package org.keycloak.testsuite.saml;

import java.io.IOException;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ProtocolMappersUpdater;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.ServerURLs;

/* loaded from: input_file:org/keycloak/testsuite/saml/NameIdMapperTest.class */
public class NameIdMapperTest extends AbstractSamlTest {
    public static final String SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2;
    private ClientAttributeUpdater cau;
    private ProtocolMappersUpdater pmu;

    @Before
    public void setNameIdConfigAndCleanMappers() {
        this.cau = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2).setAttribute("saml_name_id_format", "username").setAttribute("saml_force_name_id_format", "true").update();
        this.pmu = this.cau.protocolMappers().clear().update();
    }

    @After
    public void revertCleanMappersAndScopes() throws IOException {
        this.pmu.close();
        this.cau.close();
    }

    @Test
    public void testNameIdMapper() {
        this.pmu.add(new ProtocolMapperRepresentation[]{RoleMapperTest.createSamlProtocolMapper("saml-user-attribute-nameid-mapper", "mapper.nameid.format", JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get(), "user.attribute", "email")}).update();
        testExpectedNameId(this.bburkeUser.getEmail());
    }

    @Test
    public void testNameIdMapperNotFound() {
        this.pmu.add(new ProtocolMapperRepresentation[]{RoleMapperTest.createSamlProtocolMapper("saml-user-attribute-nameid-mapper", "mapper.nameid.format", JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.get(), "user.attribute", "email")}).update();
        testExpectedNameId(this.bburkeUser.getUsername());
    }

    @Test
    public void testNameIdMapperValueIsNull() {
        this.pmu.add(new ProtocolMapperRepresentation[]{RoleMapperTest.createSamlProtocolMapper("saml-user-attribute-nameid-mapper", "mapper.nameid.format", JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.get(), "user.attribute", "keycloak")}).update();
        testExpectedStatusCode(JBossSAMLURIConstants.STATUS_INVALID_NAMEIDPOLICY.get());
    }

    private void testExpectedNameId(String str) {
        ResponseType samlResponseObject = getSamlResponseObject();
        Assert.assertEquals(str, ((ResponseType.RTChoiceType) samlResponseObject.getAssertions().get(0)).getAssertion().getSubject().getSubType().getBaseID().getValue());
        Assert.assertEquals(JBossSAMLURIConstants.STATUS_SUCCESS.get(), samlResponseObject.getStatus().getStatusCode().getValue().toString());
    }

    private void testExpectedStatusCode(String str) {
        Assert.assertEquals(str, getSamlResponseObject().getStatus().getStatusCode().getStatusCode().getValue().toString());
    }

    private ResponseType getSamlResponseObject() {
        return new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_EMPLOYEE_2, SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().getSamlResponse(SamlClient.Binding.POST).getSamlObject();
    }

    static {
        SAML_ASSERTION_CONSUMER_URL_EMPLOYEE_2 = ServerURLs.AUTH_SERVER_SCHEME + "://localhost:" + (ServerURLs.AUTH_SERVER_SSL_REQUIRED ? ServerURLs.AUTH_SERVER_PORT : 8080) + "/employee2/";
    }
}
