package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.base.Function;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Iterables;
import com.google.common.collect.Iterators;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.annotation.Nonnull;
import javax.annotation.Nullable;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContext;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest.class */
public class ExternalGroupPrincipalProviderTest extends AbstractPrincipalTest {

    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalGroupPrincipalProviderTest$TestUser.class */
    private static final class TestUser extends TestIdentityProvider.TestIdentity implements ExternalUser {
        private final Iterable<ExternalIdentityRef> declaredGroups;

        private TestUser(@Nonnull String str, @Nonnull Iterable<ExternalIdentityRef> iterable) {
            super(str);
            this.declaredGroups = iterable;
        }

        @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider.TestIdentity
        @Nonnull
        public Iterable<ExternalIdentityRef> getDeclaredGroups() {
            return this.declaredGroups;
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void syncWithMembership(@Nonnull ExternalUser externalUser, long j) throws Exception {
        DefaultSyncConfig defaultSyncConfig = new DefaultSyncConfig();
        defaultSyncConfig.user().setMembershipNestingDepth(j);
        Root systemRoot = getSystemRoot();
        DynamicSyncContext dynamicSyncContext = new DynamicSyncContext(defaultSyncConfig, this.idp, getUserManager(systemRoot), getValueFactory(systemRoot));
        dynamicSyncContext.setForceUserSync(true);
        dynamicSyncContext.setForceGroupSync(true);
        dynamicSyncContext.sync(externalUser);
        dynamicSyncContext.close();
        systemRoot.commit();
        this.root.refresh();
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Set<Principal> getExpectedGroupPrincipals(@Nonnull String str) throws Exception {
        return getDeclaredGroupPrincipals(str);
    }

    Set<Principal> getDeclaredGroupPrincipals(@Nonnull String str) throws Exception {
        return ImmutableSet.copyOf(Iterables.transform(this.idp.getUser(str).getDeclaredGroups(), new Function<ExternalIdentityRef, Principal>() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.ExternalGroupPrincipalProviderTest.1
            @Nullable
            public Principal apply(ExternalIdentityRef externalIdentityRef) {
                try {
                    return new PrincipalImpl(ExternalGroupPrincipalProviderTest.this.idp.getIdentity(externalIdentityRef).getPrincipalName());
                } catch (ExternalIdentityException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }
        }));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public void collectExpectedPrincipals(Set<Principal> set, @Nonnull Iterable<ExternalIdentityRef> iterable, long j) throws Exception {
        if (j <= 0) {
            return;
        }
        Iterator<ExternalIdentityRef> it = iterable.iterator();
        while (it.hasNext()) {
            ExternalIdentity identity = this.idp.getIdentity(it.next());
            set.add(new PrincipalImpl(identity.getPrincipalName()));
            collectExpectedPrincipals(set, identity.getDeclaredGroups(), j - 1);
        }
    }

    @Test
    public void testGetPrincipalLocalUser() throws Exception {
        Assert.assertNull(this.principalProvider.getPrincipal(getTestUser().getPrincipal().getName()));
    }

    @Test
    public void testGetPrincipalLocalGroup() throws Exception {
        Assert.assertNull(this.principalProvider.getPrincipal(createTestGroup().getPrincipal().getName()));
    }

    @Test
    public void testGetPrincipalExternalUser() throws Exception {
        UserManager userManager = getUserManager(this.root);
        Assert.assertNull(this.principalProvider.getPrincipal(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class).getPrincipal().getName()));
        Assert.assertNull(this.principalProvider.getPrincipal(userManager.getAuthorizable(TestIdentityProvider.ID_SECOND_USER, User.class).getPrincipal().getName()));
    }

    @Test
    public void testGetPrincipalExternalGroup() throws Exception {
        Group authorizable = getUserManager(this.root).getAuthorizable("secondGroup", Group.class);
        Assert.assertNotNull(authorizable);
        Assert.assertNull(this.principalProvider.getPrincipal(authorizable.getPrincipal().getName()));
    }

    @Test
    public void testGetPrincipalDynamicGroupDepth1() throws Exception {
        Iterator it = this.idp.getUser(TestIdentityProvider.ID_TEST_USER).getDeclaredGroups().iterator();
        while (it.hasNext()) {
            Principal principal = this.principalProvider.getPrincipal(this.idp.getIdentity((ExternalIdentityRef) it.next()).getPrincipalName());
            Assert.assertNotNull(principal);
            Assert.assertTrue(principal instanceof java.security.acl.Group);
        }
    }

    @Test
    public void testGetPrincipalInheritedGroupsDepth1() throws Exception {
        ImmutableSet copyOf = ImmutableSet.copyOf(this.idp.getUser(TestIdentityProvider.ID_TEST_USER).getDeclaredGroups());
        Iterator it = copyOf.iterator();
        while (it.hasNext()) {
            for (ExternalIdentityRef externalIdentityRef : this.idp.getIdentity((ExternalIdentityRef) it.next()).getDeclaredGroups()) {
                if (!copyOf.contains(externalIdentityRef)) {
                    Assert.assertNull(this.principalProvider.getPrincipal(this.idp.getIdentity(externalIdentityRef).getPrincipalName()));
                }
            }
        }
    }

    @Test
    public void testGetPrincipalInheritedGroupsDepthInfinite() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        syncWithMembership(user, Long.MAX_VALUE);
        Iterator it = user.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            ExternalIdentity identity = this.idp.getIdentity((ExternalIdentityRef) it.next());
            Principal principal = this.principalProvider.getPrincipal(identity.getPrincipalName());
            Iterator it2 = identity.getDeclaredGroups().iterator();
            while (it2.hasNext()) {
                Principal principal2 = this.principalProvider.getPrincipal(this.idp.getIdentity((ExternalIdentityRef) it2.next()).getPrincipalName());
                Assert.assertNotNull(principal2);
                Assert.assertTrue(principal2 instanceof java.security.acl.Group);
                java.security.acl.Group group = (java.security.acl.Group) principal2;
                Assert.assertTrue(group.isMember(new PrincipalImpl(user.getPrincipalName())));
                Assert.assertFalse(group.isMember(principal));
            }
        }
    }

    @Test
    public void testGetPrincipalUnderscoreSign() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        syncWithMembership(user, 1L);
        Iterator it = user.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            String principalName = this.idp.getIdentity((ExternalIdentityRef) it.next()).getPrincipalName();
            for (String str : new String[]{"_", "_" + principalName.substring(1), principalName.substring(0, principalName.length() - 1) + "_"}) {
                Assert.assertNull(this.principalProvider.getPrincipal(str));
            }
        }
    }

    @Test
    public void testGetPrincipalPercentSign() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        syncWithMembership(user, 1L);
        Iterator it = user.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            String principalName = this.idp.getIdentity((ExternalIdentityRef) it.next()).getPrincipalName();
            for (String str : new String[]{"%", "%" + principalName, principalName + "%", principalName.charAt(0) + "%"}) {
                Assert.assertNull(this.principalProvider.getPrincipal(str));
            }
        }
    }

    @Test
    public void testGetPrincipalGroupsWithQueryWildCard() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_WILDCARD_USER);
        syncWithMembership(user, 1L);
        Iterator it = user.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            String principalName = this.idp.getIdentity((ExternalIdentityRef) it.next()).getPrincipalName();
            Principal principal = this.principalProvider.getPrincipal(principalName);
            Assert.assertNotNull(principal);
            Assert.assertEquals(principalName, principal.getName());
        }
    }

    @Test
    public void testGetGroupMembershipLocalPrincipal() throws Exception {
        Assert.assertTrue(this.principalProvider.getGroupMembership(getTestUser().getPrincipal()).isEmpty());
    }

    @Test
    public void testGetGroupMembershipLocalGroupPrincipal() throws Exception {
        Group createTestGroup = createTestGroup();
        Assert.assertTrue(this.principalProvider.getGroupMembership(createTestGroup.getPrincipal()).isEmpty());
        Assert.assertTrue(this.principalProvider.getGroupMembership(new PrincipalImpl(createTestGroup.getPrincipal().getName())).isEmpty());
    }

    @Test
    public void testGetGroupMembershipExternalUser() throws Exception {
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        Set<Principal> expectedGroupPrincipals = getExpectedGroupPrincipals(TestIdentityProvider.ID_TEST_USER);
        Assert.assertEquals(expectedGroupPrincipals, this.principalProvider.getGroupMembership(authorizable.getPrincipal()));
        Assert.assertEquals(expectedGroupPrincipals, this.principalProvider.getGroupMembership(new PrincipalImpl(authorizable.getPrincipal().getName())));
    }

    @Test
    public void testGetGroupMembershipExternalUser2() throws Exception {
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_SECOND_USER);
        Assert.assertNotNull(authorizable);
        Assert.assertTrue(this.principalProvider.getGroupMembership(authorizable.getPrincipal()).isEmpty());
        Assert.assertTrue(this.principalProvider.getGroupMembership(new PrincipalImpl(authorizable.getPrincipal().getName())).isEmpty());
    }

    @Test
    public void testGetGroupMembershipExternalUserInfiniteDepth() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        syncWithMembership(user, Long.MAX_VALUE);
        HashSet hashSet = new HashSet();
        collectExpectedPrincipals(hashSet, user.getDeclaredGroups(), Long.MAX_VALUE);
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertEquals(hashSet, this.principalProvider.getGroupMembership(authorizable.getPrincipal()));
        Assert.assertEquals(hashSet, this.principalProvider.getGroupMembership(new PrincipalImpl(authorizable.getPrincipal().getName())));
    }

    @Test
    public void testGetGroupMembershipExternalGroup() throws Exception {
        Authorizable authorizable = getUserManager(this.root).getAuthorizable("secondGroup");
        Assert.assertNotNull(authorizable);
        Assert.assertTrue(this.principalProvider.getGroupMembership(authorizable.getPrincipal()).isEmpty());
        Assert.assertTrue(this.principalProvider.getGroupMembership(new PrincipalImpl(authorizable.getPrincipal().getName())).isEmpty());
    }

    @Test
    public void testGetPrincipalsLocalUser() throws Exception {
        Assert.assertTrue(this.principalProvider.getPrincipals(getTestUser().getID()).isEmpty());
    }

    @Test
    public void testGetPrincipalsLocalGroup() throws Exception {
        Assert.assertTrue(this.principalProvider.getPrincipals(createTestGroup().getID()).isEmpty());
    }

    @Test
    public void testGetPrincipalsExternalUser() throws Exception {
        Assert.assertEquals(getExpectedGroupPrincipals(TestIdentityProvider.ID_TEST_USER), this.principalProvider.getPrincipals(TestIdentityProvider.ID_TEST_USER));
    }

    @Test
    public void testGetPrincipalsExternalUser2() {
        Assert.assertTrue(this.principalProvider.getPrincipals(TestIdentityProvider.ID_SECOND_USER).isEmpty());
    }

    @Test
    public void testGetPrincipalsExternalGroup() throws Exception {
        Authorizable authorizable = getUserManager(this.root).getAuthorizable("secondGroup");
        Assert.assertNotNull(authorizable);
        Assert.assertTrue(this.principalProvider.getPrincipals(authorizable.getID()).isEmpty());
    }

    @Test
    public void testGetPrincipalsNonExistingUser() throws Exception {
        Assert.assertNull(getUserManager(this.root).getAuthorizable("nonExistingUser"));
        Assert.assertTrue(this.principalProvider.getPrincipals("nonExistingUser").isEmpty());
    }

    @Test
    public void testFindPrincipalsByHintTypeNotGroup() {
        Assert.assertSame(Iterators.emptyIterator(), this.principalProvider.findPrincipals("a", 1));
    }

    @Test
    @Ignore("OAK-4382")
    public void testFindPrincipalsByHintTypeGroup() throws Exception {
        syncWithMembership(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), Long.MAX_VALUE);
        Assert.assertEquals(ImmutableSet.of(new PrincipalImpl("a"), new PrincipalImpl("aa"), new PrincipalImpl("aaa")), ImmutableSet.copyOf(this.principalProvider.findPrincipals("a", 2)));
    }

    @Test
    public void testFindPrincipalsByHintTypeAll() throws Exception {
        syncWithMembership(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), Long.MAX_VALUE);
        Assert.assertEquals(ImmutableSet.of(new PrincipalImpl("a"), new PrincipalImpl("aa"), new PrincipalImpl("aaa")), ImmutableSet.copyOf(this.principalProvider.findPrincipals("a", 3)));
    }

    @Test
    public void testFindPrincipalsContainingUnderscore() throws Exception {
        syncWithMembership(this.idp.getUser(TestIdentityProvider.ID_WILDCARD_USER), 1L);
        Assert.assertEquals(ImmutableSet.of(new PrincipalImpl("_gr_u_")), ImmutableSet.copyOf(this.principalProvider.findPrincipals("_", 3)));
    }

    @Test
    public void testFindPrincipalsContainingPercentSign() throws Exception {
        syncWithMembership(this.idp.getUser(TestIdentityProvider.ID_WILDCARD_USER), 1L);
        Assert.assertEquals(ImmutableSet.of(new PrincipalImpl("g%r%")), ImmutableSet.copyOf(this.principalProvider.findPrincipals("%", 3)));
    }

    @Test
    public void testFindPrincipalsByTypeNotGroup() {
        Assert.assertSame(Iterators.emptyIterator(), this.principalProvider.findPrincipals(1));
    }

    @Test
    public void testFindPrincipalsByTypeGroup() throws Exception {
        Assert.assertEquals(getDeclaredGroupPrincipals(TestIdentityProvider.ID_TEST_USER), ImmutableSet.copyOf(this.principalProvider.findPrincipals(2)));
    }

    @Test
    public void testFindPrincipalsByTypeAll() throws Exception {
        Assert.assertEquals(getDeclaredGroupPrincipals(TestIdentityProvider.ID_TEST_USER), ImmutableSet.copyOf(this.principalProvider.findPrincipals(3)));
    }

    @Test
    public void testFindPrincipalsFiltersDuplicates() throws Exception {
        syncWithMembership(new TestUser("anotherUser", ImmutableSet.of(this.idp.getGroup("a").getExternalId())), 1L);
        Iterator findPrincipals = this.principalProvider.findPrincipals("a", 3);
        Assert.assertTrue(findPrincipals.hasNext());
        Assert.assertEquals(new PrincipalImpl("a"), findPrincipals.next());
        Assert.assertFalse(findPrincipals.hasNext());
    }
}
