package org.keycloak.testsuite.federation.ldap;

import java.lang.invoke.SerializedLambda;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.naming.AuthenticationException;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assume;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.junit.runners.MethodSorters;
import org.keycloak.events.EventType;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableVault;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.runonserver.RunOnServerException;
import org.keycloak.testsuite.util.LDAPRule;
import org.keycloak.testsuite.util.LDAPTestUtils;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
@EnableVault
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest.class */
public class LDAPUserLoginTest extends AbstractLDAPTest {

    @Rule
    public LDAPRule ldapRule = new LDAPRule().assumeTrue(lDAPTestConfiguration -> {
        return lDAPTestConfiguration.isStartEmbeddedLdapServer();
    });

    @Rule
    public ExternalResource ldapProviderRule = new ExternalResource() { // from class: org.keycloak.testsuite.federation.ldap.LDAPUserLoginTest.1
        protected void after() {
            if (LDAPUserLoginTest.this.getTestingClient() != null) {
                LDAPUserLoginTest.this.getTestContext().getTestRealmReps().clear();
            }
        }
    };

    @Rule
    public AssertEvents events = new AssertEvents(this);
    protected static final Map<String, String> DEFAULT_TEST_USERS = new HashMap();

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected LDAPRule getLDAPRule() {
        return this.ldapRule;
    }

    @Override // org.keycloak.testsuite.federation.ldap.AbstractLDAPTest
    protected void afterImportTestRealm() {
        try {
            getTestingClient().server().run(keycloakSession -> {
                LDAPTestContext init = LDAPTestContext.init(keycloakSession);
                RealmModel realm = init.getRealm();
                LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
                LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, DEFAULT_TEST_USERS.get("VALID_USER_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_FIRST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_LAST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_EMAIL"), DEFAULT_TEST_USERS.get("VALID_USER_STREET"), new String[]{DEFAULT_TEST_USERS.get("VALID_USER_POSTAL_CODE")}), DEFAULT_TEST_USERS.get("VALID_USER_PASSWORD"));
            });
        } catch (RunOnServerException e) {
            Assume.assumeFalse("Work around JDK-8214440", (e.getCause() instanceof ModelException) && (e.getCause().getCause() instanceof ModelException) && (e.getCause().getCause().getCause() instanceof AuthenticationException) && Objects.equals(e.getCause().getCause().getCause().getMessage(), "Could not negotiate TLS"));
        }
    }

    private void verifyLoginSucceededAndLogout(String str, String str2) {
        this.loginPage.open();
        this.loginPage.login(str, str2);
        this.appPage.assertCurrent();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.appPage.logout();
    }

    private void verifyLoginFailed(String str, String str2) {
        this.events.clear();
        this.loginPage.open();
        this.loginPage.login(str, str2);
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        if (str.equals(DEFAULT_TEST_USERS.get("INVALID_USER_EMAIL")) || str.equals(DEFAULT_TEST_USERS.get("INVALID_USER_NAME"))) {
            this.events.expect(EventType.LOGIN_ERROR).user((String) null).error("user_not_found").assertEvent();
        } else if (str.equals(DEFAULT_TEST_USERS.get("VALID_USER_EMAIL")) || str.equals(DEFAULT_TEST_USERS.get("VALID_USER_NAME"))) {
            List search = getAdminClient().realm("test").users().search(DEFAULT_TEST_USERS.get("VALID_USER_NAME"));
            Assert.assertTrue(!search.isEmpty());
            this.events.expect(EventType.LOGIN_ERROR).user(((UserRepresentation) search.get(0)).getId()).error("invalid_user_credentials").assertEvent();
        }
    }

    private void runLDAPLoginTest() {
        String str = DEFAULT_TEST_USERS.get("EMPTY_USER_PASSWORD");
        String str2 = DEFAULT_TEST_USERS.get("INVALID_USER_EMAIL");
        String str3 = DEFAULT_TEST_USERS.get("INVALID_USER_PASSWORD");
        String str4 = DEFAULT_TEST_USERS.get("INVALID_USER_NAME");
        String str5 = DEFAULT_TEST_USERS.get("VALID_USER_EMAIL");
        String str6 = DEFAULT_TEST_USERS.get("VALID_USER_PASSWORD");
        String str7 = DEFAULT_TEST_USERS.get("VALID_USER_NAME");
        verifyLoginSucceededAndLogout(str7, str6);
        verifyLoginSucceededAndLogout(str5, str6);
        verifyLoginFailed(str7, str);
        verifyLoginFailed(str5, str);
        verifyLoginFailed(str7, str3);
        verifyLoginFailed(str5, str3);
        verifyLoginFailed(str4, str3);
        verifyLoginFailed(str2, str3);
    }

    private void verifyConnectionUrlProtocolPrefix(String str) {
        String str2 = (String) this.ldapRule.getConfig().get("connectionUrl");
        Assert.assertTrue(!str2.isEmpty() && str2.startsWith(str));
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.NONE)
    public void loginLDAPUserAuthenticationSimpleEncryptionNone() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.NONE)
    @AuthServerContainerExclude(value = {AuthServerContainerExclude.AuthServer.QUARKUS, AuthServerContainerExclude.AuthServer.REMOTE}, details = "java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx")
    public void loginLDAPUserCredentialVaultAuthenticationSimpleEncryptionNone() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.SSL)
    public void loginLDAPUserAuthenticationSimpleEncryptionSSL() {
        verifyConnectionUrlProtocolPrefix("ldaps://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.SSL)
    @AuthServerContainerExclude(value = {AuthServerContainerExclude.AuthServer.QUARKUS, AuthServerContainerExclude.AuthServer.REMOTE}, details = "java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx")
    public void loginLDAPUserCredentialVaultAuthenticationSimpleEncryptionSSL() {
        verifyConnectionUrlProtocolPrefix("ldaps://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.STARTTLS)
    public void loginLDAPUserAuthenticationSimpleEncryptionStartTLS() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.SIMPLE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.STARTTLS)
    @AuthServerContainerExclude(value = {AuthServerContainerExclude.AuthServer.QUARKUS, AuthServerContainerExclude.AuthServer.REMOTE}, details = "java.io.NotSerializableException: com.sun.jndi.ldap.LdapCtx")
    public void loginLDAPUserCredentialVaultAuthenticationSimpleEncryptionStartTLS() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.NONE)
    public void loginLDAPUserAuthenticationNoneEncryptionNone() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.NONE)
    public void loginLDAPUserCredentialVaultAuthenticationNoneEncryptionNone() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.SSL)
    public void loginLDAPUserAuthenticationNoneEncryptionSSL() {
        verifyConnectionUrlProtocolPrefix("ldaps://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.SSL)
    public void loginLDAPUserCredentialVaultAuthenticationNoneEncryptionSSL() {
        verifyConnectionUrlProtocolPrefix("ldaps://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.STARTTLS)
    public void loginLDAPUserAuthenticationNoneEncryptionStartTLS() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    @Test
    @LDAPRule.LDAPConnectionParameters(bindCredential = LDAPRule.LDAPConnectionParameters.BindCredential.VAULT, bindType = LDAPRule.LDAPConnectionParameters.BindType.NONE, encryption = LDAPRule.LDAPConnectionParameters.Encryption.STARTTLS)
    public void loginLDAPUserCredentialVaultAuthenticationNoneEncryptionStartTLS() {
        verifyConnectionUrlProtocolPrefix("ldap://");
        runLDAPLoginTest();
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -856366662:
                if (implMethodName.equals("lambda$afterImportTestRealm$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/ldap/LDAPUserLoginTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        LDAPTestContext init = LDAPTestContext.init(keycloakSession);
                        RealmModel realm = init.getRealm();
                        LDAPTestUtils.removeAllLDAPUsers(init.getLdapProvider(), realm);
                        LDAPTestUtils.updateLDAPPassword(init.getLdapProvider(), LDAPTestUtils.addLDAPUser(init.getLdapProvider(), realm, DEFAULT_TEST_USERS.get("VALID_USER_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_FIRST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_LAST_NAME"), DEFAULT_TEST_USERS.get("VALID_USER_EMAIL"), DEFAULT_TEST_USERS.get("VALID_USER_STREET"), new String[]{DEFAULT_TEST_USERS.get("VALID_USER_POSTAL_CODE")}), DEFAULT_TEST_USERS.get("VALID_USER_PASSWORD"));
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }

    static {
        DEFAULT_TEST_USERS.put("EMPTY_USER_PASSWORD", new String());
        DEFAULT_TEST_USERS.put("INVALID_USER_NAME", "userUnknown");
        DEFAULT_TEST_USERS.put("INVALID_USER_EMAIL", "unknown@keycloak.org");
        DEFAULT_TEST_USERS.put("INVALID_USER_PASSWORD", "1nval!D");
        DEFAULT_TEST_USERS.put("VALID_USER_EMAIL", "jdoe@keycloak.org");
        DEFAULT_TEST_USERS.put("VALID_USER_NAME", "jdoe");
        DEFAULT_TEST_USERS.put("VALID_USER_FIRST_NAME", "John");
        DEFAULT_TEST_USERS.put("VALID_USER_LAST_NAME", "Doe");
        DEFAULT_TEST_USERS.put("VALID_USER_PASSWORD", "P@ssw0rd!");
        DEFAULT_TEST_USERS.put("VALID_USER_POSTAL_CODE", "12345");
        DEFAULT_TEST_USERS.put("VALID_USER_STREET", "1th Avenue");
    }
}
