package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.util.Collections;
import java.util.Map;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/AutoMembershipCycleTest.class */
public class AutoMembershipCycleTest extends AbstractAutoMembershipTest {
    private AutoMembershipPrincipals amp;
    private UserManager umMock;
    private Group gr;
    private Group gr2;
    private Group amGr1;
    private final Authorizable authorizable = (Authorizable) Mockito.mock(Authorizable.class);

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        Map singletonMap = Collections.singletonMap("idp1", new String[]{"autoMembershipGroupId_1"});
        this.umMock = (UserManager) Mockito.spy(this.userManager);
        this.amGr1 = (Group) Mockito.spy(this.automembershipGroup1);
        this.gr = (Group) Mockito.spy(this.umMock.createGroup("testGroup"));
        this.gr2 = (Group) Mockito.spy(this.umMock.createGroup("testGroup2"));
        Mockito.when(this.umMock.getAuthorizable("autoMembershipGroupId_1")).thenReturn(this.amGr1);
        this.umMock.createGroup(EveryonePrincipal.getInstance());
        this.root.commit();
        this.amp = new AutoMembershipPrincipals(this.umMock, singletonMap, getAutoMembershipConfigMapping());
        Mockito.clearInvocations(new Object[]{this.umMock, this.amGr1, this.gr, this.gr2});
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractAutoMembershipTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        try {
            this.amGr1.removeMembers(new String[]{"testGroup"});
            this.gr.remove();
            this.gr2.remove();
            this.root.commit();
        } finally {
            super.after();
        }
    }

    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("importBehavior", "besteffort"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.user().setDynamicMembership(true).setAutoMembership(new String[]{"autoMembershipGroupId_1"});
        createSyncConfig.group().setDynamicGroups(true).setAutoMembership(new String[]{"autoMembershipGroupId_1"});
        return createSyncConfig;
    }

    @Test
    public void testIsInheritedMemberCircularIncludingAutoMembership() throws Exception {
        Assert.assertTrue(this.amGr1.addMembers(new String[]{this.gr.getID()}).isEmpty());
        Assert.assertTrue(this.gr.addMembers(new String[]{this.amGr1.getID()}).isEmpty());
        this.root.commit();
        Mockito.clearInvocations(new Group[]{this.gr, this.amGr1});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.amGr1, this.authorizable));
        ((Group) Mockito.verify(this.amGr1)).getID();
        Mockito.verifyNoMoreInteractions(new Object[]{this.amGr1});
        Mockito.verifyNoInteractions(new Object[]{this.authorizable, this.gr});
        Mockito.clearInvocations(new Authorizable[]{this.authorizable, this.gr, this.amGr1});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.authorizable));
        Mockito.verifyNoInteractions(new Object[]{this.authorizable});
        ((Group) Mockito.verify(this.gr)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr});
        Mockito.clearInvocations(new Object[]{this.authorizable, this.amGr1, this.gr, this.umMock});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.amGr1, this.gr));
        ((Group) Mockito.verify(this.amGr1)).getID();
        Mockito.verifyNoMoreInteractions(new Object[]{this.amGr1});
        Mockito.verifyNoInteractions(new Object[]{this.gr, this.umMock});
        Mockito.clearInvocations(new Object[]{this.amGr1, this.gr, this.umMock});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.amGr1));
        ((Group) Mockito.verify(this.gr)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr, this.umMock});
    }

    @Test
    public void testIsInheritedMemberNestedCircularIncludingAutoMembership() throws Exception {
        Assert.assertTrue(this.amGr1.addMembers(new String[]{this.gr.getID()}).isEmpty());
        Assert.assertTrue(this.gr.addMembers(new String[]{this.gr2.getID()}).isEmpty());
        Assert.assertTrue(this.gr2.addMembers(new String[]{this.amGr1.getID()}).isEmpty());
        this.root.commit();
        Mockito.clearInvocations(new Group[]{this.gr, this.gr2, this.amGr1});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.authorizable));
        Mockito.verifyNoInteractions(new Object[]{this.authorizable});
        ((Group) Mockito.verify(this.gr)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr});
        Mockito.clearInvocations(new Object[]{this.authorizable, this.amGr1, this.gr, this.gr2, this.umMock});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.amGr1));
        ((Group) Mockito.verify(this.gr)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr});
        Mockito.clearInvocations(new Object[]{this.authorizable, this.amGr1, this.gr, this.gr2, this.umMock});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr2, this.authorizable));
        ((Group) Mockito.verify(this.gr2)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr, this.gr2, this.umMock});
        Mockito.clearInvocations(new Object[]{this.authorizable, this.amGr1, this.gr, this.gr2, this.umMock});
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr2, this.amGr1));
        ((Group) Mockito.verify(this.gr2)).getID();
        ((Group) Mockito.verify(this.amGr1)).declaredMemberOf();
        ((UserManager) Mockito.verify(this.umMock)).getAuthorizable("autoMembershipGroupId_1");
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr, this.gr2, this.umMock});
    }

    @Test
    public void testIsInheritedMemberCircularWithoutAutoMembership() throws Exception {
        Assert.assertTrue(this.gr.addMembers(new String[]{this.gr2.getID()}).isEmpty());
        Assert.assertTrue(this.gr2.addMembers(new String[]{this.gr.getID()}).isEmpty());
        this.root.commit();
        Mockito.clearInvocations(new Group[]{this.gr, this.gr2});
        Assert.assertFalse(this.amp.isInheritedMember("idp1", this.gr, this.gr2));
        ((Group) Mockito.verify(this.gr)).getID();
        Mockito.verifyNoMoreInteractions(new Object[]{this.gr, this.gr2});
    }

    @Test
    public void testIsInheritedMemberCircularIncludingExternalGroup() throws Exception {
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalId", false));
        Assert.assertTrue(this.amGr1.addMembers(new String[]{this.gr.getID()}).isEmpty());
        Assert.assertTrue(this.gr.addMembers(new String[]{this.amGr1.getID()}).isEmpty());
        this.root.commit();
        ValueFactory valueFactory = getValueFactory(this.root);
        this.gr.setProperty("rep:externalId", valueFactory.createValue(this.gr.getID() + ";" + this.idp.getName()));
        this.amGr1.setProperty("rep:externalId", valueFactory.createValue(this.amGr1.getID() + ";" + this.idp.getName()));
        this.root.commit();
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.authorizable));
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.amGr1));
    }

    @Test
    public void testIsInheritedMemberNestedCircularIncludingExternalGroup() throws Exception {
        this.externalPrincipalConfiguration.setParameters(ConfigurationParameters.of("protectExternalId", false));
        Assert.assertTrue(this.amGr1.addMembers(new String[]{this.gr2.getID()}).isEmpty());
        Assert.assertTrue(this.gr2.addMembers(new String[]{this.gr.getID()}).isEmpty());
        Assert.assertTrue(this.gr.addMembers(new String[]{this.amGr1.getID()}).isEmpty());
        this.root.commit();
        ValueFactory valueFactory = getValueFactory(this.root);
        this.gr.setProperty("rep:externalId", valueFactory.createValue(this.gr.getID() + ";" + this.idp.getName()));
        this.amGr1.setProperty("rep:externalId", valueFactory.createValue(this.amGr1.getID() + ";" + this.idp.getName()));
        this.root.commit();
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.authorizable));
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr, this.amGr1));
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr2, this.authorizable));
        Assert.assertTrue(this.amp.isInheritedMember("idp1", this.gr2, this.amGr1));
    }
}
