package org.keycloak.testsuite.federation.kerberos;

import java.util.HashMap;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.kerberos.LDAPProviderKerberosConfig;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.util.KerberosRule;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/federation/kerberos/KerberosLdapTest.class */
public class KerberosLdapTest extends AbstractKerberosSingleRealmTest {
    private static final String PROVIDER_CONFIG_LOCATION = "classpath:kerberos/kerberos-ldap-connection.properties";

    @ClassRule
    public static KerberosRule kerberosRule = new KerberosRule(PROVIDER_CONFIG_LOCATION, "KEYCLOAK.ORG");

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest
    public KerberosRule getKerberosRule() {
        return kerberosRule;
    }

    @Override // org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest
    protected CommonKerberosConfig getKerberosConfig() {
        return new LDAPProviderKerberosConfig(getUserStorageConfiguration());
    }

    @Override // org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest
    protected ComponentRepresentation getUserStorageConfiguration() {
        return getUserStorageConfiguration("kerberos-ldap", "ldap");
    }

    @Test
    public void spnegoLoginTest() throws Exception {
        assertSuccessfulSpnegoLogin("hnelson", "hnelson", "secret");
        assertUser("hnelson", "hnelson@keycloak.org", "Horatio", "Nelson", false);
    }

    @Test
    public void testClientOverrideFlowUsingBrowserHttpChallenge() throws Exception {
        for (AuthenticationExecutionInfoRepresentation authenticationExecutionInfoRepresentation : testRealmResource().flows().getExecutions("http challenge")) {
            if ("basic-auth".equals(authenticationExecutionInfoRepresentation.getProviderId())) {
                authenticationExecutionInfoRepresentation.setRequirement("ALTERNATIVE");
                testRealmResource().flows().updateExecutions("http challenge", authenticationExecutionInfoRepresentation);
            }
            if ("auth-spnego".equals(authenticationExecutionInfoRepresentation.getProviderId())) {
                authenticationExecutionInfoRepresentation.setRequirement("ALTERNATIVE");
                testRealmResource().flows().updateExecutions("http challenge", authenticationExecutionInfoRepresentation);
            }
        }
        HashMap hashMap = new HashMap();
        hashMap.put("browser", ((AuthenticationFlowRepresentation) testRealmResource().flows().getFlows().stream().filter(authenticationFlowRepresentation -> {
            return authenticationFlowRepresentation.getAlias().equalsIgnoreCase("http challenge");
        }).findAny().get()).getId());
        ClientRepresentation clientRepresentation = (ClientRepresentation) testRealmResource().clients().findByClientId("kerberos-app-challenge").get(0);
        clientRepresentation.setAuthenticationFlowBindingOverrides(hashMap);
        testRealmResource().clients().get(clientRepresentation.getId()).update(clientRepresentation);
        assertSuccessfulSpnegoLogin(clientRepresentation.getClientId(), "hnelson", "hnelson", "secret");
    }

    @Test
    public void validatePasswordPolicyTest() throws Exception {
        updateProviderEditMode(UserStorageProvider.EditMode.WRITABLE);
        this.changePasswordPage.open();
        this.loginPage.login("jduke", "theduke");
        updateProviderValidatePasswordPolicy(true);
        this.changePasswordPage.changePassword("theduke", "jduke", "jduke");
        Assert.assertTrue(this.driver.getPageSource().contains("Invalid"));
        updateProviderValidatePasswordPolicy(false);
        this.changePasswordPage.changePassword("theduke", "jduke", "jduke");
        Assert.assertTrue(this.driver.getPageSource().contains("Your password has been updated."));
        this.changePasswordPage.open();
        this.changePasswordPage.changePassword("jduke", "theduke", "theduke");
    }

    @Test
    public void writableEditModeTest() throws Exception {
        updateProviderEditMode(UserStorageProvider.EditMode.WRITABLE);
        this.changePasswordPage.open();
        this.loginPage.assertCurrent();
        this.loginPage.login("jduke", "theduke");
        Assert.assertTrue(this.changePasswordPage.isCurrent());
        this.changePasswordPage.changePassword("theduke", "newPass", "newPass");
        Assert.assertTrue(this.driver.getPageSource().contains("Your password has been updated."));
        this.changePasswordPage.logout();
        this.loginPage.login("jduke", "theduke");
        Assert.assertTrue(this.loginPage.isCurrent());
        this.loginPage.login("jduke", "newPass");
        this.changePasswordPage.assertCurrent();
        this.changePasswordPage.logout();
        this.events.clear();
        Response spnegoLogin = spnegoLogin("jduke", "newPass");
        org.keycloak.testsuite.Assert.assertEquals(302L, spnegoLogin.getStatus());
        org.keycloak.testsuite.Assert.assertEquals(302L, spnegoLogin.getStatus());
        this.events.expectLogin().client("kerberos-app").user(((UserRepresentation) testRealmResource().users().search("jduke", 0, 1).get(0)).getId()).detail("username", "jduke").assertEvent();
        assertAuthenticationSuccess(spnegoLogin.getLocation().toString());
        this.changePasswordPage.open();
        this.loginPage.login("jduke", "newPass");
        this.changePasswordPage.assertCurrent();
        this.changePasswordPage.changePassword("newPass", "theduke", "theduke");
    }
}
