package org.keycloak.testsuite.federation.ldap;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.hamcrest.Matchers;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.account.UserRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;
import org.keycloak.testsuite.util.TokenUtil;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest.class */
public class LDAPAccountRestApiTest extends AbstractLDAPTest {

    @Rule
    public TokenUtil tokenUtil = new TokenUtil("johnkeycloak", "Password1");

    @ClassRule
    public static LDAPRule ldapRule = new LDAPRule();
    protected CloseableHttpClient httpClient;

    @Before
    public void before() {
        this.httpClient = HttpClientBuilder.create().build();
    }

    @After
    public void after() {
        try {
            this.httpClient.close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected LDAPRule getLDAPRule() {
        return ldapRule;
    }

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected void afterImportTestRealm() {
        this.testingClient.server().run(keycloakSession -> {
            LDAPTestContext init = LDAPTestContext.init(keycloakSession);
            RealmModel realm = init.getRealm();
            LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
            LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "johnkeycloak", "John", "Doe", "john@email.org", (String) null, new String[]{"1234"}), "Password1");
        });
    }

    @Test
    public void testGetProfile() throws IOException {
        UserRepresentation profile = getProfile();
        Assert.assertEquals("John", profile.getFirstName());
        Assert.assertEquals("Doe", profile.getLastName());
        Assert.assertEquals("john@email.org", profile.getEmail());
        Assert.assertFalse(profile.isEmailVerified());
    }

    @Test
    public void testUpdateProfile() throws IOException {
        UserRepresentation profile = getProfile();
        ArrayList arrayList = new ArrayList((Collection) profile.getAttributes().get("LDAP_ID"));
        ArrayList arrayList2 = new ArrayList((Collection) profile.getAttributes().get("LDAP_ENTRY_DN"));
        Assert.assertEquals(1L, arrayList.size());
        Assert.assertEquals(1L, arrayList2.size());
        Assert.assertThat(profile.getAttributes().keySet(), Matchers.not(Matchers.contains(new String[]{"KERBEROS_PRINCIPAL"})));
        profile.setFirstName("JohnUpdated");
        profile.setLastName("DoeUpdated");
        profile.singleAttribute("KERBEROS_PRINCIPAL", "foo");
        updateProfileExpectError(profile, 400, "updateReadOnlyAttributesRejectedMessage");
        profile.getAttributes().remove("KERBEROS_PRINCIPAL");
        profile.singleAttribute("KERberos_principal", "foo");
        updateProfileExpectError(profile, 400, "updateReadOnlyAttributesRejectedMessage");
        profile.getAttributes().remove("KERberos_principal");
        profile.setFirstName("JohnUpdated");
        profile.setLastName("DoeUpdated");
        ((List) profile.getAttributes().get("LDAP_ID")).remove(0);
        ((List) profile.getAttributes().get("LDAP_ID")).add("123");
        updateProfileExpectError(profile, 400, "updateReadOnlyAttributesRejectedMessage");
        ((List) profile.getAttributes().get("LDAP_ID")).remove(0);
        updateProfileExpectError(profile, 400, "updateReadOnlyAttributesRejectedMessage");
        profile.getAttributes().remove("LDAP_ID");
        updateProfileExpectSuccess(profile);
        UserRepresentation profile2 = getProfile();
        Assert.assertFalse(((List) profile2.getAttributes().get("LDAP_ID")).isEmpty());
        profile2.getAttributes().put("LDAP_ID", arrayList);
        ((List) profile2.getAttributes().get("LDAP_ENTRY_DN")).remove(0);
        ((List) profile2.getAttributes().get("LDAP_ENTRY_DN")).add("ou=foo,dc=bar");
        updateProfileExpectError(profile2, 400, "updateReadOnlyAttributesRejectedMessage");
        profile2.getAttributes().put("LDAP_ENTRY_DN", arrayList2);
        updateProfileExpectSuccess(profile2);
        UserRepresentation profile3 = getProfile();
        Assert.assertEquals("JohnUpdated", profile3.getFirstName());
        Assert.assertEquals("DoeUpdated", profile3.getLastName());
        Assert.assertEquals(arrayList, profile3.getAttributes().get("LDAP_ID"));
        Assert.assertEquals(arrayList2, profile3.getAttributes().get("LDAP_ENTRY_DN"));
        profile3.setFirstName("John");
        profile3.setLastName("Doe");
        updateProfileExpectSuccess(profile3);
    }

    @Test
    public void testGetCredentials() throws IOException {
        AccountCredentialResource.CredentialContainer credentialContainer = getCredentials().get(0);
        Assert.assertEquals("password", credentialContainer.getType());
        Assert.assertEquals(1L, credentialContainer.getUserCredentials().size());
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) credentialContainer.getUserCredentials().get(0);
        Assert.assertEquals("password", credentialRepresentation.getType());
        Assert.assertEquals(credentialRepresentation.getCreatedDate(), new Long(-1L));
        Assert.assertNull(credentialRepresentation.getCredentialData());
        Assert.assertNull(credentialRepresentation.getSecretData());
    }

    @Test
    public void testUpdateProfileSimple() throws IOException {
        this.testingClient.server().run(keycloakSession -> {
            LDAPTestContext.init(keycloakSession).getRealm().setEditUsernameAllowed(false);
        });
        UserRepresentation userRepresentation = (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
        userRepresentation.setEmail("john-alias@email.org");
        SimpleHttp.doPost(getAccountUrl(null), this.httpClient).json(userRepresentation).auth(this.tokenUtil.getToken()).asStatus();
        UserRepresentation userRepresentation2 = (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
        Assert.assertEquals("johnkeycloak", userRepresentation2.getUsername());
        Assert.assertEquals("John", userRepresentation2.getFirstName());
        Assert.assertEquals("Doe", userRepresentation2.getLastName());
        Assert.assertEquals("john-alias@email.org", userRepresentation2.getEmail());
        Assert.assertFalse(userRepresentation2.isEmailVerified());
        userRepresentation2.setEmail("john@email.org");
        SimpleHttp.doPost(getAccountUrl(null), this.httpClient).json(userRepresentation2).auth(this.tokenUtil.getToken()).asStatus();
    }

    @Test
    public void testIgnoreReadOnlyAttributes() throws IOException {
        this.testingClient.server().run(keycloakSession -> {
            LDAPTestContext.init(keycloakSession).getRealm().setEditUsernameAllowed(false);
        });
        UserRepresentation userRepresentation = (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
        userRepresentation.setEmail("john-alias@email.org");
        SimpleHttp.doPost(getAccountUrl(null), this.httpClient).json(userRepresentation).auth(this.tokenUtil.getToken()).asStatus();
        UserRepresentation userRepresentation2 = (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
        Assert.assertEquals("johnkeycloak", userRepresentation2.getUsername());
        Assert.assertEquals("John", userRepresentation2.getFirstName());
        Assert.assertEquals("Doe", userRepresentation2.getLastName());
        Assert.assertEquals("john-alias@email.org", userRepresentation2.getEmail());
        Assert.assertFalse(userRepresentation2.isEmailVerified());
        userRepresentation2.getAttributes().clear();
        userRepresentation2.setEmail("john@email.org");
        SimpleHttp.doPost(getAccountUrl(null), this.httpClient).json(userRepresentation2).auth(this.tokenUtil.getToken()).asStatus();
        org.keycloak.representations.idm.UserRepresentation userRepresentation3 = (org.keycloak.representations.idm.UserRepresentation) testRealm().users().search(userRepresentation2.getUsername()).get(0);
        userRepresentation3.setAttributes((Map) null);
        testRealm().users().get(userRepresentation3.getId()).update(userRepresentation3);
        UserRepresentation userRepresentation4 = (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
        Assert.assertTrue(userRepresentation4.getAttributes().containsKey("LDAP_ID"));
        Assert.assertTrue(userRepresentation4.getAttributes().containsKey("LDAP_ENTRY_DN"));
    }

    private String getAccountUrl(String str) {
        return this.suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth/realms/test/account" + (str != null ? "/" + str : "");
    }

    private UserRepresentation getProfile() throws IOException {
        return (UserRepresentation) SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).asJson(UserRepresentation.class);
    }

    private void updateProfileExpectSuccess(UserRepresentation userRepresentation) throws IOException {
        Assert.assertEquals(204L, SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(userRepresentation).asStatus());
    }

    private void updateProfileExpectError(UserRepresentation userRepresentation, int i, String str) throws IOException {
        SimpleHttp.Response asResponse = SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(userRepresentation).asResponse();
        Assert.assertEquals(i, asResponse.getStatus());
        Assert.assertEquals(str, ((ErrorRepresentation) asResponse.asJson(ErrorRepresentation.class)).getErrorMessage());
    }

    private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException {
        return (List) SimpleHttp.doGet(getAccountUrl("credentials"), this.httpClient).auth(this.tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() { // from class: org.keycloak.testsuite.federation.ldap.LDAPAccountRestApiTest.1
        });
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1944678640:
                if (implMethodName.equals("lambda$testUpdateProfileSimple$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
            case -900794343:
                if (implMethodName.equals("lambda$testIgnoreReadOnlyAttributes$26a8868a$1")) {
                    z = true;
                    break;
                }
                break;
            case -856366662:
                if (implMethodName.equals("lambda$afterImportTestRealm$26a8868a$1")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        LDAPTestContext.init(keycloakSession).getRealm().setEditUsernameAllowed(false);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession2 -> {
                        LDAPTestContext.init(keycloakSession2).getRealm().setEditUsernameAllowed(false);
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPAccountRestApiTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession3 -> {
                        LDAPTestContext init = LDAPTestContext.init(keycloakSession3);
                        RealmModel realm = init.getRealm();
                        LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
                        LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "johnkeycloak", "John", "Doe", "john@email.org", (String) null, new String[]{"1234"}), "Password1");
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
