package org.keycloak.testsuite.federation.kerberos;

import java.net.URI;
import java.security.Principal;
import java.util.Hashtable;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.function.Consumer;
import javax.naming.NamingException;
import javax.naming.directory.Attributes;
import javax.naming.directory.InitialDirContext;
import javax.ws.rs.core.Response;
import org.apache.http.NameValuePair;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.DefaultHttpClient;
import org.ietf.jgss.GSSCredential;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
import org.junit.After;
import org.junit.Before;
import org.junit.Rule;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.ModelToRepresentation;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.UserStorageProviderModel;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.KerberosRule;
import org.keycloak.testsuite.util.OAuthClient;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/federation/kerberos/AbstractKerberosTest.class */
public abstract class AbstractKerberosTest extends AbstractAuthTest {
    protected KeycloakSPNegoSchemeFactory spnegoSchemeFactory;
    protected ResteasyClient client;

    @Page
    protected LoginPage loginPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AccountPasswordPage changePasswordPage;

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract KerberosRule getKerberosRule();

    protected abstract CommonKerberosConfig getKerberosConfig();

    protected abstract ComponentRepresentation getUserStorageConfiguration();

    /* JADX INFO: Access modifiers changed from: protected */
    public ComponentRepresentation getUserStorageConfiguration(String str, String str2) {
        MultivaluedHashMap<String, String> componentConfig = toComponentConfig(getKerberosRule().getConfig());
        UserStorageProviderModel userStorageProviderModel = new UserStorageProviderModel();
        userStorageProviderModel.setLastSync(0);
        userStorageProviderModel.setChangedSyncPeriod(-1);
        userStorageProviderModel.setFullSyncPeriod(-1);
        userStorageProviderModel.setName(str);
        userStorageProviderModel.setPriority(0);
        userStorageProviderModel.setProviderId(str2);
        userStorageProviderModel.setConfig(componentConfig);
        return ModelToRepresentation.toRepresentationWithoutConfig(userStorageProviderModel);
    }

    @Override // org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/kerberos/kerberosrealm.json"), RealmRepresentation.class));
    }

    @Override // org.keycloak.testsuite.AbstractAuthTest
    public RealmResource testRealmResource() {
        return this.adminClient.realm("test");
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    @Before
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
        this.testRealmPage.setAuthRealm("test");
        this.changePasswordPage.realm("test");
        getKerberosRule().setKrb5ConfPath(this.testingClient.testing());
        this.spnegoSchemeFactory = new KeycloakSPNegoSchemeFactory(getKerberosConfig());
        initHttpClient(true);
        removeAllUsers();
        this.oauth.clientId("kerberos-app");
        Response add = testRealmResource().components().add(getUserStorageConfiguration());
        getCleanup().addComponentId(ApiUtil.getCreatedId(add));
        add.close();
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    @After
    public void afterAbstractKeycloakTest() throws Exception {
        cleanupApacheHttpClient();
        super.afterAbstractKeycloakTest();
    }

    private void cleanupApacheHttpClient() {
        this.client.close();
        this.client = null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken assertSuccessfulSpnegoLogin(String str, String str2, String str3) throws Exception {
        return assertSuccessfulSpnegoLogin("kerberos-app", str, str2, str3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken assertSuccessfulSpnegoLogin(String str, String str2, String str3, String str4) throws Exception {
        this.oauth.clientId(str);
        Response spnegoLogin = spnegoLogin(str2, str4);
        Assert.assertEquals(302L, spnegoLogin.getStatus());
        String id = ((UserRepresentation) testRealmResource().users().search(str3, 0, 1).get(0)).getId();
        this.events.expectLogin().client(str).user(id).detail("username", str3).assertEvent();
        AccessToken verifyToken = this.oauth.verifyToken(assertAuthenticationSuccess(spnegoLogin.getLocation().toString()).getAccessToken());
        Assert.assertEquals(id, verifyToken.getSubject());
        Assert.assertEquals(str3, verifyToken.getPreferredUsername());
        return verifyToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String invokeLdap(GSSCredential gSSCredential, String str) throws NamingException {
        Hashtable hashtable = new Hashtable(11);
        hashtable.put("java.naming.factory.initial", "com.sun.jndi.ldap.LdapCtxFactory");
        hashtable.put("java.naming.provider.url", "ldap://localhost:10389");
        if (gSSCredential != null) {
            hashtable.put("java.naming.security.authentication", "GSSAPI");
            hashtable.put("javax.security.sasl.credentials", gSSCredential);
        }
        InitialDirContext initialDirContext = new InitialDirContext(hashtable);
        try {
            Attributes attributes = initialDirContext.getAttributes("uid=" + str + ",ou=People,dc=keycloak,dc=org");
            String str2 = ((String) attributes.get("cn").get()) + " " + ((String) attributes.get("sn").get());
            initialDirContext.close();
            return str2;
        } catch (Throwable th) {
            initialDirContext.close();
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response spnegoLogin(String str, String str2) {
        String loginFormUrl = this.oauth.getLoginFormUrl();
        this.spnegoSchemeFactory.setCredentials(str, str2);
        Response response = this.client.target(loginFormUrl).request().get();
        if (response.getStatus() == 302) {
            if (response.getLocation() == null) {
                return response;
            }
            String uri = response.getLocation().toString();
            if (uri.contains("login-actions/required-action") || uri.contains("auth_session_id")) {
                response = this.client.target(uri).request().get();
            }
        }
        return response;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void initHttpClient(boolean z) {
        if (this.client != null) {
            cleanupApacheHttpClient();
        }
        DefaultHttpClient defaultHttpClient = (DefaultHttpClient) new HttpClientBuilder().disableCookieCache(false).build();
        defaultHttpClient.getAuthSchemes().register("Negotiate", this.spnegoSchemeFactory);
        if (z) {
            defaultHttpClient.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), new Credentials() { // from class: org.keycloak.testsuite.federation.kerberos.AbstractKerberosTest.1
                @Override // org.apache.http.auth.Credentials
                public String getPassword() {
                    return null;
                }

                @Override // org.apache.http.auth.Credentials
                public Principal getUserPrincipal() {
                    return null;
                }
            });
        }
        this.client = new ResteasyClientBuilder().httpEngine(new ApacheHttpClient4Engine(defaultHttpClient)).build();
    }

    protected void removeAllUsers() {
        RealmResource testRealmResource = testRealmResource();
        for (UserRepresentation userRepresentation : testRealmResource.users().search("", 0, -1)) {
            if (!userRepresentation.getUsername().equals(AssertEvents.DEFAULT_USERNAME)) {
                testRealmResource.users().get(userRepresentation.getId()).remove();
            }
        }
        Assert.assertEquals(1L, testRealmResource.users().search("", 0, -1).size());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertUser(String str, String str2, String str3, String str4, boolean z) {
        UserRepresentation findUserByUsername = ApiUtil.findUserByUsername(testRealmResource(), str);
        Assert.assertNotNull(findUserByUsername);
        Assert.assertEquals(str2, findUserByUsername.getEmail());
        Assert.assertEquals(str3, findUserByUsername.getFirstName());
        Assert.assertEquals(str4, findUserByUsername.getLastName());
        if (z) {
            Assert.assertEquals(UserModel.RequiredAction.UPDATE_PROFILE.toString(), findUserByUsername.getRequiredActions().iterator().next());
        } else {
            Assert.assertTrue(findUserByUsername.getRequiredActions().isEmpty());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthClient.AccessTokenResponse assertAuthenticationSuccess(String str) throws Exception {
        String str2 = null;
        String str3 = null;
        for (NameValuePair nameValuePair : URLEncodedUtils.parse(new URI(str), "UTF-8")) {
            if (nameValuePair.getName().equals("code")) {
                str2 = nameValuePair.getValue();
            } else if (nameValuePair.getName().equals("state")) {
                str3 = nameValuePair.getValue();
            }
        }
        Assert.assertNotNull(str2);
        Assert.assertNotNull(str3);
        OAuthClient.AccessTokenResponse doAccessTokenRequest = this.oauth.doAccessTokenRequest(str2, "password");
        Assert.assertNotNull(doAccessTokenRequest.getAccessToken());
        this.events.clear();
        return doAccessTokenRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateProviderEditMode(UserStorageProvider.EditMode editMode) {
        updateUserStorageProvider(componentRepresentation -> {
            componentRepresentation.getConfig().putSingle("editMode", editMode.toString());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateProviderValidatePasswordPolicy(Boolean bool) {
        updateUserStorageProvider(componentRepresentation -> {
            componentRepresentation.getConfig().putSingle("validatePasswordPolicy", bool.toString());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateUserStorageProvider(Consumer<ComponentRepresentation> consumer) {
        List query = testRealmResource().components().query("test", UserStorageProvider.class.getName());
        Assert.assertEquals(1L, query.size());
        ComponentRepresentation componentRepresentation = (ComponentRepresentation) query.get(0);
        consumer.accept(componentRepresentation);
        testRealmResource().components().component(componentRepresentation.getId()).update(componentRepresentation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationExecutionModel.Requirement updateKerberosAuthExecutionRequirement(AuthenticationExecutionModel.Requirement requirement) {
        return updateKerberosAuthExecutionRequirement(requirement, testRealmResource());
    }

    public static AuthenticationExecutionModel.Requirement updateKerberosAuthExecutionRequirement(AuthenticationExecutionModel.Requirement requirement, RealmResource realmResource) {
        Optional findFirst = realmResource.flows().getExecutions("browser").stream().filter(authenticationExecutionInfoRepresentation -> {
            return authenticationExecutionInfoRepresentation.getProviderId().equals("auth-spnego");
        }).findFirst();
        Assert.assertTrue(findFirst.isPresent());
        AuthenticationExecutionInfoRepresentation authenticationExecutionInfoRepresentation2 = (AuthenticationExecutionInfoRepresentation) findFirst.get();
        AuthenticationExecutionModel.Requirement valueOf = AuthenticationExecutionModel.Requirement.valueOf(authenticationExecutionInfoRepresentation2.getRequirement());
        authenticationExecutionInfoRepresentation2.setRequirement(requirement.name());
        realmResource.flows().updateExecutions("browser", authenticationExecutionInfoRepresentation2);
        return valueOf;
    }

    private static MultivaluedHashMap<String, String> toComponentConfig(Map<String, String> map) {
        MultivaluedHashMap<String, String> multivaluedHashMap = new MultivaluedHashMap<>();
        for (Map.Entry<String, String> entry : map.entrySet()) {
            multivaluedHashMap.add(entry.getKey(), entry.getValue());
        }
        return multivaluedHashMap;
    }
}
