package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.AutoMembershipConfig;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipPrincipalsTest.class */
public class AutoMembershipPrincipalsTest extends AbstractAutoMembershipTest {
    static final String AUTOMEMBERSHIP_GROUP_ID_3 = "autoMembershipGroupId_3";
    private AutoMembershipPrincipals amp;
    private Group automembershipGroup3;
    private final Authorizable authorizable = (Authorizable) Mockito.mock(Authorizable.class);
    private final AutoMembershipConfig amConfig = (AutoMembershipConfig) Mockito.mock(AutoMembershipConfig.class);

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        this.amp = new AutoMembershipPrincipals(this.userManager, MAPPING, getAutoMembershipConfigMapping());
        this.automembershipGroup3 = this.userManager.createGroup(AUTOMEMBERSHIP_GROUP_ID_3);
        this.root.commit();
        Mockito.when(this.amConfig.getAutoMembership(this.authorizable)).thenReturn(ImmutableSet.of(this.automembershipGroup3.getID()));
        Mockito.when(this.amConfig.getAutoMembers((UserManager) ArgumentMatchers.any(UserManager.class), (Group) ArgumentMatchers.any(Group.class))).thenReturn(Iterators.emptyIterator());
        Mockito.when(this.amConfig.getAutoMembers(this.userManager, this.automembershipGroup3)).thenReturn(Iterators.singletonIterator(this.authorizable));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @After
    public void after() throws Exception {
        try {
            this.automembershipGroup3.remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest
    public Map<String, AutoMembershipConfig> getAutoMembershipConfigMapping() {
        return Collections.singletonMap("idp1", this.amConfig);
    }

    @Test
    public void testGetPrincipalsUnknownIdp() {
        Assert.assertTrue(this.amp.getAutoMembership("unknown", this.authorizable).isEmpty());
        Mockito.verifyNoInteractions(new Object[]{this.authorizable, this.amConfig});
    }

    @Test
    public void testGetPrincipalsUnknownGroup() {
        Assert.assertTrue(this.amp.getAutoMembership("idp2", this.authorizable).isEmpty());
        Mockito.verifyNoInteractions(new Object[]{this.authorizable, this.amConfig});
    }

    @Test
    public void testGetPrincipalsMultipleGroups() throws Exception {
        Mockito.when(this.amConfig.getAutoMembership(this.authorizable)).thenReturn(Collections.emptySet());
        Collection autoMembership = this.amp.getAutoMembership("idp1", this.authorizable);
        Assert.assertFalse(autoMembership.isEmpty());
        HashSet newHashSet = Sets.newHashSet(new Principal[]{this.automembershipGroup1.getPrincipal(), this.automembershipGroup2.getPrincipal()});
        Assert.assertEquals(newHashSet, autoMembership);
        Mockito.when(this.amConfig.getAutoMembership(this.authorizable)).thenReturn(ImmutableSet.of(this.automembershipGroup3.getID()));
        Collection autoMembership2 = this.amp.getAutoMembership("idp1", this.authorizable);
        Assert.assertFalse(autoMembership2.isEmpty());
        newHashSet.add(this.automembershipGroup3.getPrincipal());
        Assert.assertEquals(newHashSet, autoMembership2);
        Mockito.verifyNoInteractions(new Object[]{this.authorizable});
        ((AutoMembershipConfig) Mockito.verify(this.amConfig, Mockito.times(2))).getAutoMembership(this.authorizable);
    }

    @Test
    public void testGetPrincipalsMixed() throws Exception {
        Collection autoMembership = this.amp.getAutoMembership("idp3", this.authorizable);
        Assert.assertFalse(autoMembership.isEmpty());
        Assert.assertEquals(ImmutableSet.of(this.automembershipGroup1.getPrincipal()), ImmutableSet.copyOf(autoMembership));
        Mockito.verifyNoInteractions(new Object[]{this.authorizable, this.amConfig});
    }

    @Test
    public void testGroupLookupFails() throws Exception {
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        Mockito.when(userManager.getAuthorizable(ArgumentMatchers.anyString())).thenThrow(new Throwable[]{new RepositoryException()});
        Assert.assertTrue(new AutoMembershipPrincipals(userManager, MAPPING, getAutoMembershipConfigMapping()).getAutoMembership("idp1", this.authorizable).isEmpty());
        Mockito.verifyNoInteractions(new Object[]{this.authorizable});
        ((AutoMembershipConfig) Mockito.verify(this.amConfig)).getAutoMembership(this.authorizable);
        Mockito.verifyNoMoreInteractions(new Object[]{this.amConfig});
    }

    @Test
    public void testEmptyMapping() {
        Map map = (Map) Mockito.spy(new HashMap());
        Map map2 = (Map) Mockito.spy(new HashMap());
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        AutoMembershipPrincipals autoMembershipPrincipals = new AutoMembershipPrincipals(userManager, map, map2);
        Assert.assertTrue(autoMembershipPrincipals.getAutoMembership("idp1", this.authorizable).isEmpty());
        ((Map) Mockito.verify(map, Mockito.times(1))).size();
        ((Map) Mockito.verify(map, Mockito.times(1))).get("idp1");
        Mockito.verifyNoMoreInteractions(new Object[]{map});
        ((Map) Mockito.verify(map2, Mockito.times(1))).get("idp1");
        Mockito.verifyNoMoreInteractions(new Object[]{map2});
        Assert.assertTrue(autoMembershipPrincipals.getConfiguredIdpNames(() -> {
            return "autoMembershipGroupId_1";
        }).isEmpty());
        ((Map) Mockito.verify(map, Mockito.times(1))).get("idp1");
        Mockito.verifyNoMoreInteractions(new Object[]{map2});
        Mockito.clearInvocations(new Map[]{map, map2});
        Assert.assertFalse(autoMembershipPrincipals.isMember("idp1", AUTOMEMBERSHIP_GROUP_ID_3, this.authorizable));
        ((Map) Mockito.verify(map)).get("idp1");
        ((Map) Mockito.verify(map2)).get("idp1");
        Mockito.verifyNoMoreInteractions(new Object[]{map, map2});
        Mockito.verifyNoInteractions(new Object[]{userManager, this.authorizable});
    }

    @Test
    public void testEmptyMapping2() {
        Map map = (Map) Mockito.spy(new HashMap());
        Map map2 = (Map) Mockito.spy(new HashMap());
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        AutoMembershipPrincipals autoMembershipPrincipals = new AutoMembershipPrincipals(userManager, map, map2);
        Assert.assertTrue(autoMembershipPrincipals.getConfiguredIdpNames(() -> {
            return "autoMembershipGroupId_1";
        }).isEmpty());
        Assert.assertTrue(autoMembershipPrincipals.getConfiguredIdpNames(() -> {
            return "autoMembershipGroupId_2";
        }).isEmpty());
        Assert.assertTrue(autoMembershipPrincipals.getConfiguredIdpNames(() -> {
            return "nonExistingGroupId";
        }).isEmpty());
        ((Map) Mockito.verify(map, Mockito.times(3))).isEmpty();
        ((Map) Mockito.verify(map)).size();
        Mockito.verifyNoMoreInteractions(new Object[]{map});
        Mockito.verifyNoInteractions(new Object[]{map2});
        Assert.assertTrue(autoMembershipPrincipals.getAutoMembership("idp1", this.authorizable).isEmpty());
        ((Map) Mockito.verify(map, Mockito.times(1))).get(ArgumentMatchers.anyString());
        ((Map) Mockito.verify(map2, Mockito.times(1))).get(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{map, map2});
        Mockito.verifyNoInteractions(new Object[]{userManager, this.authorizable});
    }

    @Test
    public void testGetConfiguredIdpNames() {
        Assert.assertEquals(ImmutableSet.of("idp1", "idp3"), this.amp.getConfiguredIdpNames(() -> {
            return "autoMembershipGroupId_1";
        }));
        Assert.assertEquals(ImmutableSet.of("idp1"), this.amp.getConfiguredIdpNames(() -> {
            return "autoMembershipGroupId_2";
        }));
        Assert.assertTrue(this.amp.getConfiguredIdpNames(() -> {
            return "nonExistingGroupId";
        }).isEmpty());
    }

    @Test
    public void testIsMember() {
        Assert.assertFalse(this.amp.isMember("idp2", "autoMembershipGroupId_1", this.authorizable));
        Assert.assertFalse(this.amp.isMember("idp2", "autoMembershipGroupId_2", this.authorizable));
        Assert.assertFalse(this.amp.isMember("idp2", AUTOMEMBERSHIP_GROUP_ID_3, this.authorizable));
        Assert.assertTrue(this.amp.isMember("idp1", "autoMembershipGroupId_1", this.authorizable));
        Assert.assertTrue(this.amp.isMember("idp1", "autoMembershipGroupId_2", this.authorizable));
        Assert.assertTrue(this.amp.isMember("idp1", AUTOMEMBERSHIP_GROUP_ID_3, this.authorizable));
        Assert.assertTrue(this.amp.isMember("idp3", "autoMembershipGroupId_1", this.authorizable));
        Assert.assertFalse(this.amp.isMember("idp3", "autoMembershipGroupId_2", this.authorizable));
        Assert.assertFalse(this.amp.isMember("idp3", AUTOMEMBERSHIP_GROUP_ID_3, this.authorizable));
    }

    @Test
    public void testGetMembersFromAutoMembershipConfig() {
        Assert.assertFalse(this.amp.getMembersFromAutoMembershipConfig(this.automembershipGroup1).hasNext());
        Assert.assertFalse(this.amp.getMembersFromAutoMembershipConfig(this.automembershipGroup2).hasNext());
        Assert.assertTrue(Iterators.elementsEqual(Iterators.singletonIterator(this.authorizable), this.amp.getMembersFromAutoMembershipConfig(this.automembershipGroup3)));
    }
}
