package org.keycloak.testsuite.forms;

import java.io.IOException;
import java.net.MalformedURLException;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/LoginTotpTest.class */
public class LoginTotpTest extends AbstractTestRealmKeycloakTest {

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected LoginTotpPage loginTotpPage;
    private int lifespan;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserBuilder.edit(RealmRepUtil.findUser(realmRepresentation, AssertEvents.DEFAULT_USERNAME)).totpSecret("totpSecret").otpEnabled();
    }

    @Before
    public void before() throws MalformedURLException {
        this.totp = new TimeBasedOTP();
    }

    @Test
    public void loginWithTotpFailure() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.loginTotpPage.isCurrent());
        this.loginTotpPage.login("123456");
        this.loginTotpPage.assertCurrent();
        Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
        this.events.expectLogin().error("invalid_user_credentials").session((String) null).removeDetail("consent").assertEvent();
    }

    @Test
    public void loginWithMissingTotp() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.loginTotpPage.isCurrent());
        this.loginTotpPage.login((String) null);
        this.loginTotpPage.assertCurrent();
        Assert.assertEquals("Invalid authenticator code.", this.loginTotpPage.getInputError());
        this.events.expectLogin().error("invalid_user_credentials").session((String) null).removeDetail("consent").assertEvent();
    }

    @Test
    public void loginWithTotpSuccess() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.loginTotpPage.isCurrent());
        this.loginTotpPage.login(this.totp.generateTOTP("totpSecret"));
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().assertEvent();
    }

    @Test
    public void loginWithTotpRefreshTotpPage() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.loginTotpPage.isCurrent());
        this.driver.navigate().refresh();
        System.out.println(this.driver.getPageSource());
        this.loginTotpPage.login(this.totp.generateTOTP("totpSecret"));
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().assertEvent();
    }

    @Test
    public void loginWithTotpInvalidPassword() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "invalid");
        Assert.assertTrue(this.loginPage.isCurrent());
        Assert.assertEquals("Invalid username or password.", this.loginPage.getInputError());
        this.events.expectLogin().error("invalid_user_credentials").session((String) null).removeDetail("consent").assertEvent();
    }

    @Test
    public void loginWithTotp_testAttemptedUsernameAndResetLogin() throws Exception {
        this.loginPage.open();
        this.loginPage.assertAttemptedUsernameAvailability(false);
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(this.loginTotpPage.isCurrent());
        this.loginPage.assertAttemptedUsernameAvailability(true);
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.loginPage.getAttemptedUsername());
        this.loginTotpPage.clickResetLogin();
        this.loginPage.assertCurrent();
    }

    @Test
    public void loginWithTotp_getToken_checkCompatibilityCLI() throws IOException {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            WebTarget path = createResteasyClient.target(OAuthClient.AUTH_SERVER_ROOT).path("/realms").path("test").path("protocol/openid-connect/token");
            Form param = new Form().param("grant_type", "password").param("username", AssertEvents.DEFAULT_USERNAME).param("password", "password").param("client_id", "admin-cli");
            Response post = path.request().post(Entity.form(param.param("otp", this.totp.generateTOTP("totpSecret"))));
            Assert.assertEquals(200L, post.getStatus());
            post.close();
            Response post2 = path.request().post(Entity.form(param.param("totp", this.totp.generateTOTP("totpSecret"))));
            Assert.assertEquals(200L, post2.getStatus());
            post2.close();
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }
}
