package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.text.ParseException;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.RepositoryException;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.guava.common.collect.ImmutableMap;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipProviderTest.class */
public class AutoMembershipProviderTest extends AbstractAutoMembershipTest {
    private final boolean dynamicGroupsEnabled;
    private AutoMembershipProvider provider;

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return List.of(new Object[]{false, "Dynamic-Groups = false"}, new Object[]{true, "Dynamic-Groups = true"});
    }

    public AutoMembershipProviderTest(boolean z, @NotNull String str) {
        this.dynamicGroupsEnabled = z;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        this.provider = createAutoMembershipProvider(this.root, this.userManager);
    }

    private void setExternalId(@NotNull String str, @NotNull String str2) throws Exception {
        Root systemRoot = getSystemRoot();
        systemRoot.refresh();
        getUserManager(systemRoot).getAuthorizable(str).setProperty("rep:externalId", getValueFactory(systemRoot).createValue(new ExternalIdentityRef(str, str2).getString()));
        systemRoot.commit();
        this.root.refresh();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(true).setAutoMembership(MAPPING.get("idp1"));
        if (this.dynamicGroupsEnabled) {
            createSyncConfig.group().setDynamicGroups(true).setAutoMembership(MAPPING_GROUP.get("idp1"));
        }
        return createSyncConfig;
    }

    @NotNull
    private AutoMembershipProvider createAutoMembershipProvider(@NotNull Root root, @NotNull UserManager userManager) {
        return new AutoMembershipProvider(root, userManager, getNamePathMapper(), MAPPING, this.dynamicGroupsEnabled ? MAPPING_GROUP : null, getAutoMembershipConfigMapping());
    }

    private static void assertMatchingEntries(@NotNull Iterator<Authorizable> it, @NotNull String... strArr) {
        Assert.assertEquals(ImmutableSet.copyOf(strArr), ImmutableSet.copyOf(Iterators.transform(it, authorizable -> {
            try {
                return authorizable.getID();
            } catch (RepositoryException e) {
                return "";
            }
        })));
    }

    @Test
    public void testCoversAllMembers() throws RepositoryException {
        Assert.assertFalse(this.provider.coversAllMembers(this.automembershipGroup1));
        Assert.assertFalse(this.provider.coversAllMembers(this.userManager.createGroup(EveryonePrincipal.getInstance())));
        Group group = (Group) Mockito.mock(Group.class);
        Assert.assertFalse(this.provider.coversAllMembers(group));
        Mockito.verifyNoInteractions(new Object[]{group});
    }

    @Test
    public void testGetMembersNoExternalUsers() throws Exception {
        Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, true).hasNext());
        Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, false).hasNext());
    }

    @Test
    public void testGetMembersExternalUser() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        Iterator members = this.provider.getMembers(this.automembershipGroup1, false);
        Assert.assertTrue(members.hasNext());
        Assert.assertEquals(getTestUser().getID(), ((Authorizable) members.next()).getID());
        Assert.assertFalse(members.hasNext());
        Iterator members2 = this.provider.getMembers(this.automembershipGroup1, true);
        Assert.assertTrue(members2.hasNext());
        Assert.assertEquals(getTestUser().getID(), ((Authorizable) members2.next()).getID());
        Assert.assertFalse(members2.hasNext());
    }

    @Test
    public void testGetMembersExternalUserIdpMismatch() throws Exception {
        setExternalId(getTestUser().getID(), "idp2");
        Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, false).hasNext());
        Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, true).hasNext());
    }

    @Test
    public void testGetMembersExternalUserMultipleIdps() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        User user = null;
        try {
            user = this.userManager.createUser("second", (String) null);
            this.root.commit();
            setExternalId("second", "idp3");
            Assert.assertEquals(2L, Iterators.size(this.provider.getMembers(this.automembershipGroup1, false)));
            Assert.assertEquals(2L, Iterators.size(this.provider.getMembers(this.automembershipGroup1, true)));
            if (user != null) {
                user.remove();
                this.root.commit();
            }
        } catch (Throwable th) {
            if (user != null) {
                user.remove();
                this.root.commit();
            }
            throw th;
        }
    }

    @Test
    public void testGetMembersExternalGroupExist() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        if (!this.dynamicGroupsEnabled) {
            Assert.assertFalse(this.provider.getMembers(this.automembershipGroup3, false).hasNext());
        } else {
            assertMatchingEntries(this.provider.getMembers(this.automembershipGroup3, false), testGroup.getID());
            Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, false).hasNext());
        }
    }

    @Test
    public void testGetMembersExternalGroupExistInherit() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        if (!this.dynamicGroupsEnabled) {
            Assert.assertFalse(this.provider.getMembers(this.automembershipGroup3, true).hasNext());
        } else {
            assertMatchingEntries(this.provider.getMembers(this.automembershipGroup3, true), testGroup.getID());
            Assert.assertFalse(this.provider.getMembers(this.automembershipGroup1, true).hasNext());
        }
    }

    @Test
    public void testGetMembersMatchingUsersAndGroups() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        String id = getTestUser().getID();
        setExternalId(id, "idp1");
        if (this.dynamicGroupsEnabled) {
            assertMatchingEntries(new AutoMembershipProvider(this.root, this.userManager, getNamePathMapper(), MAPPING, ImmutableMap.of("idp1", new String[]{"autoMembershipGroupId_1"}), getAutoMembershipConfigMapping()).getMembers(this.automembershipGroup1, false), testGroup.getID(), id);
        } else {
            assertMatchingEntries(new AutoMembershipProvider(this.root, this.userManager, getNamePathMapper(), MAPPING, (Map) null, getAutoMembershipConfigMapping()).getMembers(this.automembershipGroup1, false), id);
        }
    }

    @Test
    public void testGetMembersCannotRetrievePrincipalFromGroup() throws Exception {
        Group group = (Group) Mockito.mock(Group.class);
        Mockito.when(group.getPrincipal()).thenThrow(new Throwable[]{new RepositoryException()});
        Assert.assertFalse(this.provider.getMembers(group, false).hasNext());
        Assert.assertFalse(this.provider.getMembers(group, true).hasNext());
    }

    @Test
    public void testGetMembersGroupNotConfigured() throws Exception {
        Group group = (Group) Mockito.mock(Group.class);
        Mockito.when(group.getPrincipal()).thenReturn(EveryonePrincipal.getInstance());
        Assert.assertFalse(this.provider.getMembers(group, false).hasNext());
        Assert.assertFalse(this.provider.getMembers(group, true).hasNext());
    }

    @Test
    public void testGetMembersLookupByPathFails() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        ((UserManager) Mockito.doThrow(new Throwable[]{new RepositoryException()}).when(userManager)).getAuthorizableByPath(ArgumentMatchers.anyString());
        Assert.assertFalse(createAutoMembershipProvider(this.root, userManager).getMembers(this.automembershipGroup1, false).hasNext());
    }

    @Test(expected = RepositoryException.class)
    public void testGetMembersQueryFails() throws Exception {
        QueryEngine queryEngine = (QueryEngine) Mockito.mock(QueryEngine.class);
        Mockito.when(queryEngine.executeQuery(ArgumentMatchers.anyString(), ArgumentMatchers.anyString(), (Map) ArgumentMatchers.any(Map.class), (Map) ArgumentMatchers.any(Map.class))).thenThrow(new Throwable[]{new ParseException("query failed", 0)});
        Assert.assertFalse(createAutoMembershipProvider((Root) Mockito.when(((Root) Mockito.mock(Root.class)).getQueryEngine()).thenReturn(queryEngine).getMock(), this.userManager).getMembers(this.automembershipGroup1, false).hasNext());
    }

    @Test
    public void testIsMemberLocalUser() throws Exception {
        Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, getTestUser(), true));
        Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, getTestUser(), false));
    }

    @Test
    public void testIsMemberSelf() throws Exception {
        Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, this.automembershipGroup1, true));
        Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, this.automembershipGroup1, false));
    }

    @Test
    public void testIsMemberExternalUser() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        Assert.assertTrue(this.provider.isMember(this.automembershipGroup1, getTestUser(), false));
        Assert.assertTrue(this.provider.isMember(this.automembershipGroup1, getTestUser(), true));
    }

    @Test
    public void testIsMemberExternalUserInherited() throws Exception {
        User testUser = getTestUser();
        setExternalId(testUser.getID(), "idp1");
        Group testGroup = getTestGroup(this.automembershipGroup1);
        Assert.assertFalse(this.provider.isMember(testGroup, testUser, false));
        Assert.assertTrue(this.provider.isMember(testGroup, testUser, true));
    }

    @Test
    public void testIsMemberExternalUserInheritedNested() throws Exception {
        User testUser = getTestUser();
        setExternalId(testUser.getID(), "idp1");
        Group testGroup = getTestGroup(new Authorizable[0]);
        Group createGroup = this.userManager.createGroup("baseGroup");
        createGroup.addMember(testGroup);
        this.root.commit();
        Assert.assertFalse(this.provider.isMember(createGroup, testUser, false));
        Assert.assertFalse(this.provider.isMember(createGroup, testUser, true));
        testGroup.addMember(this.automembershipGroup1);
        this.root.commit();
        Assert.assertFalse(this.provider.isMember(createGroup, testUser, false));
        Assert.assertTrue(this.provider.isMember(createGroup, testUser, true));
    }

    @Test
    public void testIsMemberExternalUserIdpMismatch() throws Exception {
        setExternalId(getTestUser().getID(), "idp2");
        Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, getTestUser(), false));
    }

    @Test
    public void testIsMemberExternalGroupSelf() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        Assert.assertFalse(this.provider.isMember(testGroup, testGroup, false));
        Assert.assertFalse(this.provider.isMember(testGroup, testGroup, true));
    }

    @Test
    public void testIsMemberExternalGroup() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        if (this.dynamicGroupsEnabled) {
            Assert.assertTrue(this.provider.isMember(this.automembershipGroup3, testGroup, false));
            Assert.assertTrue(this.provider.isMember(this.automembershipGroup3, testGroup, true));
            Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, testGroup, false));
            Assert.assertFalse(this.provider.isMember(this.automembershipGroup1, testGroup, true));
            return;
        }
        for (Group group : new Group[]{this.automembershipGroup1, this.automembershipGroup3}) {
            Assert.assertFalse(this.provider.isMember(group, testGroup, false));
            Assert.assertFalse(this.provider.isMember(group, testGroup, true));
        }
    }

    @Test
    public void testGetMembershipLocalUser() throws Exception {
        Assert.assertFalse(this.provider.getMembership(getTestUser(), true).hasNext());
        Assert.assertFalse(this.provider.getMembership(getTestUser(), false).hasNext());
    }

    @Test
    public void testGetMembershipSelf() throws Exception {
        Assert.assertFalse(this.provider.getMembership(this.automembershipGroup1, true).hasNext());
        Assert.assertFalse(this.provider.getMembership(this.automembershipGroup1, false).hasNext());
    }

    @Test
    public void testGetMembershipExternalUser() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        ImmutableSet copyOf = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), false));
        Assert.assertEquals(2L, copyOf.size());
        Assert.assertTrue(copyOf.contains(this.automembershipGroup1));
        Assert.assertTrue(copyOf.contains(this.automembershipGroup2));
    }

    @Test
    public void testGetMembershipExternalUserInherited() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        ImmutableSet copyOf = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), true));
        Assert.assertEquals(2L, copyOf.size());
        Assert.assertTrue(copyOf.contains(this.automembershipGroup1));
    }

    @Test
    public void testGetMembershipExternalUserNestedGroups() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        Group testGroup = getTestGroup(this.automembershipGroup1);
        ImmutableSet copyOf = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), false));
        Assert.assertEquals(2L, copyOf.size());
        Assert.assertTrue(copyOf.contains(this.automembershipGroup1));
        Assert.assertTrue(copyOf.contains(this.automembershipGroup2));
        ImmutableSet copyOf2 = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), true));
        Assert.assertEquals(3L, copyOf2.size());
        Assert.assertTrue(copyOf2.contains(this.automembershipGroup1));
        Assert.assertTrue(copyOf2.contains(this.automembershipGroup2));
        Assert.assertTrue(copyOf2.contains(testGroup));
    }

    @Test
    public void testGetMembershipExternalUserEveryoneGroupExists() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        Group createGroup = this.userManager.createGroup(EveryonePrincipal.getInstance());
        this.automembershipGroup2.addMember(this.automembershipGroup1);
        this.root.commit();
        ImmutableSet copyOf = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), false));
        Assert.assertEquals(2L, copyOf.size());
        Assert.assertTrue(copyOf.contains(this.automembershipGroup1));
        Assert.assertTrue(copyOf.contains(this.automembershipGroup2));
        ImmutableSet copyOf2 = ImmutableSet.copyOf(this.provider.getMembership(getTestUser(), true));
        Assert.assertEquals(2L, copyOf2.size());
        Assert.assertTrue(copyOf2.contains(this.automembershipGroup1));
        Assert.assertTrue(copyOf2.contains(this.automembershipGroup2));
        Assert.assertFalse(copyOf2.contains(createGroup));
    }

    @Test
    public void testGetMembershipExternalUserIdpMismatch() throws Exception {
        setExternalId(getTestUser().getID(), "idp2");
        Assert.assertFalse(this.provider.getMembership(getTestUser(), false).hasNext());
        Assert.assertFalse(this.provider.getMembership(getTestUser(), true).hasNext());
    }

    @Test
    public void testGetMembershipExternalGroup() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        setExternalId(testGroup.getID(), "idp1");
        if (!this.dynamicGroupsEnabled) {
            Assert.assertFalse(this.provider.getMembership(testGroup, false).hasNext());
            Assert.assertFalse(this.provider.getMembership(testGroup, true).hasNext());
            return;
        }
        Iterator membership = this.provider.getMembership(testGroup, false);
        Assert.assertTrue(membership.hasNext());
        Assert.assertEquals(this.automembershipGroup3.getID(), ((Group) membership.next()).getID());
        Assert.assertFalse(membership.hasNext());
        Iterator membership2 = this.provider.getMembership(testGroup, false);
        Assert.assertTrue(this.provider.getMembership(testGroup, true).hasNext());
        Assert.assertEquals(this.automembershipGroup3.getID(), ((Group) membership2.next()).getID());
        Assert.assertFalse(membership2.hasNext());
    }

    @Test
    public void testGetMembershipAutogroupIsUser() throws Exception {
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        User user = (User) Mockito.mock(User.class);
        Mockito.when(Boolean.valueOf(user.isGroup())).thenReturn(false);
        ((UserManager) Mockito.doReturn(user).when(userManager)).getAuthorizable(this.automembershipGroup1.getID());
        ((UserManager) Mockito.doReturn(user).when(userManager)).getAuthorizable(this.automembershipGroup2.getID());
        setExternalId(getTestUser().getID(), "idp1");
        Assert.assertFalse(createAutoMembershipProvider(this.root, userManager).getMembership(getTestUser(), false).hasNext());
        ((UserManager) Mockito.verify(userManager, Mockito.times(2))).getAuthorizable(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{userManager});
    }

    @Test
    public void testGetMembershipAutogroupGroupLookupFails() throws Exception {
        UserManager userManager = (UserManager) Mockito.spy(this.userManager);
        Mockito.when(Boolean.valueOf(((User) Mockito.mock(User.class)).isGroup())).thenReturn(false);
        ((UserManager) Mockito.doThrow(new Throwable[]{new RepositoryException()}).when(userManager)).getAuthorizable((String) ArgumentMatchers.any(String.class));
        setExternalId(getTestUser().getID(), "idp1");
        Assert.assertFalse(createAutoMembershipProvider(this.root, userManager).getMembership(getTestUser(), false).hasNext());
        ((UserManager) Mockito.verify(userManager, Mockito.times(2))).getAuthorizable(ArgumentMatchers.anyString());
        Mockito.verifyNoMoreInteractions(new Object[]{userManager});
    }

    @Test
    public void testGetMembershipAutogroupGroupMemberOfFails() throws Exception {
        this.automembershipGroup2.addMember(this.automembershipGroup1);
        this.root.commit();
        Group group = (Group) Mockito.spy(this.automembershipGroup1);
        Mockito.when(group.memberOf()).thenThrow(new Throwable[]{new RepositoryException()});
        Mockito.when(((UserManager) Mockito.spy(this.userManager)).getAuthorizable(this.automembershipGroup1.getPrincipal())).thenReturn(group);
        setExternalId(getTestUser().getID(), "idp1");
        Assert.assertEquals(2L, ImmutableSet.copyOf(createAutoMembershipProvider(this.root, r0).getMembership(getTestUser(), true)).size());
    }

    @Test
    public void testGetMembershipAutogroupRemoved() throws Exception {
        setExternalId(getTestUser().getID(), "idp1");
        this.automembershipGroup1.remove();
        Assert.assertEquals(1L, Iterators.size(this.provider.getMembership(getTestUser(), false)));
        Assert.assertEquals(1L, Iterators.size(this.provider.getMembership(getTestUser(), true)));
        this.automembershipGroup2.remove();
        Assert.assertFalse(this.provider.getMembership(getTestUser(), false).hasNext());
        Assert.assertFalse(this.provider.getMembership(getTestUser(), true).hasNext());
    }
}
