package org.keycloak.testsuite.broker;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.util.ClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcSamlBrokerConfiguration.class */
public class KcSamlBrokerConfiguration implements BrokerConfiguration {
    public static final KcSamlBrokerConfiguration INSTANCE = new KcSamlBrokerConfiguration();
    public static final String ATTRIBUTE_TO_MAP_FRIENDLY_NAME = "user-attribute-friendly";
    private final boolean loginHint;

    public KcSamlBrokerConfiguration() {
        this(false);
    }

    public KcSamlBrokerConfiguration(boolean z) {
        this.loginHint = z;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public RealmRepresentation createProviderRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setEnabled(true);
        realmRepresentation.setRealm("provider");
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public RealmRepresentation createConsumerRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setEnabled(true);
        realmRepresentation.setRealm("consumer");
        realmRepresentation.setResetPasswordAllowed(true);
        realmRepresentation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public List<ClientRepresentation> createProviderClients() {
        return new LinkedList(Collections.singleton(createProviderClient(getIDPClientIdInProviderRealm())));
    }

    private ClientRepresentation createProviderClient(String str) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(str);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setProtocol("saml");
        clientRepresentation.setRedirectUris(Collections.singletonList(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-saml-idp/endpoint"));
        HashMap hashMap = new HashMap();
        hashMap.put("saml.authnstatement", "true");
        hashMap.put("saml_single_logout_service_url_post", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-saml-idp/endpoint");
        hashMap.put("saml_assertion_consumer_url_post", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-saml-idp/endpoint");
        hashMap.put("saml_force_name_id_format", "true");
        hashMap.put("saml_name_id_format", "username");
        hashMap.put("saml.assertion.signature", "false");
        hashMap.put("saml.server.signature", "false");
        hashMap.put("saml.client.signature", "false");
        hashMap.put("saml.encrypt", "false");
        hashMap.put("loginHint", String.valueOf(this.loginHint));
        clientRepresentation.setAttributes(hashMap);
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setName("email");
        protocolMapperRepresentation.setProtocol("saml");
        protocolMapperRepresentation.setProtocolMapper("saml-user-property-mapper");
        Map config = protocolMapperRepresentation.getConfig();
        config.put("user.attribute", "email");
        config.put("attribute.name", "urn:oid:1.2.840.113549.1.9.1");
        config.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        config.put("friendly.name", "email");
        ProtocolMapperRepresentation protocolMapperRepresentation2 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation2.setName("email - dotted");
        protocolMapperRepresentation2.setProtocol("saml");
        protocolMapperRepresentation2.setProtocolMapper("saml-user-attribute-mapper");
        Map config2 = protocolMapperRepresentation2.getConfig();
        config2.put("user.attribute", "dotted.email");
        config2.put("attribute.name", "dotted.email");
        config2.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        ProtocolMapperRepresentation protocolMapperRepresentation3 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation3.setName("email - nested");
        protocolMapperRepresentation3.setProtocol("saml");
        protocolMapperRepresentation3.setProtocolMapper("saml-user-attribute-mapper");
        Map config3 = protocolMapperRepresentation3.getConfig();
        config3.put("user.attribute", "nested.email");
        config3.put("attribute.name", "nested.email");
        config3.put("attribute.nameformat", "urn:oasis:names:tc:SAML:2.0:attrname-format:uri");
        ProtocolMapperRepresentation protocolMapperRepresentation4 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation4.setName("attribute - name");
        protocolMapperRepresentation4.setProtocol("saml");
        protocolMapperRepresentation4.setProtocolMapper("saml-user-attribute-mapper");
        Map config4 = protocolMapperRepresentation4.getConfig();
        config4.put("user.attribute", JsonUserAttributeMapperTest.USER_ATTRIBUTE);
        config4.put("attribute.name", JsonUserAttributeMapperTest.USER_ATTRIBUTE);
        config4.put("attribute.nameformat", "Basic");
        config4.put("friendly.name", "");
        ProtocolMapperRepresentation protocolMapperRepresentation5 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation5.setName("attribute - name 2");
        protocolMapperRepresentation5.setProtocol("saml");
        protocolMapperRepresentation5.setProtocolMapper("saml-user-attribute-mapper");
        Map config5 = protocolMapperRepresentation5.getConfig();
        config5.put("user.attribute", "user-attribute-2");
        config5.put("attribute.name", "user-attribute-2");
        config5.put("attribute.nameformat", "Basic");
        config5.put("friendly.name", "");
        ProtocolMapperRepresentation protocolMapperRepresentation6 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation6.setName("attribute - friendly name");
        protocolMapperRepresentation6.setProtocol("saml");
        protocolMapperRepresentation6.setProtocolMapper("saml-user-attribute-mapper");
        Map config6 = protocolMapperRepresentation6.getConfig();
        config6.put("user.attribute", ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
        config6.put("attribute.name", "urn:oid:1.2.3.4.5.6.7");
        config6.put("attribute.nameformat", "Basic");
        config6.put("friendly.name", ATTRIBUTE_TO_MAP_FRIENDLY_NAME);
        clientRepresentation.setProtocolMappers(Arrays.asList(protocolMapperRepresentation, protocolMapperRepresentation2, protocolMapperRepresentation3, protocolMapperRepresentation4, protocolMapperRepresentation5, protocolMapperRepresentation6));
        return clientRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public List<ClientRepresentation> createConsumerClients() {
        return Arrays.asList(ClientBuilder.create().clientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).enabled(true).fullScopeEnabled(true).protocol("saml").baseUrl(BrokerTestTools.getConsumerRoot() + "/sales-post").addRedirectUri(BrokerTestTools.getConsumerRoot() + "/sales-post/*").attribute("saml.authnstatement", "true").attribute("saml.client.signature", "false").build(), ClientBuilder.create().clientId("http://localhost:8280/sales-post/.dot/ted").enabled(true).fullScopeEnabled(true).protocol("saml").baseUrl(BrokerTestTools.getConsumerRoot() + "/sales-post").addRedirectUri(BrokerTestTools.getConsumerRoot() + "/sales-post/*").attribute("saml.authnstatement", "true").attribute("saml.client.signature", "false").attribute("saml_idp_initiated_sso_url_name", "sales-post").attribute("saml_assertion_consumer_url_post", BrokerTestTools.getConsumerRoot() + "/sales-post/saml").build(), ClientBuilder.create().clientId("broker-app").name("broker-app").secret("broker-app-secret").enabled(true).directAccessGrants().addRedirectUri(BrokerTestTools.getConsumerRoot() + "/auth/*").baseUrl(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/app").build());
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode identityProviderSyncMode) {
        IdentityProviderRepresentation createIdentityProvider = BrokerTestTools.createIdentityProvider("kc-saml-idp", "saml");
        createIdentityProvider.setTrustEmail(true);
        createIdentityProvider.setAddReadTokenRoleOnCreate(true);
        createIdentityProvider.setStoreToken(true);
        Map config = createIdentityProvider.getConfig();
        config.put("syncMode", identityProviderSyncMode.toString());
        config.put("singleSignOnServiceUrl", BrokerTestTools.getProviderRoot() + "/auth/realms/provider/protocol/saml");
        config.put("singleLogoutServiceUrl", BrokerTestTools.getProviderRoot() + "/auth/realms/provider/protocol/saml");
        config.put("nameIDPolicyFormat", "urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress");
        config.put("forceAuthn", "false");
        config.put("loginHint", String.valueOf(this.loginHint));
        config.put("postBindingResponse", "true");
        config.put("postBindingAuthnRequest", "true");
        config.put("validateSignature", "false");
        config.put("wantAuthnRequestsSigned", "false");
        config.put("backchannelSupported", "false");
        return createIdentityProvider;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String providerRealmName() {
        return "provider";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String consumerRealmName() {
        return "consumer";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getIDPClientIdInProviderRealm() {
        return BrokerTestTools.getConsumerRoot() + "/auth/realms/" + consumerRealmName();
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserLogin() {
        return "testuser";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserPassword() {
        return "password";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserEmail() {
        return "user@localhost.com";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getIDPAlias() {
        return "kc-saml-idp";
    }
}
