package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal;

import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.api.Type;
import org.apache.jackrabbit.oak.commons.PathUtils;
import org.apache.jackrabbit.oak.commons.collections.IteratorUtils;
import org.apache.jackrabbit.oak.commons.collections.ListUtils;
import org.apache.jackrabbit.oak.plugins.memory.PropertyStates;
import org.apache.jackrabbit.oak.plugins.tree.TreeUtil;
import org.apache.jackrabbit.oak.spi.commit.CommitInfo;
import org.apache.jackrabbit.oak.spi.commit.Validator;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncConfig;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalImpl;
import org.apache.jackrabbit.oak.spi.security.user.AuthorizableType;
import org.apache.jackrabbit.oak.spi.security.user.util.UserUtil;
import org.apache.jackrabbit.oak.spi.state.NodeState;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/principal/DynamicGroupValidatorTest.class */
public class DynamicGroupValidatorTest extends AbstractPrincipalTest {
    private Root r;
    private UserManager userManager;
    private User testUser;
    private Group localGroup;
    private Group dynamicGroup;

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        User testUser = getTestUser();
        this.r = getSystemRoot();
        this.userManager = getUserManager(this.r);
        this.testUser = this.userManager.getAuthorizable(testUser.getID(), User.class);
        this.localGroup = createTestGroup(this.r);
        this.dynamicGroup = this.userManager.getAuthorizable("aaa", Group.class);
        Assert.assertNotNull(this.dynamicGroup);
        registerSyncHandler(syncConfigAsMap(), this.idp.getName());
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        try {
            this.r.refresh();
            if (this.localGroup != null) {
                this.localGroup.remove();
                this.r.commit();
            }
        } finally {
            super.after();
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @NotNull
    public DefaultSyncConfig createSyncConfig() {
        DefaultSyncConfig createSyncConfig = super.createSyncConfig();
        createSyncConfig.group().setDynamicGroups(true);
        createSyncConfig.user().setMembershipNestingDepth(2L);
        return createSyncConfig;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.principal.AbstractPrincipalTest
    @NotNull
    public Set<String> getIdpNamesWithDynamicGroups() {
        return Collections.singleton(this.idp.getName());
    }

    @Test
    public void testAddMemberDynamicGroup() throws Exception {
        this.dynamicGroup.addMember(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testAddMemberLocalGroup() throws Exception {
        this.localGroup.addMember(this.testUser);
        this.r.commit();
        Assert.assertTrue(this.localGroup.isDeclaredMember(this.testUser));
    }

    @Test
    public void testAddMembersProperty() throws Exception {
        Tree tree = this.r.getTree(this.dynamicGroup.getPath());
        Assert.assertFalse(tree.hasProperty("rep:members"));
        tree.setProperty("rep:members", List.of((String) this.r.getTree(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPath()).getProperty("jcr:uuid").getValue(Type.STRING)), Type.WEAKREFERENCES);
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testAddMembersListTree() throws Exception {
        Tree tree = this.r.getTree(this.dynamicGroup.getPath());
        Assert.assertFalse(tree.hasChild("rep:membersList"));
        TreeUtil.addChild(tree, "rep:membersList", "rep:MemberReferencesList");
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testAddMembersTree() throws Exception {
        Tree tree = this.r.getTree(this.dynamicGroup.getPath());
        Assert.assertFalse(tree.hasChild("rep:members"));
        TreeUtil.addChild(tree, "rep:members", "rep:Members");
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testAddMembersTreeWithoutPrimaryType() throws Exception {
        NodeState nodeState = (NodeState) Mockito.mock(NodeState.class);
        Mockito.when(nodeState.getChildNode(ArgumentMatchers.anyString())).thenReturn(nodeState);
        String authorizableRootPath = UserUtil.getAuthorizableRootPath(getUserConfiguration().getParameters(), AuthorizableType.GROUP);
        Validator rootValidator = new DynamicGroupValidatorProvider(getRootProvider(), getTreeProvider(), getSecurityProvider(), getIdpNamesWithDynamicGroups()).getRootValidator(nodeState, nodeState, CommitInfo.EMPTY);
        Iterator it = PathUtils.elements(authorizableRootPath).iterator();
        while (it.hasNext()) {
            rootValidator = rootValidator.childNodeAdded((String) it.next(), nodeState);
        }
        Mockito.when(nodeState.getProperty("rep:externalId")).thenReturn(PropertyStates.createProperty("rep:externalId", new ExternalIdentityRef("gr", this.idp.getName()).getString(), Type.STRING));
        Mockito.when(nodeState.getProperty("jcr:primaryType")).thenReturn(PropertyStates.createProperty("jcr:primaryType", "rep:Group", Type.NAME));
        Assert.assertNotNull(rootValidator.childNodeAdded("group", nodeState).childNodeAdded("rep:membersList", (NodeState) Mockito.mock(NodeState.class)));
    }

    @Test
    public void testAddMembersToPreviouslySyncedGroup() throws Exception {
        User authorizable = this.userManager.getAuthorizable(TestIdentityProvider.ID_SECOND_USER, User.class);
        Assert.assertNotNull(authorizable);
        Assert.assertFalse(authorizable.hasProperty("rep:externalPrincipalNames"));
        Group authorizable2 = this.userManager.getAuthorizable("secondGroup", Group.class);
        Assert.assertNotNull(authorizable2);
        Assert.assertTrue(this.r.getTree(authorizable2.getPath()).hasProperty("rep:members"));
        authorizable2.addMember(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testAddProperties() throws Exception {
        Tree tree = this.r.getTree(this.dynamicGroup.getPath());
        this.dynamicGroup.setProperty("rel/path/test", getValueFactory(this.r).createValue("value"));
        this.r.commit();
        Assert.assertTrue(tree.hasChild("rel"));
        tree.setProperty(TestIdentityProvider.DEFAULT_IDP_NAME, "value");
        this.r.commit();
        Assert.assertTrue(this.dynamicGroup.hasProperty(TestIdentityProvider.DEFAULT_IDP_NAME));
    }

    @Test
    public void testModifyProperties() throws Exception {
        ValueFactory valueFactory = getValueFactory(this.r);
        this.dynamicGroup.setProperty("rel/path/test", valueFactory.createValue("value"));
        this.r.commit();
        Assert.assertTrue(this.dynamicGroup.hasProperty("rel/path/test"));
        this.dynamicGroup.setProperty("rel/path/test", valueFactory.createValue("value2"));
        this.r.commit();
        Assert.assertTrue(this.dynamicGroup.hasProperty("rel/path/test"));
    }

    @Test
    public void testModifyPropertiesLocalGroup() throws Exception {
        ValueFactory valueFactory = getValueFactory(this.r);
        this.localGroup.setProperty(TestIdentityProvider.DEFAULT_IDP_NAME, valueFactory.createValue("value"));
        this.r.commit();
        Assert.assertTrue(this.localGroup.hasProperty(TestIdentityProvider.DEFAULT_IDP_NAME));
        this.localGroup.setProperty(TestIdentityProvider.DEFAULT_IDP_NAME, valueFactory.createValue("value2"));
        this.r.commit();
        Assert.assertTrue(this.localGroup.hasProperty(TestIdentityProvider.DEFAULT_IDP_NAME));
    }

    @Test
    public void testModifyMembersPropertyLocalGroup() throws Exception {
        this.localGroup.addMember(this.testUser);
        this.r.commit();
        Tree tree = this.r.getTree(this.localGroup.getPath());
        Tree tree2 = this.r.getTree(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPath());
        List list = ListUtils.toList((Iterable) tree.getProperty("rep:members").getValue(Type.STRINGS));
        list.add((String) tree2.getProperty("jcr:uuid").getValue(Type.STRING));
        tree.setProperty("rep:members", list, Type.WEAKREFERENCES);
        this.r.commit();
        Assert.assertEquals(2L, IteratorUtils.size(this.localGroup.getMembers()));
    }

    @Test
    public void testModifyFolderProperties() throws Exception {
        Tree parent = this.r.getTree(this.localGroup.getPath()).getParent();
        TreeUtil.addMixin(parent, "mix:lastModified", this.r.getTree("/jcr:system/jcr:nodeTypes"), "id");
        this.r.commit();
        parent.setProperty("jcr:lastModifiedBy", "otherId");
        this.r.commit();
        Assert.assertEquals("otherId", parent.getProperty("jcr:lastModifiedBy").getValue(Type.STRING));
        Assert.assertEquals("otherId", parent.getProperty("jcr:lastModifiedBy").getValue(Type.STRING));
    }

    @Test
    public void testModifyMembersPropertyRemove() throws Exception {
        this.localGroup.addMember(this.testUser);
        this.localGroup.addMember(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER));
        this.localGroup.setProperty("rep:externalId", getValueFactory(this.r).createValue(new ExternalIdentityRef(this.localGroup.getID(), this.idp.getName()).getString()));
        this.r.commit();
        Tree tree = this.r.getTree(this.localGroup.getPath());
        List list = ListUtils.toList((Iterable) tree.getProperty("rep:members").getValue(Type.STRINGS));
        list.remove(1);
        tree.setProperty("rep:members", list, Type.WEAKREFERENCES);
        this.r.commit();
        Assert.assertEquals(1L, IteratorUtils.size(this.localGroup.getMembers()));
    }

    @Test
    public void testModifyMembersPropertyAdd() throws Exception {
        this.localGroup.addMember(this.testUser);
        this.localGroup.setProperty("rep:externalId", getValueFactory(this.r).createValue(new ExternalIdentityRef(this.localGroup.getID(), this.idp.getName()).getString()));
        this.r.commit();
        Tree tree = this.r.getTree(this.localGroup.getPath());
        Tree tree2 = this.r.getTree(this.userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).getPath());
        List list = ListUtils.toList((Iterable) tree.getProperty("rep:members").getValue(Type.STRINGS));
        list.add((String) tree2.getProperty("jcr:uuid").getValue(Type.STRING));
        tree.setProperty("rep:members", list, Type.WEAKREFERENCES);
        try {
            this.r.commit();
            Assert.fail("CommitFailedException 77 expected.");
        } catch (CommitFailedException e) {
            Assert.assertEquals(77L, e.getCode());
        }
    }

    @Test
    public void testCreateDynamicGroup() throws Exception {
        ExternalIdentityRef externalIdentityRef = new ExternalIdentityRef("thirdGroup", this.idp.getName());
        Group group = null;
        try {
            group = this.userManager.createGroup(externalIdentityRef.getId(), new PrincipalImpl(externalIdentityRef.getId()), "some/intermediate/path");
            group.setProperty("rep:externalId", getValueFactory(this.r).createValue(externalIdentityRef.getString()));
            this.r.commit();
            this.root.refresh();
            Assert.assertNotNull(getUserManager(this.root).getAuthorizable(externalIdentityRef.getId()));
            if (group != null) {
                group.remove();
                this.r.commit();
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                this.r.commit();
            }
            throw th;
        }
    }

    @Test
    public void testCreateGroupIncompleteExtId() throws Exception {
        Group group = null;
        try {
            group = this.userManager.createGroup("thirdGroup", new PrincipalImpl("thirdGroup"), "some/intermediate/path");
            group.setProperty("rep:externalId", getValueFactory(this.r).createValue("thirdGroup"));
            this.r.commit();
            this.root.refresh();
            Assert.assertNotNull(getUserManager(this.root).getAuthorizable("thirdGroup"));
            if (group != null) {
                group.remove();
                this.r.commit();
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                this.r.commit();
            }
            throw th;
        }
    }

    @Test
    public void testCreateGroupDifferentIDP() throws Exception {
        ExternalIdentityRef externalIdentityRef = new ExternalIdentityRef("thirdGroup", "anotherIDP");
        Group group = null;
        try {
            group = this.userManager.createGroup(externalIdentityRef.getId(), new PrincipalImpl(externalIdentityRef.getId()), "some/intermediate/path");
            group.setProperty("rep:externalId", getValueFactory(this.r).createValue(externalIdentityRef.getString()));
            this.r.commit();
            this.root.refresh();
            Assert.assertNotNull(getUserManager(this.root).getAuthorizable(externalIdentityRef.getId()));
            if (group != null) {
                group.remove();
                this.r.commit();
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                this.r.commit();
            }
            throw th;
        }
    }

    @Test
    public void testCreateLocalGroup() throws Exception {
        Group group = null;
        try {
            String str = "testGroup" + UUID.randomUUID();
            group = this.userManager.createGroup(str);
            this.r.commit();
            this.root.refresh();
            Assert.assertNotNull(getUserManager(this.root).getAuthorizable(str));
            if (group != null) {
                group.remove();
                this.r.commit();
            }
        } catch (Throwable th) {
            if (group != null) {
                group.remove();
                this.r.commit();
            }
            throw th;
        }
    }
}
