package org.keycloak.testsuite.forms;

import java.util.HashMap;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthenticationManagementResource;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.pages.TermsAndConditionsPage;
import org.keycloak.testsuite.rest.representation.AuthenticatorState;
import org.keycloak.testsuite.updaters.Creator;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.ExecutionBuilder;
import org.keycloak.testsuite.util.FlowBuilder;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/CustomFlowTest.class */
public class CustomFlowTest extends AbstractFlowTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected TermsAndConditionsPage termsPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;

    @Page
    protected RegisterPage registerPage;
    private static String userId;

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        realmRepresentation.getUsers().add(UserBuilder.create().username("login-test").email("login@test.com").enabled(true).build());
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("dummy-client").name("dummy-client").authenticatorType("testsuite-client-passthrough").directAccessGrants().build());
        ClientRepresentation findClientByClientId = RealmRepUtil.findClientByClientId(realmRepresentation, AssertEvents.DEFAULT_CLIENT_ID);
        findClientByClientId.setClientAuthenticatorType("testsuite-client-passthrough");
        findClientByClientId.setDirectAccessGrantsEnabled(true);
    }

    @Before
    public void configureFlows() {
        userId = findUser("login-test").getId();
        if (this.testContext.isInitialized()) {
            return;
        }
        AuthenticationFlowRepresentation build = FlowBuilder.create().alias("dummy").description("dummy pass through flow").providerId("basic-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build);
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setBrowserFlow(build.getAlias());
        representation.setDirectGrantFlow(build.getAlias());
        testRealm().update(representation);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-dummy-passthrough").priority(10).authenticatorFlow(false).build());
        AuthenticationFlowRepresentation build2 = FlowBuilder.create().alias("dummy registration").description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build2);
        setRegistrationFlow(build2);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build2.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-dummy-registration").priority(10).authenticatorFlow(false).build());
        AuthenticationFlowRepresentation build3 = FlowBuilder.create().alias("client-dummy").description("dummy pass through flow").providerId("client-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build3);
        RealmRepresentation representation2 = testRealm().toRepresentation();
        representation2.setClientAuthenticationFlow(build3.getAlias());
        testRealm().update(representation2);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build3.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-client-passthrough").priority(10).authenticatorFlow(false).build());
        this.testContext.setInitialized(true);
    }

    @Test
    public void testRequiredAfterAlternative() {
        AuthenticationManagementResource flows = testRealm().flows();
        HashMap hashMap = new HashMap();
        hashMap.put("newName", "Browser Flow With Extra");
        Response copy = flows.copy("browser", hashMap);
        try {
            Assert.assertThat("Copy flow", copy, Matchers.statusCodeIs(Response.Status.CREATED));
            String id = findFlowByAlias("Browser Flow With Extra").getId();
            copy.close();
            AuthenticationExecutionRepresentation build = ExecutionBuilder.create().parentFlow(id).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-dummy-click-through").priority(10).authenticatorFlow(false).build();
            RealmRepresentation representation = testRealm().toRepresentation();
            Response addExecution = testRealm().flows().addExecution(build);
            Throwable th = null;
            try {
                representation.setBrowserFlow("Browser Flow With Extra");
                testRealm().update(representation);
                RealmRepresentation representation2 = testRealm().toRepresentation();
                Assert.assertEquals("Browser Flow With Extra", representation2.getBrowserFlow());
                if (addExecution != null) {
                    if (0 != 0) {
                        try {
                            addExecution.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        addExecution.close();
                    }
                }
                this.loginPage.open();
                Assert.assertTrue(this.termsPage.isCurrent());
                representation2.setBrowserFlow("dummy");
                testRealm().update(representation2);
            } catch (Throwable th3) {
                if (addExecution != null) {
                    if (0 != 0) {
                        try {
                            addExecution.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    } else {
                        addExecution.close();
                    }
                }
                throw th3;
            }
        } catch (Throwable th5) {
            copy.close();
            throw th5;
        }
    }

    @Test
    public void validateX509FlowUpdate() throws Exception {
        AuthenticationFlowRepresentation authenticationFlowRepresentation = new AuthenticationFlowRepresentation();
        authenticationFlowRepresentation.setAlias("Browser Flow With Extra 2");
        authenticationFlowRepresentation.setDescription("");
        authenticationFlowRepresentation.setProviderId("basic-flow");
        authenticationFlowRepresentation.setTopLevel(true);
        authenticationFlowRepresentation.setBuiltIn(false);
        Creator.Flow create = Creator.create(testRealm(), authenticationFlowRepresentation);
        Throwable th = null;
        try {
            AuthenticationManagementResource authenticationManagementResource = (AuthenticationManagementResource) create.resource();
            String id = create.addExecution("direct-grant-auth-x509-username").getId();
            HashMap hashMap = new HashMap();
            hashMap.put("x509-cert-auth.crl-checking-enabled", Boolean.TRUE.toString());
            AuthenticatorConfigRepresentation authenticatorConfigRepresentation = new AuthenticatorConfigRepresentation();
            authenticatorConfigRepresentation.setAlias("Config alias");
            authenticatorConfigRepresentation.setConfig(hashMap);
            Response newExecutionConfig = authenticationManagementResource.newExecutionConfig(id, authenticatorConfigRepresentation);
            Throwable th2 = null;
            try {
                try {
                    Assert.assertThat(newExecutionConfig, Matchers.statusCodeIs(Response.Status.CREATED));
                    String createdId = ApiUtil.getCreatedId(newExecutionConfig);
                    if (newExecutionConfig != null) {
                        if (0 != 0) {
                            try {
                                newExecutionConfig.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            newExecutionConfig.close();
                        }
                    }
                    AuthenticatorConfigRepresentation authenticatorConfig = authenticationManagementResource.getAuthenticatorConfig(createdId);
                    authenticatorConfig.getConfig().put("x509-cert-auth.crl-checking-enabled", Boolean.FALSE.toString());
                    authenticatorConfig.getConfig().put("x509-cert-auth.crl-relative-path", "");
                    authenticationManagementResource.updateAuthenticatorConfig(createdId, authenticatorConfig);
                    authenticationManagementResource.updateAuthenticatorConfig(createdId, authenticatorConfig);
                    if (create != null) {
                        if (0 == 0) {
                            create.close();
                            return;
                        }
                        try {
                            create.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (newExecutionConfig != null) {
                    if (th2 != null) {
                        try {
                            newExecutionConfig.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        newExecutionConfig.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    create.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void loginSuccess() {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setUsername("login-test");
        authenticatorState.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        this.oauth.openLoginForm();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void grantTest() throws Exception {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setUsername("login-test");
        authenticatorState.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken(AssertEvents.DEFAULT_CLIENT_ID, "login-test");
    }

    @Test
    public void clientAuthTest() throws Exception {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setClientId("dummy-client");
        authenticatorState.setUsername("login-test");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken("dummy-client", "login-test");
        authenticatorState.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken(AssertEvents.DEFAULT_CLIENT_ID, "login-test");
        authenticatorState.setClientId("unknown");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", "test-user", "password");
        Assert.assertEquals(400L, doGrantAccessTokenRequest.getStatusCode());
        Assert.assertEquals("invalid_client", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client((String) null).user((String) null).session((String) null).removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("invalid_client_credentials").assertEvent();
        authenticatorState.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        this.oauth.addCustomParameter("test_error_param", "Some Random Error");
        try {
            OAuthClient.AccessTokenResponse doGrantAccessTokenRequest2 = this.oauth.doGrantAccessTokenRequest("password", "test-user", "password");
            Assert.assertEquals(400L, doGrantAccessTokenRequest2.getStatusCode());
            Assert.assertEquals("unauthorized_client", doGrantAccessTokenRequest2.getError());
            Assert.assertEquals("Unexpected error when authenticating client", doGrantAccessTokenRequest2.getErrorDescription());
        } finally {
            this.oauth.removeCustomParameter("test_error_param");
        }
    }

    private void grantAccessToken(String str, String str2) throws Exception {
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", str2, "password");
        Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken = this.oauth.parseRefreshToken(doGrantAccessTokenRequest.getRefreshToken());
        this.events.expectLogin().client(str).user(userId).session(verifyToken.getSessionState()).detail("grant_type", "password").detail("token_id", verifyToken.getId()).detail("refresh_token_id", parseRefreshToken.getId()).detail("username", str2).detail("client_auth_method", "testsuite-client-passthrough").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").assertEvent();
        Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken.getSessionState());
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doGrantAccessTokenRequest.getRefreshToken(), "password");
        AccessToken verifyToken2 = this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken());
        RefreshToken parseRefreshToken2 = this.oauth.parseRefreshToken(doRefreshTokenRequest.getRefreshToken());
        Assert.assertEquals(verifyToken.getSessionState(), verifyToken2.getSessionState());
        Assert.assertEquals(verifyToken.getSessionState(), parseRefreshToken2.getSessionState());
        this.events.expectRefresh(parseRefreshToken.getId(), parseRefreshToken.getSessionState()).user(userId).client(str).detail("client_auth_method", "testsuite-client-passthrough").assertEvent();
    }
}
