package org.keycloak.testsuite.admin;

import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Response;
import org.junit.Test;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.ComponentTypeRepresentation;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.AdminEventPaths;

/* loaded from: input_file:org/keycloak/testsuite/admin/UserStorageRestTest.class */
public class UserStorageRestTest extends AbstractAdminTest {
    private AuthenticationExecutionInfoRepresentation findKerberosExecution() {
        AuthenticationExecutionInfoRepresentation findExecutionByProvider = AbstractAuthenticationTest.findExecutionByProvider("auth-spnego", this.realm.flows().getExecutions("browser"));
        Assert.assertNotNull(findExecutionByProvider);
        return findExecutionByProvider;
    }

    private String createComponent(ComponentRepresentation componentRepresentation) {
        Response add = this.realm.components().add(componentRepresentation);
        Assert.assertEquals(201L, add.getStatus());
        add.close();
        String createdId = ApiUtil.getCreatedId(add);
        this.assertAdminEvents.clear();
        return createdId;
    }

    private void removeComponent(String str) {
        this.realm.components().component(str).remove();
        this.assertAdminEvents.clear();
    }

    private void assertFederationProvider(ComponentRepresentation componentRepresentation, String str, String str2, String str3, String... strArr) {
        Assert.assertEquals(str, componentRepresentation.getId());
        Assert.assertEquals(str2, componentRepresentation.getName());
        Assert.assertEquals(str3, componentRepresentation.getProviderId());
        Assert.assertMultivaluedMap(componentRepresentation.getConfig(), strArr);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testKerberosAuthenticatorEnabledAutomatically() {
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("allowKerberosAuthentication", "true");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        AuthenticationExecutionInfoRepresentation findKerberosExecution = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        findKerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution, ResourceType.AUTH_EXECUTION);
        this.realm.components().component(createComponent).update(this.realm.components().component(createComponent).toRepresentation());
        this.assertAdminEvents.clear();
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        ComponentRepresentation representation = this.realm.components().component(createComponent).toRepresentation();
        representation.getConfig().putSingle("allowKerberosAuthentication", "false");
        this.realm.components().component(createComponent).update(representation);
        this.assertAdminEvents.clear();
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        ComponentRepresentation representation2 = this.realm.components().component(createComponent).toRepresentation();
        representation2.getConfig().putSingle("allowKerberosAuthentication", "true");
        this.realm.components().component(createComponent).update(representation2);
        this.assertAdminEvents.clear();
        AuthenticationExecutionInfoRepresentation findKerberosExecution2 = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution2.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        findKerberosExecution2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution2, ResourceType.AUTH_EXECUTION);
        removeComponent(createComponent);
    }

    @Test
    public void testKerberosAuthenticatorChangedOnlyIfDisabled() {
        AuthenticationExecutionInfoRepresentation findKerberosExecution = findKerberosExecution();
        findKerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution, ResourceType.AUTH_EXECUTION);
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("allowKerberosAuthentication", "true");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        this.realm.components().component(createComponent).update(this.realm.components().component(createComponent).toRepresentation());
        this.assertAdminEvents.clear();
        AuthenticationExecutionInfoRepresentation findKerberosExecution2 = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution2.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        findKerberosExecution2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution2, ResourceType.AUTH_EXECUTION);
        removeComponent(createComponent);
    }

    @Test
    public void testKerberosAuthenticatorDisabledWhenProviderRemoved() {
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("allowKerberosAuthentication", "true");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        this.realm.components().component(createComponent).remove();
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("kerberos");
        componentRepresentation.setProviderId("kerberos");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", Integer.toString(2));
        String createComponent2 = createComponent(componentRepresentation);
        AuthenticationExecutionInfoRepresentation findKerberosExecution = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        findKerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution);
        this.realm.components().component(createComponent2).remove();
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
    }

    @Test
    public void testValidateAndCreateLdapProvider() {
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("customUserSearchFilter", "dc=something");
        Response add = this.realm.components().add(createBasicLDAPProviderRep);
        Assert.assertEquals(400L, add.getStatus());
        add.close();
        createBasicLDAPProviderRep.getConfig().putSingle("customUserSearchFilter", "(dc=something");
        Response add2 = this.realm.components().add(createBasicLDAPProviderRep);
        Assert.assertEquals(400L, add2.getStatus());
        add2.close();
        createBasicLDAPProviderRep.getConfig().putSingle("customUserSearchFilter", "dc=something)");
        Response add3 = this.realm.components().add(createBasicLDAPProviderRep);
        Assert.assertEquals(400L, add3.getStatus());
        add3.close();
        Assert.assertTrue(this.realm.components().query(this.realmId, UserStorageProvider.class.getName()).isEmpty());
        this.assertAdminEvents.assertEmpty();
        createBasicLDAPProviderRep.getConfig().putSingle("customUserSearchFilter", "(dc=something)");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("ldap3");
        componentRepresentation.setProviderId("ldap");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", Integer.toString(2));
        componentRepresentation.getConfig().putSingle("bindDn", "cn=manager");
        componentRepresentation.getConfig().putSingle("bindCredential", "password");
        String createComponent2 = createComponent(componentRepresentation);
        Assert.assertEquals(this.realm.components().query(this.realmId, UserStorageProvider.class.getName()).size(), 2L);
        removeComponent(createComponent);
        removeComponent(createComponent2);
    }

    @Test
    public void testUpdateProvider() {
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("bindDn", "cn=manager");
        createBasicLDAPProviderRep.getConfig().putSingle("bindCredential", "password");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        ComponentRepresentation representation = this.realm.components().component(createComponent).toRepresentation();
        representation.getConfig().putSingle("customUserSearchFilter", "(dc=something2");
        representation.getConfig().putSingle("bindDn", "cn=manager-updated");
        try {
            this.realm.components().component(createComponent).update(representation);
            Assert.fail("Not expected to successfull update");
        } catch (BadRequestException e) {
        }
        assertFederationProvider(this.realm.components().component(createComponent).toRepresentation(), createComponent, "ldap2", "ldap", "bindDn", "cn=manager", "bindCredential", "**********");
        representation.getConfig().putSingle("customUserSearchFilter", "(dc=something2)");
        this.realm.components().component(createComponent).update(representation);
        this.assertAdminEvents.clear();
        ComponentRepresentation representation2 = this.realm.components().component(createComponent).toRepresentation();
        assertFederationProvider(representation2, createComponent, "ldap2", "ldap", "bindDn", "cn=manager-updated", "bindCredential", "**********", "customUserSearchFilter", "(dc=something2)");
        representation2.setName("ldap2");
        this.realm.components().component(createComponent).update(representation2);
        assertFederationProvider(this.realm.components().component(createComponent).toRepresentation(), createComponent, "ldap2", "ldap", "bindDn", "cn=manager-updated", "bindCredential", "**********", "customUserSearchFilter", "(dc=something2)");
        removeComponent(createComponent);
    }

    @Test
    public void testLDAPMapperProviderConfigurationForVendorOther() {
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("vendor", "other");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        ConfigPropertyRepresentation userRolesRetrieveStrategyConfigProperty = getUserRolesRetrieveStrategyConfigProperty(findMapperTypeConfiguration(createComponent, "group-ldap-mapper"), "user.roles.retrieve.strategy");
        Assert.assertNames(userRolesRetrieveStrategyConfigProperty.getOptions(), "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE", "GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE");
        Assert.assertFalse(userRolesRetrieveStrategyConfigProperty.getHelpText().contains("LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY"));
        ConfigPropertyRepresentation userRolesRetrieveStrategyConfigProperty2 = getUserRolesRetrieveStrategyConfigProperty(findMapperTypeConfiguration(createComponent, "role-ldap-mapper"), "user.roles.retrieve.strategy");
        Assert.assertNames(userRolesRetrieveStrategyConfigProperty2.getOptions(), "LOAD_ROLES_BY_MEMBER_ATTRIBUTE", "GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE");
        Assert.assertFalse(userRolesRetrieveStrategyConfigProperty2.getHelpText().contains("LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY"));
        removeComponent(createComponent);
    }

    @Test
    public void testLDAPMapperProviderConfigurationForVendorMSAD() {
        ComponentRepresentation createBasicLDAPProviderRep = createBasicLDAPProviderRep();
        createBasicLDAPProviderRep.getConfig().putSingle("vendor", "ad");
        String createComponent = createComponent(createBasicLDAPProviderRep);
        ConfigPropertyRepresentation userRolesRetrieveStrategyConfigProperty = getUserRolesRetrieveStrategyConfigProperty(findMapperTypeConfiguration(createComponent, "group-ldap-mapper"), "user.roles.retrieve.strategy");
        Assert.assertNames(userRolesRetrieveStrategyConfigProperty.getOptions(), "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE", "GET_GROUPS_FROM_USER_MEMBEROF_ATTRIBUTE", "LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY");
        Assert.assertTrue(userRolesRetrieveStrategyConfigProperty.getHelpText().contains("LOAD_GROUPS_BY_MEMBER_ATTRIBUTE_RECURSIVELY"));
        ConfigPropertyRepresentation userRolesRetrieveStrategyConfigProperty2 = getUserRolesRetrieveStrategyConfigProperty(findMapperTypeConfiguration(createComponent, "role-ldap-mapper"), "user.roles.retrieve.strategy");
        Assert.assertNames(userRolesRetrieveStrategyConfigProperty2.getOptions(), "LOAD_ROLES_BY_MEMBER_ATTRIBUTE", "GET_ROLES_FROM_USER_MEMBEROF_ATTRIBUTE", "LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY");
        Assert.assertTrue(userRolesRetrieveStrategyConfigProperty2.getHelpText().contains("LOAD_ROLES_BY_MEMBER_ATTRIBUTE_RECURSIVELY"));
        removeComponent(createComponent);
    }

    private ComponentRepresentation createBasicLDAPProviderRep() {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("ldap2");
        componentRepresentation.setProviderId("ldap");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", Integer.toString(2));
        return componentRepresentation;
    }

    private ComponentTypeRepresentation findMapperTypeConfiguration(String str, String str2) {
        return (ComponentTypeRepresentation) this.realm.components().component(str).getSubcomponentConfig(LDAPStorageMapper.class.getName()).stream().filter(componentTypeRepresentation -> {
            return str2.equals(componentTypeRepresentation.getId());
        }).findFirst().orElseThrow(() -> {
            return new IllegalStateException("Not able to find mapper with provider id: " + str2);
        });
    }

    private ConfigPropertyRepresentation getUserRolesRetrieveStrategyConfigProperty(ComponentTypeRepresentation componentTypeRepresentation, String str) {
        return (ConfigPropertyRepresentation) componentTypeRepresentation.getProperties().stream().filter(configPropertyRepresentation -> {
            return str.equals(configPropertyRepresentation.getName());
        }).findFirst().orElseThrow(() -> {
            return new IllegalStateException("Not able to find config property with name: " + str);
        });
    }
}
