package org.keycloak.testsuite.webauthn;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.util.RandomString;
import org.keycloak.events.EventType;
import org.keycloak.models.credential.dto.WebAuthnCredentialData;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.WebAuthnAssume;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.pages.webauthn.WebAuthnLoginPage;
import org.keycloak.testsuite.pages.webauthn.WebAuthnRegisterPage;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.util.JsonSerialization;

@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
/* loaded from: input_file:org/keycloak/testsuite/webauthn/WebAuthnRegisterAndLoginTest.class */
public class WebAuthnRegisterAndLoginTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected WebAuthnLoginPage webAuthnLoginPage;

    @Page
    protected RegisterPage registerPage;

    @Page
    protected WebAuthnRegisterPage webAuthnRegisterPage;
    private static final String ALL_ZERO_AAGUID = "00000000-0000-0000-0000-000000000000";
    private List<String> signatureAlgorithms;
    private String attestationConveyancePreference;
    private String authenticatorAttachment;
    private String requireResidentKey;
    private String rpEntityName;
    private String userVerificationRequirement;
    private String rpId;
    private int createTimeout;
    private boolean avoidSameAuthenticatorRegister;
    private List<String> acceptableAaguids;

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @BeforeClass
    public static void enabled() {
        Assume.assumeTrue(ServerURLs.AUTH_SERVER_SSL_REQUIRED);
    }

    @Before
    public void verifyEnvironment() {
        WebAuthnAssume.assumeChrome(this.driver);
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/webauthn/testrealm-webauthn.json"), RealmRepresentation.class));
    }

    @Test
    public void registerUserSuccess() {
        try {
            RealmRepresentation backupWebAuthnRealmSettings = backupWebAuthnRealmSettings();
            backupWebAuthnRealmSettings.setWebAuthnPolicySignatureAlgorithms(Arrays.asList("ES256"));
            backupWebAuthnRealmSettings.setWebAuthnPolicyAttestationConveyancePreference("none");
            backupWebAuthnRealmSettings.setWebAuthnPolicyAuthenticatorAttachment("cross-platform");
            backupWebAuthnRealmSettings.setWebAuthnPolicyRequireResidentKey("No");
            backupWebAuthnRealmSettings.setWebAuthnPolicyRpId((String) null);
            backupWebAuthnRealmSettings.setWebAuthnPolicyUserVerificationRequirement("preferred");
            backupWebAuthnRealmSettings.setWebAuthnPolicyAcceptableAaguids(Arrays.asList(ALL_ZERO_AAGUID));
            testRealm().update(backupWebAuthnRealmSettings);
            this.loginPage.open();
            this.loginPage.clickRegister();
            this.registerPage.assertCurrent();
            String randomCode = RandomString.randomCode(24);
            this.registerPage.register("firstName", "lastName", "registerUserSuccess@email", "registerUserSuccess", "password", "password");
            this.webAuthnRegisterPage.registerWebAuthnCredential(randomCode);
            this.appPage.assertCurrent();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            this.appPage.openAccount();
            String userId = this.events.expectRegister("registerUserSuccess", "registerUserSuccess@email").assertEvent().getUserId();
            String str = (String) this.events.expectRequiredAction(EventType.CUSTOM_REQUIRED_ACTION).user(userId).detail("custom_required_action", "webauthn-register").detail("public_key_credential_label", randomCode).assertEvent().getDetails().get("public_key_credential_id");
            String sessionId = this.events.expectLogin().user(userId).detail("custom_required_action", "webauthn-register").detail("public_key_credential_label", randomCode).assertEvent().getSessionId();
            assertUserRegistered(userId, "registerUserSuccess".toLowerCase(), "registerUserSuccess@email".toLowerCase());
            assertRegisteredCredentials(userId, ALL_ZERO_AAGUID, "none");
            this.appPage.logout();
            this.events.expectLogout(sessionId).user(userId).assertEvent();
            this.loginPage.open();
            this.loginPage.login("registerUserSuccess", "password");
            this.appPage.assertCurrent();
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            this.appPage.openAccount();
            String sessionId2 = this.events.expectLogin().user(userId).detail("public_key_credential_id", str).assertEvent().getSessionId();
            this.appPage.logout();
            this.events.expectLogout(sessionId2).user(userId).assertEvent();
            restoreWebAuthnRealmSettings();
        } catch (Throwable th) {
            restoreWebAuthnRealmSettings();
            throw th;
        }
    }

    @Test
    public void testWebAuthnTwoFactorAndWebAuthnPasswordlessTogether() {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setBrowserFlow("browser-webauthn-passwordless");
        testRealm().update(representation);
        try {
            String id = ApiUtil.findUserByUsername(testRealm(), AssertEvents.DEFAULT_USERNAME).getId();
            this.loginPage.open();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.webAuthnRegisterPage.registerWebAuthnCredential("label1");
            this.webAuthnRegisterPage.registerWebAuthnCredential("label2");
            this.appPage.assertCurrent();
            String sessionId = this.events.expectLogin().user(id).assertEvent().getSessionId();
            this.appPage.logout();
            this.events.expectLogout(sessionId).user(id).assertEvent();
            List credentials = testRealm().users().get(id).credentials();
            CredentialRepresentation credentialRepresentation = (CredentialRepresentation) credentials.stream().filter(credentialRepresentation2 -> {
                return "webauthn".equals(credentialRepresentation2.getType());
            }).findFirst().orElse(null);
            Assert.assertNotNull(credentialRepresentation);
            Assert.assertEquals("label1", credentialRepresentation.getUserLabel());
            CredentialRepresentation credentialRepresentation3 = (CredentialRepresentation) credentials.stream().filter(credentialRepresentation4 -> {
                return "webauthn-passwordless".equals(credentialRepresentation4.getType());
            }).findFirst().orElse(null);
            Assert.assertNotNull(credentialRepresentation3);
            Assert.assertEquals("label2", credentialRepresentation3.getUserLabel());
            this.loginPage.open();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.appPage.assertCurrent();
            this.events.expectLogin().user(id).assertEvent();
            testRealm().users().get(id).removeCredential(credentialRepresentation.getId());
            testRealm().users().get(id).removeCredential(credentialRepresentation3.getId());
            representation.setBrowserFlow("browser-webauthn");
            testRealm().update(representation);
        } catch (Throwable th) {
            representation.setBrowserFlow("browser-webauthn");
            testRealm().update(representation);
            throw th;
        }
    }

    private void assertUserRegistered(String str, String str2, String str3) {
        UserRepresentation user = getUser(str);
        Assert.assertNotNull(user);
        Assert.assertNotNull(user.getCreatedTimestamp());
        Assert.assertTrue(System.currentTimeMillis() - user.getCreatedTimestamp().longValue() < 60000);
        Assert.assertEquals(str2.toLowerCase(), user.getUsername());
        Assert.assertEquals(str3.toLowerCase(), user.getEmail());
        Assert.assertEquals("firstName", user.getFirstName());
        Assert.assertEquals("lastName", user.getLastName());
    }

    private void assertRegisteredCredentials(String str, String str2, String str3) {
        getCredentials(str).stream().forEach(credentialRepresentation -> {
            if ("webauthn".equals(credentialRepresentation.getType())) {
                try {
                    WebAuthnCredentialData webAuthnCredentialData = (WebAuthnCredentialData) JsonSerialization.readValue(credentialRepresentation.getCredentialData(), WebAuthnCredentialData.class);
                    Assert.assertEquals(str2, webAuthnCredentialData.getAaguid());
                    Assert.assertEquals(str3, webAuthnCredentialData.getAttestationStatementFormat());
                } catch (IOException e) {
                    Assert.fail();
                }
            }
        });
    }

    protected UserRepresentation getUser(String str) {
        return testRealm().users().get(str).toRepresentation();
    }

    protected List<CredentialRepresentation> getCredentials(String str) {
        return testRealm().users().get(str).credentials();
    }

    private RealmRepresentation backupWebAuthnRealmSettings() {
        RealmRepresentation representation = testRealm().toRepresentation();
        this.signatureAlgorithms = representation.getWebAuthnPolicySignatureAlgorithms();
        this.attestationConveyancePreference = representation.getWebAuthnPolicyAttestationConveyancePreference();
        this.authenticatorAttachment = representation.getWebAuthnPolicyAuthenticatorAttachment();
        this.requireResidentKey = representation.getWebAuthnPolicyRequireResidentKey();
        this.rpEntityName = representation.getWebAuthnPolicyRpEntityName();
        this.userVerificationRequirement = representation.getWebAuthnPolicyUserVerificationRequirement();
        this.rpId = representation.getWebAuthnPolicyRpId();
        this.createTimeout = representation.getWebAuthnPolicyCreateTimeout().intValue();
        this.avoidSameAuthenticatorRegister = representation.isWebAuthnPolicyAvoidSameAuthenticatorRegister().booleanValue();
        this.acceptableAaguids = representation.getWebAuthnPolicyAcceptableAaguids();
        return representation;
    }

    public void restoreWebAuthnRealmSettings() {
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setWebAuthnPolicySignatureAlgorithms(this.signatureAlgorithms);
        representation.setWebAuthnPolicyAttestationConveyancePreference(this.attestationConveyancePreference);
        representation.setWebAuthnPolicyAuthenticatorAttachment(this.authenticatorAttachment);
        representation.setWebAuthnPolicyRequireResidentKey(this.requireResidentKey);
        representation.setWebAuthnPolicyRpEntityName(this.rpEntityName);
        representation.setWebAuthnPolicyUserVerificationRequirement(this.userVerificationRequirement);
        representation.setWebAuthnPolicyRpId(this.rpId);
        representation.setWebAuthnPolicyCreateTimeout(Integer.valueOf(this.createTimeout));
        representation.setWebAuthnPolicyAvoidSameAuthenticatorRegister(Boolean.valueOf(this.avoidSameAuthenticatorRegister));
        representation.setWebAuthnPolicyAcceptableAaguids(this.acceptableAaguids);
        testRealm().update(representation);
    }
}
