package org.apache.jackrabbit.oak.security.user;

import com.google.common.base.Predicate;
import com.google.common.collect.Iterables;
import java.security.Principal;
import java.util.Enumeration;
import java.util.Iterator;
import java.util.UUID;
import javax.jcr.RepositoryException;
import javax.security.auth.Subject;
import org.apache.jackrabbit.api.security.principal.GroupPrincipal;
import org.apache.jackrabbit.api.security.user.Authorizable;
import org.apache.jackrabbit.api.security.user.Group;
import org.apache.jackrabbit.oak.AbstractSecurityTest;
import org.apache.jackrabbit.oak.api.ContentSession;
import org.apache.jackrabbit.oak.api.Root;
import org.apache.jackrabbit.oak.namepath.NamePathMapper;
import org.apache.jackrabbit.oak.spi.security.ConfigurationParameters;
import org.apache.jackrabbit.oak.spi.security.authentication.SystemSubject;
import org.apache.jackrabbit.oak.spi.security.principal.EveryonePrincipal;
import org.apache.jackrabbit.oak.spi.security.principal.PrincipalProvider;
import org.jetbrains.annotations.Nullable;
import org.junit.Assert;
import org.junit.Test;

/* loaded from: input_file:org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest.class */
public class CachedGroupPrincipalTest extends AbstractSecurityTest {
    private String userId;
    private ContentSession systemSession;
    private Root systemRoot;
    private PrincipalProvider pp;
    protected String groupId;
    protected Group testGroup;

    /* loaded from: input_file:org/apache/jackrabbit/oak/security/user/CachedGroupPrincipalTest$GroupPredicate.class */
    private static final class GroupPredicate implements Predicate<Principal> {
        private GroupPredicate() {
        }

        public boolean apply(@Nullable Principal principal) {
            return (principal instanceof GroupPrincipal) && !EveryonePrincipal.getInstance().equals(principal);
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void before() throws Exception {
        getQueryEngineSettings().setFailTraversal(false);
        getQueryEngineSettings().setFullTextComparisonWithoutIndex(true);
        super.before();
        this.groupId = "testGroup" + UUID.randomUUID();
        this.testGroup = getUserManager(this.root).createGroup(this.groupId);
        this.testGroup.addMember(getTestUser());
        this.root.commit();
        this.userId = getTestUser().getID();
        this.systemSession = getSystemSession();
        this.systemRoot = this.systemSession.getLatestRoot();
        this.pp = new UserPrincipalProvider(this.systemRoot, getUserConfiguration(), this.namePathMapper);
        Iterator it = Iterables.filter(this.pp.getPrincipals(this.userId), new GroupPredicate()).iterator();
        while (it.hasNext()) {
            Assert.assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$GroupPrincipalImpl", ((Principal) it.next()).getClass().getName());
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    public void after() throws Exception {
        try {
            this.root.refresh();
            Authorizable authorizable = getUserManager(this.root).getAuthorizable(this.groupId);
            if (authorizable != null) {
                authorizable.remove();
                this.root.commit();
            }
            if (this.systemSession != null) {
                this.systemSession.close();
            }
        } finally {
            super.after();
        }
    }

    @Override // org.apache.jackrabbit.oak.AbstractSecurityTest
    protected ConfigurationParameters getSecurityConfigParameters() {
        return ConfigurationParameters.of("org.apache.jackrabbit.oak.user", ConfigurationParameters.of("cacheExpiration", 3600000));
    }

    private ContentSession getSystemSession() throws Exception {
        if (this.systemSession == null) {
            this.systemSession = (ContentSession) Subject.doAs(SystemSubject.INSTANCE, () -> {
                return login(null);
            });
        }
        return this.systemSession;
    }

    @Test
    public void testGroupPrincipals() throws Exception {
        Principal principal = getTestUser().getPrincipal();
        for (GroupPrincipal groupPrincipal : Iterables.filter(this.pp.getPrincipals(this.userId), new GroupPredicate())) {
            Assert.assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", groupPrincipal.getClass().getName());
            Assert.assertTrue(groupPrincipal instanceof TreeBasedPrincipal);
            Assert.assertEquals(this.testGroup.getPath(), ((TreeBasedPrincipal) groupPrincipal).getPath());
            Assert.assertEquals(this.testGroup.getPath(), ((TreeBasedPrincipal) groupPrincipal).getOakPath());
            GroupPrincipal groupPrincipal2 = groupPrincipal;
            Assert.assertTrue(groupPrincipal2.isMember(principal));
            Enumeration members = groupPrincipal2.members();
            Assert.assertTrue(members.hasMoreElements());
            Assert.assertEquals(principal, members.nextElement());
            Assert.assertFalse(members.hasMoreElements());
        }
    }

    @Test
    public void testCachedPrincipalsGroupRemoved() throws Exception {
        this.testGroup.remove();
        this.root.commit();
        this.systemRoot.refresh();
        for (TreeBasedPrincipal treeBasedPrincipal : Iterables.filter(this.pp.getPrincipals(this.userId), new GroupPredicate())) {
            Assert.assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", treeBasedPrincipal.getClass().getName());
            Assert.assertTrue(treeBasedPrincipal instanceof TreeBasedPrincipal);
            try {
                treeBasedPrincipal.getPath();
                Assert.fail("RepositoryException expected");
            } catch (RepositoryException e) {
            }
            GroupPrincipal groupPrincipal = (GroupPrincipal) treeBasedPrincipal;
            Assert.assertFalse(groupPrincipal.isMember(getTestUser().getPrincipal()));
            Assert.assertFalse(groupPrincipal.members().hasMoreElements());
        }
    }

    @Test
    public void testCachedPrincipalsGroupReplacedByUser() throws Exception {
        String id = this.testGroup.getID();
        this.testGroup.getPrincipal().getName();
        this.testGroup.remove();
        getUserManager(this.root).createUser(id, (String) null);
        this.root.commit();
        this.systemRoot.refresh();
        for (TreeBasedPrincipal treeBasedPrincipal : Iterables.filter(this.pp.getPrincipals(this.userId), new GroupPredicate())) {
            Assert.assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", treeBasedPrincipal.getClass().getName());
            Assert.assertTrue(treeBasedPrincipal instanceof TreeBasedPrincipal);
            try {
                treeBasedPrincipal.getPath();
                Assert.fail("RepositoryException expected");
            } catch (RepositoryException e) {
            }
        }
    }

    @Test(expected = RepositoryException.class)
    public void testGetOakPathFails() throws Exception {
        UserPrincipalProvider userPrincipalProvider = new UserPrincipalProvider(this.systemRoot, getUserConfiguration(), new NamePathMapper.Default() { // from class: org.apache.jackrabbit.oak.security.user.CachedGroupPrincipalTest.1
            public String getOakPath(String str) {
                return null;
            }
        });
        userPrincipalProvider.getPrincipals(this.userId);
        for (TreeBasedPrincipal treeBasedPrincipal : Iterables.filter(userPrincipalProvider.getPrincipals(this.userId), new GroupPredicate())) {
            Assert.assertEquals("org.apache.jackrabbit.oak.security.user.UserPrincipalProvider$CachedGroupPrincipal", treeBasedPrincipal.getClass().getName());
            Assert.assertTrue(treeBasedPrincipal instanceof TreeBasedPrincipal);
            treeBasedPrincipal.getOakPath();
        }
    }
}
