package org.keycloak.testsuite.federation.ldap;

import com.google.common.collect.ImmutableMap;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.util.UUID;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriBuilderException;
import org.junit.After;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.broker.saml.mappers.UsernameTemplateMapper;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.saml.SAML2LoginResponseBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.broker.KcSamlBrokerConfiguration;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.updaters.Creator;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.TestCleanup;

/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest.class */
public class LDAPSamlIdPInitiatedVaryingLetterCaseTest extends AbstractLDAPTest {

    @ClassRule
    public static LDAPRule ldapRule = new LDAPRule();
    private static final String USER_NAME_LDAP = "JdOe";
    private static final String USER_NAME_LOWERCASE = USER_NAME_LDAP.toLowerCase();
    private static final String USER_NAME_UPPERCASE = USER_NAME_LDAP.toUpperCase();
    private static final String USER_FIRST_NAME = "Joe";
    private static final String USER_LAST_NAME = "Doe";
    private static final String USER_PASSWORD = "P@ssw0rd!";
    private static final String USER_EMAIL = "jdoe@keycloak.org";
    private static final String USER_STREET = "Street";
    private static final String USER_POSTAL_CODE = "Post code";
    private static final String MY_APP = "myapp";
    private static final String EXT_SSO = "sso";
    private static final String EXT_SSO_URL = "http://localhost-sso.127.0.0.1.nip.io";
    private static final String DUMMY_URL = "http://localhost-sso-dummy.127.0.0.1.nip.io";
    private static final String FLOW_AUTO_LINK = "AutoLink";
    private String idpAlias;

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected LDAPRule getLDAPRule() {
        return ldapRule;
    }

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected void afterImportTestRealm() {
        getTestingClient().server().run(keycloakSession -> {
            LDAPTestContext init = LDAPTestContext.init(keycloakSession);
            RealmModel realm = init.getRealm();
            LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
            LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, USER_NAME_LDAP, USER_FIRST_NAME, USER_LAST_NAME, USER_EMAIL, USER_STREET, new String[]{USER_POSTAL_CODE}), USER_PASSWORD);
        });
        ComponentRepresentation componentRepresentation = (ComponentRepresentation) testRealm().components().query((String) null, "org.keycloak.storage.UserStorageProvider").get(0);
        ComponentRepresentation componentRepresentation2 = new ComponentRepresentation();
        componentRepresentation2.setName("uid-to-user-attr-mapper");
        componentRepresentation2.setProviderId("user-attribute-ldap-mapper");
        componentRepresentation2.setProviderType("org.keycloak.storage.ldap.mappers.LDAPStorageMapper");
        componentRepresentation2.setParentId(componentRepresentation.getId());
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        multivaluedHashMap.add("user.model.attribute", "ldapUid");
        multivaluedHashMap.add("ldap.attribute", "uid");
        multivaluedHashMap.add("read.only", "true");
        multivaluedHashMap.add("is.mandatory.in.ldap", "true");
        componentRepresentation2.setConfig(multivaluedHashMap);
        testRealm().components().add(componentRepresentation2);
    }

    @Before
    public void setupIdentityProvider() {
        AuthenticationFlowRepresentation authenticationFlowRepresentation = new AuthenticationFlowRepresentation();
        authenticationFlowRepresentation.setAlias(FLOW_AUTO_LINK);
        authenticationFlowRepresentation.setDescription("Auto-link flow");
        authenticationFlowRepresentation.setProviderId("basic-flow");
        authenticationFlowRepresentation.setBuiltIn(false);
        authenticationFlowRepresentation.setTopLevel(true);
        Creator.Flow create = Creator.create(testRealm(), authenticationFlowRepresentation);
        AuthenticationExecutionInfoRepresentation addExecution = create.addExecution("idp-create-user-if-unique");
        addExecution.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
        testRealm().flows().updateExecutions(FLOW_AUTO_LINK, addExecution);
        AuthenticationExecutionInfoRepresentation addExecution2 = create.addExecution("idp-auto-link");
        addExecution2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE.name());
        testRealm().flows().updateExecutions(FLOW_AUTO_LINK, addExecution2);
        getCleanup().addCleanup(create);
        IdentityProviderRepresentation upIdentityProvider = KcSamlBrokerConfiguration.INSTANCE.setUpIdentityProvider();
        upIdentityProvider.getConfig().put("nameIDPolicyFormat", JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get());
        upIdentityProvider.setFirstBrokerLoginFlowAlias(FLOW_AUTO_LINK);
        Creator create2 = Creator.create(testRealm(), upIdentityProvider);
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("username-nameid-mapper");
        this.idpAlias = upIdentityProvider.getAlias();
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.idpAlias);
        identityProviderMapperRepresentation.setIdentityProviderMapper("saml-username-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", "IMPORT").put("template", "${NAMEID | lowercase}").put("target", UsernameTemplateMapper.Target.BROKER_ID.name()).build());
        ((IdentityProviderResource) create2.resource()).addMapper(identityProviderMapperRepresentation);
        getCleanup().addCleanup(create2);
    }

    @Before
    public void setupClients() {
        getCleanup().addCleanup(Creator.create(testRealm(), ClientBuilder.create().protocol("saml").clientId(EXT_SSO_URL).baseUrl(EXT_SSO_URL).attribute("saml_idp_initiated_sso_url_name", EXT_SSO).attribute("saml_name_id_format", JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get()).attribute("saml_assertion_consumer_url_post", DUMMY_URL).build()));
        TestCleanup cleanup = getCleanup();
        RealmResource testRealm = testRealm();
        ClientBuilder protocol = ClientBuilder.create().clientId(MY_APP).protocol("openid-connect");
        OAuthClient oAuthClient = this.oauth;
        cleanup.addCleanup(Creator.create(testRealm, protocol.baseUrl(OAuthClient.APP_AUTH_ROOT).build()));
    }

    @After
    public void cleanupUsers() {
        testRealm().userStorage().removeImportedUsers(ldapModelId);
    }

    @Test
    public void loginLDAPTest() {
        this.loginPage.open();
        this.loginPage.login(USER_NAME_LDAP, USER_PASSWORD);
        this.appPage.assertCurrent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.appPage.logout();
    }

    protected URI getAuthServerBrokerSamlEndpoint(String str, String str2, String str3) throws IllegalArgumentException, UriBuilderException {
        return RealmsResource.realmBaseUrl(UriBuilder.fromUri(getAuthServerRoot())).path("broker/{idp-name}/endpoint/clients/{client-id}").build(new Object[]{str, str2, str3});
    }

    @Test
    public void idpInitiatedMatchCaseLDAPTest() throws Exception {
        testIdpInitiated(USER_NAME_LDAP, true);
    }

    @Test
    public void idpInitiatedUpperCaseLDAPTest() throws Exception {
        testIdpInitiated(USER_NAME_UPPERCASE, true);
    }

    @Test
    public void idpInitiatedLowerCaseLDAPTest() throws Exception {
        testIdpInitiated(USER_NAME_LOWERCASE, true);
    }

    @Test
    public void idpInitiatedVaryingLetterCasesLDAPTest() throws Exception {
        testIdpInitiated(USER_NAME_LDAP, true);
        testIdpInitiated(USER_NAME_UPPERCASE, false);
        testIdpInitiated(USER_NAME_LOWERCASE, false);
    }

    private void testIdpInitiated(String str, boolean z) throws Exception {
        URI authServerBrokerSamlEndpoint = getAuthServerBrokerSamlEndpoint("test", "kc-saml-idp", EXT_SSO);
        SamlClientBuilder build = new SamlClientBuilder().submitSamlDocument(authServerBrokerSamlEndpoint, prepareResponseForIdPInitiatedFlow(authServerBrokerSamlEndpoint, str), SamlClient.Binding.POST).targetAttributeSamlResponse().build();
        if (z) {
            build.followOneRedirect().followOneRedirect();
        }
        build.processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
            org.junit.Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            return null;
        }).build().navigateTo(this.oauth.getLoginFormUrl()).assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("AUTH_RESPONSE"))).execute();
        org.junit.Assert.assertThat(testRealm().users().search(USER_NAME_LDAP, Boolean.TRUE), org.hamcrest.Matchers.hasSize(1));
    }

    private ResponseType prepareResponseForIdPInitiatedFlow(URI uri, String str) throws ConfigurationException, ProcessingException {
        return new SAML2LoginResponseBuilder().requestID(UUID.randomUUID().toString()).destination(uri.toString()).issuer(EXT_SSO_URL).requestIssuer(uri.toString()).assertionExpiration(1000000).subjectExpiration(1000000).sessionIndex("idp:" + UUID.randomUUID()).nameIdentifier(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.get(), str).buildModel();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -856366662:
                if (implMethodName.equals("lambda$afterImportTestRealm$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPSamlIdPInitiatedVaryingLetterCaseTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        LDAPTestContext init = LDAPTestContext.init(keycloakSession);
                        RealmModel realm = init.getRealm();
                        LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
                        LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, USER_NAME_LDAP, USER_FIRST_NAME, USER_LAST_NAME, USER_EMAIL, USER_STREET, new String[]{USER_POSTAL_CODE}), USER_PASSWORD);
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
