package org.keycloak.testsuite.script;

import java.io.IOException;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.TargetsContainer;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.After;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.forms.AbstractFlowTest;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.ExecutionBuilder;
import org.keycloak.testsuite.util.FlowBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.util.JsonSerialization;

@EnableFeature(value = Profile.Feature.SCRIPTS, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/script/DeployedScriptAuthenticatorTest.class */
public class DeployedScriptAuthenticatorTest extends AbstractFlowTest {
    public static final String EXECUTION_ID = "scriptAuth";
    private static final String SCRIPT_DEPLOYMENT_NAME = "scripts.jar";

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected LoginPage loginPage;

    @ArquillianResource
    private Deployer deployer;
    private AuthenticationFlowRepresentation flow;

    @Deployment(name = SCRIPT_DEPLOYMENT_NAME, managed = false, testable = false)
    @TargetsContainer("auth-server-current")
    public static JavaArchive deploy() throws IOException {
        ScriptProviderDescriptor scriptProviderDescriptor = new ScriptProviderDescriptor();
        scriptProviderDescriptor.addAuthenticator("My Authenticator", "authenticator-a.js");
        return ShrinkWrap.create(JavaArchive.class, SCRIPT_DEPLOYMENT_NAME).addAsManifestResource(new StringAsset(JsonSerialization.writeValueAsPrettyString(scriptProviderDescriptor)), "keycloak-scripts.json").addAsResource("scripts/authenticator-example.js", "authenticator-a.js");
    }

    @BeforeClass
    public static void verifyEnvironment() {
        ContainerAssume.assumeNotAuthServerUndertow();
        ContainerAssume.assumeNotAuthServerQuarkus();
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation build = UserBuilder.create().id("fail").username("fail").email("fail@test.com").enabled(true).password("password").build();
        RealmBuilder.edit(realmRepresentation).user(build).user(UserBuilder.create().id("user").username("user").email("user@test.com").enabled(true).password("password").build());
    }

    public void configureFlows() {
        this.deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
        if (this.testContext.isInitialized()) {
            return;
        }
        Assert.assertEquals(201L, testRealm().flows().createFlow(FlowBuilder.create().alias("scriptBrowser").description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build()).getStatus());
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setBrowserFlow("scriptBrowser");
        representation.setDirectGrantFlow("scriptBrowser");
        testRealm().update(representation);
        this.flow = findFlowByAlias("scriptBrowser");
        AuthenticationExecutionRepresentation build = ExecutionBuilder.create().id("username password form").parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator("auth-username-password-form").build();
        AuthenticationExecutionRepresentation build2 = ExecutionBuilder.create().id("scriptAuth").parentFlow(this.flow.getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.name()).authenticator("script-authenticator-a.js").build();
        Response addExecution = testRealm().flows().addExecution(build);
        Assert.assertEquals(201L, addExecution.getStatus());
        addExecution.close();
        Response addExecution2 = testRealm().flows().addExecution(build2);
        Assert.assertEquals(201L, addExecution2.getStatus());
        addExecution2.close();
        this.testContext.setInitialized(true);
    }

    @After
    public void onAfter() {
        this.deployer.undeploy(SCRIPT_DEPLOYMENT_NAME);
    }

    @Test
    public void loginShouldWorkWithScriptAuthenticator() {
        configureFlows();
        this.loginPage.open();
        this.loginPage.login("user", "password");
        this.events.expectLogin().user("user").detail("username", "user").assertEvent();
    }

    @Test
    public void loginShouldFailWithScriptAuthenticator() {
        configureFlows();
        this.loginPage.open();
        this.loginPage.login("fail", "password");
        this.events.expect(EventType.LOGIN_ERROR).user((String) null).error("user_not_found").assertEvent();
    }

    @Test
    @DisableFeature(value = Profile.Feature.SCRIPTS, executeAsLast = false, skipRestart = true)
    public void testScriptAuthenticatorNotAvailable() {
        Assert.assertFalse(testRealm().flows().getAuthenticatorProviders().stream().anyMatch(map -> {
            return "auth-script-based".equals(map.get("id"));
        }));
    }
}
