package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterators;
import com.google.common.collect.Sets;
import com.google.common.collect.UnmodifiableIterator;
import java.util.Calendar;
import java.util.HashSet;
import java.util.Iterator;
import javax.jcr.RepositoryException;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.jetbrains.annotations.NotNull;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DefaultSyncHandlerTest.class */
public class DefaultSyncHandlerTest extends ExternalLoginTestBase {
    private UserManager userManager;
    private DefaultSyncHandler syncHandler;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        this.userManager = getUserManager(this.root);
        DefaultSyncHandler syncHandler = this.syncManager.getSyncHandler("default");
        Assert.assertTrue(syncHandler instanceof DefaultSyncHandler);
        this.syncHandler = syncHandler;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @After
    public void after() throws Exception {
        super.after();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase
    public void setSyncConfig(DefaultSyncConfig defaultSyncConfig) {
        if (defaultSyncConfig != null) {
            defaultSyncConfig.user().setExpirationTime(500L);
            defaultSyncConfig.group().setExpirationTime(Long.MAX_VALUE);
        }
        super.setSyncConfig(defaultSyncConfig);
    }

    private void sync(@NotNull String str, boolean z) throws Exception {
        SyncContext createContext = this.syncHandler.createContext(this.idp, this.userManager, getValueFactory());
        ExternalGroup group = z ? this.idp.getGroup(str) : this.idp.getUser(str);
        Assert.assertNotNull(group);
        Assert.assertSame(SyncResult.Status.ADD, createContext.sync(group).getStatus());
        this.root.commit();
    }

    @Test
    public void testGetName() {
        Assert.assertEquals(this.syncConfig.getName(), this.syncHandler.getName());
    }

    @Test
    public void testCreateContext() {
        Assert.assertTrue(this.syncHandler.createContext(this.idp, this.userManager, getValueFactory()) instanceof DefaultSyncContext);
    }

    @Test
    public void testFindMissingIdentity() throws Exception {
        Assert.assertNull("unknown authorizable should not exist", this.syncHandler.findIdentity(this.userManager, "foobar"));
    }

    @Test
    public void testFindLocalIdentity() throws Exception {
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, "admin");
        Assert.assertNotNull("known authorizable should exist", findIdentity);
        Assert.assertNull("local user should not have external ref", findIdentity.getExternalIdRef());
    }

    @Test
    public void testFindExternalIdentity() throws Exception {
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.refresh();
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull("known authorizable should exist", findIdentity);
        ExternalIdentityRef externalIdRef = findIdentity.getExternalIdRef();
        Assert.assertNotNull(externalIdRef);
        Assert.assertEquals("external user should have correct external ref.idp", this.idp.getName(), externalIdRef.getProviderName());
        Assert.assertEquals("external user should have correct external ref.id", TestIdentityProvider.ID_TEST_USER, findIdentity.getExternalIdRef().getId());
    }

    @Test
    public void testFindGroupIdentity() throws Exception {
        Assert.assertNull(this.syncHandler.findIdentity(this.userManager, "c"));
        sync("c", true);
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, "c");
        Assert.assertNotNull(findIdentity);
        Assert.assertTrue(findIdentity.isGroup());
        Assert.assertNotNull(findIdentity.getExternalIdRef());
    }

    @Test
    public void testFindIdentityWithRemovedExternalId() throws Exception {
        sync(TestIdentityProvider.ID_TEST_USER, false);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(authorizable.getPath()).removeProperty("rep:externalId");
        systemRoot.commit();
        this.root.refresh();
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(findIdentity);
        Assert.assertNull(findIdentity.getExternalIdRef());
    }

    @Test
    public void testRequiresSyncAfterCreate() throws Exception {
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.refresh();
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull("Known authorizable should exist", findIdentity);
        Assert.assertFalse("Freshly synced id should not require sync", this.syncHandler.requiresSync(findIdentity));
    }

    @Test
    public void testRequiresSyncExpiredSyncProperty() throws Exception {
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.refresh();
        Calendar calendar = Calendar.getInstance();
        calendar.setTimeInMillis(calendar.getTimeInMillis() - 1000);
        this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).setProperty("rep:lastSynced", getValueFactory().createValue(calendar));
        this.root.commit();
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull("known authorizable should exist", findIdentity);
        Assert.assertTrue("synced id should require sync", this.syncHandler.requiresSync(findIdentity));
    }

    @Test
    public void testRequiresSyncMissingSyncProperty() throws Exception {
        sync(TestIdentityProvider.ID_TEST_USER, false);
        this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).removeProperty("rep:lastSynced");
        this.root.commit();
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(findIdentity);
        Assert.assertTrue(this.syncHandler.requiresSync(findIdentity));
    }

    @Test
    public void testRequiresSyncMissingExternalIDRef() {
        Assert.assertTrue(this.syncHandler.requiresSync(new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, (ExternalIdentityRef) null, false, Long.MAX_VALUE)));
    }

    @Test
    public void testRequiresSyncNotYetSynced() throws Exception {
        Assert.assertTrue(this.syncHandler.requiresSync(new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, this.idp.getUser(TestIdentityProvider.ID_TEST_USER).getExternalId(), false, Long.MIN_VALUE)));
    }

    @Test
    public void testRequiresSyncGroup() throws Exception {
        sync("c", true);
        SyncedIdentity findIdentity = this.syncHandler.findIdentity(this.userManager, "c");
        Assert.assertNotNull(findIdentity);
        Assert.assertTrue(findIdentity.isGroup());
        Assert.assertFalse(this.syncHandler.requiresSync(findIdentity));
    }

    @Test
    public void testListIdentitiesBeforeSync() throws Exception {
        Iterator listIdentities = this.syncHandler.listIdentities(this.userManager);
        if (listIdentities.hasNext()) {
            Assert.fail("Sync handler returned unexpected identity: " + ((SyncedIdentity) listIdentities.next()));
        }
    }

    @Test
    public void testListIdentitiesAfterSync() throws Exception {
        sync(TestIdentityProvider.ID_TEST_USER, false);
        HashSet newHashSet = Sets.newHashSet(new String[]{TestIdentityProvider.ID_TEST_USER});
        Iterator it = this.idp.getUser(TestIdentityProvider.ID_TEST_USER).getDeclaredGroups().iterator();
        while (it.hasNext()) {
            newHashSet.add(((ExternalIdentityRef) it.next()).getId());
        }
        Iterator listIdentities = this.syncHandler.listIdentities(this.userManager);
        while (listIdentities.hasNext()) {
            SyncedIdentity syncedIdentity = (SyncedIdentity) listIdentities.next();
            if (newHashSet.contains(syncedIdentity.getId())) {
                newHashSet.remove(syncedIdentity.getId());
                Assert.assertNotNull(syncedIdentity.getExternalIdRef());
            } else {
                Assert.fail("Sync handler returned unexpected identity: " + syncedIdentity);
            }
        }
        Assert.assertTrue(newHashSet.isEmpty());
    }

    @Test
    public void testListIdentitiesIgnoresLocal() throws Exception {
        sync(TestIdentityProvider.ID_TEST_USER, false);
        Iterator listIdentities = this.syncHandler.listIdentities(this.userManager);
        while (listIdentities.hasNext()) {
            ExternalIdentityRef externalIdRef = ((SyncedIdentity) listIdentities.next()).getExternalIdRef();
            Assert.assertNotNull(externalIdRef);
            Assert.assertNotNull(externalIdRef.getProviderName());
        }
    }

    @Test
    public void testListIdentitiesIgnoresMissingExternalIdRef() throws Exception {
        UnmodifiableIterator singletonIterator = Iterators.singletonIterator(getTestUser());
        UserManager userManager = (UserManager) Mockito.mock(UserManager.class);
        Mockito.when(userManager.findAuthorizables("rep:externalId", (String) null)).thenReturn(singletonIterator);
        Assert.assertFalse(this.syncHandler.listIdentities(userManager).hasNext());
    }

    @Test
    public void testListIdentitiesIgnoresNull() throws Exception {
        UnmodifiableIterator singletonIterator = Iterators.singletonIterator((Object) null);
        UserManager userManager = (UserManager) Mockito.mock(UserManager.class);
        Mockito.when(userManager.findAuthorizables("rep:externalId", (String) null)).thenReturn(singletonIterator);
        Assert.assertFalse(this.syncHandler.listIdentities(userManager).hasNext());
    }

    @Test
    public void testListIdentitiesWithRepositoryException() throws Exception {
        UnmodifiableIterator singletonIterator = Iterators.singletonIterator((Authorizable) Mockito.when(((Authorizable) Mockito.mock(Authorizable.class)).getProperty("rep:externalId")).thenThrow(new Throwable[]{new RepositoryException()}).getMock());
        UserManager userManager = (UserManager) Mockito.mock(UserManager.class);
        Mockito.when(userManager.findAuthorizables("rep:externalId", (String) null)).thenReturn(singletonIterator);
        Assert.assertFalse(this.syncHandler.listIdentities(userManager).hasNext());
    }

    @Test
    public void testLastSynced() throws Exception {
        sync(TestIdentityProvider.ID_TEST_USER, false);
        this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).removeProperty("rep:lastSynced");
        this.root.commit();
        Assert.assertSame(SyncResult.Status.UPDATE, this.syncHandler.createContext(this.idp, this.userManager, getValueFactory()).sync(TestIdentityProvider.ID_TEST_USER).getStatus());
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.commit();
    }

    @Test
    public void testSyncMembershipCaseMismatch() throws Exception {
        UserManager userManager = getUserManager(this.root);
        User createUser = userManager.createUser("thirduser", "thirduser");
        createUser.setProperty("rep:externalId", getValueFactory().createValue("thirduser;test"));
        Group createGroup = userManager.createGroup("thirdgroup");
        createGroup.setProperty("rep:externalId", getValueFactory().createValue("thirdgroup;test"));
        Assert.assertTrue(createGroup.addMember(createUser));
        this.root.commit();
        ((TestIdentityProvider) this.idp).addGroup(new TestIdentityProvider.TestGroup("THIRDGROUP", TestIdentityProvider.DEFAULT_IDP_NAME));
        ((TestIdentityProvider) this.idp).addUser(new TestIdentityProvider.TestUser("THIRDUSER", TestIdentityProvider.DEFAULT_IDP_NAME).withGroups("THIRDGROUP"));
        this.syncHandler.createContext(this.idp, userManager, getValueFactory()).sync(createUser.getID());
        Assert.assertTrue(createGroup.isMember(createUser));
    }

    @Test
    public void testActivate() {
        DefaultSyncHandler defaultSyncHandler = new DefaultSyncHandler();
        this.context.registerInjectActivateService(defaultSyncHandler, ImmutableMap.of("handler.name", "testName"));
        Assert.assertEquals("testName", defaultSyncHandler.getName());
    }
}
