package org.keycloak.testsuite.policy;

import java.util.function.Consumer;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Response;
import org.junit.After;
import org.junit.Before;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.admin.ApiUtil;

/* loaded from: input_file:org/keycloak/testsuite/policy/PasswordHistoryPolicyTest.class */
public class PasswordHistoryPolicyTest extends AbstractAuthTest {
    UserResource user;

    private void setPasswordHistory(String str) {
        this.log.info(String.format("Setting %s", str));
        RealmRepresentation representation = testRealmResource().toRepresentation();
        representation.setPasswordPolicy(str);
        testRealmResource().update(representation);
    }

    private void setPasswordHistoryValue(String str) {
        setPasswordHistory(String.format("passwordHistory(%s)", str));
    }

    private void setPasswordHistoryValue(int i) {
        setPasswordHistoryValue(String.valueOf(i));
    }

    public UserRepresentation createUserRepresentation(String str) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(str);
        userRepresentation.setEmail(String.format("%s@email.test", userRepresentation.getUsername()));
        userRepresentation.setEmailVerified(true);
        return userRepresentation;
    }

    public UserResource createUser(UserRepresentation userRepresentation) {
        Response create = testRealmResource().users().create(userRepresentation);
        Throwable th = null;
        try {
            try {
                String createdId = ApiUtil.getCreatedId(create);
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                return testRealmResource().users().get(createdId);
            } finally {
            }
        } catch (Throwable th3) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    public void resetUserPassword(UserResource userResource, String str) {
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue(str);
        credentialRepresentation.setTemporary(false);
        userResource.resetPassword(credentialRepresentation);
    }

    private void expectBadRequestException(Consumer<Void> consumer) {
        try {
            consumer.accept(null);
            throw new AssertionError("An expected BadRequestException was not thrown.");
        } catch (BadRequestException e) {
            this.log.info("An expected BadRequestException was caught.");
        }
    }

    @Before
    public void before() {
        this.user = createUser(createUserRepresentation("test_user"));
    }

    @After
    public void after() {
        this.user.remove();
    }

    @Test
    public void testPasswordHistory_noHistory() {
        setPasswordHistory("");
        resetUserPassword(this.user, "secret");
        resetUserPassword(this.user, "secret");
    }

    @Test
    public void testPasswordHistory_length1() {
        setPasswordHistoryValue(1);
        resetUserPassword(this.user, "secret");
        expectBadRequestException(r5 -> {
            resetUserPassword(this.user, "secret");
        });
        resetUserPassword(this.user, "secret_2");
    }

    @Test
    public void testPasswordHistory_length2() {
        setPasswordHistoryValue(2);
        resetUserPassword(this.user, "secret");
        resetUserPassword(this.user, "secret_2");
        expectBadRequestException(r5 -> {
            resetUserPassword(this.user, "secret_2");
        });
        expectBadRequestException(r52 -> {
            resetUserPassword(this.user, "secret");
        });
        resetUserPassword(this.user, "secret_3");
        expectBadRequestException(r53 -> {
            resetUserPassword(this.user, "secret_3");
        });
        expectBadRequestException(r54 -> {
            resetUserPassword(this.user, "secret_2");
        });
        resetUserPassword(this.user, "secret");
    }

    @Test
    public void testPasswordHistory_length3() {
        setPasswordHistoryValue(3);
        resetUserPassword(this.user, "secret");
        resetUserPassword(this.user, "secret_2");
        resetUserPassword(this.user, "secret_3");
        expectBadRequestException(r5 -> {
            resetUserPassword(this.user, "secret_3");
        });
        expectBadRequestException(r52 -> {
            resetUserPassword(this.user, "secret_2");
        });
        expectBadRequestException(r53 -> {
            resetUserPassword(this.user, "secret");
        });
        resetUserPassword(this.user, "secret_4");
        expectBadRequestException(r54 -> {
            resetUserPassword(this.user, "secret_4");
        });
        expectBadRequestException(r55 -> {
            resetUserPassword(this.user, "secret_3");
        });
        expectBadRequestException(r56 -> {
            resetUserPassword(this.user, "secret_2");
        });
        resetUserPassword(this.user, "secret");
    }

    @Test
    public void testPasswordHistory_lengthChange() {
        testPasswordHistory_length3();
        setPasswordHistoryValue(2);
        expectBadRequestException(r5 -> {
            resetUserPassword(this.user, "secret");
        });
        expectBadRequestException(r52 -> {
            resetUserPassword(this.user, "secret_4");
        });
        resetUserPassword(this.user, "secret_2");
        setPasswordHistoryValue(1);
        expectBadRequestException(r53 -> {
            resetUserPassword(this.user, "secret_2");
        });
        resetUserPassword(this.user, "secret");
        setPasswordHistory("");
        resetUserPassword(this.user, "secret");
    }

    @Test
    public void testInvalidPasswordHistoryPolicyValue_notANumber() {
        expectBadRequestException(r4 -> {
            setPasswordHistoryValue("abc");
        });
        expectBadRequestException(r42 -> {
            setPasswordHistoryValue("2-");
        });
        expectBadRequestException(r43 -> {
            setPasswordHistoryValue("-2-");
        });
    }

    @Test
    @Ignore("KEYCLOAK-12673")
    public void testInvalidPasswordHistoryPolicyValue_zero() {
        expectBadRequestException(r4 -> {
            setPasswordHistoryValue(0);
        });
    }

    @Test
    @Ignore("KEYCLOAK-12673")
    public void testInvalidPasswordHistoryPolicyValue_negative() {
        expectBadRequestException(r4 -> {
            setPasswordHistoryValue(-1);
        });
        expectBadRequestException(r42 -> {
            setPasswordHistoryValue(-2);
        });
        expectBadRequestException(r43 -> {
            setPasswordHistoryValue(-10);
        });
    }
}
