package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.lang.reflect.Field;
import java.security.Principal;
import java.util.Collection;
import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.guava.common.collect.Lists;
import org.apache.jackrabbit.oak.spi.commit.MoveTracker;
import org.apache.jackrabbit.oak.spi.commit.ValidatorProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.principal.SystemPrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/SystemPrincipalConfigTest.class */
public class SystemPrincipalConfigTest extends AbstractExternalAuthTest {
    private static final String SYSTEM_USER_NAME_1 = "systemUser1";
    private static final String SYSTEM_USER_NAME_2 = "systemUser2";
    private static final String SYSTEM_USER_NAME_NOT_CONFIGURED = "systemUserNotConfigured";
    private final Set<String> systemUserNames;
    private String workspaceName;
    private SystemPrincipalConfig systemPrincipalConfig;

    public SystemPrincipalConfigTest(String[] strArr, String str) {
        this.systemUserNames = strArr == null ? null : ImmutableSet.copyOf(strArr);
    }

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return Lists.newArrayList(new Object[]{new Object[]{null, "Null"}, new Object[]{new String[0], "Empty names"}, new Object[]{new String[]{SYSTEM_USER_NAME_1}, "Single name"}, new Object[]{new String[]{SYSTEM_USER_NAME_1, SYSTEM_USER_NAME_2}, "Multiple names"}});
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.context.registerService(SyncHandler.class, new DefaultSyncHandler(), ImmutableMap.of("user.dynamicMembership", true));
        this.workspaceName = this.root.getContentSession().getWorkspaceName();
        this.systemPrincipalConfig = this.systemUserNames == null ? new SystemPrincipalConfig(Collections.emptySet()) : new SystemPrincipalConfig(this.systemUserNames);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    protected Map<String, Object> getExternalPrincipalConfiguration() {
        return Collections.singletonMap("systemPrincipalNames", this.systemUserNames);
    }

    private void assertIsSystem(@NotNull Set<Principal> set, boolean z) throws Exception {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(this.systemPrincipalConfig.containsSystemPrincipal(set)));
        List validators = this.externalPrincipalConfiguration.getValidators(this.workspaceName, set, new MoveTracker());
        Assert.assertEquals(1L, validators.size());
        ValidatorProvider validatorProvider = (ValidatorProvider) validators.get(0);
        Assert.assertTrue(validatorProvider instanceof ExternalIdentityValidatorProvider);
        Field declaredField = ExternalIdentityValidatorProvider.class.getDeclaredField("isSystem");
        declaredField.setAccessible(true);
        Assert.assertEquals(Boolean.valueOf(z), declaredField.get(validatorProvider));
    }

    @Test
    public void testSystemSubject() throws Exception {
        assertIsSystem(Collections.singleton(SystemPrincipal.INSTANCE), true);
    }

    @Test
    public void testAdminSubject() throws Exception {
        assertIsSystem(this.root.getContentSession().getAuthInfo().getPrincipals(), false);
    }

    @Test
    public void testEmptySubject() throws Exception {
        assertIsSystem(Collections.emptySet(), false);
    }

    @Test
    public void testRegularPrincipalSubject() throws Exception {
        assertIsSystem(Collections.singleton(() -> {
            return SYSTEM_USER_NAME_1;
        }), false);
        assertIsSystem(Set.of(new PrincipalImpl(SYSTEM_USER_NAME_2), new PrincipalImpl(SYSTEM_USER_NAME_1)), false);
        assertIsSystem(Set.of(EveryonePrincipal.getInstance(), new GroupPrincipal() { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.SystemPrincipalConfigTest.1
            public boolean isMember(@NotNull Principal principal) {
                return false;
            }

            @NotNull
            public Enumeration<? extends Principal> members() {
                return Iterators.asEnumeration(Collections.emptyIterator());
            }

            public String getName() {
                return SystemPrincipalConfigTest.SYSTEM_USER_NAME_2;
            }
        }), false);
    }

    @Test
    public void testSystemUserSubject() throws Exception {
        assertIsSystem(Collections.singleton(() -> {
            return SYSTEM_USER_NAME_NOT_CONFIGURED;
        }), false);
    }

    @Test
    public void testConfiguredSystemUserSubject() throws Exception {
        assertIsSystem(Collections.singleton(() -> {
            return SYSTEM_USER_NAME_1;
        }), configContainsSystemUser(SYSTEM_USER_NAME_1));
        assertIsSystem(Set.of(EveryonePrincipal.getInstance(), () -> {
            return SYSTEM_USER_NAME_2;
        }), configContainsSystemUser(SYSTEM_USER_NAME_2));
        assertIsSystem(Set.of(() -> {
            return SYSTEM_USER_NAME_2;
        }, () -> {
            return SYSTEM_USER_NAME_1;
        }), configContainsSystemUser(SYSTEM_USER_NAME_2, SYSTEM_USER_NAME_1));
    }

    private boolean configContainsSystemUser(@NotNull String... strArr) {
        if (this.systemUserNames == null) {
            return false;
        }
        for (String str : strArr) {
            if (this.systemUserNames.contains(str)) {
                return true;
            }
        }
        return false;
    }
}
