package org.keycloak.testsuite.ssl;

import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.AuthRealm;
import org.keycloak.testsuite.auth.page.account.AccountManagement;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.auth.page.login.VerifyEmail;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.util.MailAssert;
import org.keycloak.testsuite.util.SslMailServer;
import org.keycloak.testsuite.util.URLAssert;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/ssl/TrustStoreEmailTest.class */
public class TrustStoreEmailTest extends AbstractTestRealmKeycloakTest {

    @Page
    protected OIDCLogin testRealmLoginPage;

    @Page
    protected AuthRealm testRealmPage;

    @Page
    protected AccountManagement accountManagement;

    @Page
    private VerifyEmail testRealmVerifyEmailPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        this.log.info("enable verify email and configure smtp server to run with ssl in test realm");
        realmRepresentation.setSmtpServer(SslMailServer.getServerConfiguration());
        realmRepresentation.setVerifyEmail(true);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.testRealmPage.setAuthRealm("test");
        this.testRealmVerifyEmailPage.setAuthRealm(this.testRealmPage);
        this.accountManagement.setAuthRealm(this.testRealmPage);
        this.testRealmLoginPage.setAuthRealm(this.testRealmPage);
    }

    @After
    public void afterTrustStoreEmailTest() {
        SslMailServer.stop();
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void verifyEmailWithSslEnabled() {
        UserRepresentation findUserByUsername = ApiUtil.findUserByUsername(testRealm(), AssertEvents.DEFAULT_USERNAME);
        SslMailServer.startWithSsl(getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
        this.accountManagement.navigateTo();
        this.testRealmLoginPage.form().login(findUserByUsername.getUsername(), "password");
        String str = (String) this.events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL).user(findUserByUsername.getId()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("username", AssertEvents.DEFAULT_USERNAME).detail("email", AssertEvents.DEFAULT_USERNAME).removeDetail("redirect_uri").assertEvent().getDetails().get("code_id");
        Assert.assertEquals("You need to verify your email address to activate your account.", this.testRealmVerifyEmailPage.feedbackMessage().getText());
        String assertEmailAndGetUrl = MailAssert.assertEmailAndGetUrl("server@mail.test", findUserByUsername.getEmail(), "Someone has created a Test account with this email address.", true);
        this.log.info("navigating to url from email: " + assertEmailAndGetUrl);
        this.driver.navigate().to(assertEmailAndGetUrl);
        this.events.expectRequiredAction(EventType.VERIFY_EMAIL).user(findUserByUsername.getId()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("username", AssertEvents.DEFAULT_USERNAME).detail("email", AssertEvents.DEFAULT_USERNAME).detail("code_id", str).removeDetail("redirect_uri").assertEvent();
        this.events.expectLogin().client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).user(findUserByUsername.getId()).session(str).detail("username", AssertEvents.DEFAULT_USERNAME).removeDetail("redirect_uri").assertEvent();
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.accountManagement);
        this.accountManagement.signOut();
        this.testRealmLoginPage.form().login(findUserByUsername.getUsername(), "password");
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.accountManagement);
    }

    @Test
    public void verifyEmailWithSslWrongCertificate() throws Exception {
        UserRepresentation findUserByUsername = ApiUtil.findUserByUsername(testRealm(), AssertEvents.DEFAULT_USERNAME);
        SslMailServer.startWithSsl(getClass().getClassLoader().getResource(SslMailServer.INVALID_KEY).getFile());
        this.accountManagement.navigateTo();
        this.loginPage.form().login(findUserByUsername.getUsername(), "password");
        this.events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL_ERROR).error("email_send_failed").user(findUserByUsername.getId()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("username", AssertEvents.DEFAULT_USERNAME).detail("email", AssertEvents.DEFAULT_USERNAME).removeDetail("redirect_uri").assertEvent();
        org.keycloak.testsuite.Assert.assertNull(SslMailServer.getLastReceivedMessage());
        Assert.assertEquals("You need to verify your email address to activate your account.", this.testRealmVerifyEmailPage.feedbackMessage().getText());
    }

    @Test
    public void verifyEmailWithSslWrongHostname() throws Exception {
        UserRepresentation findUserByUsername = ApiUtil.findUserByUsername(testRealm(), AssertEvents.DEFAULT_USERNAME);
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.getSmtpServer().put("host", "localhost.localdomain");
        testRealm().update(representation);
        try {
            SslMailServer.startWithSsl(getClass().getClassLoader().getResource(SslMailServer.PRIVATE_KEY).getFile());
            this.accountManagement.navigateTo();
            this.loginPage.form().login(findUserByUsername.getUsername(), "password");
            this.events.expectRequiredAction(EventType.SEND_VERIFY_EMAIL_ERROR).error("email_send_failed").user(findUserByUsername.getId()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("username", AssertEvents.DEFAULT_USERNAME).detail("email", AssertEvents.DEFAULT_USERNAME).removeDetail("redirect_uri").assertEvent();
            org.keycloak.testsuite.Assert.assertNull(SslMailServer.getLastReceivedMessage());
            Assert.assertEquals("You need to verify your email address to activate your account.", this.testRealmVerifyEmailPage.feedbackMessage().getText());
        } finally {
            representation.getSmtpServer().put("host", DockerClientTest.REGISTRY_HOSTNAME);
            testRealm().update(representation);
        }
    }
}
