package org.alfresco.repo.security.authentication.identityservice;

import java.lang.reflect.Field;
import java.util.Optional;
import org.alfresco.model.ContentModel;
import org.alfresco.repo.management.subsystems.ChildApplicationContextFactory;
import org.alfresco.repo.management.subsystems.DefaultChildApplicationContextManager;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.authentication.identityservice.IdentityServiceFacade;
import org.alfresco.service.cmr.repository.NodeRef;
import org.alfresco.service.cmr.repository.NodeService;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.BaseSpringTest;
import org.alfresco.util.test.junitrules.AlfrescoTenant;
import org.junit.After;
import org.junit.Before;
import org.junit.Test;
import org.mockito.Mockito;

/* loaded from: input_file:org/alfresco/repo/security/authentication/identityservice/IdentityServiceJITProvisioningHandlerTest.class */
public class IdentityServiceJITProvisioningHandlerTest extends BaseSpringTest {
    private static final String IDS_USERNAME = "johndoe123";
    private PersonService personService;
    private NodeService nodeService;
    private TransactionService transactionService;
    private IdentityServiceFacade identityServiceFacade;
    private IdentityServiceJITProvisioningHandler jitProvisioningHandler;
    private final boolean isAuth0Enabled = ((Boolean) Optional.ofNullable(System.getProperty("auth0.enabled")).map(Boolean::valueOf).orElse(false)).booleanValue();
    private final String userPassword = (String) Optional.ofNullable(System.getProperty("admin.password")).filter(str -> {
        return this.isAuth0Enabled;
    }).orElse(AlfrescoTenant.ADMIN_PASSWORD);

    @Before
    public void setup() {
        this.personService = (PersonService) this.applicationContext.getBean("personService");
        this.nodeService = (NodeService) this.applicationContext.getBean("nodeService");
        this.transactionService = (TransactionService) this.applicationContext.getBean("transactionService");
        ChildApplicationContextFactory childApplicationContextFactory = ((DefaultChildApplicationContextManager) this.applicationContext.getBean("Authentication")).getChildApplicationContextFactory("identity-service1");
        this.identityServiceFacade = (IdentityServiceFacade) childApplicationContextFactory.getApplicationContext().getBean("identityServiceFacade");
        this.jitProvisioningHandler = (IdentityServiceJITProvisioningHandler) childApplicationContextFactory.getApplicationContext().getBean("jitProvisioningHandler");
        IdentityServiceConfig identityServiceConfig = (IdentityServiceConfig) childApplicationContextFactory.getApplicationContext().getBean("identityServiceConfig");
        identityServiceConfig.setAllowAnyHostname(true);
        identityServiceConfig.setClientKeystore((String) null);
        identityServiceConfig.setDisableTrustManager(true);
    }

    @Test
    public void shouldCreateNonExistingUserInRepo() {
        assertFalse(this.personService.personExists(IDS_USERNAME));
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(this.identityServiceFacade.authorize(IdentityServiceFacade.AuthorizationGrant.password(IDS_USERNAME, this.userPassword)).getAccessToken().getTokenValue());
        NodeRef person = this.personService.getPerson(IDS_USERNAME);
        assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        assertEquals(IDS_USERNAME, ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        assertEquals("johndoe123@alfresco.com", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).email());
        assertEquals(IDS_USERNAME, this.nodeService.getProperty(person, ContentModel.PROP_USERNAME));
        assertEquals("johndoe123@alfresco.com", this.nodeService.getProperty(person, ContentModel.PROP_EMAIL));
        if (this.isAuth0Enabled) {
            return;
        }
        assertEquals("John", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).firstName());
        assertEquals("Doe", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).lastName());
        assertEquals("John", this.nodeService.getProperty(person, ContentModel.PROP_FIRSTNAME));
        assertEquals("Doe", this.nodeService.getProperty(person, ContentModel.PROP_LASTNAME));
    }

    @Test
    public void shouldCallUserInfoEndpointAndCreateUser() throws IllegalAccessException, NoSuchFieldException {
        assertFalse(this.personService.personExists(IDS_USERNAME));
        String str = this.isAuth0Enabled ? "nickname" : "preferred_username";
        String tokenValue = this.identityServiceFacade.authorize(IdentityServiceFacade.AuthorizationGrant.password(IDS_USERNAME, this.userPassword)).getAccessToken().getTokenValue();
        IdentityServiceFacade identityServiceFacade = (IdentityServiceFacade) Mockito.mock(IdentityServiceFacade.class);
        Mockito.when(identityServiceFacade.decodeToken(tokenValue)).thenReturn((Object) null);
        Mockito.when(identityServiceFacade.getUserInfo(tokenValue, str)).thenReturn(this.identityServiceFacade.getUserInfo(tokenValue, str));
        Field declaredField = this.jitProvisioningHandler.getClass().getDeclaredField("identityServiceFacade");
        declaredField.setAccessible(true);
        declaredField.set(this.jitProvisioningHandler, identityServiceFacade);
        Optional extractUserInfoAndCreateUserIfNeeded = this.jitProvisioningHandler.extractUserInfoAndCreateUserIfNeeded(tokenValue);
        declaredField.set(this.jitProvisioningHandler, this.identityServiceFacade);
        NodeRef person = this.personService.getPerson(IDS_USERNAME);
        assertTrue(extractUserInfoAndCreateUserIfNeeded.isPresent());
        assertEquals(IDS_USERNAME, ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).username());
        assertEquals(IDS_USERNAME, this.nodeService.getProperty(person, ContentModel.PROP_USERNAME));
        assertEquals("johndoe123@alfresco.com", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).email());
        assertEquals("johndoe123@alfresco.com", this.nodeService.getProperty(person, ContentModel.PROP_EMAIL));
        ((IdentityServiceFacade) Mockito.verify(identityServiceFacade)).decodeToken(tokenValue);
        ((IdentityServiceFacade) Mockito.verify(identityServiceFacade, Mockito.atLeast(1))).getUserInfo(tokenValue, str);
        if (this.isAuth0Enabled) {
            return;
        }
        assertEquals("John", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).firstName());
        assertEquals("Doe", ((OIDCUserInfo) extractUserInfoAndCreateUserIfNeeded.get()).lastName());
        assertEquals("John", this.nodeService.getProperty(person, ContentModel.PROP_FIRSTNAME));
        assertEquals("Doe", this.nodeService.getProperty(person, ContentModel.PROP_LASTNAME));
    }

    @After
    public void tearDown() {
        AuthenticationUtil.runAsSystem(new AuthenticationUtil.RunAsWork<Void>() { // from class: org.alfresco.repo.security.authentication.identityservice.IdentityServiceJITProvisioningHandlerTest.1
            /* renamed from: doWork, reason: merged with bridge method [inline-methods] */
            public Void m1186doWork() throws Exception {
                IdentityServiceJITProvisioningHandlerTest.this.transactionService.getRetryingTransactionHelper().doInTransaction(() -> {
                    IdentityServiceJITProvisioningHandlerTest.this.personService.deletePerson(IdentityServiceJITProvisioningHandlerTest.IDS_USERNAME);
                    return null;
                });
                return null;
            }
        });
    }
}
