package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/testsuite/broker/HardcodedUserAttributeMapperTest.class */
public class HardcodedUserAttributeMapperTest extends AbstractIdentityProviderMapperTest {
    private static final String USER_ATTRIBUTE = "user-attribute";
    private static final String USER_ATTRIBUTE_VALUE = "user-attribute";

    @Test
    public void addHardcodedAttributeOnFirstLogin() {
        createMapperInIdp(setupIdentityProvider(), IdentityProviderMapperSyncMode.IMPORT);
        createUserInProviderRealm();
        logInAsUserInIDPForFirstTime();
        assertThatAttributeHasBeenAssigned(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void hardcodedAttributeGetsAddedEvenIfMapperIsAddedLaterInSyncModeForce() {
        assertThatAttributeHasBeenAssigned(loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.FORCE, true));
    }

    @Test
    public void hardcodedAttributeDoesNotGetAddedIfMapperIsAddedLaterInSyncModeImport() {
        assertThatAttributeHasNotBeenAssigned(loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.IMPORT, true));
    }

    @Test
    public void hardcodedAttributeDoesNotGetAddedAgainInSyncModeImport() {
        assertThatAttributeHasNotBeenAssigned(loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.IMPORT, false));
    }

    @Test
    public void hardcodedAttributeGetsUpdatedInSyncModeForce() {
        assertThatAttributeHasBeenAssigned(loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.FORCE, false));
    }

    protected UserRepresentation loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, boolean z) {
        IdentityProviderRepresentation identityProviderRepresentation = setupIdentityProvider();
        if (!z) {
            createMapperInIdp(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        createUserInProviderRealm();
        logInAsUserInIDPForFirstTime();
        UserRepresentation findUser = findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
        if (z) {
            assertThatAttributeHasNotBeenAssigned(findUser);
        } else {
            assertThatAttributeHasBeenAssigned(findUser);
        }
        if (z) {
            createMapperInIdp(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        if (findUser.getAttributes() != null) {
            findUser.setAttributes(new HashMap());
        }
        this.adminClient.realm(this.bc.consumerRealmName()).users().get(findUser.getId()).update(findUser);
        logInAsUserInIDP();
        return findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
    }

    protected void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("hardcoded-attribute-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("hardcoded-attribute-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("attribute", JsonUserAttributeMapperTest.USER_ATTRIBUTE).put("attribute.value", JsonUserAttributeMapperTest.USER_ATTRIBUTE).build());
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get(identityProviderRepresentation.getAlias());
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
    }

    protected void createUserInProviderRealm() {
        createUserInProviderRealm(new HashMap());
    }

    protected void assertThatAttributeHasBeenAssigned(UserRepresentation userRepresentation) {
        Assert.assertThat(userRepresentation.getAttributes().get(JsonUserAttributeMapperTest.USER_ATTRIBUTE), Matchers.contains(new String[]{JsonUserAttributeMapperTest.USER_ATTRIBUTE}));
    }

    protected void assertThatAttributeHasNotBeenAssigned(UserRepresentation userRepresentation) {
        if (userRepresentation.getAttributes() != null) {
            Assert.assertThat(userRepresentation.getAttributes().get(JsonUserAttributeMapperTest.USER_ATTRIBUTE), Matchers.not(Matchers.contains(new String[]{JsonUserAttributeMapperTest.USER_ATTRIBUTE})));
        }
    }

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerConfiguration();
    }
}
