package org.apache.jackrabbit.oak.spi.security.authentication.external;

import com.google.common.collect.ImmutableMap;
import java.security.Principal;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.jcr.Value;
import org.apache.jackrabbit.api.security.principal.PrincipalManager;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.User;
import org.apache.jackrabbit.api.security.user.UserManager;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.whiteboard.WhiteboardUtils;
import org.jetbrains.annotations.NotNull;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/spi/security/authentication/external/ExternalLoginModuleDynamicMembershipTest.class */
public class ExternalLoginModuleDynamicMembershipTest extends ExternalLoginModuleTest {
    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTest, org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTestBase, org.apache.jackrabbit.oak.spi.security.authentication.external.AbstractExternalAuthTest
    public void before() throws Exception {
        super.before();
        this.syncConfig.user().setDynamicMembership(true);
        this.context.registerService(SyncHandler.class, WhiteboardUtils.getService(this.whiteboard, SyncHandler.class), ImmutableMap.of("user.dynamicMembership", Boolean.valueOf(this.syncConfig.user().getDynamicMembership())));
    }

    private void assertExternalPrincipalNames(@NotNull UserManager userManager, @NotNull String str) throws Exception {
        Authorizable authorizable = userManager.getAuthorizable(str);
        Assert.assertNotNull(authorizable);
        HashSet hashSet = new HashSet();
        calcExpectedPrincipalNames(this.idp.getUser(str), this.syncConfig.user().getMembershipNestingDepth(), hashSet);
        HashSet hashSet2 = new HashSet();
        for (Value value : authorizable.getProperty("rep:externalPrincipalNames")) {
            hashSet2.add(value.getString());
        }
        Assert.assertEquals(hashSet, hashSet2);
    }

    private void calcExpectedPrincipalNames(@NotNull ExternalIdentity externalIdentity, long j, @NotNull Set<String> set) throws Exception {
        if (j <= 0) {
            return;
        }
        Iterator it = externalIdentity.getDeclaredGroups().iterator();
        while (it.hasNext()) {
            ExternalIdentity identity = this.idp.getIdentity((ExternalIdentityRef) it.next());
            set.add(identity.getPrincipalName());
            calcExpectedPrincipalNames(identity, j - 1, set);
        }
    }

    @Test
    public void testLoginPopulatesPrincipals() throws Exception {
        ContentSession contentSession = null;
        try {
            contentSession = login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0]));
            HashSet hashSet = new HashSet();
            calcExpectedPrincipalNames(this.idp.getUser(TestIdentityProvider.ID_TEST_USER), this.syncConfig.user().getMembershipNestingDepth(), hashSet);
            HashSet hashSet2 = new HashSet(contentSession.getAuthInfo().getPrincipals());
            this.root.refresh();
            PrincipalManager principalManager = getPrincipalManager(this.root);
            Iterator<String> it = hashSet.iterator();
            while (it.hasNext()) {
                Principal principal = principalManager.getPrincipal(it.next());
                Assert.assertNotNull(principal);
                Assert.assertTrue(hashSet2.remove(principal));
            }
            User authorizable = getUserManager(this.root).getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Assert.assertTrue(hashSet2.remove(authorizable.getPrincipal()));
            Assert.assertFalse(authorizable.memberOf().hasNext());
            Assert.assertTrue(hashSet2.remove(EveryonePrincipal.getInstance()));
            Assert.assertTrue(hashSet2.isEmpty());
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
        } catch (Throwable th) {
            if (contentSession != null) {
                contentSession.close();
            }
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncCreatesRepExternalPrincipals() throws Exception {
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            this.root.refresh();
            assertExternalPrincipalNames(getUserManager(this.root), TestIdentityProvider.ID_TEST_USER);
        } finally {
            this.options.clear();
        }
    }

    @Test
    public void testSyncCreatesRepExternalPrincipalsDepthInfinite() throws Exception {
        this.syncConfig.user().setMembershipNestingDepth(Long.MAX_VALUE);
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            this.root.refresh();
            assertExternalPrincipalNames(getUserManager(this.root), TestIdentityProvider.ID_TEST_USER);
        } finally {
            this.options.clear();
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTest
    @Test
    public void testSyncCreateGroup() throws Exception {
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            this.root.refresh();
            UserManager userManager = getUserManager(this.root);
            for (String str : new String[]{"a", "b", "c"}) {
                Assert.assertNull(userManager.getAuthorizable(str));
            }
            for (String str2 : new String[]{"aa", "aaa"}) {
                Assert.assertNull(userManager.getAuthorizable(str2));
            }
        } finally {
            this.options.clear();
        }
    }

    @Override // org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalLoginModuleTest
    @Test
    public void testSyncCreateGroupNesting() throws Exception {
        this.syncConfig.user().setMembershipNestingDepth(2L);
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            this.root.refresh();
            for (String str : new String[]{"a", "b", "c", "aa", "aaa"}) {
                Assert.assertNull(getUserManager(this.root).getAuthorizable(str));
            }
        } finally {
            this.options.clear();
        }
    }

    @Test
    public void testSyncUpdateAfterXmlImport() throws Exception {
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            Root systemRoot = getSystemRoot();
            UserManager userManager = getUserManager(systemRoot);
            Authorizable authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER);
            authorizable.removeProperty("rep:externalPrincipalNames");
            authorizable.removeProperty("rep:lastSynced");
            systemRoot.commit();
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            systemRoot.refresh();
            Assert.assertTrue(userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER).hasProperty("rep:lastSynced"));
            assertExternalPrincipalNames(userManager, TestIdentityProvider.ID_TEST_USER);
            this.options.clear();
        } catch (Throwable th) {
            this.options.clear();
            throw th;
        }
    }

    @Test
    public void testSyncUpdateWithRemovedPrincipalNames() throws Exception {
        try {
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            Root systemRoot = getSystemRoot();
            UserManager userManager = getUserManager(systemRoot);
            User authorizable = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            authorizable.removeProperty("rep:externalPrincipalNames");
            systemRoot.commit();
            waitUntilExpired(authorizable, systemRoot, this.syncConfig.user().getExpirationTime());
            login(new SimpleCredentials(TestIdentityProvider.ID_TEST_USER, new char[0])).close();
            systemRoot.refresh();
            User authorizable2 = userManager.getAuthorizable(TestIdentityProvider.ID_TEST_USER, User.class);
            Assert.assertTrue(authorizable2.hasProperty("rep:lastSynced"));
            Assert.assertFalse(authorizable2.hasProperty("rep:externalPrincipalNames"));
            Iterator it = this.idp.getUser(TestIdentityProvider.ID_TEST_USER).getDeclaredGroups().iterator();
            while (it.hasNext()) {
                Assert.assertNotNull(userManager.getAuthorizable(((ExternalIdentityRef) it.next()).getId()));
            }
        } finally {
            this.options.clear();
        }
    }
}
