package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTestBase;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.util.NodeUtil;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityValidatorTest.class */
public class ExternalIdentityValidatorTest extends ExternalLoginModuleTestBase {
    String testUserPath;
    String externalUserPath;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.testUserPath = getTestUser().getPath();
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.refresh();
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        Assert.assertEquals(Boolean.valueOf(isDynamic()), Boolean.valueOf(authorizable.hasProperty("rep:externalPrincipalNames")));
        this.externalUserPath = authorizable.getPath();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(isDynamic());
        return createSyncConfig;
    }

    protected boolean isDynamic() {
        return true;
    }

    @Test
    public void testAddExternalPrincipalNames() throws Exception {
        try {
            try {
                new NodeUtil(this.root.getTree(this.testUserPath)).setStrings("rep:externalPrincipalNames", new String[]{"principalName"});
                this.root.commit();
                Assert.fail("Creating rep:externalPrincipalNames must be detected.");
                this.root.refresh();
            } catch (CommitFailedException e) {
                Assert.assertEquals(70L, e.getCode());
                this.root.refresh();
            }
        } catch (Throwable th) {
            this.root.refresh();
            throw th;
        }
    }

    @Test
    public void testAddExternalPrincipalNamesAsSystemMissingExternalId() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            new NodeUtil(systemRoot.getTree(this.testUserPath)).setStrings("rep:externalPrincipalNames", new String[]{"principalName"});
            systemRoot.commit();
            Assert.fail("Creating rep:externalPrincipalNames without rep:externalId must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(72L, e.getCode());
        } finally {
            systemRoot.refresh();
        }
    }

    @Test
    public void testAddExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        NodeUtil nodeUtil = new NodeUtil(systemRoot.getTree(this.testUserPath));
        nodeUtil.setString("rep:externalId", "externalId");
        nodeUtil.setStrings("rep:externalPrincipalNames", new String[]{"principalName"});
        systemRoot.commit();
    }

    @Test
    public void testRemoveExternalPrincipalNames() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).removeProperty("rep:externalPrincipalNames");
            this.root.commit();
            Assert.fail("Removing rep:externalPrincipalNames must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(70L, e.getCode());
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testRemoveExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        new NodeUtil(systemRoot.getTree(this.externalUserPath)).removeProperty("rep:externalPrincipalNames");
        systemRoot.commit();
    }

    @Test
    public void testModifyExternalPrincipalNames() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).setProperty("rep:externalPrincipalNames", Lists.newArrayList(new String[]{"principalNames"}), Type.STRINGS);
            this.root.commit();
            Assert.fail("Changing rep:externalPrincipalNames must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(70L, e.getCode());
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testModifyExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        new NodeUtil(systemRoot.getTree(this.externalUserPath)).setStrings("rep:externalPrincipalNames", new String[]{"principalNames"});
        systemRoot.commit();
    }

    @Test
    public void testExternalPrincipalNamesType() throws Exception {
        Root systemRoot = getSystemRoot();
        Tree tree = systemRoot.getTree(this.testUserPath);
        ImmutableMap of = ImmutableMap.of(Type.BOOLEANS, ImmutableSet.of(Boolean.TRUE), Type.LONGS, ImmutableSet.of(new Long(1234L)), Type.NAMES, ImmutableSet.of("id", "id2"));
        for (Type type : of.keySet()) {
            try {
                try {
                    tree.setProperty("rep:externalPrincipalNames", of.get(type), type);
                    systemRoot.commit();
                    Assert.fail("Creating rep:externalPrincipalNames with type " + type + " must be detected.");
                    systemRoot.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertEquals(71L, e.getCode());
                    systemRoot.refresh();
                }
            } catch (Throwable th) {
                systemRoot.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testExternalPrincipalNamesSingle() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            new NodeUtil(systemRoot.getTree(this.testUserPath)).setString("rep:externalPrincipalNames", "id");
            systemRoot.commit();
            Assert.fail("Creating rep:externalPrincipalNames as single STRING property must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(71L, e.getCode());
        } finally {
            systemRoot.refresh();
        }
    }

    @Test
    public void testRepExternalIdMultiple() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            new NodeUtil(systemRoot.getTree(this.testUserPath)).setStrings("rep:externalId", new String[]{"id", "id2"});
            systemRoot.commit();
            Assert.fail("Creating rep:externalId as multiple STRING property must be detected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(75L, e.getCode());
        } finally {
            systemRoot.refresh();
        }
    }

    @Test
    public void testRepExternalIdType() throws Exception {
        Root systemRoot = getSystemRoot();
        Tree tree = systemRoot.getTree(this.testUserPath);
        ImmutableMap of = ImmutableMap.of(Type.BOOLEAN, Boolean.TRUE, Type.LONG, new Long(1234L), Type.NAME, "id");
        for (Type type : of.keySet()) {
            try {
                try {
                    tree.setProperty("rep:externalId", of.get(type), type);
                    systemRoot.commit();
                    Assert.fail("Creating rep:externalId with type " + type + " must be detected.");
                    systemRoot.refresh();
                } catch (CommitFailedException e) {
                    Assert.assertEquals(75L, e.getCode());
                    systemRoot.refresh();
                }
            } catch (Throwable th) {
                systemRoot.refresh();
                throw th;
            }
        }
    }

    @Test
    public void testCreateUserWithRepExternalId() throws Exception {
        this.root.getTree(getUserManager(this.root).createUser(TestIdentityProvider.ID_SECOND_USER, (String) null).getPath()).setProperty("rep:externalId", TestIdentityProvider.ID_SECOND_USER);
        this.root.commit();
    }

    @Test
    public void testCreateUserWithRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(getUserManager(systemRoot).createUser(TestIdentityProvider.ID_SECOND_USER, (String) null).getPath()).setProperty("rep:externalId", TestIdentityProvider.ID_SECOND_USER);
        systemRoot.commit();
    }

    @Test
    public void testAddRepExternalId() throws Exception {
        try {
            this.root.getTree(this.testUserPath).setProperty("rep:externalId", "id");
            this.root.commit();
            Assert.fail("Adding rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isConstraintViolation());
            Assert.assertEquals(74L, e.getCode());
        }
    }

    @Test
    public void testAddRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
    }

    @Test
    public void testModifyRepExternalId() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).setProperty("rep:externalId", "anotherValue");
            this.root.commit();
            Assert.fail("Modification of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isConstraintViolation());
            Assert.assertEquals(74L, e.getCode());
        }
    }

    @Test
    public void testModifyRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.externalUserPath).setProperty("rep:externalId", "anotherValue");
        systemRoot.commit();
    }

    @Test
    public void testRemoveRepExternalId() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).removeProperty("rep:externalId");
            this.root.commit();
            Assert.fail("Removal of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isConstraintViolation());
            Assert.assertEquals(73L, e.getCode());
        }
    }

    @Test
    public void testRemoveRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            new NodeUtil(systemRoot.getTree(this.externalUserPath)).removeProperty("rep:externalId");
            systemRoot.commit();
            Assert.fail("Removing rep:externalId is not allowed if rep:externalPrincipalNames is present.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(73L, e.getCode());
        } finally {
            systemRoot.refresh();
        }
    }

    @Test
    public void testRemoveRepExternalIdWithoutPrincipalNames() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
        this.root.refresh();
        try {
            this.root.getTree(this.testUserPath).removeProperty("rep:externalId");
            this.root.commit();
            Assert.fail("Removal of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            Assert.assertTrue(e.isConstraintViolation());
            Assert.assertEquals(74L, e.getCode());
        }
    }

    @Test
    public void testRemoveRepExternalIdWithoutPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
        systemRoot.getTree(this.testUserPath).removeProperty("rep:externalId");
        systemRoot.commit();
    }

    @Test
    public void testRemoveExternalUser() throws Exception {
        getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER).remove();
        this.root.commit();
    }

    @Test
    public void testRemoveExternalUserTree() throws Exception {
        this.root.getTree(this.externalUserPath).remove();
        this.root.commit();
    }
}
