package org.camunda.bpm.engine.test.api.authorization;

import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import junit.framework.TestCase;
import org.camunda.bpm.engine.authorization.Authorization;
import org.camunda.bpm.engine.authorization.Permission;
import org.camunda.bpm.engine.authorization.Permissions;
import org.camunda.bpm.engine.authorization.Resource;
import org.camunda.bpm.engine.authorization.Resources;
import org.camunda.bpm.engine.impl.TaskQueryImpl;
import org.camunda.bpm.engine.impl.db.AuthorizationCheck;
import org.camunda.bpm.engine.impl.db.entitymanager.DbEntityManager;
import org.camunda.bpm.engine.impl.interceptor.Command;
import org.camunda.bpm.engine.impl.interceptor.CommandContext;
import org.camunda.bpm.engine.impl.interceptor.Session;
import org.camunda.bpm.engine.impl.persistence.entity.AuthorizationManager;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.mockito.ArgumentCaptor;
import org.mockito.Mockito;

/* loaded from: input_file:org/camunda/bpm/engine/test/api/authorization/GroupAuthorizationTest.class */
public class GroupAuthorizationTest extends AuthorizationTest {
    public static final String testUserId = "testUser";
    public static final List<String> testGroupIds = Arrays.asList("testGroup1", "testGroup2", "testGroup3");

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.camunda.bpm.engine.test.api.authorization.AuthorizationTest
    public void setUp() throws Exception {
        createUser(testUserId);
        Iterator<String> it = testGroupIds.iterator();
        while (it.hasNext()) {
            createGroupAndAddUser(it.next(), testUserId);
        }
        this.identityService.setAuthentication(testUserId, testGroupIds);
        this.processEngineConfiguration.setAuthorizationEnabled(true);
    }

    public void testTaskQueryWithoutGroupAuthorizations() {
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.1
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m10execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                TaskQueryImpl taskQueryImpl = (TaskQueryImpl) Mockito.spy(GroupAuthorizationTest.this.processEngine.getTaskService().createTaskQuery());
                AuthorizationCheck authorizationCheck = (AuthorizationCheck) Mockito.spy(new AuthorizationCheck());
                Mockito.when(taskQueryImpl.getAuthCheck()).thenReturn(authorizationCheck);
                taskQueryImpl.list();
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ((AuthorizationCheck) Mockito.verify(authorizationCheck)).setAuthGroupIds((List) Mockito.eq(Collections.emptyList()));
                return null;
            }
        });
    }

    public void testTaskQueryWithOneGroupAuthorization() {
        createGroupGrantAuthorization(Resources.TASK, "*", testGroupIds.get(0), new Permission[0]);
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.2
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m11execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                TaskQueryImpl taskQueryImpl = (TaskQueryImpl) Mockito.spy(GroupAuthorizationTest.this.processEngine.getTaskService().createTaskQuery());
                AuthorizationCheck authorizationCheck = (AuthorizationCheck) Mockito.spy(new AuthorizationCheck());
                Mockito.when(taskQueryImpl.getAuthCheck()).thenReturn(authorizationCheck);
                taskQueryImpl.list();
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ((AuthorizationCheck) Mockito.verify(authorizationCheck)).setAuthGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds.subList(0, 1)));
                return null;
            }
        });
    }

    public void testTaskQueryWithGroupAuthorization() {
        Iterator<String> it = testGroupIds.iterator();
        while (it.hasNext()) {
            createGroupGrantAuthorization(Resources.TASK, "*", it.next(), new Permission[0]);
        }
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.3
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m12execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                TaskQueryImpl taskQueryImpl = (TaskQueryImpl) Mockito.spy(GroupAuthorizationTest.this.processEngine.getTaskService().createTaskQuery());
                AuthorizationCheck authorizationCheck = (AuthorizationCheck) Mockito.spy(new AuthorizationCheck());
                Mockito.when(taskQueryImpl.getAuthCheck()).thenReturn(authorizationCheck);
                taskQueryImpl.list();
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ((AuthorizationCheck) Mockito.verify(authorizationCheck, Mockito.atLeastOnce())).setAuthGroupIds((List) Mockito.argThat(Matchers.containsInAnyOrder(GroupAuthorizationTest.testGroupIds.toArray())));
                return null;
            }
        });
    }

    public void testTaskQueryWithUserWithoutGroups() {
        this.identityService.setAuthentication(testUserId, (List) null);
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.4
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m13execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                TaskQueryImpl taskQueryImpl = (TaskQueryImpl) Mockito.spy(GroupAuthorizationTest.this.processEngine.getTaskService().createTaskQuery());
                AuthorizationCheck authorizationCheck = (AuthorizationCheck) Mockito.spy(new AuthorizationCheck());
                Mockito.when(taskQueryImpl.getAuthCheck()).thenReturn(authorizationCheck);
                taskQueryImpl.list();
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq((List) null));
                ((AuthorizationCheck) Mockito.verify(authorizationCheck)).setAuthGroupIds((List) Mockito.eq(Collections.emptyList()));
                return null;
            }
        });
    }

    public void testCheckAuthorizationWithoutGroupAuthorizations() {
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.5
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m14execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                DbEntityManager spyOnSession2 = GroupAuthorizationTest.this.spyOnSession(commandContext, DbEntityManager.class);
                GroupAuthorizationTest.this.authorizationService.isUserAuthorized(GroupAuthorizationTest.testUserId, GroupAuthorizationTest.testGroupIds, Permissions.READ, Resources.TASK);
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationCheck.class);
                ((DbEntityManager) Mockito.verify(spyOnSession2)).selectBoolean((String) Mockito.eq("isUserAuthorizedForResource"), forClass.capture());
                TestCase.assertTrue(((AuthorizationCheck) forClass.getValue()).getAuthGroupIds().isEmpty());
                return null;
            }
        });
    }

    public void testCheckAuthorizationWithOneGroupAuthorizations() {
        createGroupGrantAuthorization(Resources.TASK, "*", testGroupIds.get(0), new Permission[0]);
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.6
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m15execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                DbEntityManager spyOnSession2 = GroupAuthorizationTest.this.spyOnSession(commandContext, DbEntityManager.class);
                GroupAuthorizationTest.this.authorizationService.isUserAuthorized(GroupAuthorizationTest.testUserId, GroupAuthorizationTest.testGroupIds, Permissions.READ, Resources.TASK);
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationCheck.class);
                ((DbEntityManager) Mockito.verify(spyOnSession2)).selectBoolean((String) Mockito.eq("isUserAuthorizedForResource"), forClass.capture());
                TestCase.assertEquals(GroupAuthorizationTest.testGroupIds.subList(0, 1), ((AuthorizationCheck) forClass.getValue()).getAuthGroupIds());
                return null;
            }
        });
    }

    public void testCheckAuthorizationWithGroupAuthorizations() {
        Iterator<String> it = testGroupIds.iterator();
        while (it.hasNext()) {
            createGroupGrantAuthorization(Resources.TASK, "*", it.next(), new Permission[0]);
        }
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.7
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m16execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                DbEntityManager spyOnSession2 = GroupAuthorizationTest.this.spyOnSession(commandContext, DbEntityManager.class);
                GroupAuthorizationTest.this.authorizationService.isUserAuthorized(GroupAuthorizationTest.testUserId, GroupAuthorizationTest.testGroupIds, Permissions.READ, Resources.TASK);
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq(GroupAuthorizationTest.testGroupIds));
                ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationCheck.class);
                ((DbEntityManager) Mockito.verify(spyOnSession2)).selectBoolean((String) Mockito.eq("isUserAuthorizedForResource"), forClass.capture());
                MatcherAssert.assertThat(((AuthorizationCheck) forClass.getValue()).getAuthGroupIds(), Matchers.containsInAnyOrder(GroupAuthorizationTest.testGroupIds.toArray()));
                return null;
            }
        });
    }

    public void testCheckAuthorizationWithUserWithoutGroups() {
        this.processEngineConfiguration.getCommandExecutorTxRequired().execute(new Command<Void>() { // from class: org.camunda.bpm.engine.test.api.authorization.GroupAuthorizationTest.8
            /* renamed from: execute, reason: merged with bridge method [inline-methods] */
            public Void m17execute(CommandContext commandContext) {
                AuthorizationManager spyOnSession = GroupAuthorizationTest.this.spyOnSession(commandContext, AuthorizationManager.class);
                DbEntityManager spyOnSession2 = GroupAuthorizationTest.this.spyOnSession(commandContext, DbEntityManager.class);
                GroupAuthorizationTest.this.authorizationService.isUserAuthorized(GroupAuthorizationTest.testUserId, (List) null, Permissions.READ, Resources.TASK);
                ((AuthorizationManager) Mockito.verify(spyOnSession, Mockito.atLeastOnce())).filterAuthenticatedGroupIds((List) Mockito.eq((List) null));
                ArgumentCaptor forClass = ArgumentCaptor.forClass(AuthorizationCheck.class);
                ((DbEntityManager) Mockito.verify(spyOnSession2)).selectBoolean((String) Mockito.eq("isUserAuthorizedForResource"), forClass.capture());
                TestCase.assertTrue(((AuthorizationCheck) forClass.getValue()).getAuthGroupIds().isEmpty());
                return null;
            }
        });
    }

    protected void createGroupGrantAuthorization(Resource resource, String str, String str2, Permission... permissionArr) {
        Authorization createGrantAuthorization = createGrantAuthorization(resource, str);
        createGrantAuthorization.setGroupId(str2);
        for (Permission permission : permissionArr) {
            createGrantAuthorization.addPermission(permission);
        }
        saveAuthorization(createGrantAuthorization);
    }

    protected void createGroupAndAddUser(String str, String str2) {
        createGroup(str);
        this.identityService.createMembership(str2, str);
    }

    protected <T extends Session> T spyOnSession(CommandContext commandContext, Class<T> cls) {
        T t = (T) Mockito.spy((Session) commandContext.getSession(cls));
        commandContext.getSessions().put(cls, t);
        return t;
    }
}
