package org.keycloak.testsuite.admin.authentication;

import java.util.ArrayList;
import java.util.Collections;
import java.util.Comparator;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import javax.ws.rs.NotFoundException;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.AuthenticatorConfigInfoRepresentation;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;

@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
/* loaded from: input_file:org/keycloak/testsuite/admin/authentication/ProvidersTest.class */
public class ProvidersTest extends AbstractAuthenticationTest {

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/testsuite/admin/authentication/ProvidersTest$ProviderComparator.class */
    public static class ProviderComparator implements Comparator<Map<String, Object>> {
        private ProviderComparator() {
        }

        @Override // java.util.Comparator
        public int compare(Map<String, Object> map, Map<String, Object> map2) {
            return String.valueOf(map.get("id")).compareTo(String.valueOf(map2.get("id")));
        }
    }

    @Test
    public void testFormProviders() {
        List formProviders = this.authMgmtResource.getFormProviders();
        Assert.assertNotNull("null result", formProviders);
        Assert.assertEquals("size", 1L, formProviders.size());
        Map map = (Map) formProviders.get(0);
        Assert.assertEquals("id", "registration-page-form", map.get("id"));
        Assert.assertEquals("displayName", "Registration Page", map.get("displayName"));
        Assert.assertEquals("description", "This is the controller for the registration page", map.get("description"));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testFormActionProviders() {
        List<Map<String, Object>> formActionProviders = this.authMgmtResource.getFormActionProviders();
        LinkedList linkedList = new LinkedList();
        addProviderInfo(linkedList, "registration-profile-action", "Profile Validation", "Validates email, first name, and last name attributes and stores them in user data.");
        addProviderInfo(linkedList, "registration-recaptcha-action", "Recaptcha", "Adds Google Recaptcha button.  Recaptchas verify that the entity that is registering is a human.  This can only be used on the internet and must be configured after you add it.");
        addProviderInfo(linkedList, "registration-password-action", "Password Validation", "Validates that password matches password confirmation field.  It also will store password in user's credential store.");
        addProviderInfo(linkedList, "registration-user-creation", "Registration User Creation", "This action must always be first! Validates the username of the user in validation phase.  In success phase, this will create the user in the database.");
        compareProviders(linkedList, formActionProviders);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testClientAuthenticatorProviders() {
        List<Map<String, Object>> clientAuthenticatorProviders = this.authMgmtResource.getClientAuthenticatorProviders();
        LinkedList linkedList = new LinkedList();
        addProviderInfo(linkedList, "client-jwt", "Signed Jwt", "Validates client based on signed JWT issued by client and signed with the Client private key");
        addProviderInfo(linkedList, "client-secret", "Client Id and Secret", "Validates client based on 'client_id' and 'client_secret' sent either in request parameters or in 'Authorization: Basic' header");
        addProviderInfo(linkedList, "testsuite-client-passthrough", "Testsuite Dummy Client Validation", "Testsuite dummy authenticator, which automatically authenticates hardcoded client (like 'test-app' )");
        addProviderInfo(linkedList, "testsuite-client-dummy", "Testsuite ClientId Dummy", "Dummy client authenticator, which authenticates the client with clientId only");
        addProviderInfo(linkedList, "client-x509", "X509 Certificate", "Validates client based on a X509 Certificate");
        addProviderInfo(linkedList, "client-secret-jwt", "Signed Jwt with Client Secret", "Validates client based on signed JWT issued by client and signed with the Client Secret");
        compareProviders(linkedList, clientAuthenticatorProviders);
    }

    @Test
    public void testPerClientConfigDescriptions() {
        Map perClientConfigDescription = this.authMgmtResource.getPerClientConfigDescription();
        Assert.assertTrue(perClientConfigDescription.containsKey("client-jwt"));
        Assert.assertTrue(perClientConfigDescription.containsKey("client-secret"));
        Assert.assertTrue(perClientConfigDescription.containsKey("testsuite-client-passthrough"));
        Assert.assertTrue(((List) perClientConfigDescription.get("client-jwt")).isEmpty());
        Assert.assertTrue(((List) perClientConfigDescription.get("client-secret")).isEmpty());
        List list = (List) perClientConfigDescription.get("testsuite-client-passthrough");
        Assert.assertProviderConfigProperty((ConfigPropertyRepresentation) list.get(0), "passthroughauth.foo", "Foo Property", null, "Foo Property of this authenticator, which does nothing", "String");
        Assert.assertProviderConfigProperty((ConfigPropertyRepresentation) list.get(1), "passthroughauth.bar", "Bar Property", null, "Bar Property of this authenticator, which does nothing", "boolean");
    }

    @Test
    public void testAuthenticatorConfigDescription() {
        try {
            this.authMgmtResource.getAuthenticatorConfigDescription("not-existent");
            Assert.fail("Don't expected to find provider 'not-existent'");
        } catch (NotFoundException e) {
        }
        AuthenticatorConfigInfoRepresentation authenticatorConfigDescription = this.authMgmtResource.getAuthenticatorConfigDescription("idp-create-user-if-unique");
        Assert.assertEquals("Create User If Unique", authenticatorConfigDescription.getName());
        Assert.assertEquals("idp-create-user-if-unique", authenticatorConfigDescription.getProviderId());
        Assert.assertEquals("Detect if there is existing Keycloak account with same email like identity provider. If no, create new user", authenticatorConfigDescription.getHelpText());
        Assert.assertEquals(1L, authenticatorConfigDescription.getProperties().size());
        Assert.assertProviderConfigProperty((ConfigPropertyRepresentation) authenticatorConfigDescription.getProperties().get(0), "require.password.update.after.registration", "Require Password Update After Registration", null, "If this option is true and new user is successfully imported from Identity Provider to Keycloak (there is no duplicated email or username detected in Keycloak DB), then this user is required to update his password", "boolean");
    }

    @Test
    public void testInitialAuthenticationProviders() {
        compareProviders(expectedAuthProviders(), this.authMgmtResource.getAuthenticatorProviders());
    }

    private List<Map<String, Object>> expectedAuthProviders() {
        ArrayList arrayList = new ArrayList();
        addProviderInfo(arrayList, "auth-conditional-otp-form", "Conditional OTP Form", "Validates a OTP on a separate OTP form. Only shown if required based on the configured conditions.");
        addProviderInfo(arrayList, "auth-cookie", "Cookie", "Validates the SSO cookie set by the auth server.");
        addProviderInfo(arrayList, "auth-otp-form", "OTP Form", "Validates a OTP on a separate OTP form.");
        if (Profile.isFeatureEnabled(Profile.Feature.SCRIPTS)) {
            addProviderInfo(arrayList, "auth-script-based", "Script", "Script based authentication. Allows to define custom authentication logic via JavaScript.");
        }
        addProviderInfo(arrayList, "auth-spnego", "Kerberos", "Initiates the SPNEGO protocol.  Most often used with Kerberos.");
        addProviderInfo(arrayList, "auth-username-password-form", "Username Password Form", "Validates a username and password from login form.");
        addProviderInfo(arrayList, "auth-x509-client-username-form", "X509/Validate Username Form", "Validates username and password from X509 client certificate received as a part of mutual SSL handshake.");
        addProviderInfo(arrayList, "basic-auth", "Basic Auth Challenge", "Challenge-response authentication using HTTP BASIC scheme.");
        addProviderInfo(arrayList, "basic-auth-otp", "Basic Auth Password+OTP", "Challenge-response authentication using HTTP BASIC scheme.  Password param should contain a combination of password + otp. Realm's OTP policy is used to determine how to parse this. This SHOULD NOT BE USED in conjection with regular basic auth provider.");
        addProviderInfo(arrayList, "console-username-password", "Username Password Challenge", "Proprietary challenge protocol for CLI clients that queries for username password");
        addProviderInfo(arrayList, "direct-grant-auth-x509-username", "X509/Validate Username", "Validates username and password from X509 client certificate received as a part of mutual SSL handshake.");
        addProviderInfo(arrayList, "direct-grant-validate-otp", "OTP", "Validates the one time password supplied as a 'totp' form parameter in direct grant request");
        addProviderInfo(arrayList, "direct-grant-validate-password", "Password", "Validates the password supplied as a 'password' form parameter in direct grant request");
        addProviderInfo(arrayList, "direct-grant-validate-username", "Username Validation", "Validates the username supplied as a 'username' form parameter in direct grant request");
        addProviderInfo(arrayList, "docker-http-basic-authenticator", "Docker Authenticator", "Uses HTTP Basic authentication to validate docker users, returning a docker error token on auth failure");
        addProviderInfo(arrayList, "expected-param-authenticator", "TEST: Expected Parameter", "You will be approved if you send query string parameter 'foo' with expected value.");
        addProviderInfo(arrayList, "http-basic-authenticator", "HTTP Basic Authentication", "Validates username and password from Authorization HTTP header");
        addProviderInfo(arrayList, "identity-provider-redirector", "Identity Provider Redirector", "Redirects to default Identity Provider or Identity Provider specified with kc_idp_hint query parameter");
        addProviderInfo(arrayList, "idp-auto-link", "Automatically set existing user", "Automatically set existing user to authentication context without any verification");
        addProviderInfo(arrayList, "idp-confirm-link", "Confirm link existing account", "Show the form where user confirms if he wants to link identity provider with existing account or rather edit user profile data retrieved from identity provider to avoid conflict");
        addProviderInfo(arrayList, "idp-create-user-if-unique", "Create User If Unique", "Detect if there is existing Keycloak account with same email like identity provider. If no, create new user");
        addProviderInfo(arrayList, "idp-email-verification", "Verify existing account by Email", "Email verification of existing Keycloak user, that wants to link his user account with identity provider");
        addProviderInfo(arrayList, "idp-review-profile", "Review Profile", "User reviews and updates profile data retrieved from Identity Provider in the displayed form");
        addProviderInfo(arrayList, "idp-username-password-form", "Username Password Form for identity provider reauthentication", "Validates a password from login form. Username may be already known from identity provider authentication");
        addProviderInfo(arrayList, "no-cookie-redirect", "Browser Redirect/Refresh", "Perform a 302 redirect to get user agent's current URI on authenticate path with an auth_session_id query parameter.  This is for client's that do not support cookies.");
        addProviderInfo(arrayList, "push-button-authenticator", "TEST: Button Login", "Just press the button to login.");
        addProviderInfo(arrayList, "reset-credential-email", "Send Reset Email", "Send email to user and wait for response.");
        addProviderInfo(arrayList, "reset-credentials-choose-user", "Choose User", "Choose a user to reset credentials for");
        addProviderInfo(arrayList, "reset-otp", "Reset OTP", "Sets the Configure OTP required action.");
        addProviderInfo(arrayList, "reset-password", "Reset Password", "Sets the Update Password required action if execution is REQUIRED.  Will also set it if execution is OPTIONAL and the password is currently configured for it.");
        addProviderInfo(arrayList, "testsuite-dummy-click-through", "Testsuite Dummy Click Thru", "Testsuite Dummy authenticator.  User needs to click through the page to continue.");
        addProviderInfo(arrayList, "testsuite-dummy-passthrough", "Testsuite Dummy Pass Thru", "Testsuite Dummy authenticator.  Just passes through and is hardcoded to a specific user");
        addProviderInfo(arrayList, "testsuite-dummy-registration", "Testsuite Dummy Pass Thru", "Testsuite Dummy authenticator.  Just passes through and is hardcoded to a specific user");
        addProviderInfo(arrayList, "set-client-note-authenticator", "Set Client Note Authenticator", "Set client note of specified name with the specified value to the authenticationSession.");
        addProviderInfo(arrayList, "testsuite-username", "Testsuite Username Only", "Testsuite Username authenticator.  Username parameter sets username");
        addProviderInfo(arrayList, "webauthn-authenticator", "WebAuthn Authenticator", "Authenticator for WebAuthn. Usually used for WebAuthn two-factor authentication");
        addProviderInfo(arrayList, "webauthn-authenticator-passwordless", "WebAuthn Passwordless Authenticator", "Authenticator for Passwordless WebAuthn authentication");
        addProviderInfo(arrayList, "auth-username-form", "Username Form", "Selects a user from his username.");
        addProviderInfo(arrayList, "auth-password-form", "Password Form", "Validates a password from login form.");
        addProviderInfo(arrayList, "conditional-user-role", "Condition - user role", "Flow is executed only if user has the given role.");
        addProviderInfo(arrayList, "conditional-user-configured", "Condition - user configured", "Executes the current flow only if authenticators are configured");
        addProviderInfo(arrayList, "conditional-user-attribute", "Condition - user attribute", "Flow is executed only if the user attribute exists and has the expected value");
        addProviderInfo(arrayList, "set-attribute", "Set user attribute", "Set a user attribute");
        addProviderInfo(arrayList, "idp-detect-existing-broker-user", "Detect existing broker user", "Detect if there is an existing Keycloak account with same email like identity provider. If no, throw an error.");
        addProviderInfo(arrayList, "deny-access-authenticator", "Deny access", "Access will be always denied. Useful for example in the conditional flows to be used after satisfying the previous conditions");
        addProviderInfo(arrayList, "allow-access-authenticator", "Allow access", "Authenticator will always successfully authenticate. Useful for example in the conditional flows to be used after satisfying the previous conditions");
        return arrayList;
    }

    private List<Map<String, Object>> sortProviders(List<Map<String, Object>> list) {
        ArrayList arrayList = new ArrayList(list);
        Collections.sort(arrayList, new ProviderComparator());
        return arrayList;
    }

    private void compareProviders(List<Map<String, Object>> list, List<Map<String, Object>> list2) {
        Assert.assertEquals("Providers count", list.size(), list2.size());
        Assert.assertThat(normalizeResults(list2), Matchers.is(normalizeResults(list)));
    }

    private List<Map<String, Object>> normalizeResults(List<Map<String, Object>> list) {
        ArrayList arrayList = new ArrayList();
        Iterator<Map<String, Object>> it = list.iterator();
        while (it.hasNext()) {
            arrayList.add(new HashMap(it.next()));
        }
        return sortProviders(arrayList);
    }

    private void addProviderInfo(List<Map<String, Object>> list, String str, String str2, String str3) {
        HashMap hashMap = new HashMap();
        hashMap.put("id", str);
        hashMap.put("displayName", str2);
        hashMap.put("description", str3);
        list.add(hashMap);
    }
}
