package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import com.google.common.collect.ImmutableSet;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicSyncTest.class */
public class DynamicSyncTest extends AbstractDynamicTest {
    private static final String BASE_ID = "base";
    private static final String BASE2_ID = "base2";
    private static final String AUTO_GROUPS = "autoForGroups";
    private static final String AUTO_USERS = "autoForUsers";
    private Group autoForGroups;
    private Group autoForUsers;
    private Group base;
    private Group base2;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.autoForGroups = this.userManager.getAuthorizable(AUTO_GROUPS, Group.class);
        this.autoForUsers = this.userManager.getAuthorizable(AUTO_USERS, Group.class);
        this.base = this.userManager.createGroup(BASE_ID);
        Assert.assertTrue(this.base.addMembers(new String[]{AUTO_GROUPS, AUTO_USERS}).isEmpty());
        Assert.assertTrue(this.base.addMembers(new String[]{"a", "b"}).isEmpty());
        this.userManager.createGroup(EveryonePrincipal.getInstance());
        this.base2 = this.userManager.createGroup(BASE2_ID);
        this.base2.addMember(this.autoForUsers);
        this.r.commit();
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest
    @NotNull
    ExternalUser syncPriorToDynamicMembership() {
        return (ExternalUser) Mockito.mock(ExternalUser.class);
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("importBehavior", "besteffort"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.group().setDynamicGroups(true).setAutoMembership(new String[]{AUTO_GROUPS});
        createSyncConfig.user().setEnforceDynamicMembership(true).setMembershipNestingDepth(2L).setAutoMembership(new String[]{AUTO_USERS});
        return createSyncConfig;
    }

    @Test
    public void testSyncedUser() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        assertExpectedIds(ImmutableSet.of("a", "b", "c", "aa", "aaa", AUTO_GROUPS, new String[]{AUTO_USERS, "everyone"}), authorizable.declaredMemberOf());
        assertExpectedIds(ImmutableSet.of(BASE_ID, BASE2_ID, "a", "b", "c", "aa", new String[]{"aaa", AUTO_GROUPS, AUTO_USERS, "everyone"}), authorizable.memberOf());
        authorizable.declaredMemberOf().forEachRemaining(group -> {
            assertIsMember(group, true, authorizable);
        });
        authorizable.memberOf().forEachRemaining(group2 -> {
            assertIsMember(group2, false, authorizable);
        });
        Assert.assertEquals(10L, getPrincipalNames(getPrincipalManager(this.r).getGroupMembership(authorizable.getPrincipal())).size());
    }

    @Test
    public void testSyncedGroup() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Group authorizable = this.userManager.getAuthorizable("a", Group.class);
        Assert.assertNotNull(authorizable);
        assertExpectedIds(Collections.singleton(TestIdentityProvider.ID_TEST_USER), authorizable.getDeclaredMembers(), authorizable.getMembers());
        assertExpectedIds(ImmutableSet.of(AUTO_GROUPS, BASE_ID, "everyone"), authorizable.declaredMemberOf(), authorizable.memberOf());
    }

    @Test
    public void testAutomembershipGroups() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Authorizable authorizable2 = (Group) this.userManager.getAuthorizable("a", Group.class);
        assertExpectedIds(ImmutableSet.of("a", "b", "c", "aa", "aaa", TestIdentityProvider.ID_TEST_USER, new String[0]), this.autoForGroups.getDeclaredMembers(), this.autoForGroups.getMembers());
        assertIsMember(this.autoForGroups, true, authorizable, authorizable2);
        assertIsMember(this.autoForGroups, false, authorizable, authorizable2);
        Assert.assertFalse(this.autoForGroups.isMember(this.base));
    }

    @Test
    public void testAutomembershipUsers() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Group authorizable2 = this.userManager.getAuthorizable("a", Group.class);
        assertExpectedIds(ImmutableSet.of(TestIdentityProvider.ID_TEST_USER), this.autoForUsers.getDeclaredMembers(), this.autoForUsers.getMembers());
        Assert.assertTrue(this.autoForUsers.isMember(authorizable));
        Assert.assertFalse(this.autoForUsers.isMember(authorizable2));
        Assert.assertFalse(this.autoForUsers.isMember(this.base));
    }

    @Test
    public void testInheritedBaseGroup() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        assertExpectedIds(ImmutableSet.of(AUTO_GROUPS, AUTO_USERS, "a", "b"), this.base.getDeclaredMembers());
        Assert.assertFalse(this.base.isDeclaredMember(authorizable));
        assertExpectedIds(ImmutableSet.of(TestIdentityProvider.ID_TEST_USER, AUTO_GROUPS, AUTO_USERS, "a", "b", "c", new String[]{"aa", "aaa"}), this.base.getMembers());
        Assert.assertTrue(this.base.isMember(authorizable));
    }

    @Test
    public void testInheritedBase2Group() throws Exception {
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), SyncResult.Status.ADD);
        Authorizable authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        assertExpectedIds(ImmutableSet.of(AUTO_USERS), this.base2.getDeclaredMembers());
        Assert.assertFalse(this.base2.isDeclaredMember(authorizable));
        assertExpectedIds(ImmutableSet.of(TestIdentityProvider.ID_TEST_USER, AUTO_USERS), this.base2.getMembers());
        Assert.assertTrue(this.base2.isMember(authorizable));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void assertIsMember(@NotNull Group group, boolean z, @NotNull Authorizable... authorizableArr) {
        try {
            for (Authorizable authorizable : authorizableArr) {
                if (z) {
                    Assert.assertTrue(group.isDeclaredMember(authorizable));
                } else {
                    Assert.assertTrue(group.isMember(authorizable));
                }
            }
        } catch (RepositoryException e) {
            Assert.fail(e.getMessage());
        }
    }

    private static void assertExpectedIds(@NotNull Set<String> set, @NotNull Iterator<? extends Authorizable>... itArr) {
        for (Iterator<? extends Authorizable> it : itArr) {
            List<String> ids = getIds(it);
            Assert.assertEquals(set.size(), ids.size());
            Assert.assertTrue(ids.containsAll(set));
        }
    }
}
