package org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx;

import java.io.IOException;
import java.io.InputStream;
import java.lang.reflect.Field;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.jcr.Credentials;
import javax.jcr.RepositoryException;
import javax.jcr.ValueFactory;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.AuthInfo;
import org.apache.jackrabbit.oak.api.Blob;
import org.apache.jackrabbit.oak.api.CommitFailedException;
import org.apache.jackrabbit.oak.api.ContentRepository;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.QueryEngine;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.api.Tree;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.SecurityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncHandler;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncResult;
import org.apache.jackrabbit.oak.spi.security.authentication.external.SyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncContext;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncResultImpl;
import org.apache.jackrabbit.oak.spi.security.authentication.external.basic.DefaultSyncedIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.impl.DefaultSyncHandler;
import org.apache.jackrabbit.oak.spi.security.user.UserConfiguration;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.Parameterized;
import org.mockito.ArgumentMatchers;
import org.mockito.Mockito;

@RunWith(Parameterized.class)
/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/DelegateeTest.class */
public class DelegateeTest extends AbstractJmxTest {
    private final int batchSize;
    private Delegatee delegatee;
    private static final String[] TEST_IDS = {TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER, TestIdentityProvider.ID_WILDCARD_USER};

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/impl/jmx/DelegateeTest$ThrowingRoot.class */
    public static final class ThrowingRoot implements Root {
        private final Root base;

        private ThrowingRoot(@NotNull Root root) {
            this.base = root;
        }

        public boolean move(String str, String str2) {
            return this.base.move(str, str2);
        }

        @NotNull
        public Tree getTree(@NotNull String str) {
            return this.base.getTree(str);
        }

        public void rebase() {
            this.base.rebase();
        }

        public void refresh() {
            this.base.refresh();
        }

        public void commit() throws CommitFailedException {
            commit(Map.of());
        }

        public void commit(@NotNull Map<String, Object> map) throws CommitFailedException {
            throw new CommitFailedException("Oak", 0, "failed");
        }

        public boolean hasPendingChanges() {
            return this.base.hasPendingChanges();
        }

        @NotNull
        public QueryEngine getQueryEngine() {
            return this.base.getQueryEngine();
        }

        @NotNull
        public Blob createBlob(@NotNull InputStream inputStream) throws IOException {
            return this.base.createBlob(inputStream);
        }

        @Nullable
        public Blob getBlob(@NotNull String str) {
            return this.base.getBlob(str);
        }

        @NotNull
        public ContentSession getContentSession() {
            return this.base.getContentSession();
        }
    }

    @Parameterized.Parameters(name = "name={1}")
    public static Collection<Object[]> parameters() {
        return List.of(new Object[]{100, "BatchSize 100"}, new Object[]{1, "BatchSize 1"}, new Object[]{2, "BatchSize 2"});
    }

    public DelegateeTest(int i, String str) {
        this.batchSize = i;
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.AbstractJmxTest, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    @Before
    public void before() throws Exception {
        super.before();
        this.delegatee = createDelegatee(this.idp, new DefaultSyncHandler(this.syncConfig));
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void after() throws Exception {
        try {
            if (this.delegatee != null) {
                this.delegatee.close();
            }
        } finally {
            super.after();
        }
    }

    private Delegatee createDelegatee(@NotNull ExternalIdentityProvider externalIdentityProvider, @NotNull SyncHandler syncHandler) {
        return Delegatee.createInstance(getContentRepository(), getSecurityProvider(), syncHandler, externalIdentityProvider, this.batchSize);
    }

    private static Root preventRootCommit(@NotNull Delegatee delegatee) throws Exception {
        Field declaredField = Delegatee.class.getDeclaredField("root");
        declaredField.setAccessible(true);
        Root root = (Root) declaredField.get(delegatee);
        root.refresh();
        declaredField.set(delegatee, new ThrowingRoot(root));
        return root;
    }

    @Test
    public void testDoubleClose() throws Exception {
        ContentSession contentSession = (ContentSession) Mockito.mock(ContentSession.class);
        Mockito.when(contentSession.getLatestRoot()).thenReturn(this.root);
        Mockito.when(contentSession.getAuthInfo()).thenReturn(AuthInfo.EMPTY);
        ContentRepository contentRepository = (ContentRepository) Mockito.mock(ContentRepository.class);
        Mockito.when(contentRepository.login((Credentials) null, (String) null)).thenReturn(contentSession);
        Delegatee createInstance = Delegatee.createInstance(contentRepository, getSecurityProvider(), new DefaultSyncHandler(this.syncConfig), new TestIdentityProvider());
        createInstance.close();
        createInstance.close();
        ((ContentRepository) Mockito.verify(contentRepository)).login((Credentials) null, (String) null);
        Mockito.verifyNoMoreInteractions(new Object[]{contentRepository});
        ((ContentSession) Mockito.verify(contentSession, Mockito.times(2))).close();
    }

    @Test
    public void testCloseFails() throws Exception {
        ContentSession contentSession = (ContentSession) Mockito.mock(ContentSession.class);
        ((ContentSession) Mockito.doThrow(new Throwable[]{new IOException()}).when(contentSession)).close();
        Mockito.when(contentSession.getLatestRoot()).thenReturn(this.root);
        Mockito.when(contentSession.getAuthInfo()).thenReturn(AuthInfo.EMPTY);
        ContentRepository contentRepository = (ContentRepository) Mockito.mock(ContentRepository.class);
        Mockito.when(contentRepository.login((Credentials) null, (String) null)).thenReturn(contentSession);
        Delegatee.createInstance(contentRepository, getSecurityProvider(), new DefaultSyncHandler(this.syncConfig), new TestIdentityProvider()).close();
        ((ContentRepository) Mockito.verify(contentRepository)).login((Credentials) null, (String) null);
        Mockito.verifyNoMoreInteractions(new Object[]{contentRepository});
        ((ContentSession) Mockito.verify(contentSession)).close();
    }

    @Test
    public void testSyncUsersBeforeSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncUsers(TEST_IDS, false), Map.of(TestIdentityProvider.ID_TEST_USER, "nsa", TestIdentityProvider.ID_SECOND_USER, "nsa", TestIdentityProvider.ID_WILDCARD_USER, "nsa"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncUsersSaveError() throws Exception {
        sync(this.idp, TestIdentityProvider.ID_TEST_USER, false);
        sync(this.foreignIDP, TestIdentityProvider.ID_SECOND_USER, false);
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncUsers(new String[]{TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.ID_SECOND_USER, TestIdentityProvider.ID_WILDCARD_USER}, false), Map.of(TestIdentityProvider.ID_TEST_USER, "ERR", TestIdentityProvider.ID_SECOND_USER, "for", TestIdentityProvider.ID_WILDCARD_USER, "nsa"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncAllUsersBeforeSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncAllUsers(false), Map.of());
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncAllUsersSaveError() throws Exception {
        sync(this.idp, TestIdentityProvider.ID_TEST_USER, false);
        sync(this.idp, TestIdentityProvider.ID_SECOND_USER, false);
        sync(new TestIdentityProvider.TestUser("third", this.idp.getName()), this.idp);
        sync(this.foreignIDP, TestIdentityProvider.ID_WILDCARD_USER, false);
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncAllUsers(false), Map.of(TestIdentityProvider.ID_TEST_USER, "ERR", "a", "ERR", "b", "ERR", "c", "ERR", TestIdentityProvider.ID_SECOND_USER, "ERR", "secondGroup", "ERR", "third", "mis"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncAllUsersPurgeSaveError() throws Exception {
        sync(this.idp, TestIdentityProvider.ID_TEST_USER, false);
        sync(this.idp, TestIdentityProvider.ID_SECOND_USER, false);
        sync(new TestIdentityProvider.TestUser("third", this.idp.getName()), this.idp);
        sync(this.foreignIDP, TestIdentityProvider.ID_WILDCARD_USER, false);
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncAllUsers(true), Map.of(TestIdentityProvider.ID_TEST_USER, "ERR", "a", "ERR", "b", "ERR", "c", "ERR", TestIdentityProvider.ID_SECOND_USER, "ERR", "secondGroup", "ERR", "third", "ERR"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncNonExistingExternalUserSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncExternalUsers(new String[]{new ExternalIdentityRef("nonExisting", this.idp.getName()).getString()}), "", "nsi");
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncForeignExternalUserSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncExternalUsers(new String[]{new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, this.foreignIDP.getName()).getString()}), TestIdentityProvider.ID_TEST_USER, "for");
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncThrowingExternalUserSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncExternalUsers(new String[]{new ExternalIdentityRef(TestIdentityProvider.ID_EXCEPTION, this.idp.getName()).getString()}), TestIdentityProvider.ID_EXCEPTION, "ERR");
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncExternalUsersSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        ArrayList arrayList = new ArrayList();
        for (String str : TEST_IDS) {
            arrayList.add(new ExternalIdentityRef(str, this.idp.getName()).getString());
        }
        assertResultMessages(this.delegatee.syncExternalUsers((String[]) arrayList.toArray(new String[0])), Map.of(TestIdentityProvider.ID_TEST_USER, "ERR", TestIdentityProvider.ID_SECOND_USER, "ERR", TestIdentityProvider.ID_WILDCARD_USER, "ERR"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testSyncExternalUsersGeneratesNullIdentity() throws Exception {
        SyncContext syncContext = (SyncContext) Mockito.mock(SyncContext.class);
        Mockito.when(syncContext.sync((ExternalIdentity) ArgumentMatchers.any(ExternalIdentity.class))).thenReturn(new DefaultSyncResultImpl((DefaultSyncedIdentity) null, SyncResult.Status.NOP));
        Mockito.when(syncContext.setForceGroupSync(ArgumentMatchers.anyBoolean())).thenReturn(syncContext);
        assertResultMessages(createDelegatee(new TestIdentityProvider(), (SyncHandler) Mockito.when(((SyncHandler) Mockito.mock(SyncHandler.class)).createContext((ExternalIdentityProvider) ArgumentMatchers.any(ExternalIdentityProvider.class), (UserManager) ArgumentMatchers.any(UserManager.class), (ValueFactory) ArgumentMatchers.any(ValueFactory.class))).thenReturn(syncContext).getMock()).syncExternalUsers(new String[]{new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, TestIdentityProvider.DEFAULT_IDP_NAME).getString()}), TestIdentityProvider.ID_TEST_USER, "nsi");
    }

    @Test
    public void testSyncAllExternalUsersSaveError() throws Exception {
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.syncAllExternalUsers(), Map.of(TestIdentityProvider.ID_TEST_USER, "ERR", TestIdentityProvider.ID_SECOND_USER, "ERR", TestIdentityProvider.ID_WILDCARD_USER, "ERR"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test(expected = SyncRuntimeException.class)
    public void testSyncAllExternalUsersThrowingIDP() {
        createDelegatee(new TestIdentityProvider("throwing") { // from class: org.apache.jackrabbit.oak.spi.security.authentication.external.impl.jmx.DelegateeTest.1
            @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.TestIdentityProvider
            @NotNull
            public Iterator<ExternalUser> listUsers() throws ExternalIdentityException {
                throw new ExternalIdentityException();
            }
        }, new DefaultSyncHandler(this.syncConfig)).syncAllExternalUsers();
    }

    @Test
    public void testListOrphanedUsersFiltersNullSyncIdentity() throws Exception {
        Mockito.when(((SyncHandler) Mockito.mock(SyncHandler.class)).listIdentities((UserManager) ArgumentMatchers.any(UserManager.class))).thenReturn(Collections.singletonList((SyncedIdentity) null).iterator());
        Assert.assertEquals(0L, createDelegatee(new TestIdentityProvider(), r0).listOrphanedUsers().length);
    }

    @Test
    public void testListOrphanedUsersFiltersForeignSyncIdentity() throws Exception {
        Mockito.when(((SyncHandler) Mockito.mock(SyncHandler.class)).listIdentities((UserManager) ArgumentMatchers.any(UserManager.class))).thenReturn(Arrays.asList(new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, (ExternalIdentityRef) null, false, -1L), new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, (String) null), false, -1L), new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, "other"), false, -1L), new DefaultSyncedIdentity(TestIdentityProvider.ID_TEST_USER, new ExternalIdentityRef(TestIdentityProvider.ID_TEST_USER, ""), false, -1L)).iterator());
        Assert.assertEquals(0L, createDelegatee(new TestIdentityProvider(), r0).listOrphanedUsers().length);
    }

    @Test
    public void testPurgeOrphanedSaveError() throws Exception {
        sync(new TestIdentityProvider.TestUser("third", this.idp.getName()), this.idp);
        sync(new TestIdentityProvider.TestUser("forth", this.idp.getName()), this.idp);
        sync(this.idp, TestIdentityProvider.ID_TEST_USER, false);
        Root preventRootCommit = preventRootCommit(this.delegatee);
        assertResultMessages(this.delegatee.purgeOrphanedUsers(), Map.of("third", "ERR", "forth", "ERR"));
        Assert.assertFalse(preventRootCommit.hasPendingChanges());
    }

    @Test
    public void testConvertToDynamicMembershipFailsWithRepositoryException() throws Exception {
        this.syncConfig.user().setDynamicMembership(true);
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), this.idp);
        UserManager userManager = (UserManager) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManager.getAuthorizable((String) ArgumentMatchers.any(String.class))).thenThrow(new Throwable[]{new RepositoryException()});
        UserConfiguration userConfiguration = (UserConfiguration) Mockito.mock(UserConfiguration.class);
        Mockito.when(userConfiguration.getUserManager((Root) ArgumentMatchers.any(Root.class), (NamePathMapper) ArgumentMatchers.any(NamePathMapper.class))).thenReturn(userManager);
        SecurityProvider securityProvider = (SecurityProvider) Mockito.spy(this.securityProvider);
        Mockito.when((UserConfiguration) securityProvider.getConfiguration(UserConfiguration.class)).thenReturn(userConfiguration);
        try {
            Delegatee.createInstance(getContentRepository(), securityProvider, new DefaultSyncHandler(this.syncConfig), this.idp).convertToDynamicMembership();
            Assert.fail("IllegalStateException expected");
        } catch (IllegalStateException e) {
        }
    }

    @Test
    public void testConvertToDynamicMembershipUserNotFound() throws Exception {
        this.syncConfig.user().setDynamicMembership(true);
        sync(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), this.idp);
        UserManager userManager = (UserManager) Mockito.spy(getUserManager(this.root));
        Mockito.when(userManager.getAuthorizable((String) ArgumentMatchers.any(String.class))).thenReturn((Object) null);
        UserConfiguration userConfiguration = (UserConfiguration) Mockito.mock(UserConfiguration.class);
        Mockito.when(userConfiguration.getUserManager((Root) ArgumentMatchers.any(Root.class), (NamePathMapper) ArgumentMatchers.any(NamePathMapper.class))).thenReturn(userManager);
        SecurityProvider securityProvider = (SecurityProvider) Mockito.spy(this.securityProvider);
        Mockito.when((UserConfiguration) securityProvider.getConfiguration(UserConfiguration.class)).thenReturn(userConfiguration);
        String[] convertToDynamicMembership = Delegatee.createInstance(getContentRepository(), securityProvider, new DefaultSyncHandler(this.syncConfig), this.idp).convertToDynamicMembership();
        ResultMessages resultMessages = new ResultMessages();
        resultMessages.append(Collections.singletonList(new DefaultSyncResultImpl(DefaultSyncContext.createSyncedIdentity(getUserManager().getAuthorizable(TestIdentityProvider.ID_TEST_USER)), SyncResult.Status.NO_SUCH_AUTHORIZABLE)));
        Assert.assertArrayEquals(resultMessages.getMessages(), convertToDynamicMembership);
    }
}
