package org.alfresco.filesys.auth.cifs;

import org.alfresco.model.ContentModel;
import org.alfresco.repo.security.authentication.AuthenticationException;
import org.alfresco.repo.security.authentication.AuthenticationUtil;
import org.alfresco.repo.security.sync.UserRegistrySynchronizer;
import org.alfresco.repo.transaction.RetryingTransactionHelper;
import org.alfresco.service.cmr.security.AuthorityType;
import org.alfresco.service.cmr.security.PersonService;
import org.alfresco.service.transaction.TransactionService;
import org.alfresco.util.ApplicationContextHelper;
import org.alfresco.util.GUID;
import org.alfresco.util.PropertyMap;
import org.alfresco.util.testing.category.LuceneTests;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.junit.experimental.categories.Category;
import org.mockito.Matchers;
import org.mockito.Mockito;
import org.mockito.invocation.InvocationOnMock;
import org.mockito.stubbing.Answer;
import org.springframework.context.ApplicationContext;

@Category({LuceneTests.class})
/* loaded from: input_file:org/alfresco/filesys/auth/cifs/CifsAuthenticatorKerberosTest.class */
public class CifsAuthenticatorKerberosTest {
    public static final String[] CONFIG_LOCATIONS = {"classpath:alfresco/application-context.xml", "classpath:alfresco/filesys/auth/cifs/test-kerberos-context.xml"};
    private static ApplicationContext ctx = null;
    private PersonService personService;
    private TransactionService transactionService;
    private EnterpriseCifsAuthenticator cifsAuthenticator;
    private String userExistingLocal = "user1." + GUID.generate();
    private String userMissingLocal = "user2." + GUID.generate();

    @BeforeClass
    public static void init() {
        ApplicationContextHelper.setUseLazyLoading(false);
        ApplicationContextHelper.setNoAutoStart(true);
        ctx = ApplicationContextHelper.getApplicationContext(CONFIG_LOCATIONS);
    }

    @Before
    public void before() throws Exception {
        this.personService = (PersonService) ctx.getBean("personService");
        this.transactionService = (TransactionService) ctx.getBean("transactionService");
        this.cifsAuthenticator = (EnterpriseCifsAuthenticator) ctx.getBean("cifsAuthenticator");
        this.transactionService.getRetryingTransactionHelper().doInTransaction(new RetryingTransactionHelper.RetryingTransactionCallback<Void>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorKerberosTest.1
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m13execute() throws Throwable {
                AuthenticationUtil.pushAuthentication();
                AuthenticationUtil.setFullyAuthenticatedUser(AuthenticationUtil.getAdminUserName());
                PropertyMap propertyMap = new PropertyMap();
                propertyMap.put(ContentModel.PROP_USERNAME, CifsAuthenticatorKerberosTest.this.userExistingLocal);
                propertyMap.put(ContentModel.PROP_FIRSTNAME, CifsAuthenticatorKerberosTest.this.userExistingLocal);
                propertyMap.put(ContentModel.PROP_LASTNAME, CifsAuthenticatorKerberosTest.this.userExistingLocal);
                propertyMap.put(ContentModel.PROP_EMAIL, String.valueOf(CifsAuthenticatorKerberosTest.this.userExistingLocal) + "@email.com");
                CifsAuthenticatorKerberosTest.this.personService.createPerson(propertyMap);
                AuthenticationUtil.popAuthentication();
                return null;
            }
        }, false, true);
    }

    private UserRegistrySynchronizer makeUserRegistrySynchronizerStub(final boolean z) {
        UserRegistrySynchronizer userRegistrySynchronizer = (UserRegistrySynchronizer) Mockito.mock(UserRegistrySynchronizer.class);
        Mockito.when(Boolean.valueOf(userRegistrySynchronizer.createMissingPerson(Matchers.anyString()))).thenAnswer(new Answer<Boolean>() { // from class: org.alfresco.filesys.auth.cifs.CifsAuthenticatorKerberosTest.2
            /* renamed from: answer, reason: merged with bridge method [inline-methods] */
            public Boolean m14answer(InvocationOnMock invocationOnMock) throws Throwable {
                String str = (String) invocationOnMock.getArguments()[0];
                if (str != null && !str.equals(AuthenticationUtil.getSystemUserName())) {
                    PersonService personService = (PersonService) Mockito.mock(PersonService.class);
                    Mockito.when(Boolean.valueOf(personService.createMissingPeople())).thenReturn(true);
                    if (z && personService.createMissingPeople() && AuthorityType.getAuthorityType(str) == AuthorityType.USER) {
                        CifsAuthenticatorKerberosTest.this.personService.getPerson(str);
                        return true;
                    }
                }
                return false;
            }
        });
        return userRegistrySynchronizer;
    }

    @Test
    public void testExistingUserMappingWhenAutoCreateNotAllowed() {
        this.cifsAuthenticator.getAuthenticationComponent().setUserRegistrySynchronizer(makeUserRegistrySynchronizerStub(false));
        Assert.assertEquals("Existing local user should be mapped to authenticated AD user", this.cifsAuthenticator.mapUserNameToPerson(this.userExistingLocal, false), this.userExistingLocal);
    }

    @Test
    public void testExistingUserMappingWhenAutoCreateAllowed() {
        this.cifsAuthenticator.getAuthenticationComponent().setUserRegistrySynchronizer(makeUserRegistrySynchronizerStub(true));
        Assert.assertEquals("Existing local user should be mapped to authenticated AD user", this.cifsAuthenticator.mapUserNameToPerson(this.userExistingLocal, false), this.userExistingLocal);
    }

    @Test
    public void testMissingUserMappingWhenAutoCreateNotAllowed() {
        this.cifsAuthenticator.getAuthenticationComponent().setUserRegistrySynchronizer(makeUserRegistrySynchronizerStub(false));
        try {
            this.cifsAuthenticator.mapUserNameToPerson(this.userMissingLocal, false);
            Assert.fail("User that does not exist in repository should not login when autoCreatePeopleOnLogin is not allowed");
        } catch (AuthenticationException unused) {
        }
    }

    @Test
    public void testMissingUserMappingWhenAutoCreateAllowed() {
        this.cifsAuthenticator.getAuthenticationComponent().setUserRegistrySynchronizer(makeUserRegistrySynchronizerStub(true));
        Assert.assertEquals("User that does not exist in repository can login when autoCreatePeopleOnLogin is allowed", this.cifsAuthenticator.mapUserNameToPerson(this.userMissingLocal, false), this.userMissingLocal);
        AuthenticationUtil.setRunAsUser(AuthenticationUtil.getSystemUserName());
        Assert.assertTrue(this.personService.personExists(this.userMissingLocal));
    }
}
