package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;

/* loaded from: input_file:org/keycloak/testsuite/broker/JsonUserAttributeMapperTest.class */
public class JsonUserAttributeMapperTest extends AbstractIdentityProviderMapperTest {
    public static final String USER_ATTRIBUTE = "user-attribute";

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerConfiguration();
    }

    @Test
    public void loginWithIdentityProviderMapsJsonAttributeToUserAttributeButDoesNotModify() {
        assertUserAttribute("value", createMapperThenModifyAttribute(IdentityProviderMapperSyncMode.IMPORT, "new-value"));
    }

    @Test
    public void loginWithIdentityProviderDeletesAttributeInForceMode() {
        assertAbsentUserAttribute(createMapperThenDeleteAttribute(IdentityProviderMapperSyncMode.FORCE));
    }

    @Test
    public void loginWithIdentityProviderDoesNotDeleteAttributeInLegacyMode() {
        assertUserAttribute("value", createMapperThenDeleteAttribute(IdentityProviderMapperSyncMode.LEGACY));
    }

    @Test
    public void loginWithIdentityProviderModifiesAttributeInForceMode() {
        assertUserAttribute("new-value", createMapperThenModifyAttribute(IdentityProviderMapperSyncMode.FORCE, "new-value"));
    }

    @Test
    public void loginWithIdentityProviderAddsUserAttributeInForceNameWhenMapperIsCreatedLater() {
        assertUserAttribute("value", loginAndThenCreateMapperThenLoginAgain(IdentityProviderMapperSyncMode.FORCE));
    }

    @Test
    public void loginWithIdentityProviderDoesNotAddUserAttributeInImportNameWhenMapperIsCreatedLater() {
        assertAbsentUserAttribute(loginAndThenCreateMapperThenLoginAgain(IdentityProviderMapperSyncMode.IMPORT));
    }

    private UserRepresentation loginAndThenCreateMapperThenLoginAgain(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, true, "test", "value");
    }

    private UserRepresentation createMapperThenDeleteAttribute(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, false, "deleted", "deleted");
    }

    private UserRepresentation createMapperThenModifyAttribute(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, String str) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, false, "test", str);
    }

    private UserRepresentation loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, boolean z, String str, String str2) {
        IdentityProviderRepresentation identityProviderRepresentation = setupIdentityProvider();
        if (!z) {
            createGithubProviderMapper(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        createUserInProviderRealm(new HashMap());
        logInAsUserInIDPForFirstTime();
        UserRepresentation findUser = findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
        if (z) {
            assertAbsentUserAttribute(findUser);
        } else {
            assertUserAttribute("value", findUser);
        }
        if (z) {
            createGithubProviderMapper(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        if (!z) {
            updateClaimSentToIDP(str, str2);
        }
        logInAsUserInIDP();
        return findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
    }

    private void updateClaimSentToIDP(String str, String str2) {
        ProtocolMapperRepresentation protocolMapperRepresentation = null;
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm(this.bc.providerRealmName()).clients().findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID).get(0);
        for (ProtocolMapperRepresentation protocolMapperRepresentation2 : this.adminClient.realm(this.bc.providerRealmName()).clients().get(clientRepresentation.getId()).getProtocolMappers().getMappers()) {
            if (protocolMapperRepresentation2.getProtocolMapper().equals("oidc-hardcoded-claim-mapper")) {
                protocolMapperRepresentation = protocolMapperRepresentation2;
            }
        }
        Assert.assertThat(protocolMapperRepresentation, Matchers.notNullValue());
        protocolMapperRepresentation.getConfig().put("claim.value", "{\"" + str + "\": \"" + str2 + "\"}");
        this.adminClient.realm(this.bc.providerRealmName()).clients().get(clientRepresentation.getId()).getProtocolMappers().update(protocolMapperRepresentation.getId(), protocolMapperRepresentation);
    }

    private void assertUserAttribute(String str, UserRepresentation userRepresentation) {
        Assert.assertThat(userRepresentation.getAttributes(), Matchers.notNullValue());
        Assert.assertThat(userRepresentation.getAttributes().get(USER_ATTRIBUTE), Matchers.containsInAnyOrder(new String[]{str}));
    }

    private void assertAbsentUserAttribute(UserRepresentation userRepresentation) {
        Assert.assertThat(userRepresentation.getAttributes(), Matchers.nullValue());
    }

    private void createGithubProviderMapper(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("json-attribute-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("github-user-attribute-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("jsonField", "user-claim.test").put("userAttribute", USER_ATTRIBUTE).build());
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get(identityProviderRepresentation.getAlias());
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
    }
}
