package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Iterators;
import com.google.common.collect.Lists;
import java.security.Principal;
import java.text.ParseException;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.RepositoryException;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderDMTest.class */
public class ExternalGroupPrincipalProviderDMTest extends AbstractPrincipalTest {
    private final boolean dynamicGroupsEnabled;
    private final long membershipNestingDepth;
    private Group testGroup;

    @Parameterized.Parameters(name = "name={2}")
    public static Collection<Object[]> parameters() {
        return Lists.newArrayList(new Object[]{new Object[]{true, 1, "Dynamic Groups Enabled, Membership-Nesting-Depth=1"}, new Object[]{true, 2, "Dynamic Groups Enabled, Membership-Nesting-Depth=2"}, new Object[]{false, 0, "Dynamic Groups NOT Enabled"}});
    }

    public ExternalGroupPrincipalProviderDMTest(boolean z, int i, @NotNull String str) {
        this.dynamicGroupsEnabled = z;
        this.membershipNestingDepth = i;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.testGroup = createTestGroup();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            this.testGroup.remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.group().setDynamicGroups(this.dynamicGroupsEnabled);
        createSyncConfig.user().setMembershipNestingDepth(this.membershipNestingDepth);
        return createSyncConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest
    @NotNull
    public Set<String> getIdpNamesWithDynamicGroups() {
        return this.dynamicGroupsEnabled ? Collections.singleton(this.idp.getName()) : super.getIdpNamesWithDynamicGroups();
    }

    @Test
    public void testCoversAllMembersLocalGroup() {
        Assert.assertFalse(this.principalProvider.coversAllMembers(this.testGroup));
    }

    @Test
    public void testCoversAllMembersDifferentIDP() throws Exception {
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(this.testGroup.getID(), "someIdp").getString()));
        Assert.assertFalse(this.principalProvider.coversAllMembers(this.testGroup));
    }

    @Test
    public void testCoversAllMembers() throws Exception {
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(this.testGroup.getID(), this.idp.getName()).getString()));
        Assert.assertEquals(Boolean.valueOf(this.dynamicGroupsEnabled), Boolean.valueOf(this.principalProvider.coversAllMembers(this.testGroup)));
    }

    @Test
    public void testCannotAccessRepExternalId() throws Exception {
        Assert.assertFalse(this.principalProvider.coversAllMembers((Group) Mockito.when(((Group) Mockito.mock(Group.class)).getProperty("rep:externalId")).thenThrow(new Throwable[]{new RepositoryException("failure")}).getMock()));
    }

    @Test
    public void testCoversAllMembersGroupWithMemberProperty() throws Exception {
        this.testGroup.addMember(getTestUser());
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(this.testGroup.getID(), this.idp.getName()).getString()));
        Assert.assertFalse(this.principalProvider.coversAllMembers(this.testGroup));
        Assert.assertTrue(this.testGroup.removeMember(getTestUser()));
        Assert.assertEquals(Boolean.valueOf(this.dynamicGroupsEnabled), Boolean.valueOf(this.principalProvider.coversAllMembers(this.testGroup)));
    }

    @Test
    public void testCoversAllMembersGroupWithMembersChild() throws Exception {
        Tree tree = DynamicGroupUtil.getTree(this.testGroup, this.root);
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(this.testGroup.getID(), this.idp.getName()).getString()));
        for (Map.Entry entry : ImmutableMap.of("rep:members", "rep:Members", "rep:membersList", "rep:MemberReferencesList").entrySet()) {
            Tree addChild = TreeUtil.addChild(tree, (String) entry.getKey(), (String) entry.getValue());
            Assert.assertFalse(this.principalProvider.coversAllMembers(this.testGroup));
            addChild.remove();
        }
        Assert.assertEquals(Boolean.valueOf(this.dynamicGroupsEnabled), Boolean.valueOf(this.principalProvider.coversAllMembers(this.testGroup)));
    }

    @Test
    public void testGetMembersLocalGroup() throws Exception {
        Assert.assertFalse(this.principalProvider.getMembers(this.testGroup, false).hasNext());
        Assert.assertFalse(this.principalProvider.getMembers(this.testGroup, true).hasNext());
        this.testGroup.addMember(getTestUser());
        this.root.commit();
        Assert.assertFalse(this.principalProvider.getMembers(this.testGroup, false).hasNext());
    }

    @Test
    public void testGetMembersNoResult() throws Exception {
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString()));
        Assert.assertFalse(this.principalProvider.getMembers(this.testGroup, false).hasNext());
        Assert.assertFalse(this.principalProvider.getMembers(this.testGroup, true).hasNext());
    }

    @Test
    public void testGetMembers() throws Exception {
        Group authorizable = getUserManager(this.root).getAuthorizable("a", Group.class);
        if (authorizable != null) {
            Iterator members = this.principalProvider.getMembers(authorizable, false);
            Iterator members2 = this.principalProvider.getMembers(authorizable, true);
            Assert.assertTrue(members.hasNext());
            Assert.assertTrue(members2.hasNext());
            Assert.assertTrue(Iterators.elementsEqual(members, members2));
        }
    }

    @Test
    public void testGetMembersWithParseException() throws Exception {
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString()));
        QueryEngine queryEngine = (QueryEngine) Mockito.mock(QueryEngine.class);
        Mockito.when(queryEngine.executeQuery(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Map) ArgumentMatchers.any(Map.class), (Map) ArgumentMatchers.any(Map.class))).thenThrow(new Throwable[]{new ParseException("fail", 0)});
        ExternalGroupPrincipalProvider createPrincipalProvider = createPrincipalProvider((Root) Mockito.when(((Root) Mockito.mock(Root.class)).getQueryEngine()).thenReturn(queryEngine).getMock(), getUserConfiguration());
        Assert.assertFalse(createPrincipalProvider.getMembers(this.testGroup, true).hasNext());
        Assert.assertFalse(createPrincipalProvider.getMembers(this.testGroup, false).hasNext());
    }

    @Test
    public void testIsMemberLocalGroup() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, true));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, false));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, this.testGroup, false));
    }

    @Test
    public void testIsMemberLocalUser() throws Exception {
        User testUser = getTestUser();
        Assert.assertNotNull(testUser);
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString()));
        this.testGroup.addMember(testUser);
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, testUser, true));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, testUser, false));
    }

    @Test
    public void testIsMemberGroup() throws Exception {
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString()));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, this.testGroup, true));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, this.testGroup, false));
    }

    @Test
    public void testIsMemberNotMember() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        this.testGroup.setProperty("rep:externalId", getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString()));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, true));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, false));
    }

    @Test
    public void testIsMember() throws Exception {
        UserManager userManager = getUserManager(this.root);
        User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        Group authorizable2 = userManager.getAuthorizable("a", Group.class);
        if (authorizable2 != null) {
            Assert.assertTrue(this.principalProvider.isMember(authorizable2, authorizable, true));
            Assert.assertTrue(this.principalProvider.isMember(authorizable2, authorizable, false));
        } else {
            Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, true));
            Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, false));
        }
    }

    @Test
    public void testIsMemberMissingRepExternalPrincipalNames() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        authorizable.removeProperty("rep:externalPrincipalNames");
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, true));
        Assert.assertFalse(this.principalProvider.isMember(this.testGroup, authorizable, false));
    }

    @Test
    public void testGetMembershipLocalGroup() throws Exception {
        Assert.assertFalse(this.principalProvider.getMembership(this.testGroup, true).hasNext());
        Assert.assertFalse(this.principalProvider.getMembership(this.testGroup, false).hasNext());
    }

    @Test
    public void testGetMembershipLocalUser() throws Exception {
        User testUser = getTestUser();
        Assert.assertFalse(this.principalProvider.getMembership(testUser, true).hasNext());
        Assert.assertFalse(this.principalProvider.getMembership(testUser, false).hasNext());
    }

    @Test
    public void testGetMembershipDeclared() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        Iterator membership = this.principalProvider.getMembership(authorizable, false);
        if (this.dynamicGroupsEnabled) {
            Assert.assertEquals(getExpectedNumberOfGroups(), Iterators.size(membership));
        } else {
            Assert.assertFalse(membership.hasNext());
        }
    }

    @Test
    public void testGetMembershipInherited() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        Iterator membership = this.principalProvider.getMembership(authorizable, true);
        if (this.dynamicGroupsEnabled) {
            Assert.assertEquals(getExpectedNumberOfGroups(), Iterators.size(membership));
        } else {
            Assert.assertFalse(membership.hasNext());
        }
    }

    @Test
    public void testGetMembershipMissingRepExternalPrincipalNames() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        authorizable.removeProperty("rep:externalPrincipalNames");
        Assert.assertFalse(this.principalProvider.getMembership(authorizable, true).hasNext());
    }

    @Test
    public void testGetMembershipIdpMismatch() throws Exception {
        User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
        Assert.assertNotNull(authorizable);
        authorizable.setProperty("rep:externalPrincipalNames", getValueFactory().createValue(new ExternalIdentityRef(DefaultSyncContext.getIdentityRef(authorizable).getId(), "different").getString()));
        Assert.assertFalse(this.principalProvider.getMembership(authorizable, true).hasNext());
    }

    private long getExpectedNumberOfGroups() throws Exception {
        return getExpectedSyncedGroupIds(this.syncConfig.user().getMembershipNestingDepth(), this.idp, this.idp.getUser(TestIdentityProvider.ID_TEST_USER)).size();
    }

    @Test
    public void testGetMembershipEmptyPrincipalNames() throws Exception {
        Value createValue = getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString());
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getProperty("rep:externalId")).thenReturn(new Value[]{createValue});
        Mockito.when(user.getProperty("rep:externalPrincipalNames")).thenReturn(new Value[0]);
        Assert.assertFalse(this.principalProvider.getMembership(user, false).hasNext());
    }

    @Test
    public void testGetMembershipNullPrincipalNames() throws Exception {
        Value createValue = getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString());
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getProperty("rep:externalId")).thenReturn(new Value[]{createValue});
        Mockito.when(user.getProperty("rep:externalPrincipalNames")).thenReturn((Object) null);
        Assert.assertFalse(this.principalProvider.getMembership(user, false).hasNext());
    }

    @Test
    public void testGetMembershipGroupNonExisting() throws Exception {
        Value createValue = getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString());
        Value[] valueArr = {getValueFactory(this.root).createValue("nonexistingGroup")};
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getProperty("rep:externalId")).thenReturn(new Value[]{createValue});
        Mockito.when(user.getProperty("rep:externalPrincipalNames")).thenReturn(valueArr);
        Assert.assertFalse(this.principalProvider.getMembership(user, true).hasNext());
    }

    @Test
    public void testGetMembershipResolvesToUser() throws Exception {
        Value createValue = getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString());
        Value[] valueArr = {getValueFactory(this.root).createValue(TestIdentityProvider.ID_SECOND_USER)};
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getProperty("rep:externalId")).thenReturn(new Value[]{createValue});
        Mockito.when(user.getProperty("rep:externalPrincipalNames")).thenReturn(valueArr);
        Assert.assertFalse(this.principalProvider.getMembership(user, false).hasNext());
    }

    @Test
    public void testGetMembershipLookupFails() throws Exception {
        Value createValue = getValueFactory(this.root).createValue(new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.idp.getName()).getString());
        Value[] valueArr = {getValueFactory(this.root).createValue("a")};
        User user = (User) Mockito.mock(User.class);
        Mockito.when(user.getProperty("rep:externalId")).thenReturn(new Value[]{createValue});
        Mockito.when(user.getProperty("rep:externalPrincipalNames")).thenReturn(valueArr);
        UserManager userManager = (UserManager) Mockito.spy(getUserManager(this.root));
        ((UserManager) Mockito.doThrow(new Throwable[]{new RepositoryException()}).when(userManager)).getAuthorizable((Principal) ArgumentMatchers.any(Principal.class));
        Assert.assertFalse(createPrincipalProvider(this.root, (UserConfiguration) Mockito.when(((UserConfiguration) Mockito.mock(UserConfiguration.class)).getUserManager(this.root, getNamePathMapper())).thenReturn(userManager).getMock()).getMembership(user, false).hasNext());
    }

    @Test
    public void testGetPrincipal() throws Exception {
        Assert.assertNull(this.principalProvider.getPrincipal(this.idp.getGroup("a").getPrincipalName()));
    }

    @Test
    public void testFindAllPrincipals() {
        Assert.assertFalse(this.principalProvider.findPrincipals(3).hasNext());
        Assert.assertFalse(this.principalProvider.findPrincipals(2).hasNext());
    }

    @Test
    public void testFindPrincipals() throws ExternalIdentityException {
        String principalName = this.idp.getGroup("a").getPrincipalName();
        Assert.assertFalse(this.principalProvider.findPrincipals(principalName, 2).hasNext());
        Assert.assertFalse(this.principalProvider.findPrincipals(principalName, false, 2, 0L, Long.MAX_VALUE).hasNext());
    }
}
