package org.apache.jackrabbit.oak.security.authentication.ldap.impl;

import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import javax.jcr.SimpleCredentials;
import javax.security.auth.login.LoginException;
import org.apache.jackrabbit.guava.common.collect.ImmutableSet;
import org.apache.jackrabbit.guava.common.collect.Iterables;
import org.apache.jackrabbit.guava.common.collect.Iterators;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalGroup;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentity;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityException;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalIdentityRef;
import org.apache.jackrabbit.oak.spi.security.authentication.external.ExternalUser;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/authentication/ldap/impl/LdapIdentityProviderTest.class */
public class LdapIdentityProviderTest extends AbstractLdapIdentityProviderTest {
    private static final String ERRONEOUS_LDIF = "erroneous.ldif";

    @Test
    public void testGetUserByRef() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_USER1_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        Assert.assertEquals("User ID", AbstractLdapIdentityProviderTest.TEST_USER1_UID, identity.getId());
    }

    @Test
    public void testListUsers() throws Exception {
        Assert.assertEquals(Set.of((Object[]) new String[]{AbstractLdapIdentityProviderTest.TEST_USER0_UID, AbstractLdapIdentityProviderTest.TEST_USER1_UID, AbstractLdapIdentityProviderTest.TEST_USER5_UID, "hnelson", "thardy", "tquist", "fchristi", "wbush", "cbuckley", "jhallett", "mchrysta", "wbligh", "jfryer"}), ImmutableSet.copyOf(Iterators.transform(this.idp.listUsers(), externalUser -> {
            return externalUser.getId();
        })));
    }

    @Test
    public void testListUsersWithExtraFilter() throws Exception {
        this.providerConfig.getUserConfig().setExtraFilter("");
        Assert.assertEquals(Set.of((Object[]) new String[]{AbstractLdapIdentityProviderTest.TEST_USER0_UID, AbstractLdapIdentityProviderTest.TEST_USER1_UID, AbstractLdapIdentityProviderTest.TEST_USER5_UID, "hnelson", "thardy", "tquist", "fchristi", "wbush", "cbuckley", "jhallett", "mchrysta", "wbligh", "jfryer"}), ImmutableSet.copyOf(Iterators.transform(this.idp.listUsers(), externalUser -> {
            return externalUser.getId();
        })));
    }

    @Test
    public void testListUsersWithMissingUid() throws Exception {
        this.proxy.loadLdif(getClass().getResourceAsStream(ERRONEOUS_LDIF));
        Iterator listUsers = this.idp.listUsers();
        Assert.assertTrue(listUsers.hasNext());
        while (listUsers.hasNext()) {
            Assert.assertFalse(((ExternalUser) listUsers.next()).getPrincipalName().startsWith("cn=Faulty Entry"));
        }
    }

    @Test
    public void testGetUserByUserId() throws Exception {
        LdapUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertEquals("User Ref", AbstractLdapIdentityProviderTest.TEST_USER1_DN, user.getEntry().getDn().getName());
    }

    @Test
    public void testGetUserProperties() throws Exception {
        ExternalUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Map properties = user.getProperties();
        MatcherAssert.assertThat(properties, Matchers.hasEntry(Matchers.equalTo("objectclass"), Matchers.containsInAnyOrder(new String[]{"inetOrgPerson", "top", "person", "organizationalPerson"})));
        MatcherAssert.assertThat(properties, Matchers.hasEntry("uid", AbstractLdapIdentityProviderTest.TEST_USER1_UID));
        MatcherAssert.assertThat(properties, Matchers.hasEntry("givenname", "Horatio"));
        MatcherAssert.assertThat(properties, Matchers.hasEntry("description", "Capt. Horatio Hornblower, R.N"));
        MatcherAssert.assertThat(properties, Matchers.hasEntry("sn", "Hornblower"));
        MatcherAssert.assertThat(properties, Matchers.not(Matchers.hasEntry("mail", "hhornblo@royalnavy.mod.uk")));
    }

    @Test
    public void testAuthenticate() throws Exception {
        assertAuthenticate(this.idp, AbstractLdapIdentityProviderTest.TEST_USER1_UID, AbstractLdapIdentityProviderTest.TEST_USER1_DN, AbstractLdapIdentityProviderTest.TEST_USER1_DN);
    }

    @Test
    public void testAuthenticateCaseInsensitive() throws Exception {
        assertAuthenticate(this.idp, new SimpleCredentials(AbstractLdapIdentityProviderTest.TEST_USER1_UID.toUpperCase(), "pass".toCharArray()), AbstractLdapIdentityProviderTest.TEST_USER1_DN, AbstractLdapIdentityProviderTest.TEST_USER1_DN);
    }

    @Test
    public void testAuthenticateFail() throws Exception {
        try {
            this.idp.authenticate(new SimpleCredentials(AbstractLdapIdentityProviderTest.TEST_USER1_UID, "foobar".toCharArray()));
            Assert.fail("Authenticate must fail with LoginException for wrong password");
        } catch (LoginException e) {
        }
    }

    @Test
    public void testAuthenticateMissing() throws Exception {
        Assert.assertNull("Authenticate must return NULL for unknown user", this.idp.authenticate(new SimpleCredentials("foobarhhornblo", "pass".toCharArray())));
    }

    @Test
    public void testGetUserByForeignRef() throws Exception {
        Assert.assertNull("Foreign ref must be null", this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_USER1_DN, "foobar")));
    }

    @Test
    public void testGetUnknownUserByRef() throws Exception {
        Assert.assertNull("Unknown user must return null", this.idp.getIdentity(new ExternalIdentityRef("bla=foo,cn=Horatio Hornblower,ou=users,ou=system", "ldap")));
    }

    @Test
    public void testGetGroupByRef() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_GROUP1_DN, "ldap"));
        Assert.assertTrue("Group instance", identity instanceof ExternalGroup);
        Assert.assertEquals("Group Name", AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME, identity.getId());
    }

    @Test
    public void testGetGroupByName() throws Exception {
        LdapIdentity group = this.idp.getGroup(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME);
        Assert.assertNotNull("Group 1 must exist", group);
        Assert.assertEquals("Group Ref", AbstractLdapIdentityProviderTest.TEST_GROUP1_DN, group.getEntry().getDn().getName());
    }

    @Test
    public void testGetGroupByUnknownName() throws Exception {
        Assert.assertNull(this.idp.getGroup("unknown"));
    }

    @Test
    public void testGetDeclaredMembersByRef() throws Exception {
        ExternalGroup identity = this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_GROUP1_DN, "ldap"));
        Assert.assertTrue("Group instance", identity instanceof ExternalGroup);
        assertIfEquals("Group members", TEST_GROUP1_MEMBERS, identity.getDeclaredMembers());
    }

    @Test
    public void testGetDeclaredMembers() throws Exception {
        Assert.assertEquals(ImmutableSet.copyOf(TEST_GROUP1_MEMBERS), ImmutableSet.copyOf(Iterables.transform(this.idp.getGroup(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME).getDeclaredMembers(), externalIdentityRef -> {
            return externalIdentityRef.getId();
        })));
    }

    @Test
    public void testGetDeclaredMembersInvalidMemberAttribute() throws Exception {
        this.providerConfig.setGroupMemberAttribute("invalid");
        Assert.assertTrue(Iterables.isEmpty(this.idp.getGroup(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME).getDeclaredMembers()));
    }

    @Test
    public void testGetDeclaredGroupsByRef() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_USER1_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        assertIfEquals("Groups", TEST_USER1_GROUPS, identity.getDeclaredGroups());
    }

    @Test
    public void testGetDeclaredGroupsByRef2() throws Exception {
        ExternalIdentity identity = this.idp.getIdentity(new ExternalIdentityRef(AbstractLdapIdentityProviderTest.TEST_USER0_DN, "ldap"));
        Assert.assertTrue("User instance", identity instanceof ExternalUser);
        assertIfEquals("Groups", TEST_USER0_GROUPS, identity.getDeclaredGroups());
    }

    @Test
    public void testGetDeclaredGroupMissingIdAttribute() throws Exception {
        this.providerConfig.getGroupConfig().setIdAttribute((String) null);
        Assert.assertEquals(ImmutableSet.copyOf(TEST_USER1_GROUPS), ImmutableSet.copyOf(Iterables.transform(this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER1_UID).getDeclaredGroups(), externalIdentityRef -> {
            return externalIdentityRef.getId();
        })));
    }

    @Test
    public void testNullIntermediatePath() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(false);
        ExternalUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertNull("Intermediate path must be null", user.getIntermediatePath());
    }

    @Test
    public void testSplitDNIntermediatePath() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(true);
        ExternalUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER1_UID);
        Assert.assertNotNull("User 1 must exist", user);
        Assert.assertEquals("Intermediate path must be the split dn", AbstractLdapIdentityProviderTest.TEST_USER1_PATH, user.getIntermediatePath());
    }

    @Test
    public void testSplitDNIntermediatePath2() throws Exception {
        this.providerConfig.getUserConfig().setMakeDnPath(true);
        ExternalUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER5_UID);
        Assert.assertNotNull("User 5 must exist", user);
        Assert.assertEquals("Intermediate path must be the split dn", AbstractLdapIdentityProviderTest.TEST_USER5_PATH, user.getIntermediatePath());
    }

    @Test
    public void testRemoveEmptyString() throws Exception {
        this.providerConfig.setCustomAttributes(new String[]{"a", "", "b"});
        Assert.assertArrayEquals("Array must not contain empty strings", new String[]{"a", "b"}, this.providerConfig.getCustomAttributes());
    }

    @Test
    public void testResolvePrincipalNameUser() throws ExternalIdentityException {
        ExternalUser user = this.idp.getUser(AbstractLdapIdentityProviderTest.TEST_USER5_UID);
        Assert.assertNotNull(user);
        Assert.assertEquals(user.getPrincipalName(), this.idp.fromExternalIdentityRef(user.getExternalId()));
    }

    @Test
    public void testResolvePrincipalNameGroup() throws ExternalIdentityException {
        ExternalGroup group = this.idp.getGroup(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME);
        Assert.assertNotNull(group);
        Assert.assertEquals(group.getPrincipalName(), this.idp.fromExternalIdentityRef(group.getExternalId()));
    }

    @Test(expected = ExternalIdentityException.class)
    public void testResolvePrincipalNameForeignExtId() throws Exception {
        this.idp.fromExternalIdentityRef(new ExternalIdentityRef("anyId", "anotherProviderName"));
    }

    @Test
    public void testListGroups() throws Exception {
        Assert.assertEquals(Set.of(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME, AbstractLdapIdentityProviderTest.TEST_GROUP2_NAME, AbstractLdapIdentityProviderTest.TEST_GROUP3_NAME, "Administrators"), ImmutableSet.copyOf(Iterators.transform(this.idp.listGroups(), externalGroup -> {
            return externalGroup.getId();
        })));
    }

    @Test
    public void testListGroupsWithEmptyExtraFilter() throws Exception {
        this.providerConfig.getGroupConfig().setExtraFilter("");
        Assert.assertEquals(Set.of(AbstractLdapIdentityProviderTest.TEST_GROUP1_NAME, AbstractLdapIdentityProviderTest.TEST_GROUP2_NAME, AbstractLdapIdentityProviderTest.TEST_GROUP3_NAME, "Administrators"), ImmutableSet.copyOf(Iterators.transform(this.idp.listGroups(), externalGroup -> {
            return externalGroup.getId();
        })));
    }
}
