package org.apache.jackrabbit.oak.spi.security.authentication.external.impl;

import java.util.Collection;
import java.util.List;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/AutoMembershipTest.class */
public class AutoMembershipTest extends AbstractExternalAuthTest {
    private final boolean dynamicSync;
    private Root r;
    private UserManager userManager;
    private Group groupAutomembership;
    private Group userAutomembership;
    private User externalUser;
    private Group externalGroup;
    private Group testGroup;

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return List.of(new Object[]{true, "DynamicSync=true"}, new Object[]{false, "DynamicSync=false"});
    }

    public AutoMembershipTest(boolean z, @NotNull String str) {
        this.dynamicSync = z;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        this.context.registerInjectActivateService(getUserConfiguration());
        registerSyncHandler(syncConfigAsMap(), this.idp.getName());
        this.r = getSystemRoot();
        this.userManager = getUserManager(this.r);
        this.groupAutomembership = this.userManager.createGroup("groupAutomembership");
        this.userAutomembership = this.userManager.createGroup("userAutomembership1");
        this.userManager.createGroup("groupInherited").addMembers(new String[]{"groupAutomembership", "userAutomembership"});
        TestIdentityProvider testIdentityProvider = (TestIdentityProvider) this.idp;
        testIdentityProvider.addUser(new TestIdentityProvider.TestUser("externalUser", this.idp.getName()));
        testIdentityProvider.addGroup(new TestIdentityProvider.TestGroup("externalGroup", this.idp.getName()));
        ValueFactory valueFactory = getValueFactory(this.r);
        DynamicSyncContext dynamicSyncContext = this.dynamicSync ? new DynamicSyncContext(this.syncConfig, this.idp, this.userManager, valueFactory) : new DefaultSyncContext(this.syncConfig, this.idp, this.userManager, valueFactory);
        Assert.assertEquals(SyncResult.Status.ADD, dynamicSyncContext.sync(this.idp.getUser("externalUser")).getStatus());
        Assert.assertEquals(SyncResult.Status.ADD, dynamicSyncContext.sync(this.idp.getGroup("externalGroup")).getStatus());
        this.r.commit();
        this.externalUser = this.userManager.getAuthorizable("externalUser", User.class);
        this.externalGroup = this.userManager.getAuthorizable("externalGroup", Group.class);
        Assert.assertNotNull(this.externalUser);
        Assert.assertNotNull(this.externalGroup);
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        try {
            if (this.externalUser != null) {
                this.externalUser.remove();
            }
            if (this.externalGroup != null) {
                this.externalGroup.remove();
            }
            if (this.testGroup != null) {
                this.testGroup.remove();
            }
            this.r.commit();
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(this.dynamicSync);
        createSyncConfig.group().setDynamicGroups(this.dynamicSync);
        createSyncConfig.group().setAutoMembership(new String[]{"groupAutomembership"});
        createSyncConfig.user().setAutoMembership(new String[]{"userAutomembership1", "userAutomembership2"});
        return createSyncConfig;
    }

    private Group getTestGroup(@NotNull Authorizable... authorizableArr) throws Exception {
        if (this.testGroup == null) {
            this.testGroup = this.userManager.createGroup("testGroup");
        }
        for (Authorizable authorizable : authorizableArr) {
            this.testGroup.addMember(authorizable);
        }
        this.r.commit();
        return this.testGroup;
    }

    @Test
    public void testIsDeclaredMemberConfiguredUserAutoMembership() throws Exception {
        Assert.assertFalse(this.userAutomembership.isDeclaredMember(getTestUser()));
        Assert.assertFalse(this.userAutomembership.isDeclaredMember(getTestGroup(new Authorizable[0])));
        Assert.assertFalse(this.userAutomembership.isDeclaredMember(this.externalGroup));
        Assert.assertTrue(this.userAutomembership.isDeclaredMember(this.externalUser));
    }

    @Test
    public void testIsDeclaredMemberConfiguredGroupAutoMembership() throws Exception {
        Assert.assertFalse(this.groupAutomembership.isDeclaredMember(getTestUser()));
        Assert.assertFalse(this.groupAutomembership.isDeclaredMember(getTestGroup(new Authorizable[0])));
        Assert.assertTrue(this.groupAutomembership.isDeclaredMember(this.externalGroup));
        Assert.assertEquals(Boolean.valueOf(this.dynamicSync), Boolean.valueOf(this.groupAutomembership.isDeclaredMember(this.externalUser)));
    }

    @Test
    public void testIsMemberConfiguredUserAutoMembership() throws Exception {
        Assert.assertFalse(this.userAutomembership.isMember(getTestUser()));
        Assert.assertFalse(this.userAutomembership.isMember(getTestGroup(new Authorizable[0])));
        Assert.assertFalse(this.userAutomembership.isMember(this.externalGroup));
        Assert.assertTrue(this.userAutomembership.isMember(this.externalUser));
    }

    @Test
    public void testIsMemberConfiguredGroupAutoMembership() throws Exception {
        Assert.assertFalse(this.groupAutomembership.isMember(getTestUser()));
        Assert.assertFalse(this.groupAutomembership.isMember(getTestGroup(new Authorizable[0])));
        Assert.assertTrue(this.groupAutomembership.isMember(this.externalGroup));
        Assert.assertEquals(Boolean.valueOf(this.dynamicSync), Boolean.valueOf(this.groupAutomembership.isMember(this.externalUser)));
    }

    @Test
    public void testIsMemberNestedGroup() throws Exception {
        User testUser = getTestUser();
        Group testGroup = getTestGroup(this.userAutomembership, this.groupAutomembership, testUser);
        this.r.commit();
        Assert.assertTrue(testGroup.isMember(testUser));
        Assert.assertTrue(testGroup.isMember(this.userAutomembership));
        Assert.assertTrue(testGroup.isMember(this.groupAutomembership));
        Assert.assertTrue(testGroup.isMember(this.externalUser));
        Assert.assertTrue(testGroup.isMember(this.externalGroup));
        Assert.assertFalse(this.userAutomembership.isMember(testGroup));
        Assert.assertFalse(this.userAutomembership.isMember(testUser));
        Assert.assertFalse(this.userAutomembership.isMember(this.groupAutomembership));
        Assert.assertFalse(this.userAutomembership.isMember(this.externalGroup));
        Assert.assertTrue(this.userAutomembership.isMember(this.externalUser));
        Assert.assertFalse(this.groupAutomembership.isMember(testGroup));
        Assert.assertFalse(this.groupAutomembership.isMember(testUser));
        Assert.assertFalse(this.groupAutomembership.isMember(this.userAutomembership));
        Assert.assertTrue(this.groupAutomembership.isMember(this.externalGroup));
        Assert.assertEquals(Boolean.valueOf(this.dynamicSync), Boolean.valueOf(this.groupAutomembership.isMember(this.externalUser)));
    }

    @Test
    public void testIsMemberNestedGroupInverse() throws Exception {
        User testUser = getTestUser();
        Group testGroup = getTestGroup(testUser);
        this.userAutomembership.addMember(testGroup);
        this.groupAutomembership.addMember(testGroup);
        this.r.commit();
        Assert.assertTrue(testGroup.isMember(testUser));
        Assert.assertFalse(testGroup.isMember(this.userAutomembership));
        Assert.assertFalse(testGroup.isMember(this.groupAutomembership));
        Assert.assertFalse(testGroup.isMember(this.externalUser));
        Assert.assertFalse(testGroup.isMember(this.externalGroup));
        Assert.assertTrue(this.userAutomembership.isMember(testGroup));
        Assert.assertTrue(this.userAutomembership.isMember(testUser));
        Assert.assertFalse(this.userAutomembership.isMember(this.groupAutomembership));
        Assert.assertFalse(this.userAutomembership.isMember(this.externalGroup));
        Assert.assertTrue(this.userAutomembership.isMember(this.externalUser));
        Assert.assertTrue(this.groupAutomembership.isMember(testGroup));
        Assert.assertTrue(this.groupAutomembership.isMember(testUser));
        Assert.assertFalse(this.groupAutomembership.isMember(this.userAutomembership));
        Assert.assertTrue(this.groupAutomembership.isMember(this.externalGroup));
        Assert.assertEquals(Boolean.valueOf(this.dynamicSync), Boolean.valueOf(this.groupAutomembership.isMember(this.externalUser)));
    }

    @Test
    public void testIsMemberExternalUserInheritedNested() throws Exception {
        Group testGroup = getTestGroup(new Authorizable[0]);
        Group createGroup = this.userManager.createGroup("baseGroup");
        createGroup.addMember(testGroup);
        this.r.commit();
        Assert.assertFalse(createGroup.isDeclaredMember(this.externalUser));
        Assert.assertFalse(createGroup.isMember(this.externalUser));
        testGroup.addMember(this.userAutomembership);
        this.r.commit();
        Assert.assertFalse(createGroup.isDeclaredMember(this.externalUser));
        Assert.assertTrue(createGroup.isMember(this.externalUser));
    }
}
