package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterables;
import java.lang.reflect.Field;
import java.util.Collections;
import java.util.Dictionary;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.lifecycle.WorkspaceInitializer;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.Context;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ProtectionConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.monitor.ExternalIdentityMonitorImpl;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.apache.jackrabbit.oak.stats.StatisticsProvider;
import org.apache.sling.testing.mock.osgi.MapUtil;
import org.apache.sling.testing.mock.osgi.MockOsgi;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;
import org.osgi.framework.BundleContext;
import org.osgi.framework.ServiceRegistration;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfigurationTest.class */
public class ExternalPrincipalConfigurationTest extends AbstractExternalAuthTest {

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalPrincipalConfigurationTest$TestSyncHandler.class */
    private static final class TestSyncHandler implements SyncHandler {
        private TestSyncHandler() {
        }

        @NotNull
        public String getName() {
            return "name";
        }

        @NotNull
        public SyncContext createContext(@NotNull ExternalIdentityProvider externalIdentityProvider, @NotNull UserManager userManager, @NotNull ValueFactory valueFactory) {
            return new DefaultSyncContext(new DefaultSyncConfig(), externalIdentityProvider, userManager, valueFactory);
        }

        @Nullable
        public SyncedIdentity findIdentity(@NotNull UserManager userManager, @NotNull String str) {
            return null;
        }

        public boolean requiresSync(@NotNull SyncedIdentity syncedIdentity) {
            return false;
        }

        @NotNull
        public Iterator<SyncedIdentity> listIdentities(@NotNull UserManager userManager) {
            return Collections.emptyIterator();
        }
    }

    private void registerDynamicSyncHandler() {
        registerSyncHandler(true, false);
    }

    private void registerSyncHandler(boolean z, boolean z2) {
        ImmutableMap.Builder builder = new ImmutableMap.Builder();
        builder.put("handler.name", "default");
        if (z) {
            builder.put("user.dynamicMembership", true);
        }
        if (z2) {
            builder.put("group.dynamicGroups", true);
        }
        registerSyncHandler((Map<String, Object>) builder.build(), this.idp.getName());
    }

    private void assertIsEnabled(ExternalPrincipalConfiguration externalPrincipalConfiguration, boolean z) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(externalPrincipalConfiguration.getPrincipalProvider(this.root, getNamePathMapper()) instanceof ExternalGroupPrincipalProvider));
    }

    @Test
    public void testGetPrincipalManager() {
        Assert.assertNotNull(this.externalPrincipalConfiguration.getPrincipalManager(this.root, NamePathMapper.DEFAULT));
    }

    @Test
    public void testGetPrincipalManagerEnabled() {
        registerDynamicSyncHandler();
        Assert.assertNotNull(this.externalPrincipalConfiguration.getPrincipalManager(this.root, NamePathMapper.DEFAULT));
    }

    @Test
    public void testGetPrincipalProvider() {
        PrincipalProvider principalProvider = this.externalPrincipalConfiguration.getPrincipalProvider(this.root, NamePathMapper.DEFAULT);
        Assert.assertNotNull(principalProvider);
        Assert.assertFalse(principalProvider instanceof ExternalGroupPrincipalProvider);
    }

    @Test
    public void testGetPrincipalProviderEnabled() {
        registerDynamicSyncHandler();
        PrincipalProvider principalProvider = this.externalPrincipalConfiguration.getPrincipalProvider(this.root, NamePathMapper.DEFAULT);
        Assert.assertNotNull(principalProvider);
        Assert.assertTrue(principalProvider instanceof ExternalGroupPrincipalProvider);
    }

    @Test
    public void testGetName() {
        Assert.assertEquals("org.apache.jackrabbit.oak.principal", this.externalPrincipalConfiguration.getName());
        registerDynamicSyncHandler();
        Assert.assertEquals("org.apache.jackrabbit.oak.principal", this.externalPrincipalConfiguration.getName());
    }

    @Test
    public void testGetContext() {
        Assert.assertSame(Context.DEFAULT, this.externalPrincipalConfiguration.getContext());
        registerDynamicSyncHandler();
        Assert.assertSame(Context.DEFAULT, this.externalPrincipalConfiguration.getContext());
    }

    @Test
    public void testGetWorkspaceInitializer() {
        Assert.assertSame(WorkspaceInitializer.DEFAULT, this.externalPrincipalConfiguration.getWorkspaceInitializer());
        registerDynamicSyncHandler();
        Assert.assertSame(WorkspaceInitializer.DEFAULT, this.externalPrincipalConfiguration.getWorkspaceInitializer());
    }

    @Test
    public void testGetRepositoryInitializer() {
        Assert.assertTrue(this.externalPrincipalConfiguration.getRepositoryInitializer() instanceof ExternalIdentityRepositoryInitializer);
        registerDynamicSyncHandler();
        Assert.assertTrue(this.externalPrincipalConfiguration.getRepositoryInitializer() instanceof ExternalIdentityRepositoryInitializer);
    }

    @Test
    public void testGetValidators() {
        ContentSession contentSession = this.root.getContentSession();
        List validators = this.externalPrincipalConfiguration.getValidators(contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertFalse(validators.isEmpty());
        Assert.assertEquals(1L, validators.size());
        Assert.assertTrue(validators.get(0) instanceof ExternalIdentityValidatorProvider);
        List validators2 = this.externalPrincipalConfiguration.getValidators(contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertFalse(validators2.isEmpty());
        Assert.assertEquals(1L, validators2.size());
        Assert.assertTrue(validators2.get(0) instanceof ExternalIdentityValidatorProvider);
        registerDynamicSyncHandler();
        List validators3 = this.externalPrincipalConfiguration.getValidators(contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertFalse(validators3.isEmpty());
        Assert.assertEquals(1L, validators3.size());
        Assert.assertTrue(validators3.get(0) instanceof ExternalIdentityValidatorProvider);
    }

    @Test
    public void testGetValidatorsOmitIdProtection() {
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalId", false));
        ContentSession contentSession = this.root.getContentSession();
        List validators = this.externalPrincipalConfiguration.getValidators(contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertFalse(validators.isEmpty());
        Assert.assertEquals(1L, validators.size());
        Assert.assertTrue(validators.get(0) instanceof ExternalIdentityValidatorProvider);
        registerDynamicSyncHandler();
        List validators2 = this.externalPrincipalConfiguration.getValidators(contentSession.getWorkspaceName(), contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertFalse(validators2.isEmpty());
        Assert.assertEquals(1L, validators2.size());
        Assert.assertTrue(validators2.get(0) instanceof ExternalIdentityValidatorProvider);
    }

    @Test
    public void testGetValidatorsIdentityProtectionWarn() {
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalIdentities", "Warn"));
        ContentSession contentSession = this.root.getContentSession();
        String workspaceName = contentSession.getWorkspaceName();
        List validators = this.externalPrincipalConfiguration.getValidators(workspaceName, contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertEquals(2L, validators.size());
        Assert.assertTrue(validators.get(1) instanceof ExternalUserValidatorProvider);
        List validators2 = this.externalPrincipalConfiguration.getValidators(workspaceName, SystemSubject.INSTANCE.getPrincipals(), new MoveTracker());
        Assert.assertEquals(1L, validators2.size());
        Assert.assertFalse(validators2.get(0) instanceof ExternalUserValidatorProvider);
    }

    @Test
    public void testGetValidatorsIdentityProtectionProtect() {
        String str = "admin";
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalIdentities", "Protected", "systemPrincipalNames", new String[]{"admin"}));
        ContentSession contentSession = this.root.getContentSession();
        String workspaceName = contentSession.getWorkspaceName();
        List validators = this.externalPrincipalConfiguration.getValidators(workspaceName, contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertEquals(2L, validators.size());
        Assert.assertTrue(validators.get(1) instanceof ExternalUserValidatorProvider);
        List validators2 = this.externalPrincipalConfiguration.getValidators(workspaceName, Collections.singleton(() -> {
            return str;
        }), new MoveTracker());
        Assert.assertEquals(1L, validators2.size());
        Assert.assertFalse(validators2.get(0) instanceof ExternalUserValidatorProvider);
    }

    @Test
    public void testGetValidatorsDynamicGroupsEnabledWithoutDynamicMembership() {
        ContentSession contentSession = this.root.getContentSession();
        String workspaceName = contentSession.getWorkspaceName();
        registerSyncHandler(false, true);
        List validators = this.externalPrincipalConfiguration.getValidators(workspaceName, contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertEquals(1L, validators.size());
        Assert.assertTrue(validators.get(0) instanceof ExternalIdentityValidatorProvider);
    }

    @Test
    public void testGetValidatorsDynamicGroupsEnabled() {
        ContentSession contentSession = this.root.getContentSession();
        String workspaceName = contentSession.getWorkspaceName();
        registerSyncHandler(true, true);
        List validators = this.externalPrincipalConfiguration.getValidators(workspaceName, contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertEquals(2L, validators.size());
        Assert.assertTrue(validators.get(0) instanceof ExternalIdentityValidatorProvider);
        Assert.assertTrue(validators.get(1) instanceof DynamicGroupValidatorProvider);
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalIdentities", "Protected"));
        List validators2 = this.externalPrincipalConfiguration.getValidators(workspaceName, contentSession.getAuthInfo().getPrincipals(), new MoveTracker());
        Assert.assertEquals(3L, validators2.size());
        Assert.assertTrue(validators2.get(1) instanceof DynamicGroupValidatorProvider);
    }

    @Test
    public void testGetValidatorsMissingActivate() throws Exception {
        ConfigurationParameters of = ConfigurationParameters.of("protectExternalIdentities", "Warn");
        SecurityProvider securityProvider = (SecurityProvider) Mockito.mock(SecurityProvider.class);
        Mockito.when(securityProvider.getParameters("org.apache.jackrabbit.oak.principal")).thenReturn(of);
        Mockito.when(securityProvider.getParameters("org.apache.jackrabbit.oak.user")).thenReturn(ConfigurationParameters.EMPTY);
        ExternalPrincipalConfiguration externalPrincipalConfiguration = new ExternalPrincipalConfiguration(securityProvider);
        externalPrincipalConfiguration.setRootProvider(getRootProvider());
        externalPrincipalConfiguration.setTreeProvider(getTreeProvider());
        List validators = externalPrincipalConfiguration.getValidators(this.root.getContentSession().getWorkspaceName(), Collections.singleton(EveryonePrincipal.getInstance()), new MoveTracker());
        Assert.assertEquals(2L, validators.size());
        Optional findFirst = validators.stream().filter(validatorProvider -> {
            return validatorProvider instanceof ExternalUserValidatorProvider;
        }).findFirst();
        if (!findFirst.isPresent()) {
            Assert.fail("ExternalUserValidatorProvider expected to be present");
            return;
        }
        ExternalUserValidatorProvider externalUserValidatorProvider = (ExternalUserValidatorProvider) findFirst.get();
        Assert.assertNotNull(externalUserValidatorProvider);
        assertDefaultProtectionConfig(externalUserValidatorProvider);
    }

    private static void assertDefaultProtectionConfig(@NotNull ExternalUserValidatorProvider externalUserValidatorProvider) throws Exception {
        Field declaredField = ExternalUserValidatorProvider.class.getDeclaredField("protectionConfig");
        declaredField.setAccessible(true);
        Assert.assertSame(ProtectionConfig.DEFAULT, declaredField.get(externalUserValidatorProvider));
    }

    @Test
    public void testGetProtectedItemImporters() {
        List protectedItemImporters = this.externalPrincipalConfiguration.getProtectedItemImporters();
        Assert.assertFalse(protectedItemImporters.isEmpty());
        Assert.assertEquals(1L, protectedItemImporters.size());
        Assert.assertTrue(protectedItemImporters.get(0) instanceof ExternalIdentityImporter);
        registerDynamicSyncHandler();
        List protectedItemImporters2 = this.externalPrincipalConfiguration.getProtectedItemImporters();
        Assert.assertFalse(protectedItemImporters2.isEmpty());
        Assert.assertEquals(1L, protectedItemImporters2.size());
        Assert.assertTrue(protectedItemImporters2.get(0) instanceof ExternalIdentityImporter);
    }

    @Test
    public void testGetMonitors() {
        Iterable monitors = this.externalPrincipalConfiguration.getMonitors(StatisticsProvider.NOOP);
        Assert.assertEquals(1L, Iterables.size(monitors));
        Assert.assertTrue(monitors.iterator().next() instanceof ExternalIdentityMonitorImpl);
    }

    @Test
    public void testDeactivateWithNullTrackers() {
        ExternalPrincipalConfiguration externalPrincipalConfiguration = new ExternalPrincipalConfiguration(getSecurityProvider());
        BundleContext bundleContext = this.context.bundleContext();
        Assert.assertNull(bundleContext.getServiceReference(SyncConfigTracker.class.getName()));
        MockOsgi.deactivate(externalPrincipalConfiguration, bundleContext, Collections.emptyMap());
        Assert.assertNull(bundleContext.getServiceReference(SyncConfigTracker.class.getName()));
    }

    @Test
    public void testAddingSyncHandler() {
        ImmutableMap of = ImmutableMap.of("user.dynamicMembership", true);
        ImmutableMap of2 = ImmutableMap.of("user.dynamicMembership", false);
        DefaultSyncHandler defaultSyncHandler = new DefaultSyncHandler();
        this.context.registerService(SyncHandler.class, defaultSyncHandler, ImmutableMap.of());
        assertIsEnabled(this.externalPrincipalConfiguration, false);
        this.context.registerService(SyncHandler.class, defaultSyncHandler, of2);
        assertIsEnabled(this.externalPrincipalConfiguration, false);
        this.context.registerService(SyncHandler.class, defaultSyncHandler, of);
        assertIsEnabled(this.externalPrincipalConfiguration, true);
        this.context.registerService(DefaultSyncHandler.class, new DefaultSyncHandler(), of);
        assertIsEnabled(this.externalPrincipalConfiguration, true);
    }

    @Test
    public void testAddingCustomSyncHandler() {
        ImmutableMap of = ImmutableMap.of("user.dynamicMembership", true);
        TestSyncHandler testSyncHandler = new TestSyncHandler();
        this.context.registerService(SyncHandler.class, testSyncHandler, ImmutableMap.of());
        assertIsEnabled(this.externalPrincipalConfiguration, false);
        this.context.registerService(SyncHandler.class, testSyncHandler, of);
        assertIsEnabled(this.externalPrincipalConfiguration, true);
    }

    @Test
    public void testRemoveSyncHandler() {
        Dictionary dictionary = MapUtil.toDictionary(ImmutableMap.of("user.dynamicMembership", true));
        Dictionary dictionary2 = MapUtil.toDictionary(ImmutableMap.of("user.dynamicMembership", false));
        DefaultSyncHandler defaultSyncHandler = new DefaultSyncHandler();
        BundleContext bundleContext = this.context.bundleContext();
        ServiceRegistration registerService = bundleContext.registerService(SyncHandler.class.getName(), defaultSyncHandler, dictionary);
        ServiceRegistration registerService2 = bundleContext.registerService(SyncHandler.class.getName(), defaultSyncHandler, dictionary);
        ServiceRegistration registerService3 = bundleContext.registerService(SyncHandler.class.getName(), defaultSyncHandler, dictionary2);
        assertIsEnabled(this.externalPrincipalConfiguration, true);
        registerService2.unregister();
        assertIsEnabled(this.externalPrincipalConfiguration, true);
        registerService.unregister();
        assertIsEnabled(this.externalPrincipalConfiguration, false);
        registerService3.unregister();
        assertIsEnabled(this.externalPrincipalConfiguration, false);
    }
}
