package org.keycloak.testsuite.federation.ldap;

import java.lang.invoke.SerializedLambda;
import java.util.Collections;
import javax.ws.rs.ClientErrorException;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.LDAPStorageProvider;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;
import org.openqa.selenium.By;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest.class */
public class LDAPReadOnlyTest extends AbstractLDAPTest {

    @ClassRule
    public static LDAPRule ldapRule = new LDAPRule();

    @Page
    protected LoginConfigTotpPage totpPage;
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected LDAPRule getLDAPRule() {
        return ldapRule;
    }

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected void afterImportTestRealm() {
        this.testingClient.server().run(keycloakSession -> {
            LDAPTestContext init = LDAPTestContext.init(keycloakSession);
            RealmModel realm = init.getRealm();
            LDAPTestUtils.addZipCodeLDAPMapper(realm, init.getLdapModel());
            LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
            LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "johnkeycloak", "John", "Doe", "john@email.org", (String) null, new String[]{"1234"}), "Password1");
            LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "existing", "Existing", "Foo", "existing@email.org", (String) null, new String[]{"5678"});
            realm.getClientByClientId(AssertEvents.DEFAULT_CLIENT_ID).setDirectAccessGrantsEnabled(true);
            LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(keycloakSession, init.getLdapModel());
            ldapProvider.getModel().put("editMode", UserStorageProvider.EditMode.READ_ONLY.toString());
            realm.updateComponent(ldapProvider.getModel());
        });
    }

    @Test
    public void testReadOnlyWithTOTPEnabled() {
        setTotpRequirementExecutionForRealm(AuthenticationExecutionModel.Requirement.REQUIRED);
        this.loginPage.open();
        this.loginPage.login("johnkeycloak", "Password1");
        Assert.assertTrue(this.totpPage.isCurrent());
        Assert.assertFalse(this.totpPage.isCancelDisplayed());
        this.driver.findElement(By.id("userLabel"));
        this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()));
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        setTotpRequirementExecutionForRealm(AuthenticationExecutionModel.Requirement.CONDITIONAL);
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
        findUserByUsernameId.removeCredential(((CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation -> {
            return credentialRepresentation.getType().equals("otp");
        }).findFirst().get()).getId());
    }

    @Test
    public void testReadOnlyUserDoesNotThrowIfUnchanged() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setRequiredActions(Collections.singletonList(UserModel.RequiredAction.CONFIGURE_TOTP.toString()));
        findUserByUsernameId.update(representation);
        UserResource findUserByUsernameId2 = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
        UserRepresentation representation2 = findUserByUsernameId2.toRepresentation();
        Assert.assertEquals(representation2.getRequiredActions().size(), 1L);
        Assert.assertEquals(representation2.getRequiredActions().get(0), UserModel.RequiredAction.CONFIGURE_TOTP.toString());
        representation2.setRequiredActions(Collections.emptyList());
        findUserByUsernameId2.update(representation2);
    }

    @Test(expected = ClientErrorException.class)
    public void testReadOnlyUserThrowsIfChanged() {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "johnkeycloak");
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setFirstName("Jane");
        findUserByUsernameId.update(representation);
    }

    private void setTotpRequirementExecutionForRealm(AuthenticationExecutionModel.Requirement requirement) {
        this.adminClient.realm("test").flows().getExecutions("browser").stream().filter(authenticationExecutionInfoRepresentation -> {
            return authenticationExecutionInfoRepresentation.getDisplayName().equals("Browser - Conditional OTP");
        }).forEach(authenticationExecutionInfoRepresentation2 -> {
            authenticationExecutionInfoRepresentation2.setRequirement(requirement.name());
            this.adminClient.realm("test").flows().updateExecutions("browser", authenticationExecutionInfoRepresentation2);
        });
    }

    protected void assertFederatedUserLink(UserRepresentation userRepresentation) {
        Assert.assertTrue(StorageId.isLocalStorage(userRepresentation.getId()));
        Assert.assertNotNull(userRepresentation.getFederationLink());
        Assert.assertEquals(userRepresentation.getFederationLink(), ldapModelId);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -856366662:
                if (implMethodName.equals("lambda$afterImportTestRealm$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPReadOnlyTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        LDAPTestContext init = LDAPTestContext.init(keycloakSession);
                        RealmModel realm = init.getRealm();
                        LDAPTestUtils.addZipCodeLDAPMapper(realm, init.getLdapModel());
                        LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
                        LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "johnkeycloak", "John", "Doe", "john@email.org", (String) null, new String[]{"1234"}), "Password1");
                        LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, "existing", "Existing", "Foo", "existing@email.org", (String) null, new String[]{"5678"});
                        realm.getClientByClientId(AssertEvents.DEFAULT_CLIENT_ID).setDirectAccessGrantsEnabled(true);
                        LDAPStorageProvider ldapProvider = LDAPTestUtils.getLdapProvider(keycloakSession, init.getLdapModel());
                        ldapProvider.getModel().put("editMode", UserStorageProvider.EditMode.READ_ONLY.toString());
                        realm.updateComponent(ldapProvider.getModel());
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
