package org.keycloak.testsuite.federation.storage;

import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Collections;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.StorageId;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.pages.AccountTotpPage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginConfigTotpPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.util.URLAssert;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest.class */
public class BackwardsCompatibilityUserStorageTest extends AbstractAuthTest {
    private String backwardsCompProviderId;

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected LoginTotpPage loginTotpPage;

    @Page
    protected AccountTotpPage accountTotpSetupPage;

    @Page
    protected LoginConfigTotpPage configureTotpRequiredActionPage;
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Before
    public void addProvidersBeforeTest() throws URISyntaxException, IOException {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("backwards-compatibility");
        componentRepresentation.setProviderId("backwards-compatibility-storage");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", Integer.toString(0));
        this.backwardsCompProviderId = addComponent(componentRepresentation);
    }

    protected String addComponent(ComponentRepresentation componentRepresentation) {
        String createdId = ApiUtil.getCreatedId(testRealmResource().components().add(componentRepresentation));
        getCleanup().addComponentId(createdId);
        return createdId;
    }

    private void loginSuccessAndLogout(String str, String str2) {
        this.testRealmAccountPage.navigateTo();
        this.loginPage.login(str, str2);
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.testRealmAccountPage.logOut();
    }

    public void loginBadPassword(String str) {
        this.testRealmAccountPage.navigateTo();
        this.testRealmLoginPage.form().login(str, "badpassword");
        URLAssert.assertCurrentUrlDoesntStartWith((AbstractPage) this.testRealmAccountPage);
    }

    @Test
    public void testLoginSuccess() {
        addUserAndResetPassword("tbrady", "goat");
        addUserAndResetPassword("tbrady2", "goat2");
        loginSuccessAndLogout("tbrady", "goat");
        loginSuccessAndLogout("tbrady2", "goat2");
        loginBadPassword("tbrady");
    }

    private String addUserAndResetPassword(String str, String str2) {
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setEnabled(true);
        userRepresentation.setUsername(str);
        String createdId = ApiUtil.getCreatedId(testRealmResource().users().create(userRepresentation));
        Assert.assertEquals(this.backwardsCompProviderId, new StorageId(createdId).getProviderId());
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("password");
        credentialRepresentation.setValue(str2);
        credentialRepresentation.setTemporary(false);
        testRealmResource().users().get(createdId).resetPassword(credentialRepresentation);
        return createdId;
    }

    @Test
    public void testOTPUpdateAndLogin() {
        String addUserAndResetPassword = addUserAndResetPassword("otp1", "pass");
        getCleanup().addUserId(addUserAndResetPassword);
        String str = setupOTPForUserWithRequiredAction(addUserAndResetPassword);
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(true);
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(true);
        this.loginPage.login("otp1", "pass");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("123456");
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.testRealmAccountPage.logOut();
        this.loginPage.login("otp1", "pass");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("7123456");
        URLAssert.assertCurrentUrlDoesntStartWith((AbstractPage) this.testRealmAccountPage);
        Assert.assertNotNull(this.loginTotpPage.getInputError());
        this.loginTotpPage.login(this.totp.generateTOTP(str));
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.testRealmAccountPage.logOut();
    }

    @Test
    public void testOTPSetupThroughAccountMgmtAndLogin() {
        getCleanup().addUserId(addUserAndResetPassword("otp1", "pass"));
        this.accountTotpSetupPage.open();
        this.loginPage.login("otp1", "pass");
        String totpSecret = this.accountTotpSetupPage.getTotpSecret();
        this.accountTotpSetupPage.configure(this.totp.generateTOTP(totpSecret));
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(true);
        this.accountTotpSetupPage.logout();
        this.loginPage.login("otp1", "pass");
        this.loginTotpPage.login("123456");
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.accountTotpSetupPage.logout();
        this.loginPage.login("otp1", "pass");
        this.loginTotpPage.login(this.totp.generateTOTP(totpSecret));
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.accountTotpSetupPage.removeTotp();
        this.accountTotpSetupPage.logout();
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(false);
        loginSuccessAndLogout("otp1", "pass");
    }

    @Test
    public void testDisableCredentialsInUserStorage() {
        String addUserAndResetPassword = addUserAndResetPassword("otp1", "pass");
        getCleanup().addUserId(addUserAndResetPassword);
        setupOTPForUserWithRequiredAction(addUserAndResetPassword);
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(true);
        UserResource userResource = testRealmResource().users().get(addUserAndResetPassword);
        Assert.assertNames(userResource.toRepresentation().getDisableableCredentialTypes(), "otp");
        userResource.disableCredentialType(Collections.singletonList("otp"));
        assertUserDontHaveDBCredentials();
        assertUserHasOTPCredentialInUserStorage(false);
        loginSuccessAndLogout("otp1", "pass");
    }

    @Test
    public void testSearchUserStorage() {
        getCleanup().addUserId(addUserAndResetPassword("searching", "pass"));
        Assert.assertNames(testRealmResource().users().search("searching", 0, 20, true), "searching");
    }

    private String setupOTPForUserWithRequiredAction(String str) {
        UserResource userResource = testRealmResource().users().get(str);
        UserRepresentation representation = userResource.toRepresentation();
        representation.setRequiredActions(Arrays.asList(UserModel.RequiredAction.CONFIGURE_TOTP.toString()));
        userResource.update(representation);
        this.testRealmAccountPage.navigateTo();
        this.loginPage.login("otp1", "pass");
        this.configureTotpRequiredActionPage.assertCurrent();
        String totpSecret = this.configureTotpRequiredActionPage.getTotpSecret();
        this.configureTotpRequiredActionPage.configure(this.totp.generateTOTP(totpSecret));
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.testRealmAccountPage);
        this.testRealmAccountPage.logOut();
        return totpSecret;
    }

    private void assertUserDontHaveDBCredentials() {
        this.testingClient.server().run(keycloakSession -> {
            RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
            Assert.assertEquals(0L, keycloakSession.userCredentialManager().getStoredCredentialsStream(realmByName, keycloakSession.users().getUserByUsername(realmByName, "otp1")).count());
        });
    }

    private void assertUserHasOTPCredentialInUserStorage(boolean z) {
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(((Boolean) this.testingClient.server().fetch(keycloakSession -> {
            return Boolean.valueOf(keycloakSession.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, "backwards-compatibility-storage").hasUserOTP("otp1"));
        }, Boolean.class)).booleanValue()));
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1359288953:
                if (implMethodName.equals("lambda$assertUserHasOTPCredentialInUserStorage$921612f2$1")) {
                    z = true;
                    break;
                }
                break;
            case 1387764252:
                if (implMethodName.equals("lambda$assertUserDontHaveDBCredentials$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
                        Assert.assertEquals(0L, keycloakSession.userCredentialManager().getStoredCredentialsStream(realmByName, keycloakSession.users().getUserByUsername(realmByName, "otp1")).count());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/FetchOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/federation/storage/BackwardsCompatibilityUserStorageTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)Ljava/lang/Object;")) {
                    return keycloakSession2 -> {
                        return Boolean.valueOf(keycloakSession2.getKeycloakSessionFactory().getProviderFactory(UserStorageProvider.class, "backwards-compatibility-storage").hasUserOTP("otp1"));
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
