package org.keycloak.testsuite.util;

import java.io.File;
import java.lang.annotation.Annotation;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import java.util.Map;
import java.util.Properties;
import org.jboss.logging.Logger;
import org.junit.Assume;
import org.junit.rules.ExternalResource;
import org.junit.runner.Description;
import org.junit.runners.model.Statement;
import org.keycloak.testsuite.broker.BrokerTestConstants;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.keycloak.util.ldap.LDAPEmbeddedServer;

/* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule.class */
public class LDAPRule extends ExternalResource {
    private static final Logger log = Logger.getLogger(LDAPRule.class);
    private static final String VAULT_EXPRESSION = "${vault.ldap_bindCredential}";
    public static final String LDAP_CONNECTION_PROPERTIES_LOCATION = "classpath:ldap/ldap-connection.properties";
    private static final String PROPERTY_ENABLE_ACCESS_CONTROL = "enableAccessControl";
    private static final String PROPERTY_ENABLE_ANONYMOUS_ACCESS = "enableAnonymousAccess";
    private static final String PROPERTY_ENABLE_SSL = "enableSSL";
    private static final String PROPERTY_ENABLE_STARTTLS = "enableStartTLS";
    private static final String PROPERTY_KEYSTORE_FILE = "keystoreFile";
    private static final String PRIVATE_KEY = "dependency/keystore/keycloak.jks";
    private static final String PROPERTY_CERTIFICATE_PASSWORD = "certificatePassword";
    LDAPTestConfiguration ldapTestConfiguration;
    private LDAPEmbeddedServer ldapEmbeddedServer;
    private LDAPAssume assume;
    protected Properties defaultProperties = new Properties();

    /* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule$LDAPAssume.class */
    public interface LDAPAssume {
        boolean assumeTrue(LDAPTestConfiguration lDAPTestConfiguration);
    }

    @Target({ElementType.METHOD})
    @Retention(RetentionPolicy.RUNTIME)
    /* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule$LDAPConnectionParameters.class */
    public @interface LDAPConnectionParameters {

        /* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule$LDAPConnectionParameters$BindCredential.class */
        public enum BindCredential {
            SECRET,
            VAULT
        }

        /* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule$LDAPConnectionParameters$BindType.class */
        public enum BindType {
            NONE,
            SIMPLE
        }

        /* loaded from: input_file:org/keycloak/testsuite/util/LDAPRule$LDAPConnectionParameters$Encryption.class */
        public enum Encryption {
            NONE,
            SSL,
            STARTTLS
        }

        BindCredential bindCredential() default BindCredential.SECRET;

        BindType bindType() default BindType.SIMPLE;

        Encryption encryption() default Encryption.SSL;
    }

    public LDAPRule assumeTrue(LDAPAssume lDAPAssume) {
        this.assume = lDAPAssume;
        return this;
    }

    protected void before() throws Throwable {
        this.ldapTestConfiguration = LDAPTestConfiguration.readConfiguration(getConnectionPropertiesLocation());
        Assume.assumeTrue("Assumption in LDAPRule is false. Skiping the test", this.assume == null || this.assume.assumeTrue(this.ldapTestConfiguration));
        if (this.ldapTestConfiguration.isStartEmbeddedLdapServer()) {
            this.ldapEmbeddedServer = createServer();
            this.ldapEmbeddedServer.init();
            this.ldapEmbeddedServer.start();
        }
    }

    public Statement apply(Statement statement, Description description) {
        this.defaultProperties.setProperty("bindCredential", BrokerTestConstants.CLIENT_SECRET);
        this.defaultProperties.setProperty(PROPERTY_ENABLE_ACCESS_CONTROL, MailServerConfiguration.STARTTLS);
        this.defaultProperties.setProperty(PROPERTY_ENABLE_ANONYMOUS_ACCESS, "false");
        this.defaultProperties.setProperty(PROPERTY_ENABLE_SSL, MailServerConfiguration.STARTTLS);
        this.defaultProperties.setProperty(PROPERTY_ENABLE_STARTTLS, "false");
        this.defaultProperties.setProperty("setConfidentialityRequired", "false");
        this.defaultProperties.setProperty("AUTO_UPDATE_LDAP_CONNECTION_URL", "false");
        Annotation annotation = description.getAnnotation(LDAPConnectionParameters.class);
        if (annotation != null) {
            this.defaultProperties.setProperty("AUTO_UPDATE_LDAP_CONNECTION_URL", MailServerConfiguration.STARTTLS);
            switch (r0.bindCredential()) {
                case SECRET:
                    log.debug("Setting bind credential to secret.");
                    this.defaultProperties.setProperty("bindCredential", BrokerTestConstants.CLIENT_SECRET);
                    break;
                case VAULT:
                    log.debug("Setting bind credential to vault.");
                    this.defaultProperties.setProperty("bindCredential", VAULT_EXPRESSION);
                    break;
            }
            switch (r0.bindType()) {
                case NONE:
                    log.debug("Enabling anonymous authentication method on the LDAP server.");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_ANONYMOUS_ACCESS, MailServerConfiguration.STARTTLS);
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_ACCESS_CONTROL, "false");
                    break;
                case SIMPLE:
                    log.debug("Disabling anonymous authentication method on the LDAP server.");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_ANONYMOUS_ACCESS, "false");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_ACCESS_CONTROL, MailServerConfiguration.STARTTLS);
                    break;
            }
            switch (r0.encryption()) {
                case NONE:
                    log.debug("Disabling connection encryption on the LDAP server.");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_SSL, "false");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_STARTTLS, "false");
                    break;
                case SSL:
                    log.debug("Enabling SSL connection encryption on the LDAP server.");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_SSL, MailServerConfiguration.STARTTLS);
                    log.debug("Configuring the LDAP server to accepts only requests with a secured connection.");
                    this.defaultProperties.setProperty("setConfidentialityRequired", MailServerConfiguration.STARTTLS);
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_STARTTLS, "false");
                    break;
                case STARTTLS:
                    log.debug("Enabling StartTLS connection encryption on the LDAP server.");
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_STARTTLS, MailServerConfiguration.STARTTLS);
                    log.debug("Configuring the LDAP server to accepts only requests with a secured connection.");
                    this.defaultProperties.setProperty("setConfidentialityRequired", MailServerConfiguration.STARTTLS);
                    this.defaultProperties.setProperty(PROPERTY_ENABLE_SSL, "false");
                    break;
            }
        }
        return super.apply(statement, description);
    }

    protected void after() {
        try {
            if (this.ldapEmbeddedServer != null) {
                this.ldapEmbeddedServer.stop();
                this.ldapEmbeddedServer = null;
                this.ldapTestConfiguration = null;
            }
        } catch (Exception e) {
            throw new RuntimeException("Error tearDown Embedded LDAP server.", e);
        }
    }

    protected String getConnectionPropertiesLocation() {
        return LDAP_CONNECTION_PROPERTIES_LOCATION;
    }

    protected LDAPEmbeddedServer createServer() {
        this.defaultProperties.setProperty("ldap.dsf", "mem");
        this.defaultProperties.setProperty("ldap.ldif", "classpath:ldap/users.ldif");
        this.defaultProperties.setProperty(PROPERTY_CERTIFICATE_PASSWORD, BrokerTestConstants.CLIENT_SECRET);
        this.defaultProperties.setProperty(PROPERTY_KEYSTORE_FILE, new File(IOUtil.PROJECT_BUILD_DIRECTORY, PRIVATE_KEY).getAbsolutePath());
        return new LDAPEmbeddedServer(this.defaultProperties);
    }

    public Map<String, String> getConfig() {
        Map<String, String> lDAPConfig = this.ldapTestConfiguration.getLDAPConfig();
        String str = lDAPConfig.get("connectionUrl");
        if (str != null && this.defaultProperties.getProperty("AUTO_UPDATE_LDAP_CONNECTION_URL").equals(MailServerConfiguration.STARTTLS)) {
            if (str.startsWith("ldap://") && this.defaultProperties.getProperty(PROPERTY_ENABLE_SSL).equals(MailServerConfiguration.STARTTLS)) {
                String replaceAll = str.replaceAll("ldap://", "ldaps://").replaceAll(String.valueOf(this.ldapEmbeddedServer.getBindPort()), String.valueOf(this.ldapEmbeddedServer.getBindLdapsPort()));
                lDAPConfig.put("connectionUrl", replaceAll);
                log.debugf("Using LDAP over SSL \"%s\" connection URL form over: \"%s\" since SSL connection was requested.", replaceAll, str);
            }
            if (str.startsWith("ldaps://") && !this.defaultProperties.getProperty(PROPERTY_ENABLE_SSL).equals(MailServerConfiguration.STARTTLS)) {
                String replaceAll2 = str.replaceAll("ldaps://", "ldap://").replaceAll(String.valueOf(this.ldapEmbeddedServer.getBindLdapsPort()), String.valueOf(this.ldapEmbeddedServer.getBindPort()));
                lDAPConfig.put("connectionUrl", replaceAll2);
                log.debugf("Using plaintext / startTLS \"%s\" connection URL form over: \"%s\" since plaintext / startTLS connection was requested.", replaceAll2, str);
            }
        }
        String property = this.defaultProperties.getProperty("bindCredential");
        boolean z = -1;
        switch (property.hashCode()) {
            case -1889434044:
                if (property.equals(VAULT_EXPRESSION)) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                lDAPConfig.put("bindCredential", VAULT_EXPRESSION);
                break;
        }
        String property2 = this.defaultProperties.getProperty(PROPERTY_ENABLE_ANONYMOUS_ACCESS);
        boolean z2 = -1;
        switch (property2.hashCode()) {
            case 3569038:
                if (property2.equals(MailServerConfiguration.STARTTLS)) {
                    z2 = false;
                    break;
                }
                break;
        }
        switch (z2) {
            case false:
                lDAPConfig.put("authType", "none");
                break;
            default:
                lDAPConfig.put("authType", "simple");
                break;
        }
        String property3 = this.defaultProperties.getProperty(PROPERTY_ENABLE_STARTTLS);
        boolean z3 = -1;
        switch (property3.hashCode()) {
            case 3569038:
                if (property3.equals(MailServerConfiguration.STARTTLS)) {
                    z3 = false;
                    break;
                }
                break;
        }
        switch (z3) {
            case false:
                lDAPConfig.put("startTls", MailServerConfiguration.STARTTLS);
                lDAPConfig.put("useTruststoreSpi", "always");
                break;
            default:
                lDAPConfig.put("startTls", "false");
                lDAPConfig.put("useTruststoreSpi", "ldapsOnly");
                break;
        }
        String property4 = this.defaultProperties.getProperty("setConfidentialityRequired");
        boolean z4 = -1;
        switch (property4.hashCode()) {
            case 3569038:
                if (property4.equals(MailServerConfiguration.STARTTLS)) {
                    z4 = false;
                    break;
                }
                break;
        }
        switch (z4) {
            case false:
                System.setProperty("PROPERTY_SET_CONFIDENTIALITY_REQUIRED", MailServerConfiguration.STARTTLS);
                break;
            default:
                System.setProperty("PROPERTY_SET_CONFIDENTIALITY_REQUIRED", "false");
                break;
        }
        return lDAPConfig;
    }

    public int getSleepTime() {
        return this.ldapTestConfiguration.getSleepTime();
    }

    public LDAPEmbeddedServer getLdapEmbeddedServer() {
        return this.ldapEmbeddedServer;
    }
}
