package org.keycloak.testsuite.crossdc;

import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.net.URISyntaxException;
import javax.ws.rs.NotFoundException;
import org.hamcrest.Matchers;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.common.util.Retry;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/crossdc/BruteForceCrossDCTest.class */
public class BruteForceCrossDCTest extends AbstractAdminCrossDCTest {
    private static final String REALM_NAME = "brute-force-test";

    @Before
    public void beforeTest() {
        this.log.debug("--DC: creating test realm");
        try {
            this.adminClient.realm(REALM_NAME).remove();
        } catch (NotFoundException e) {
        }
        UserRepresentation build = UserBuilder.create().id("login-test-1").username("login-test-1").email("login-1@test.com").enabled(true).password("password").addRoles("offline_access").build();
        this.adminClient.realms().create(RealmBuilder.create().name(REALM_NAME).user(build).user(UserBuilder.create().id("login-test-2").username("login-test-2").email("login-2@test.com").enabled(true).password("password").addRoles("offline_access").build()).client(ClientBuilder.create().clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrants().redirectUris("http://localhost:8180/auth/realms/master/app/*").addWebOrigin("http://localhost:8180").secret("password").build()).bruteForceProtected(true).build());
    }

    @Test
    public void testBruteForceWithUserOperations() throws Exception {
        enableDcOnLoadBalancer(DC.FIRST);
        enableDcOnLoadBalancer(DC.SECOND);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce();
        assertStatistics("After brute force cleared", 0, 0, 0);
        createBruteForceFailures(10, "login-test-1");
        assertStatistics("After brute force for user1 created", 10, 0, 1);
        createBruteForceFailures(10, "login-test-2");
        assertStatistics("After brute force for user2 created", 10, 10, 2);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearBruteForceForUser("login-test-1");
        assertStatistics("After brute force for user1 cleared", 0, 10, 1);
        createBruteForceFailures(10, "login-test-1");
        assertStatistics("After brute force for user1 re-created", 10, 10, 2);
        this.adminClient.realms().realm(REALM_NAME).users().get("login-test-1").remove();
        assertStatistics("After user1 removed", 0, 10, 1);
    }

    @Test
    public void testBruteForceWithRealmOperations() throws Exception {
        enableDcOnLoadBalancer(DC.FIRST);
        enableDcOnLoadBalancer(DC.SECOND);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce();
        assertStatistics("After brute force cleared", 0, 0, 0);
        createBruteForceFailures(10, "login-test-1");
        createBruteForceFailures(10, "login-test-2");
        assertStatistics("After brute force for users created", 10, 10, 2);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce();
        assertStatistics("After brute force cleared for realm", 0, 0, 0);
        createBruteForceFailures(10, "login-test-1");
        createBruteForceFailures(10, "login-test-2");
        assertStatistics("After brute force for users re-created", 10, 10, 2);
        this.adminClient.realms().realm(REALM_NAME).remove();
        Retry.execute(() -> {
            int size = getTestingClientForStartedNodeInDc(0).testing().cache("loginFailures").size();
            int size2 = getTestingClientForStartedNodeInDc(1).testing().cache("loginFailures").size();
            Assert.assertEquals(0L, size);
            Assert.assertEquals(0L, size2);
        }, 50, 50L);
    }

    @Test
    public void testDuplicatedPutIfAbsentOperation() throws Exception {
        enableDcOnLoadBalancer(DC.FIRST);
        enableDcOnLoadBalancer(DC.SECOND);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce();
        assertStatistics("After brute force cleared", 0, 0, 0);
        addUserLoginFailure(getTestingClientForStartedNodeInDc(0));
        assertStatistics("After create entry1", 1, 0, 1);
        addUserLoginFailure(getTestingClientForStartedNodeInDc(1));
        assertStatistics("After create entry2", 2, 0, 1);
    }

    @Test
    public void testBruteForceConcurrentUpdate() throws Exception {
        enableDcOnLoadBalancer(DC.FIRST);
        enableDcOnLoadBalancer(DC.SECOND);
        this.adminClient.realms().realm(REALM_NAME).attackDetection().clearAllBruteForce();
        assertStatistics("After brute force cleared", 0, 0, 0);
        addUserLoginFailure(getTestingClientForStartedNodeInDc(0));
        assertStatistics("After create entry1", 1, 0, 1);
        AbstractConcurrencyTest.run(2, 20, this, (i, keycloak, realmResource) -> {
            createBruteForceFailures(1, "login-test-1");
        });
        Retry.execute(() -> {
            int intValue = ((Integer) getAdminClientForStartedNodeInDc(0).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures")).intValue();
            int intValue2 = ((Integer) getAdminClientForStartedNodeInDc(1).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures")).intValue();
            this.log.infof("After concurrent update entry1: dc0User1=%d, dc1user1=%d", Integer.valueOf(intValue), Integer.valueOf(intValue2));
            Assert.assertThat(Integer.valueOf(intValue), Matchers.greaterThan(11));
            Assert.assertThat(Integer.valueOf(intValue2), Matchers.greaterThan(11));
        }, 50, 50L);
    }

    private void assertStatistics(String str, int i, int i2, int i3) {
        Retry.execute(() -> {
            int intValue = ((Integer) getAdminClientForStartedNodeInDc(0).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures")).intValue();
            int intValue2 = ((Integer) getAdminClientForStartedNodeInDc(1).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-1").get("numFailures")).intValue();
            int intValue3 = ((Integer) getAdminClientForStartedNodeInDc(0).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-2").get("numFailures")).intValue();
            int intValue4 = ((Integer) getAdminClientForStartedNodeInDc(1).realm(REALM_NAME).attackDetection().bruteForceUserStatus("login-test-2").get("numFailures")).intValue();
            int size = getTestingClientForStartedNodeInDc(0).testing().cache("loginFailures").size();
            int size2 = getTestingClientForStartedNodeInDc(1).testing().cache("loginFailures").size();
            this.log.infof("%s: dc0User1=%d, dc0user2=%d, dc1user1=%d, dc1user2=%d, dc0CacheSize=%d, dc1CacheSize=%d", new Object[]{str, Integer.valueOf(intValue), Integer.valueOf(intValue3), Integer.valueOf(intValue2), Integer.valueOf(intValue4), Integer.valueOf(size), Integer.valueOf(size2)});
            Assert.assertEquals(i, intValue);
            Assert.assertEquals(i2, intValue3);
            Assert.assertEquals(i, intValue2);
            Assert.assertEquals(i2, intValue4);
            Assert.assertEquals(i3, size);
            Assert.assertEquals(i3, size2);
        }, 50, 50L);
    }

    private void createBruteForceFailures(int i, String str) throws Exception {
        this.oauth.realm(REALM_NAME);
        for (int i2 = 0; i2 < i; i2++) {
            OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", str, "bad-password");
            Assert.assertNull(doGrantAccessTokenRequest.getAccessToken());
            Assert.assertNotNull(doGrantAccessTokenRequest.getError());
        }
    }

    private void addUserLoginFailure(KeycloakTestingClient keycloakTestingClient) throws URISyntaxException, IOException {
        keycloakTestingClient.server().run(keycloakSession -> {
            keycloakSession.loginFailures().addUserLoginFailure(keycloakSession.realms().getRealmByName(REALM_NAME), "login-test-1").incrementFailures();
        });
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 780599224:
                if (implMethodName.equals("lambda$addUserLoginFailure$a47537df$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/crossdc/BruteForceCrossDCTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        keycloakSession.loginFailures().addUserLoginFailure(keycloakSession.realms().getRealmByName(REALM_NAME), "login-test-1").incrementFailures();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
