package org.keycloak.testsuite.forms;

import java.lang.invoke.SerializedLambda;
import java.util.Arrays;
import java.util.List;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.oauth.RefreshTokenTest;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.LoginUsernameOnlyPage;
import org.keycloak.testsuite.pages.PasswordPage;
import org.keycloak.testsuite.pages.SelectAuthenticatorPage;
import org.keycloak.testsuite.saml.ConcurrentAuthnRequestTest;
import org.keycloak.testsuite.util.FlowUtil;
import org.keycloak.testsuite.util.OAuthClient;
import org.openqa.selenium.WebDriver;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/forms/MultiFactorAuthenticationTest.class */
public class MultiFactorAuthenticationTest extends AbstractTestRealmKeycloakTest {

    @ArquillianResource
    protected OAuthClient oauth;

    @Drone
    protected WebDriver driver;

    @Page
    protected LoginPage loginPage;

    @Page
    protected LoginUsernameOnlyPage loginUsernameOnlyPage;

    @Page
    protected PasswordPage passwordPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected LoginTotpPage loginTotpPage;

    @Page
    protected SelectAuthenticatorPage selectAuthenticatorPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    private RealmRepresentation loadTestRealm() {
        RealmRepresentation realmRepresentation = (RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
        realmRepresentation.setBrowserFlow("browser");
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        this.log.debug("Adding test realm for import from testrealm.json");
        list.add(loadTestRealm());
    }

    @Test
    public void testAlternativeCredentials() {
        try {
            configureBrowserFlowWithAlternativeCredentials();
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login(AssertEvents.DEFAULT_USERNAME);
            this.passwordPage.assertCurrent();
            this.loginTotpPage.assertTryAnotherWayLinkAvailability(false);
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login("user-with-one-configured-otp");
            this.passwordPage.assertCurrent();
            this.passwordPage.assertTryAnotherWayLinkAvailability(true);
            this.passwordPage.clickTryAnotherWayLink();
            this.selectAuthenticatorPage.assertCurrent();
            Assert.assertEquals(Arrays.asList("Password", "Authenticator Application"), this.selectAuthenticatorPage.getAvailableLoginMethods());
            Assert.assertEquals("Sign in by entering your password.", this.selectAuthenticatorPage.getLoginMethodHelpText("Password"));
            Assert.assertEquals("Enter a verification code from authenticator application.", this.selectAuthenticatorPage.getLoginMethodHelpText("Authenticator Application"));
            this.selectAuthenticatorPage.selectLoginMethod("Authenticator Application");
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.assertTryAnotherWayLinkAvailability(true);
            this.loginTotpPage.assertOtpCredentialSelectorAvailability(false);
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login("user-with-two-configured-otp");
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.assertTryAnotherWayLinkAvailability(true);
            this.loginTotpPage.assertOtpCredentialSelectorAvailability(true);
            this.loginTotpPage.clickTryAnotherWayLink();
            this.selectAuthenticatorPage.assertCurrent();
            Assert.assertEquals(Arrays.asList("Authenticator Application", "Password"), this.selectAuthenticatorPage.getAvailableLoginMethods());
        } finally {
            BrowserFlowTest.revertFlows(testRealm(), "browser - alternative");
        }
    }

    private void configureBrowserFlowWithAlternativeCredentials() {
        configureBrowserFlowWithAlternativeCredentials(this.testingClient);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void configureBrowserFlowWithAlternativeCredentials(KeycloakTestingClient keycloakTestingClient) {
        keycloakTestingClient.server("test").run(keycloakSession -> {
            FlowUtil.inCurrentRealm(keycloakSession).copyBrowserFlow("browser - alternative");
        });
        keycloakTestingClient.server("test").run(keycloakSession2 -> {
            FlowUtil.inCurrentRealm(keycloakSession2).selectFlow("browser - alternative").inForms(flowUtil -> {
                flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                    flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-password-form").addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-otp-form");
                });
            }).defineAsBrowserFlow();
        });
    }

    @Test
    public void testAlternativeMechanismsInDifferentSubflows() {
        this.testingClient.server("test").run(keycloakSession -> {
            FlowUtil.inCurrentRealm(keycloakSession).copyBrowserFlow("browser - alternative mechanisms");
        });
        this.testingClient.server("test").run(keycloakSession2 -> {
            FlowUtil.inCurrentRealm(keycloakSession2).selectFlow("browser - alternative mechanisms").inForms(flowUtil -> {
                flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                    flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-password-form").addSubFlowExecution("otp subflow", "basic-flow", AuthenticationExecutionModel.Requirement.ALTERNATIVE, flowUtil -> {
                        flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-otp-form");
                    });
                });
            }).defineAsBrowserFlow();
        });
        try {
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login("user-with-one-configured-otp");
            this.passwordPage.assertCurrent();
            this.passwordPage.assertTryAnotherWayLinkAvailability(true);
            this.passwordPage.clickTryAnotherWayLink();
            this.selectAuthenticatorPage.assertCurrent();
            Assert.assertEquals(Arrays.asList("Password", "Authenticator Application"), this.selectAuthenticatorPage.getAvailableLoginMethods());
            this.selectAuthenticatorPage.selectLoginMethod("Authenticator Application");
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.assertTryAnotherWayLinkAvailability(true);
            this.loginTotpPage.clickTryAnotherWayLink();
            this.selectAuthenticatorPage.assertCurrent();
            Assert.assertEquals(Arrays.asList("Password", "Authenticator Application"), this.selectAuthenticatorPage.getAvailableLoginMethods());
            this.selectAuthenticatorPage.selectLoginMethod("Password");
            this.passwordPage.assertCurrent();
            this.passwordPage.login("password");
            Assert.assertFalse(this.passwordPage.isCurrent());
            Assert.assertFalse(this.loginPage.isCurrent());
            this.events.expectLogin().user(((UserRepresentation) testRealm().users().search("user-with-one-configured-otp").get(0)).getId()).detail("username", "user-with-one-configured-otp").assertEvent();
        } finally {
            BrowserFlowTest.revertFlows(testRealm(), "browser - alternative mechanisms");
        }
    }

    @Test
    @EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
    public void testAlternativeMechanismsInDifferentSubflows_firstMechanismUnavailable() {
        this.testingClient.server("test").run(keycloakSession -> {
            FlowUtil.inCurrentRealm(keycloakSession).copyBrowserFlow("browser - alternative mechanisms");
        });
        this.testingClient.server("test").run(keycloakSession2 -> {
            FlowUtil.inCurrentRealm(keycloakSession2).selectFlow("browser - alternative mechanisms").inForms(flowUtil -> {
                flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                    flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "webauthn-authenticator").addSubFlowExecution("password and otp subflow", "basic-flow", AuthenticationExecutionModel.Requirement.ALTERNATIVE, flowUtil -> {
                        flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-password-form").addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-otp-form");
                    });
                });
            }).defineAsBrowserFlow();
        });
        try {
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.login("user-with-one-configured-otp");
            this.passwordPage.assertCurrent();
            this.passwordPage.assertTryAnotherWayLinkAvailability(false);
            this.passwordPage.login("password");
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.assertTryAnotherWayLinkAvailability(false);
            this.loginTotpPage.login(new TimeBasedOTP().generateTOTP("DJmQfC73VGFhw7D4QJ8A"));
            Assert.assertFalse(this.loginTotpPage.isCurrent());
            this.events.expectLogin().user(((UserRepresentation) testRealm().users().search("user-with-one-configured-otp").get(0)).getId()).detail("username", "user-with-one-configured-otp").assertEvent();
        } finally {
            BrowserFlowTest.revertFlows(testRealm(), "browser - alternative mechanisms");
        }
    }

    @Test
    public void testUsernameLabelAndResetLogin() {
        try {
            configureBrowserFlowWithAlternativeCredentials();
            this.loginUsernameOnlyPage.open();
            this.loginUsernameOnlyPage.assertAttemptedUsernameAvailability(false);
            this.loginUsernameOnlyPage.login("user-with-one-configured-otp");
            this.passwordPage.assertCurrent();
            this.passwordPage.assertAttemptedUsernameAvailability(true);
            Assert.assertEquals("user-with-one-configured-otp", this.passwordPage.getAttemptedUsername());
            this.passwordPage.clickTryAnotherWayLink();
            this.selectAuthenticatorPage.assertCurrent();
            this.selectAuthenticatorPage.assertAttemptedUsernameAvailability(true);
            Assert.assertEquals("user-with-one-configured-otp", this.passwordPage.getAttemptedUsername());
            this.selectAuthenticatorPage.clickResetLogin();
            this.loginUsernameOnlyPage.assertCurrent();
            this.loginUsernameOnlyPage.assertAttemptedUsernameAvailability(false);
            this.loginUsernameOnlyPage.login("otp1@redhat.com");
            this.passwordPage.assertCurrent();
            this.passwordPage.assertAttemptedUsernameAvailability(true);
            Assert.assertEquals("otp1@redhat.com", this.passwordPage.getAttemptedUsername());
            this.passwordPage.login("password");
            this.events.expectLogin().user(((UserRepresentation) testRealm().users().search("user-with-one-configured-otp").get(0)).getId()).detail("username", "otp1@redhat.com").assertEvent();
        } finally {
            BrowserFlowTest.revertFlows(testRealm(), "browser - alternative");
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1531141530:
                if (implMethodName.equals("lambda$configureBrowserFlowWithAlternativeCredentials$a47537df$1")) {
                    z = 2;
                    break;
                }
                break;
            case -1531141529:
                if (implMethodName.equals("lambda$configureBrowserFlowWithAlternativeCredentials$a47537df$2")) {
                    z = 4;
                    break;
                }
                break;
            case -467585526:
                if (implMethodName.equals("lambda$testAlternativeMechanismsInDifferentSubflows_firstMechanismUnavailable$26a8868a$1")) {
                    z = 5;
                    break;
                }
                break;
            case -467585525:
                if (implMethodName.equals("lambda$testAlternativeMechanismsInDifferentSubflows_firstMechanismUnavailable$26a8868a$2")) {
                    z = 3;
                    break;
                }
                break;
            case 651329106:
                if (implMethodName.equals("lambda$testAlternativeMechanismsInDifferentSubflows$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
            case 651329107:
                if (implMethodName.equals("lambda$testAlternativeMechanismsInDifferentSubflows$26a8868a$2")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        FlowUtil.inCurrentRealm(keycloakSession).copyBrowserFlow("browser - alternative mechanisms");
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession2 -> {
                        FlowUtil.inCurrentRealm(keycloakSession2).selectFlow("browser - alternative mechanisms").inForms(flowUtil -> {
                            flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                                flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-password-form").addSubFlowExecution("otp subflow", "basic-flow", AuthenticationExecutionModel.Requirement.ALTERNATIVE, flowUtil -> {
                                    flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-otp-form");
                                });
                            });
                        }).defineAsBrowserFlow();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession3 -> {
                        FlowUtil.inCurrentRealm(keycloakSession3).copyBrowserFlow("browser - alternative");
                    };
                }
                break;
            case RefreshTokenTest.ALLOWED_CLOCK_SKEW /* 3 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession22 -> {
                        FlowUtil.inCurrentRealm(keycloakSession22).selectFlow("browser - alternative mechanisms").inForms(flowUtil -> {
                            flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                                flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "webauthn-authenticator").addSubFlowExecution("password and otp subflow", "basic-flow", AuthenticationExecutionModel.Requirement.ALTERNATIVE, flowUtil -> {
                                    flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-password-form").addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-otp-form");
                                });
                            });
                        }).defineAsBrowserFlow();
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession23 -> {
                        FlowUtil.inCurrentRealm(keycloakSession23).selectFlow("browser - alternative").inForms(flowUtil -> {
                            flowUtil.clear().addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.REQUIRED, "auth-username-form").addSubFlowExecution(AuthenticationExecutionModel.Requirement.REQUIRED, flowUtil -> {
                                flowUtil.addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-password-form").addAuthenticatorExecution(AuthenticationExecutionModel.Requirement.ALTERNATIVE, "auth-otp-form");
                            });
                        }).defineAsBrowserFlow();
                    };
                }
                break;
            case ConcurrentAuthnRequestTest.CONCURRENT_THREADS /* 5 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/forms/MultiFactorAuthenticationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession4 -> {
                        FlowUtil.inCurrentRealm(keycloakSession4).copyBrowserFlow("browser - alternative mechanisms");
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
