package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/testsuite/broker/UsernameTemplateMapperTest.class */
public class UsernameTemplateMapperTest extends AbstractBaseBrokerTest {
    private String idpUserId;

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcOidcBrokerConfiguration.INSTANCE;
    }

    @Before
    public void addClients() {
        addClientsToProviderAndConsumer();
    }

    @Before
    public void addIdentityProviderToConsumerRealm() {
        this.log.debug("adding identity provider to realm " + this.bc.consumerRealmName());
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        IdentityProviderRepresentation upIdentityProvider = this.bc.setUpIdentityProvider();
        realm.identityProviders().create(upIdentityProvider).close();
        IdentityProviderResource identityProviderResource = realm.identityProviders().get(upIdentityProvider.getAlias());
        for (IdentityProviderMapperRepresentation identityProviderMapperRepresentation : createIdentityProviderMappers()) {
            identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
            identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
        }
    }

    @Before
    public void createUserInIdp() {
        this.idpUserId = createUser(this.bc.providerRealmName(), this.bc.getUserLogin(), this.bc.getUserPassword(), "First", "Last", this.bc.getUserEmail());
    }

    protected Iterable<IdentityProviderMapperRepresentation> createIdentityProviderMappers() {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("custom-username-import-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-username-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("template", "${ALIAS}:${CLAIM.sub}").build());
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation2 = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation2.setName("jwt-claims-mapper");
        identityProviderMapperRepresentation2.setIdentityProviderMapper("oidc-user-attribute-idp-mapper");
        identityProviderMapperRepresentation2.setConfig(ImmutableMap.builder().put("claim", "sub").put("user.attribute", "mappedSub").put("claim.value", "${CLAIM.sub};test").build());
        return Lists.newArrayList(new IdentityProviderMapperRepresentation[]{identityProviderMapperRepresentation, identityProviderMapperRepresentation2});
    }

    @Test
    public void usernameShouldBeDerivedFromAliasAndIdpSubClaim() {
        logInAsUserInIDP();
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        Assert.assertEquals("Should render alias:sub as Username", this.bc.getIDPAlias() + ":" + this.idpUserId, ((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserEmail(), 0, 1).get(0)).getUsername());
    }

    @Test
    public void userAttributeShouldBeDerivedFromIdpSubClaim() {
        logInAsUserInIDP();
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        Assert.assertEquals("Should render idpSub as mappedSub attribute", this.idpUserId, ((List) ((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserEmail(), 0, 1).get(0)).getAttributes().get("mappedSub")).get(0));
    }
}
