUID.randomUUID();
    private static final String USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME = "p-" + USER_AUTO_MEMBERSHIP_GROUP_ID;
    private static final String GROUP_AUTO_MEMBERSHIP_GROUP_ID = "testGroup2-" + UUID.randomUUID();
    private static final String GROUP_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME = "p-" + GROUP_AUTO_MEMBERSHIP_GROUP_ID;
    private static final String CONFIG_AUTO_MEMBERSHIP_GROUP_ID = "testGroup3-" + UUID.randomUUID();
    private static final String CONFIG_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME = "p-" + CONFIG_AUTO_MEMBERSHIP_GROUP_ID;
    private static final String NON_EXISTING_GROUP_ID = "nonExistingGroup";
    private static final String NON_EXISTING_GROUP_ID2 = "nonExistingGroup2";
    private final AutoMembershipConfig amc = (AutoMembershipConfig) Mockito.when(((AutoMembershipConfig) Mockito.mock(AutoMembershipConfig.class)).getAutoMembership((Authorizable) ArgumentMatchers.any(Authorizable.class))).thenReturn(Collections.singleton(CONFIG_AUTO_MEMBERSHIP_GROUP_ID)).getMock();
    private Group userAutoMembershipGroup;
    private Group groupAutoMembershipGroup;
    private Group configAutoMembershipGroup;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.userAutoMembershipGroup = getUserManager(this.root).createGroup(USER_AUTO_MEMBERSHIP_GROUP_ID, new PrincipalImpl(USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME), (String) null);
        this.groupAutoMembershipGroup = getUserManager(this.root).createGroup(GROUP_AUTO_MEMBERSHIP_GROUP_ID, new PrincipalImpl(GROUP_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME), (String) null);
        this.configAutoMembershipGroup = getUserManager(this.root).createGroup(CONFIG_AUTO_MEMBERSHIP_GROUP_ID, new PrincipalImpl(CONFIG_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME), (String) null);
        this.root.commit();
        ((AutoMembershipConfig) Mockito.verify(this.amc, Mockito.times(2))).getAutoMembership((Authorizable) ArgumentMatchers.any(Authorizable.class));
        Mockito.clearInvocations(new AutoMembershipConfig[]{this.amc});
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setAutoMembership(new String[]{USER_AUTO_MEMBERSHIP_GROUP_ID, NON_EXISTING_GROUP_ID, TestIdentityProvider.ID_TEST_USER});
        createSyncConfig.group().setAutoMembership(new String[]{GROUP_AUTO_MEMBERSHIP_GROUP_ID, NON_EXISTING_GROUP_ID2});
        createSyncConfig.user().setAutoMembershipConfig(getAutoMembershipConfig());
        return createSyncConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest
    public AutoMembershipConfig getAutoMembershipConfig() {
        return this.amc;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalGroupPrincipalProviderTest
    @NotNull
    public Set<Principal> getExpectedGroupPrincipals(@NotNull String str) throws Exception {
        ImmutableSet.Builder add = ImmutableSet.builder().addAll(super.getExpectedGroupPrincipals(str)).add(this.userAutoMembershipGroup.getPrincipal()).add(this.groupAutoMembershipGroup.getPrincipal());
        if (TestIdentityProvider.ID_TEST_USER.equals(str)) {
            add.add(this.configAutoMembershipGroup.getPrincipal());
        }
        return add.build();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalGroupPrincipalProviderTest
    @NotNull
    Set<Principal> getExpectedAllSearchResult(@NotNull String str) throws Exception {
        return super.getExpectedGroupPrincipals(str);
    }

    @Test
    public void testGetAutoMembershipPrincipal() throws Exception {
        Assert.assertNull(this.principalProvider.getPrincipal(this.userAutoMembershipGroup.getPrincipal().getName()));
        Assert.assertNull(this.principalProvider.getPrincipal(this.groupAutoMembershipGroup.getPrincipal().getName()));
        Assert.assertNull(this.principalProvider.getPrincipal(USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME));
        Assert.assertNull(this.principalProvider.getPrincipal(USER_AUTO_MEMBERSHIP_GROUP_ID));
        Assert.assertNull(this.principalProvider.getPrincipal(GROUP_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME));
        Assert.assertNull(this.principalProvider.getPrincipal(GROUP_AUTO_MEMBERSHIP_GROUP_ID));
        Assert.assertNull(this.principalProvider.getPrincipal(CONFIG_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME));
        Assert.assertNull(this.principalProvider.getPrincipal(CONFIG_AUTO_MEMBERSHIP_GROUP_ID));
        Assert.assertNull(this.principalProvider.getPrincipal(NON_EXISTING_GROUP_ID));
        Mockito.verifyNoInteractions(new Object[]{this.amc});
    }

    @Test
    public void testGetGroupPrincipals() throws Exception {
        Set<Principal> expectedGroupPrincipals = getExpectedGroupPrincipals(TestIdentityProvider.ID_TEST_USER);
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        Set membershipPrincipals = this.principalProvider.getMembershipPrincipals(authorizable.getPrincipal());
        Assert.assertTrue(membershipPrincipals.contains(this.userAutoMembershipGroup.getPrincipal()));
        Assert.assertTrue(membershipPrincipals.contains(this.groupAutoMembershipGroup.getPrincipal()));
        Assert.assertTrue(membershipPrincipals.contains(this.configAutoMembershipGroup.getPrincipal()));
        Assert.assertFalse(membershipPrincipals.contains(authorizable.getPrincipal()));
        Assert.assertEquals(expectedGroupPrincipals, membershipPrincipals);
    }

    @Test
    public void testGetGroupPrincipalsTwice() throws Exception {
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        Assert.assertEquals(this.principalProvider.getMembershipPrincipals(authorizable.getPrincipal()), this.principalProvider.getMembershipPrincipals(authorizable.getPrincipal()));
    }

    @Test
    public void testGetGroupPrincipalsIgnoresNonGroupPrincipals() throws Exception {
        UserConfiguration userConfiguration = (UserConfiguration) Mockito.spy(getUserConfiguration());
        UserManager userManager = (UserManager) Mockito.spy(getUserManager(this.root));
        Group group = (Group) Mockito.when(((Group) Mockito.mock(Group.class)).getPrincipal()).thenReturn(new PrincipalImpl(USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME)).getMock();
        Mockito.when(Boolean.valueOf(group.isGroup())).thenReturn(true);
        Mockito.when(userManager.getAuthorizable(USER_AUTO_MEMBERSHIP_GROUP_ID)).thenReturn(group);
        Mockito.when(userConfiguration.getUserManager(this.root, NamePathMapper.DEFAULT)).thenReturn(userManager);
        Stream map = createPrincipalProvider(userConfiguration, getAutoMembership(), getAutoMembershipConfig()).getMembershipPrincipals(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPrincipal()).stream().map((v0) -> {
            return v0.getName();
        });
        String str = USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME;
        Objects.requireNonNull(str);
        Assert.assertTrue(map.noneMatch((v1) -> {
            return r1.equals(v1);
        }));
    }

    @Test
    public void testGetPrincipals() throws Exception {
        Set<Principal> expectedGroupPrincipals = getExpectedGroupPrincipals(TestIdentityProvider.ID_TEST_USER);
        Set principals = this.principalProvider.getPrincipals(TestIdentityProvider.ID_TEST_USER);
        Assert.assertTrue(principals.contains(this.userAutoMembershipGroup.getPrincipal()));
        Assert.assertTrue(principals.contains(this.groupAutoMembershipGroup.getPrincipal()));
        Assert.assertTrue(principals.contains(this.configAutoMembershipGroup.getPrincipal()));
        Assert.assertFalse(principals.contains(getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPrincipal()));
        Assert.assertEquals(expectedGroupPrincipals, principals);
    }

    @Test
    public void testFindPrincipalsByHint() throws Exception {
        Iterator it = ImmutableList.of(USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME, GROUP_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME, USER_AUTO_MEMBERSHIP_GROUP_ID, GROUP_AUTO_MEMBERSHIP_GROUP_ID, USER_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME.substring(1, 6), GROUP_AUTO_MEMBERSHIP_GROUP_PRINCIPAL_NAME.substring(1, 6)).iterator();
        while (it.hasNext()) {
            Iterator findPrincipals = this.principalProvider.findPrincipals((String) it.next(), 2);
            Assert.assertFalse(Iterators.contains(findPrincipals, this.userAutoMembershipGroup.getPrincipal()));
            Assert.assertFalse(Iterators.contains(findPrincipals, this.groupAutoMembershipGroup.getPrincipal()));
            Assert.assertFalse(Iterators.contains(findPrincipals, new PrincipalImpl(NON_EXISTING_GROUP_ID)));
        }
    }
}
