package org.keycloak.testsuite.sssd;

import java.io.InputStream;
import java.util.Arrays;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.Response;
import org.apache.commons.configuration.ConfigurationException;
import org.apache.commons.configuration.PropertiesConfiguration;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.logging.Logger;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;

/* loaded from: input_file:org/keycloak/testsuite/sssd/SSSDTest.class */
public class SSSDTest extends AbstractKeycloakTest {
    private static final Logger log = Logger.getLogger(SSSDTest.class);
    private static final String DISPLAY_NAME = "Test user federation";
    private static final String PROVIDER_NAME = "sssd";
    private static final String REALM_NAME = "test";
    private static final String sssdConfigPath = "sssd/sssd.properties";
    private static final String DISABLED_USER = "disabled";
    private static final String NO_EMAIL_USER = "noemail";
    private static final String ADMIN_USER = "admin";
    private static PropertiesConfiguration sssdConfig;

    @Page
    protected LoginPage accountLoginPage;

    @Page
    protected AccountPasswordPage changePasswordPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Rule
    public AssertEvents events = new AssertEvents(this);
    private String SSSDFederationID;

    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm(REALM_NAME);
        realmRepresentation.setEnabled(true);
        list.add(realmRepresentation);
    }

    @BeforeClass
    public static void loadSSSDConfiguration() throws ConfigurationException {
        log.info("Reading SSSD configuration from classpath from: sssd/sssd.properties");
        InputStream resourceAsStream = SSSDTest.class.getClassLoader().getResourceAsStream(sssdConfigPath);
        sssdConfig = new PropertiesConfiguration();
        sssdConfig.load(resourceAsStream);
        sssdConfig.setListDelimiter(',');
    }

    @Before
    public void createUserFederation() {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.setName(DISPLAY_NAME);
        componentRepresentation.getConfig().putSingle("priority", "0");
        componentRepresentation.setProviderType(UserStorageProvider.class.getName());
        componentRepresentation.setProviderId(PROVIDER_NAME);
        Response add = this.adminClient.realm(REALM_NAME).components().add(componentRepresentation);
        this.SSSDFederationID = ApiUtil.getCreatedId(add);
        add.close();
    }

    @Test
    public void testInvalidPassword() {
        String username = getUsername();
        log.debug("Testing invalid password for user " + username);
        this.profilePage.open();
        Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
        this.accountLoginPage.login(username, "invalid-password");
        Assert.assertEquals("Invalid username or password.", this.accountLoginPage.getError());
    }

    @Test
    public void testDisabledUser() {
        String user = getUser(DISABLED_USER);
        Assume.assumeTrue("Ignoring test no disabled user configured", user != null);
        log.debug("Testing disabled user " + user);
        this.profilePage.open();
        Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
        this.accountLoginPage.login(user, getPassword(user));
        Assert.assertEquals("Invalid username or password.", this.accountLoginPage.getError());
    }

    @Test
    public void testAdmin() {
        String user = getUser(ADMIN_USER);
        Assume.assumeTrue("Ignoring test no admin user configured", user != null);
        log.debug("Testing password for user " + user);
        this.profilePage.open();
        Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
        this.accountLoginPage.login(user, getPassword(user));
        Assert.assertTrue(this.profilePage.isCurrent());
    }

    @Test
    public void testExistingUserLogIn() {
        log.debug("Testing correct password");
        for (String str : getUsernames()) {
            this.profilePage.open();
            Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
            this.accountLoginPage.login(str, getPassword(str));
            Assert.assertTrue(this.profilePage.isCurrent());
            verifyUserGroups(str, getGroups(str));
            this.profilePage.logout();
        }
    }

    @Test
    public void testExistingUserWithNoEmailLogIn() {
        log.debug("Testing correct password, but no e-mail provided");
        String user = getUser(NO_EMAIL_USER);
        this.profilePage.open();
        Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
        this.accountLoginPage.login(user, getPassword(user));
        Assert.assertTrue(this.profilePage.isCurrent());
    }

    @Test
    public void testDeleteSSSDFederationProvider() {
        log.debug("Testing correct password");
        this.profilePage.open();
        String username = getUsername();
        Assert.assertEquals("Browser should be on login page now", "Log in to test", this.driver.getTitle());
        this.accountLoginPage.login(username, getPassword(username));
        Assert.assertTrue(this.profilePage.isCurrent());
        verifyUserGroups(username, getGroups(username));
        int size = this.adminClient.realm(REALM_NAME).components().query().size();
        this.adminClient.realm(REALM_NAME).components().component(this.SSSDFederationID).remove();
        Assert.assertEquals(size - 1, this.adminClient.realm(REALM_NAME).components().query().size());
    }

    @Test
    public void changeReadOnlyProfile() throws Exception {
        String username = getUsername();
        this.profilePage.open();
        this.accountLoginPage.login(username, getPassword(username));
        Assert.assertEquals(username, this.profilePage.getUsername());
        Assert.assertEquals(sssdConfig.getProperty("user." + username + ".firstname"), this.profilePage.getFirstName());
        Assert.assertEquals(sssdConfig.getProperty("user." + username + ".lastname"), this.profilePage.getLastName());
        Assert.assertEquals(sssdConfig.getProperty("user." + username + ".mail"), this.profilePage.getEmail());
        this.profilePage.updateProfile("New first", "New last", "new@email.com");
        Assert.assertEquals("You can't update your account as it is read-only.", this.profilePage.getError());
    }

    @Test
    public void changeReadOnlyPassword() {
        String username = getUsername();
        this.changePasswordPage.open();
        this.accountLoginPage.login(username, getPassword(username));
        this.changePasswordPage.changePassword(getPassword(username), "new-password", "new-password");
        Assert.assertEquals("You can't update your password as your account is read only.", this.profilePage.getError());
    }

    private void verifyUserGroups(String str, List<String> list) {
        List search = this.adminClient.realm(REALM_NAME).users().search(str, 0, 1);
        Assert.assertTrue("There must be at least one user", search.size() > 0);
        Assert.assertEquals("Exactly our test user", str, ((UserRepresentation) search.get(0)).getUsername());
        List groups = this.adminClient.realm(REALM_NAME).users().get(((UserRepresentation) search.get(0)).getId()).groups();
        Assert.assertEquals("User must have exactly " + list.size() + " groups", list.size(), groups.size());
        Iterator it = groups.iterator();
        while (it.hasNext()) {
            Assert.assertTrue(list.contains(((GroupRepresentation) it.next()).getName()));
        }
    }

    private String getUsername() {
        return sssdConfig.getStringArray("usernames")[0];
    }

    private String getUser(String str) {
        return sssdConfig.getString("user." + str);
    }

    private List<String> getUsernames() {
        return Arrays.asList(sssdConfig.getStringArray("usernames"));
    }

    private String getPassword(String str) {
        return sssdConfig.getString("user." + str + ".password");
    }

    private List<String> getGroups(String str) {
        return Arrays.asList(sssdConfig.getStringArray("user." + str + ".groups"));
    }
}
