package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.io.IOException;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.testsuite.util.WaitUtils;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerTest.class */
public final class KcOidcBrokerTest extends AbstractAdvancedBrokerTest {
    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcOidcBrokerConfiguration.INSTANCE;
    }

    @Override // org.keycloak.testsuite.broker.AbstractAdvancedBrokerTest
    protected Iterable<IdentityProviderMapperRepresentation> createIdentityProviderMappers(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("manager-role-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("keycloak-oidc-role-to-role-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("external.role", AbstractBrokerTest.ROLE_MANAGER).put("role", AbstractBrokerTest.ROLE_MANAGER).build());
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation2 = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation2.setName("user-role-mapper");
        identityProviderMapperRepresentation2.setIdentityProviderMapper("keycloak-oidc-role-to-role-idp-mapper");
        identityProviderMapperRepresentation2.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("external.role", "user").put("role", "user").build());
        return Lists.newArrayList(new IdentityProviderMapperRepresentation[]{identityProviderMapperRepresentation, identityProviderMapperRepresentation2});
    }

    @Override // org.keycloak.testsuite.broker.AbstractAdvancedBrokerTest
    protected void createAdditionalMapperWithCustomSyncMode(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("friendly-manager-role-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("keycloak-oidc-role-to-role-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("external.role", AbstractBrokerTest.ROLE_FRIENDLY_MANAGER).put("role", AbstractBrokerTest.ROLE_FRIENDLY_MANAGER).build());
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        this.adminClient.realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias()).addMapper(identityProviderMapperRepresentation).close();
    }

    @Test
    public void mapperDoesNothingForLegacyMode() {
        createRolesForRealm(this.bc.providerRealmName());
        createRolesForRealm(this.bc.consumerRealmName());
        createRoleMappersForConsumerRealm(IdentityProviderMapperSyncMode.LEGACY);
        RoleRepresentation representation = this.adminClient.realm(this.bc.providerRealmName()).roles().get(AbstractBrokerTest.ROLE_MANAGER).toRepresentation();
        RoleRepresentation representation2 = this.adminClient.realm(this.bc.providerRealmName()).roles().get("user").toRepresentation();
        UserResource userResource = this.adminClient.realm(this.bc.providerRealmName()).users().get(this.userId);
        userResource.roles().realmLevel().add(Collections.singletonList(representation));
        logInAsUserInIDPForFirstTime();
        UserResource userResource2 = this.adminClient.realm(this.bc.consumerRealmName()).users().get(((UserRepresentation) this.adminClient.realm(this.bc.consumerRealmName()).users().search(this.bc.getUserLogin()).get(0)).getId());
        Set set = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Assert.assertThat(set, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER}));
        Assert.assertThat(set, Matchers.not(Matchers.hasItems(new String[]{"user"})));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        userResource.roles().realmLevel().add(Collections.singletonList(representation2));
        logInAsUserInIDP();
        Set set2 = (Set) userResource2.roles().realmLevel().listAll().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet());
        Assert.assertThat(set2, Matchers.hasItems(new String[]{AbstractBrokerTest.ROLE_MANAGER}));
        Assert.assertThat(set2, Matchers.not(Matchers.hasItems(new String[]{"user"})));
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
    }

    @Test
    public void loginFetchingUserFromUserEndpoint() {
        ClientsResource clients = realmsResouce().realm(this.bc.providerRealmName()).clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID).get(0);
        try {
            IdentityProviderResource identityProviderResource = realmsResouce().realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias());
            IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
            representation.getConfig().put("jwksUrl", BrokerTestTools.getProviderRoot() + "/auth/realms/provider/protocol/openid-connect/certs");
            identityProviderResource.update(representation);
            clientRepresentation.getAttributes().put("user.info.response.signature.alg", "RS256");
            clientRepresentation.getAttributes().put("validateSignature", Boolean.TRUE.toString());
            clients.get(clientRepresentation.getId()).update(clientRepresentation);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            logInWithBroker(this.bc);
            BrokerTestTools.waitForPage(this.driver, "update account information", false);
            this.updateAccountInformationPage.assertCurrent();
            org.keycloak.testsuite.Assert.assertTrue("We must be on correct realm right now", this.driver.getCurrentUrl().contains("/auth/realms/" + this.bc.consumerRealmName() + "/"));
            this.log.debug("Updating info on updateAccount page");
            this.updateAccountInformationPage.updateAccountInformation(this.bc.getUserLogin(), this.bc.getUserEmail(), "Firstname", "Lastname");
            UsersResource users = this.adminClient.realm(this.bc.consumerRealmName()).users();
            int intValue = users.count().intValue();
            org.keycloak.testsuite.Assert.assertTrue("There must be at least one user", intValue > 0);
            boolean z = false;
            Iterator it = users.search("", 0, Integer.valueOf(intValue)).iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                UserRepresentation userRepresentation = (UserRepresentation) it.next();
                if (userRepresentation.getUsername().equals(this.bc.getUserLogin()) && userRepresentation.getEmail().equals(this.bc.getUserEmail())) {
                    z = true;
                    break;
                }
            }
            org.keycloak.testsuite.Assert.assertTrue("There must be user " + this.bc.getUserLogin() + " in realm " + this.bc.consumerRealmName(), z);
            clientRepresentation.getAttributes().put("user.info.response.signature.alg", null);
            clientRepresentation.getAttributes().put("validateSignature", Boolean.FALSE.toString());
            clients.get(clientRepresentation.getId()).update(clientRepresentation);
        } catch (Throwable th) {
            clientRepresentation.getAttributes().put("user.info.response.signature.alg", null);
            clientRepresentation.getAttributes().put("validateSignature", Boolean.FALSE.toString());
            clients.get(clientRepresentation.getId()).update(clientRepresentation);
            throw th;
        }
    }

    @Test
    public void loginFetchingUserFromUserEndpointWithClaimMapper() {
        ClientsResource clients = realmsResouce().realm(this.bc.providerRealmName()).clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID).get(0);
        IdentityProviderResource identityProviderResource = getIdentityProviderResource();
        clients.get(clientRepresentation.getId()).getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("hard-coded", "hard-coded", "hard-coded", "String", true, true)).close();
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("hard-coded");
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-user-attribute-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", IdentityProviderMapperSyncMode.INHERIT.toString()).put("user.attribute", "hard-coded").put("claim", "hard-coded").build());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
        loginFetchingUserFromUserEndpoint();
        UserRepresentation federatedIdentity = getFederatedIdentity();
        org.keycloak.testsuite.Assert.assertEquals(1L, federatedIdentity.getAttributes().size());
        org.keycloak.testsuite.Assert.assertEquals("hard-coded", ((List) federatedIdentity.getAttributes().get("hard-coded")).get(0));
    }

    @Test
    public void testReauthenticationSamlBrokerWithOTPRequired() throws Exception {
        KcSamlBrokerConfiguration kcSamlBrokerConfiguration = KcSamlBrokerConfiguration.INSTANCE;
        ClientRepresentation clientRepresentation = kcSamlBrokerConfiguration.createProviderClients().get(0);
        IdentityProviderRepresentation upIdentityProvider = kcSamlBrokerConfiguration.setUpIdentityProvider();
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        try {
            updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
            this.adminClient.realm(this.bc.providerRealmName()).clients().create(clientRepresentation);
            realm.identityProviders().create(upIdentityProvider);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(kcSamlBrokerConfiguration.getIDPAlias()));
            logInWithBroker(kcSamlBrokerConfiguration);
            this.totpPage.assertCurrent();
            String totpSecret = this.totpPage.getTotpSecret();
            this.totpPage.configure(this.totp.generateTOTP(totpSecret));
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            logInWithBroker(this.bc);
            BrokerTestTools.waitForPage(this.driver, "account already exists", false);
            this.idpConfirmLinkPage.assertCurrent();
            this.idpConfirmLinkPage.clickLinkAccount();
            this.loginPage.clickSocial(kcSamlBrokerConfiguration.getIDPAlias());
            BrokerTestTools.waitForPage(this.driver, "sign in to", true);
            this.log.debug("Logging in");
            this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
            assertNumFederatedIdentities(((UserRepresentation) realm.users().search(kcSamlBrokerConfiguration.getUserLogin()).get(0)).getId(), 2);
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
        } catch (Throwable th) {
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
            throw th;
        }
    }

    @Test
    public void testReauthenticationOIDCBrokerWithOTPRequired() throws Exception {
        KcSamlBrokerConfiguration kcSamlBrokerConfiguration = KcSamlBrokerConfiguration.INSTANCE;
        ClientRepresentation clientRepresentation = kcSamlBrokerConfiguration.createProviderClients().get(0);
        IdentityProviderRepresentation upIdentityProvider = kcSamlBrokerConfiguration.setUpIdentityProvider();
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        try {
            updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
            this.adminClient.realm(this.bc.providerRealmName()).clients().create(clientRepresentation);
            realm.identityProviders().create(upIdentityProvider);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            logInWithBroker(kcSamlBrokerConfiguration);
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(this.bc.getIDPAlias()));
            logInWithBroker(this.bc);
            BrokerTestTools.waitForPage(this.driver, "account already exists", false);
            this.idpConfirmLinkPage.assertCurrent();
            this.idpConfirmLinkPage.clickLinkAccount();
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            this.driver.navigate().back();
            logInWithBroker(kcSamlBrokerConfiguration);
            this.totpPage.assertCurrent();
            this.totpPage.configure(this.totp.generateTOTP(this.totpPage.getTotpSecret()));
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            assertNumFederatedIdentities(((UserRepresentation) realm.users().search(kcSamlBrokerConfiguration.getUserLogin()).get(0)).getId(), 2);
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
        } catch (Throwable th) {
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
            throw th;
        }
    }

    @Test
    public void testReauthenticationBothBrokersWithOTPRequired() throws Exception {
        KcSamlBrokerConfiguration kcSamlBrokerConfiguration = KcSamlBrokerConfiguration.INSTANCE;
        ClientRepresentation clientRepresentation = kcSamlBrokerConfiguration.createProviderClients().get(0);
        IdentityProviderRepresentation upIdentityProvider = kcSamlBrokerConfiguration.setUpIdentityProvider();
        RealmResource realm = this.adminClient.realm(this.bc.consumerRealmName());
        try {
            updateExecutions(AbstractBrokerTest::disableUpdateProfileOnFirstLogin);
            this.adminClient.realm(this.bc.providerRealmName()).clients().create(clientRepresentation);
            realm.identityProviders().create(upIdentityProvider);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(kcSamlBrokerConfiguration.getIDPAlias()));
            logInWithBroker(kcSamlBrokerConfiguration);
            this.totpPage.assertCurrent();
            String totpSecret = this.totpPage.getTotpSecret();
            this.totpPage.configure(this.totp.generateTOTP(totpSecret));
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            this.testingClient.server(this.bc.consumerRealmName()).run(BrokerRunOnServerUtil.configurePostBrokerLoginWithOTP(this.bc.getIDPAlias()));
            logInWithBroker(this.bc);
            BrokerTestTools.waitForPage(this.driver, "account already exists", false);
            this.idpConfirmLinkPage.assertCurrent();
            this.idpConfirmLinkPage.clickLinkAccount();
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            this.driver.navigate().back();
            logInWithBroker(kcSamlBrokerConfiguration);
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            logInWithBroker(this.bc);
            this.loginTotpPage.assertCurrent();
            this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
            waitForAccountManagementTitle();
            this.accountUpdateProfilePage.assertCurrent();
            assertNumFederatedIdentities(((UserRepresentation) realm.users().search(kcSamlBrokerConfiguration.getUserLogin()).get(0)).getId(), 2);
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
        } catch (Throwable th) {
            updateExecutions(AbstractBrokerTest::setUpMissingUpdateProfileOnFirstLogin);
            ApiUtil.removeUserByUsername(realm, "consumer");
            throw th;
        }
    }

    @Test
    public void testInvalidIssuedFor() {
        loginUser();
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        this.log.debug("Clicking social " + this.bc.getIDPAlias());
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        RealmResource realm = this.adminClient.realm(this.bc.providerRealmName());
        realm.clients().get(((ClientRepresentation) realm.clients().findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID).get(0)).getId()).getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("hard", "azp", "invalid-azp", "String", true, true));
        this.log.debug("Logging in");
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        this.errorPage.assertCurrent();
    }

    @Test
    public void testInvalidAudience() {
        loginUser();
        logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        this.log.debug("Clicking social " + this.bc.getIDPAlias());
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        RealmResource realm = this.adminClient.realm(this.bc.providerRealmName());
        realm.clients().get(((ClientRepresentation) realm.clients().findByClientId(BackchannelLogoutTest.BROKER_CLIENT_ID).get(0)).getId()).getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("hard", "aud", "invalid-aud", "List", true, true));
        this.log.debug("Logging in");
        this.loginPage.login(this.bc.getUserLogin(), this.bc.getUserPassword());
        this.errorPage.assertCurrent();
    }

    @Test
    public void testIdPNotFound() {
        String str = (String) Optional.ofNullable(realmsResouce().realm(this.bc.providerRealmName()).toRepresentation().getRealm()).orElse(null);
        Assert.assertThat(str, Matchers.notNullValue());
        String str2 = OAuthClient.AUTH_SERVER_ROOT + "/realms/" + str + "/broker/not-exists/endpoint";
        this.driver.navigate().to(str2);
        this.errorPage.assertCurrent();
        Assert.assertThat(this.errorPage.getError(), Matchers.is("Page not found"));
        try {
            CloseableHttpClient build = HttpClientBuilder.create().build();
            Throwable th = null;
            try {
                SimpleHttp.Response asResponse = SimpleHttp.doGet(str2, build).asResponse();
                Assert.assertThat(asResponse, Matchers.notNullValue());
                Assert.assertThat(Integer.valueOf(asResponse.getStatus()), Matchers.is(Integer.valueOf(Response.Status.NOT_FOUND.getStatusCode())));
                OAuth2ErrorRepresentation oAuth2ErrorRepresentation = (OAuth2ErrorRepresentation) asResponse.asJson(OAuth2ErrorRepresentation.class);
                Assert.assertThat(oAuth2ErrorRepresentation, Matchers.notNullValue());
                Assert.assertThat(oAuth2ErrorRepresentation.getError(), Matchers.is("Identity Provider [not-exists] not found."));
                if (build != null) {
                    if (0 != 0) {
                        try {
                            build.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        build.close();
                    }
                }
            } finally {
            }
        } catch (IOException e) {
            org.keycloak.testsuite.Assert.fail("Cannot create HTTP client. Details: " + e.getMessage());
        }
    }

    @Test
    public void testIdPForceSyncUserAttributes() {
        checkUpdatedUserAttributesIdP(true);
    }

    @Test
    public void testIdPNotForceSyncUserAttributes() {
        checkUpdatedUserAttributesIdP(false);
    }

    private void checkUpdatedUserAttributesIdP(boolean z) {
        String iDPAlias = getBrokerConfiguration().getIDPAlias();
        UsersResource usersResource = (UsersResource) Optional.ofNullable(realmsResouce().realm(this.bc.providerRealmName()).users()).orElse(null);
        Assert.assertThat("Cannot get User Resource from Provider realm", usersResource, Matchers.notNullValue());
        String createUser = createUser(this.bc.providerRealmName(), "demoUser", "demoUser", "John", "Doe", "mail@example.com");
        Assert.assertThat("Cannot create user : demoUser", createUser, Matchers.notNullValue());
        try {
            Assert.assertThat("Cannot get user from provider", (UserRepresentation) Optional.ofNullable(usersResource.get(createUser).toRepresentation()).orElse(null), Matchers.notNullValue());
            IdentityProviderResource identityProviderResource = (IdentityProviderResource) Optional.ofNullable(getIdentityProviderResource()).orElse(null);
            Assert.assertThat("Cannot get Identity Provider resource", identityProviderResource, Matchers.notNullValue());
            IdentityProviderRepresentation identityProviderRepresentation = (IdentityProviderRepresentation) Optional.ofNullable(identityProviderResource.toRepresentation()).orElse(null);
            Assert.assertThat("Cannot get Identity Provider", identityProviderRepresentation, Matchers.notNullValue());
            updateIdPSyncMode(identityProviderRepresentation, identityProviderResource, z ? IdentityProviderSyncMode.FORCE : IdentityProviderSyncMode.IMPORT);
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            WaitUtils.waitForPageToLoad();
            Assert.assertThat(this.driver.getTitle(), Matchers.containsString("Sign in to " + this.bc.consumerRealmName()));
            logInWithIdp(iDPAlias, "demoUser", "demoUser");
            this.accountUpdateProfilePage.assertCurrent();
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName()));
            WaitUtils.waitForPageToLoad();
            Assert.assertThat(this.driver.getTitle(), Matchers.containsString("Sign in to " + this.bc.providerRealmName()));
            this.loginPage.login("demoUser", "demoUser");
            WaitUtils.waitForPageToLoad();
            this.accountUpdateProfilePage.assertCurrent();
            this.accountUpdateProfilePage.updateProfile("Jack", "Doee", "mail123@example.com");
            logoutFromRealm(BrokerTestTools.getProviderRoot(), this.bc.providerRealmName());
            this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
            WaitUtils.waitForPageToLoad();
            Assert.assertThat(this.driver.getTitle(), Matchers.containsString("Sign in to " + this.bc.consumerRealmName()));
            logInWithIdp(iDPAlias, "demoUser", "demoUser");
            this.accountUpdateProfilePage.assertCurrent();
            Assert.assertThat(this.accountUpdateProfilePage.getEmail(), Matchers.equalTo(z ? "mail123@example.com" : "mail@example.com"));
            Assert.assertThat(this.accountUpdateProfilePage.getFirstName(), Matchers.equalTo(z ? "Jack" : "John"));
            Assert.assertThat(this.accountUpdateProfilePage.getLastName(), Matchers.equalTo(z ? "Doee" : "Doe"));
            usersResource.delete(createUser);
            Assert.assertThat("User wasn't deleted", Integer.valueOf(usersResource.search("demoUser").size()), Matchers.is(0));
        } catch (Throwable th) {
            usersResource.delete(createUser);
            Assert.assertThat("User wasn't deleted", Integer.valueOf(usersResource.search("demoUser").size()), Matchers.is(0));
            throw th;
        }
    }

    private void updateIdPSyncMode(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderResource identityProviderResource, IdentityProviderSyncMode identityProviderSyncMode) {
        Assert.assertThat(identityProviderRepresentation, Matchers.notNullValue());
        Assert.assertThat(identityProviderResource, Matchers.notNullValue());
        Assert.assertThat(identityProviderSyncMode, Matchers.notNullValue());
        if (((String) identityProviderRepresentation.getConfig().get("syncMode")).equals(identityProviderSyncMode.name())) {
            return;
        }
        identityProviderRepresentation.getConfig().put("syncMode", identityProviderSyncMode.name());
        identityProviderResource.update(identityProviderRepresentation);
        IdentityProviderRepresentation identityProviderRepresentation2 = (IdentityProviderRepresentation) Optional.ofNullable(identityProviderResource.toRepresentation()).orElse(null);
        Assert.assertThat("Cannot get Identity Provider", identityProviderRepresentation2, Matchers.notNullValue());
        Assert.assertThat("Sync mode didn't change", identityProviderRepresentation2.getConfig().get("syncMode"), Matchers.equalTo(identityProviderSyncMode.name()));
    }

    private UserRepresentation getFederatedIdentity() {
        List search = realmsResouce().realm(this.bc.consumerRealmName()).users().search(this.bc.getUserLogin());
        org.keycloak.testsuite.Assert.assertEquals(1L, search.size());
        return (UserRepresentation) search.get(0);
    }

    private IdentityProviderResource getIdentityProviderResource() {
        return realmsResouce().realm(this.bc.consumerRealmName()).identityProviders().get(this.bc.getIDPAlias());
    }
}
