package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import java.util.Calendar;
import java.util.Iterator;
import javax.jcr.Value;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/SwitchSyncModeTest.class */
public class SwitchSyncModeTest extends AbstractDynamicTest {
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest
    @NotNull
    ExternalUser syncPriorToDynamicMembership() throws Exception {
        return syncWithDefaultContext(SyncResult.Status.ADD);
    }

    @NotNull
    private ExternalUser syncWithDefaultContext(@NotNull SyncResult.Status status) throws Exception {
        DefaultSyncContext createDefaultSyncContext = createDefaultSyncContext(this.r);
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(user);
        Assert.assertSame(status, createDefaultSyncContext.sync(user).getStatus());
        createDefaultSyncContext.close();
        this.r.commit();
        return user;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.AbstractDynamicTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(true).setEnforceDynamicMembership(true).setMembershipExpirationTime(1L).setExpirationTime(1L);
        createSyncConfig.group().setDynamicGroups(true).setExpirationTime(1L);
        return createSyncConfig;
    }

    @NotNull
    private DefaultSyncContext createDefaultSyncContext(@NotNull Root root) {
        return new DefaultSyncContext(createNonDynamicConfig(), this.idp, getUserManager(root), getValueFactory(root));
    }

    @NotNull
    private DefaultSyncConfig createNonDynamicConfig() {
        DefaultSyncConfig createSyncConfig = createSyncConfig();
        createSyncConfig.user().setDynamicMembership(false).setEnforceDynamicMembership(false).setMembershipNestingDepth(Long.MAX_VALUE).setMembershipExpirationTime(1L);
        createSyncConfig.group().setDynamicGroups(false);
        return createSyncConfig;
    }

    private static void assertIsDynamic(@NotNull ExternalUser externalUser, @NotNull UserManager userManager, @NotNull Root root, boolean z) throws Exception {
        User authorizable = userManager.getAuthorizable(externalUser.getId(), User.class);
        Assert.assertNotNull(authorizable);
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(authorizable.hasProperty("rep:externalPrincipalNames")));
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(authorizable.hasProperty("rep:lastDynamicSync")));
        Assert.assertTrue(authorizable.hasProperty("rep:lastSynced"));
        assertGroups(externalUser, userManager, root, !z);
    }

    private static void assertGroups(@NotNull ExternalUser externalUser, @NotNull UserManager userManager, @NotNull Root root, boolean z) throws Exception {
        Iterator it = externalUser.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            Group authorizable = userManager.getAuthorizable(((ExternalIdentityRef) it.next()).getId(), Group.class);
            Assert.assertNotNull(authorizable);
            Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(root.getTree(authorizable.getPath()).hasProperty("rep:members")));
        }
    }

    @Test
    public void testDefaultDynamic() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(user);
        assertIsDynamic(user, getUserManager(this.r), this.r, false);
        sync(user, SyncResult.Status.UPDATE);
        assertIsDynamic(user, getUserManager(this.r), this.r, true);
    }

    @Test
    public void testDefaultMissingCleanupDynamic() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(user);
        getUserManager(this.r).getAuthorizable(user.getId(), User.class).setProperty("rep:externalPrincipalNames", new Value[]{getValueFactory(this.r).createValue("test-values")});
        this.r.commit();
        sync(user, SyncResult.Status.UPDATE);
        assertIsDynamic(user, getUserManager(this.r), this.r, true);
    }

    @Test
    public void testDefaultSyncClearsDynamicProperties() throws Exception {
        ExternalUser user = this.idp.getUser(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(user);
        assertIsDynamic(user, getUserManager(this.r), this.r, false);
        User authorizable = getUserManager(this.r).getAuthorizable(user.getId(), User.class);
        ValueFactory valueFactory = getValueFactory(this.r);
        authorizable.setProperty("rep:externalPrincipalNames", new Value[]{valueFactory.createValue("test-values")});
        authorizable.setProperty("rep:lastDynamicSync", valueFactory.createValue(Calendar.getInstance()));
        this.r.commit();
        syncWithDefaultContext(SyncResult.Status.UPDATE);
        assertIsDynamic(user, getUserManager(this.r), this.r, false);
    }
}
