package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.util.Set;
import javax.jcr.SimpleCredentials;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.guava.common.collect.ImmutableList;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.PropertyState;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/ExternalIdentityValidatorTest.class */
public class ExternalIdentityValidatorTest extends ExternalLoginTestBase {
    String testUserPath;
    String externalUserPath;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.testUserPath = getTestUser().getPath();
        login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
        this.root.refresh();
        Authorizable authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER);
        Assert.assertNotNull(authorizable);
        Assert.assertEquals(Boolean.valueOf(isDynamic()), Boolean.valueOf(authorizable.hasProperty("rep:externalPrincipalNames")));
        this.externalUserPath = authorizable.getPath();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(isDynamic());
        return createSyncConfig;
    }

    protected boolean isDynamic() {
        return true;
    }

    @Test(expected = CommitFailedException.class)
    public void testAddExternalPrincipalNames() throws Exception {
        try {
            this.root.getTree(this.testUserPath).setProperty("rep:externalPrincipalNames", ImmutableList.of("principalName"), Type.STRINGS);
            this.root.commit();
            Assert.fail("Creating rep:externalPrincipalNames must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 70);
        } finally {
            this.root.refresh();
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testAddExternalPrincipalNamesAsSystemMissingExternalId() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            systemRoot.getTree(this.testUserPath).setProperty("rep:externalPrincipalNames", ImmutableList.of("principalName"), Type.STRINGS);
            systemRoot.commit();
            Assert.fail("Creating rep:externalPrincipalNames without rep:externalId must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 72);
        } finally {
            systemRoot.refresh();
        }
    }

    @Test
    public void testAddExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        Tree tree = systemRoot.getTree(this.testUserPath);
        tree.setProperty("rep:externalId", "externalId");
        tree.setProperty("rep:externalPrincipalNames", ImmutableList.of("principalName"), Type.STRINGS);
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveExternalPrincipalNames() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).removeProperty("rep:externalPrincipalNames");
            this.root.commit();
            Assert.fail("Removing rep:externalPrincipalNames must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 70);
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testRemoveExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.externalUserPath).removeProperty("rep:externalPrincipalNames");
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testModifyExternalPrincipalNames() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).setProperty("rep:externalPrincipalNames", Lists.newArrayList(new String[]{"principalNames"}), Type.STRINGS);
            this.root.commit();
            Assert.fail("Changing rep:externalPrincipalNames must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 70);
        } finally {
            this.root.refresh();
        }
    }

    @Test
    public void testModifyExternalPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.externalUserPath).setProperty("rep:externalPrincipalNames", ImmutableList.of("principalNames"), Type.STRINGS);
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testExternalPrincipalNamesType() throws Exception {
        Root systemRoot = getSystemRoot();
        Tree tree = systemRoot.getTree(this.testUserPath);
        ImmutableMap of = ImmutableMap.of(Type.BOOLEANS, Set.of(Boolean.TRUE), Type.LONGS, Set.of(1234L), Type.NAMES, Set.of("id", "id2"));
        for (Type type : of.keySet()) {
            try {
                try {
                    tree.setProperty("rep:externalPrincipalNames", of.get(type), type);
                    systemRoot.commit();
                    Assert.fail("Creating rep:externalPrincipalNames with type " + type + " must be detected.");
                    systemRoot.refresh();
                } catch (CommitFailedException e) {
                    assertException(e, "Constraint", 71);
                    systemRoot.refresh();
                }
            } catch (Throwable th) {
                systemRoot.refresh();
                throw th;
            }
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testExternalPrincipalNamesSingle() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            systemRoot.getTree(this.testUserPath).setProperty("rep:externalPrincipalNames", "id");
            systemRoot.commit();
            Assert.fail("Creating rep:externalPrincipalNames as single STRING property must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 71);
        } finally {
            systemRoot.refresh();
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testExternalPrincipalNamesArrayMismatch() throws Exception {
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        PropertyState propertyState = (PropertyState) Mockito.when(((PropertyState) Mockito.mock(PropertyState.class)).getName()).thenReturn("rep:externalPrincipalNames").getMock();
        Mockito.when(propertyState.getType()).thenReturn(Type.STRINGS);
        Mockito.when(Boolean.valueOf(propertyState.isArray())).thenReturn(false);
        try {
            new ExternalIdentityValidatorProvider(true, true).getRootValidator(nodeState, nodeState, (CommitInfo) null).propertyAdded(propertyState);
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 71);
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRepExternalIdMultiple() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", ImmutableList.of("id", "id2"), Type.STRINGS);
            systemRoot.commit();
            Assert.fail("Creating rep:externalId as multiple STRING property must be detected.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 75);
        } finally {
            systemRoot.refresh();
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRepExternalIdType() throws Exception {
        Root systemRoot = getSystemRoot();
        Tree tree = systemRoot.getTree(this.testUserPath);
        ImmutableMap of = ImmutableMap.of(Type.BOOLEAN, Boolean.TRUE, Type.LONG, 1234L, Type.NAME, "id");
        for (Type type : of.keySet()) {
            try {
                try {
                    tree.setProperty("rep:externalId", of.get(type), type);
                    systemRoot.commit();
                    Assert.fail("Creating rep:externalId with type " + type + " must be detected.");
                    systemRoot.refresh();
                } catch (CommitFailedException e) {
                    assertException(e, "Constraint", 75);
                    systemRoot.refresh();
                }
            } catch (Throwable th) {
                systemRoot.refresh();
                throw th;
            }
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRepExternalIdTypeArrayMismatch() throws Exception {
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        PropertyState propertyState = (PropertyState) Mockito.when(((PropertyState) Mockito.mock(PropertyState.class)).getName()).thenReturn("rep:externalId").getMock();
        Mockito.when(propertyState.getType()).thenReturn(Type.STRING);
        Mockito.when(Boolean.valueOf(propertyState.isArray())).thenReturn(true);
        try {
            new ExternalIdentityValidatorProvider(true, true).getRootValidator(nodeState, nodeState, (CommitInfo) null).propertyAdded(propertyState);
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 75);
        }
    }

    @Test
    public void testCreateUserWithRepExternalId() throws Exception {
        this.root.getTree(getUserManager(this.root).createUser(TestIdentityProvider.ID_SECOND_USER, (String) null).getPath()).setProperty("rep:externalId", TestIdentityProvider.ID_SECOND_USER);
        this.root.commit();
    }

    @Test
    public void testCreateUserWithRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(getUserManager(systemRoot).createUser(TestIdentityProvider.ID_SECOND_USER, (String) null).getPath()).setProperty("rep:externalId", TestIdentityProvider.ID_SECOND_USER);
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testAddRepExternalId() throws Exception {
        try {
            this.root.getTree(this.testUserPath).setProperty("rep:externalId", "id");
            this.root.commit();
            Assert.fail("Adding rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 74);
        }
    }

    @Test
    public void testAddRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testModifyRepExternalId() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).setProperty("rep:externalId", "anotherValue");
            this.root.commit();
            Assert.fail("Modification of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 74);
        }
    }

    @Test
    public void testModifyRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.externalUserPath).setProperty("rep:externalId", "anotherValue");
        systemRoot.commit();
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveRepExternalId() throws Exception {
        try {
            this.root.getTree(this.externalUserPath).removeProperty("rep:externalId");
            this.root.commit();
            Assert.fail("Removal of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 73);
            throw e;
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveRepExternalIdAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        try {
            systemRoot.getTree(this.externalUserPath).removeProperty("rep:externalId");
            systemRoot.commit();
            Assert.fail("Removing rep:externalId is not allowed if rep:externalPrincipalNames is present.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 73);
        } finally {
            systemRoot.refresh();
        }
    }

    @Test(expected = CommitFailedException.class)
    public void testRemoveRepExternalIdWithoutPrincipalNames() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
        this.root.refresh();
        try {
            this.root.getTree(this.testUserPath).removeProperty("rep:externalId");
            this.root.commit();
            Assert.fail("Removal of rep:externalId must be detected in the default setup.");
        } catch (CommitFailedException e) {
            assertException(e, "Constraint", 74);
        }
    }

    @Test
    public void testRemoveRepExternalIdWithoutPrincipalNamesAsSystem() throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.getTree(this.testUserPath).setProperty("rep:externalId", "id");
        systemRoot.commit();
        systemRoot.getTree(this.testUserPath).removeProperty("rep:externalId");
        systemRoot.commit();
    }

    @Test
    public void testRemoveExternalUser() throws Exception {
        getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER).remove();
        this.root.commit();
    }

    @Test
    public void testRemoveExternalUserTree() throws Exception {
        this.root.getTree(this.externalUserPath).remove();
        this.root.commit();
    }
}
