package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import java.util.Collection;
import java.util.Iterator;
import java.util.stream.StreamSupport;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/DynamicAutomembershipTest.class */
public class DynamicAutomembershipTest extends DynamicSyncContextTest {
    private final boolean hasDynamicGroups;
    private Group group1;
    private Group group2;
    private Group group3;
    private Group groupInherited;

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return Lists.newArrayList(new Object[]{new Object[]{false, "DynamicGroups=false"}, new Object[]{true, "DynamicGroups=true"}});
    }

    public DynamicAutomembershipTest(boolean z, @NotNull String str) {
        this.hasDynamicGroups = z;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.group1 = this.userManager.getAuthorizable("group1", Group.class);
        this.group2 = this.userManager.getAuthorizable("group2", Group.class);
        this.group3 = this.userManager.getAuthorizable("group3", Group.class);
        this.groupInherited = this.userManager.createGroup("groupInherited");
        this.groupInherited.addMembers(new String[]{"group1", "group2"});
        this.r.commit();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.group().setDynamicGroups(this.hasDynamicGroups);
        createSyncConfig.group().setAutoMembership(new String[]{"group1"});
        createSyncConfig.user().setAutoMembership(new String[]{"group2", "group3"});
        return createSyncConfig;
    }

    private static boolean containsGroup(@NotNull Iterator<Group> it, @NotNull Group group) throws RepositoryException {
        String id = group.getID();
        Iterable iterable = () -> {
            return it;
        };
        return StreamSupport.stream(iterable.spliterator(), false).anyMatch(group2 -> {
            try {
                return id.equals(group2.getID());
            } catch (RepositoryException e) {
                return false;
            }
        });
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContextTest
    @Test
    public void testSyncExternalGroup() throws Exception {
        ExternalGroup group = this.idp.getGroup("aaa");
        Assert.assertNotNull(group);
        this.syncContext.sync(group);
        if (!this.hasDynamicGroups) {
            Assert.assertNull(this.userManager.getAuthorizable(group.getId()));
            Assert.assertFalse(this.r.hasPendingChanges());
            return;
        }
        Group authorizable = this.userManager.getAuthorizable(group.getId(), Group.class);
        Assert.assertNotNull(authorizable);
        Assert.assertTrue(this.r.hasPendingChanges());
        Assert.assertTrue(containsGroup(authorizable.declaredMemberOf(), this.group1));
        Assert.assertTrue(containsGroup(authorizable.memberOf(), this.group1));
        Assert.assertTrue(this.group1.isDeclaredMember(authorizable));
        Assert.assertTrue(this.group1.isMember(authorizable));
        Assert.assertFalse(hasStoredMembershipInformation(this.r.getTree(this.group1.getPath()), this.r.getTree(authorizable.getPath())));
        for (Group group2 : new Group[]{this.group2, this.group3}) {
            Assert.assertFalse(group2.isDeclaredMember(authorizable));
            Assert.assertFalse(group2.isMember(authorizable));
        }
        Assert.assertFalse(containsGroup(authorizable.declaredMemberOf(), this.groupInherited));
        Assert.assertTrue(containsGroup(authorizable.memberOf(), this.groupInherited));
        Assert.assertFalse(this.groupInherited.isDeclaredMember(authorizable));
        Assert.assertTrue(this.groupInherited.isMember(authorizable));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DynamicSyncContextTest
    @Test
    public void testSyncExternalUserExistingGroups() throws Exception {
        Authorizable authorizable = this.userManager.getAuthorizable(this.previouslySyncedUser.getId());
        assertSyncedMembership(this.userManager, authorizable, this.previouslySyncedUser, Long.MAX_VALUE);
        this.syncContext.setForceUserSync(true);
        this.syncConfig.user().setMembershipExpirationTime(-1L);
        this.syncContext.sync(this.previouslySyncedUser);
        Assert.assertEquals(Boolean.valueOf(this.hasDynamicGroups), Boolean.valueOf(this.r.getTree(authorizable.getPath()).hasProperty("rep:externalPrincipalNames")));
        assertSyncedMembership(this.userManager, authorizable, this.previouslySyncedUser);
        for (Group group : new Group[]{this.group1, this.group2, this.group3}) {
            Assert.assertTrue(group.isDeclaredMember(authorizable));
            Assert.assertTrue(group.isMember(authorizable));
            containsGroup(authorizable.declaredMemberOf(), group);
            containsGroup(authorizable.memberOf(), group);
            boolean hasStoredMembershipInformation = hasStoredMembershipInformation(this.r.getTree(group.getPath()), this.r.getTree(authorizable.getPath()));
            if (this.hasDynamicGroups) {
                Assert.assertFalse(hasStoredMembershipInformation);
            } else {
                Assert.assertEquals(Boolean.valueOf(this.syncConfig.user().getAutoMembership().contains(group.getID())), Boolean.valueOf(hasStoredMembershipInformation));
            }
        }
        Assert.assertFalse(this.groupInherited.isDeclaredMember(authorizable));
        Assert.assertTrue(this.groupInherited.isMember(authorizable));
        Assert.assertNotNull(this.userManager.getAuthorizable(((ExternalIdentityRef) this.previouslySyncedUser.getDeclaredGroups().iterator().next()).getId(), Group.class));
    }
}
