package org.apache.jackrabbit.oak.spi.security.authentication.external;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.Set;
import java.util.UUID;
import javax.jcr.SimpleCredentials;
import javax.jcr.ValueFactory;
import javax.security.auth.login.AppConfigurationEntry;
import javax.security.auth.login.Configuration;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.ExternalLoginModule;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.SyncHandlerMapping;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.whiteboard.Registration;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils;
import org.apache.sling.testing.mock.osgi.junit.OsgiContext;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginAutoMembershipTest.class */
public class ExternalLoginAutoMembershipTest extends ExternalLoginTestBase {
    private static final String NON_EXISTING_NAME = "nonExisting";
    private Root r;
    private UserManager userManager;
    private ValueFactory valueFactory;
    private ExternalSetup setup1;
    private ExternalSetup setup2;
    private ExternalSetup setup3;
    private ExternalSetup setup4;
    private ExternalSetup setup5;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginAutoMembershipTest$ExternalSetup.class */
    public final class ExternalSetup {
        private final ExternalIdentityProvider idp;
        private final Registration idpRegistration;
        private final DefaultSyncConfig sc;
        private final SyncHandler sh;
        private final Registration shRegistration;
        private final Group gr;
        private SyncContext ctx;

        private ExternalSetup(@NotNull ExternalLoginAutoMembershipTest externalLoginAutoMembershipTest, @NotNull ExternalIdentityProvider externalIdentityProvider, DefaultSyncConfig defaultSyncConfig) throws Exception {
            this(externalIdentityProvider, defaultSyncConfig, new DefaultSyncHandler(defaultSyncConfig), "gr_" + defaultSyncConfig.getName());
        }

        private ExternalSetup(@NotNull ExternalIdentityProvider externalIdentityProvider, @NotNull DefaultSyncConfig defaultSyncConfig, @NotNull SyncHandler syncHandler, @Nullable String str) throws Exception {
            this.idp = externalIdentityProvider;
            this.sc = defaultSyncConfig;
            this.sh = syncHandler;
            if (str != null) {
                Group authorizable = ExternalLoginAutoMembershipTest.this.userManager.getAuthorizable(str, Group.class);
                if (authorizable != null) {
                    this.gr = authorizable;
                } else {
                    this.gr = ExternalLoginAutoMembershipTest.this.userManager.createGroup(str);
                }
                ExternalLoginAutoMembershipTest.this.r.commit();
                defaultSyncConfig.user().setAutoMembership(new String[]{this.gr.getID(), ExternalLoginAutoMembershipTest.NON_EXISTING_NAME}).setExpirationTime(Long.MAX_VALUE);
            } else {
                this.gr = null;
            }
            this.idpRegistration = ExternalLoginAutoMembershipTest.this.whiteboard.register(ExternalIdentityProvider.class, externalIdentityProvider, Collections.emptyMap());
            this.shRegistration = ExternalLoginAutoMembershipTest.this.whiteboard.register(SyncHandler.class, syncHandler, ImmutableMap.of("handler.name", syncHandler.getName(), "user.dynamicMembership", Boolean.valueOf(defaultSyncConfig.user().getDynamicMembership()), "group.autoMembership", defaultSyncConfig.user().getAutoMembership()));
            ExternalLoginAutoMembershipTest.registerSyncHandlerMapping(ExternalLoginAutoMembershipTest.this.context, this);
        }

        private void sync(@NotNull String str, boolean z) throws Exception {
            this.ctx = this.sh.createContext(this.idp, ExternalLoginAutoMembershipTest.this.userManager, ExternalLoginAutoMembershipTest.this.valueFactory);
            ExternalGroup group = z ? this.idp.getGroup(str) : this.idp.getUser(str);
            Assert.assertNotNull(group);
            SyncResult sync = this.ctx.sync(group);
            Assert.assertEquals(this.idp.getName(), sync.getIdentity().getExternalIdRef().getProviderName());
            Assert.assertSame(SyncResult.Status.ADD, sync.getStatus());
            ExternalLoginAutoMembershipTest.this.r.commit();
        }

        private void close() {
            if (this.ctx != null) {
                this.ctx.close();
            }
            if (this.idpRegistration != null) {
                this.idpRegistration.unregister();
            }
            if (this.shRegistration != null) {
                this.shRegistration.unregister();
            }
        }

        private AppConfigurationEntry asConfigurationEntry() {
            return new AppConfigurationEntry(ExternalLoginModule.class.getName(), AppConfigurationEntry.LoginModuleControlFlag.SUFFICIENT, ImmutableMap.of("sync.handlerName", this.sh.getName(), "idp.name", this.idp.getName()));
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.r = getSystemRoot();
        this.userManager = getUserManager(this.r);
        this.valueFactory = getValueFactory(this.r);
        this.syncConfig.user().setDynamicMembership(true);
        this.syncConfig.user().setDynamicMembership(true);
        this.setup1 = new ExternalSetup(this.idp, this.syncConfig, (SyncHandler) WhiteboardUtils.getService(this.whiteboard, SyncHandler.class), "gr" + UUID.randomUUID());
        DefaultSyncConfig defaultSyncConfig = new DefaultSyncConfig();
        defaultSyncConfig.setName("name2").user().setDynamicMembership(true);
        this.setup2 = new ExternalSetup(this, new TestIdentityProvider("idp2"), defaultSyncConfig);
        DefaultSyncConfig defaultSyncConfig2 = new DefaultSyncConfig();
        defaultSyncConfig2.setName("name3");
        this.setup3 = new ExternalSetup(this, new TestIdentityProvider("idp3"), defaultSyncConfig2);
        this.setup4 = new ExternalSetup(this, new TestIdentityProvider("idp4"), defaultSyncConfig);
        DefaultSyncConfig defaultSyncConfig3 = new DefaultSyncConfig();
        defaultSyncConfig3.setName("name5").user().setDynamicMembership(true);
        this.setup5 = new ExternalSetup(new TestIdentityProvider("idp5"), defaultSyncConfig3, new DefaultSyncHandler(defaultSyncConfig3), null);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        this.options.clear();
        try {
            this.syncConfig.user().setAutoMembership(new String[0]).setExpirationTime(0L);
            this.setup1.close();
            this.setup2.close();
            this.setup3.close();
            this.setup4.close();
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase
    public Configuration getConfiguration() {
        return new Configuration() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginAutoMembershipTest.1
            public AppConfigurationEntry[] getAppConfigurationEntry(String str) {
                AppConfigurationEntry[] appConfigurationEntryArr = new AppConfigurationEntry[5];
                int i = 0;
                for (ExternalSetup externalSetup : new ExternalSetup[]{ExternalLoginAutoMembershipTest.this.setup1, ExternalLoginAutoMembershipTest.this.setup2, ExternalLoginAutoMembershipTest.this.setup3, ExternalLoginAutoMembershipTest.this.setup4, ExternalLoginAutoMembershipTest.this.setup5}) {
                    int i2 = i;
                    i++;
                    appConfigurationEntryArr[i2] = externalSetup.asConfigurationEntry();
                }
                return appConfigurationEntryArr;
            }
        };
    }

    private static void registerSyncHandlerMapping(@NotNull OsgiContext osgiContext, @NotNull ExternalSetup externalSetup) {
        String name = externalSetup.sc.getName();
        osgiContext.registerService(SyncHandler.class, externalSetup.sh, ImmutableMap.of("handler.name", name, "user.dynamicMembership", Boolean.valueOf(externalSetup.sc.user().getDynamicMembership()), "user.autoMembership", externalSetup.sc.user().getAutoMembership()));
        osgiContext.registerService(SyncHandlerMapping.class, new SyncHandlerMapping() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginAutoMembershipTest.2
        }, new Object[]{ImmutableMap.of("idp.name", externalSetup.idp.getName(), "sync.handlerName", name)});
    }

    @Test
    public void testLoginSyncAutoMembershipSetup1() throws Exception {
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertTrue(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup2.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup3.gr.getPrincipal()));
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Group authorizable2 = userManager.getAuthorizable(this.setup1.gr.getID(), Group.class);
            Assert.assertFalse(authorizable2.isDeclaredMember(authorizable));
            Assert.assertFalse(authorizable2.isMember(authorizable));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAfterSyncSetup1() throws Exception {
        this.setup1.sync(TestIdentityProvider.ID_TEST_USER, false);
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertTrue(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup2.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup3.gr.getPrincipal()));
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Group authorizable2 = userManager.getAuthorizable(this.setup1.gr.getID(), Group.class);
            Assert.assertFalse(authorizable2.isDeclaredMember(authorizable));
            Assert.assertFalse(authorizable2.isMember(authorizable));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAfterSyncSetup2() throws Exception {
        this.setup2.sync(TestIdentityProvider.ID_TEST_USER, false);
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertTrue(principals.contains(this.setup2.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup3.gr.getPrincipal()));
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Group authorizable2 = userManager.getAuthorizable(this.setup2.gr.getID(), Group.class);
            Assert.assertFalse(authorizable2.isDeclaredMember(authorizable));
            Assert.assertFalse(authorizable2.isMember(authorizable));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAfterSyncSetup3() throws Exception {
        this.setup3.sync(TestIdentityProvider.ID_TEST_USER, false);
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertTrue(principals.contains(this.setup3.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup2.gr.getPrincipal()));
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Group authorizable2 = userManager.getAuthorizable(this.setup3.gr.getID(), Group.class);
            Assert.assertTrue(authorizable2.isDeclaredMember(authorizable));
            Assert.assertTrue(authorizable2.isMember(authorizable));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAfterSyncSetup4() throws Exception {
        this.setup4.sync(TestIdentityProvider.ID_TEST_USER, false);
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertTrue(principals.contains(this.setup4.gr.getPrincipal()));
            Assert.assertTrue(principals.contains(this.setup2.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup3.gr.getPrincipal()));
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Group authorizable2 = userManager.getAuthorizable(this.setup4.gr.getID(), Group.class);
            Assert.assertFalse(authorizable2.isDeclaredMember(authorizable));
            Assert.assertFalse(authorizable2.isMember(authorizable));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }

    @Test
    public void testLoginAfterSyncSetup5() throws Exception {
        this.setup5.sync(TestIdentityProvider.ID_TEST_USER, false);
        ContentSession login = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
        try {
            Set principals = login.getAuthInfo().getPrincipals();
            Assert.assertEquals(ImmutableSet.of(EveryonePrincipal.getInstance(), this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPrincipal()), principals);
            Assert.assertFalse(principals.contains(new PrincipalImpl(NON_EXISTING_NAME)));
            Assert.assertFalse(principals.contains(this.setup1.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup2.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup3.gr.getPrincipal()));
            Assert.assertFalse(principals.contains(this.setup4.gr.getPrincipal()));
            if (login != null) {
                login.close();
            }
        } catch (Throwable th) {
            if (login != null) {
                try {
                    login.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
            throw th;
        }
    }
}
