package org.keycloak.model.test;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.core.MultivaluedMap;
import org.jboss.resteasy.specimpl.MultivaluedMapImpl;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.junit.Assert;
import org.junit.Before;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.authentication.AuthenticationProviderException;
import org.keycloak.authentication.AuthenticationProviderManager;
import org.keycloak.models.AuthenticationLinkModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.PasswordPolicy;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ClientConnection;
import org.keycloak.services.managers.AuthenticationManager;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/model/test/AuthProvidersExternalModelTest.class */
public class AuthProvidersExternalModelTest extends AbstractModelTest {
    private RealmModel realm1;
    private RealmModel realm2;
    private AuthenticationManager am;

    @Override // org.keycloak.model.test.AbstractModelTest
    @Before
    public void before() throws Exception {
        super.before();
        this.realm1 = this.realmManager.createRealm("realm1");
        this.realm1.setBruteForceProtected(false);
        this.realm2 = this.realmManager.createRealm("realm2");
        this.realm2.setBruteForceProtected(false);
        this.realm1.addRequiredCredential("password");
        this.realm2.addRequiredCredential("password");
        this.realm1.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
        this.realm2.setAuthenticationProviders(Arrays.asList(AuthenticationProviderModel.DEFAULT_PROVIDER));
        UserModel addUser = this.realm1.addUser("john");
        addUser.setEnabled(true);
        addUser.setFirstName("John");
        addUser.setLastName("Doe");
        addUser.setEmail("john@email.org");
        UserCredentialModel userCredentialModel = new UserCredentialModel();
        userCredentialModel.setType("password");
        userCredentialModel.setValue("password");
        this.realm1.updateCredential(addUser, userCredentialModel);
        this.am = new AuthenticationManager(this.providerSession);
    }

    @Test
    public void testExternalModelAuthentication() {
        MultivaluedMap<String, String> createFormData = createFormData("john", "password");
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm1, createFormData));
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, this.am.authenticateForm((ClientConnection) null, this.realm2, createFormData));
        Assert.assertNull(this.realm2.getUser("john"));
        setupAuthenticationProviders();
        try {
            ResteasyProviderFactory.pushContext(KeycloakSession.class, this.identitySession);
            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm2, createFormData));
            UserModel user = this.realm2.getUser("john");
            Assert.assertNotNull(user);
            Assert.assertEquals("john", user.getLoginName());
            Assert.assertEquals("John", user.getFirstName());
            Assert.assertEquals("Doe", user.getLastName());
            Assert.assertEquals("john@email.org", user.getEmail());
            AuthenticationLinkModel authenticationLink = this.realm2.getAuthenticationLink(user);
            Assert.assertNotNull(authenticationLink);
            Assert.assertEquals(authenticationLink.getAuthProvider(), "externalModel");
            Assert.assertEquals(authenticationLink.getAuthUserId(), this.realm1.getUser("john").getId());
        } finally {
            ResteasyProviderFactory.clearContextData();
        }
    }

    @Test
    public void testExternalModelPasswordUpdate() {
        setupAuthenticationProviders();
        UserModel addUser = this.realm2.addUser("john");
        addUser.setEnabled(true);
        this.realm2.setAuthenticationLink(addUser, new AuthenticationLinkModel("externalModel", this.realm1.getUser("john").getId()));
        try {
            ResteasyProviderFactory.pushContext(KeycloakSession.class, this.identitySession);
            AuthenticationProviderManager manager = AuthenticationProviderManager.getManager(this.realm2, this.providerSession);
            try {
                Assert.assertTrue(manager.updatePassword(addUser, "password-updated"));
            } catch (AuthenticationProviderException e) {
                e.printStackTrace();
                Assert.fail("Error not expected");
            }
            MultivaluedMap<String, String> createFormData = createFormData("john", "password-updated");
            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm1, createFormData));
            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm2, createFormData));
            setPasswordUpdateForProvider(false, "externalModel", this.realm2);
            try {
                Assert.assertFalse(manager.updatePassword(addUser, "password-updated2"));
            } catch (AuthenticationProviderException e2) {
                e2.printStackTrace();
                Assert.fail("Error not expected");
            }
            MultivaluedMap<String, String> createFormData2 = createFormData("john", "password-updated2");
            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, this.am.authenticateForm((ClientConnection) null, this.realm1, createFormData2));
            Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, this.am.authenticateForm((ClientConnection) null, this.realm2, createFormData2));
            setPasswordUpdateForProvider(true, "externalModel", this.realm2);
            this.realm1.setPasswordPolicy(new PasswordPolicy("length(8)"));
            try {
                manager.updatePassword(addUser, "passw");
                Assert.fail("Update not expected to pass");
            } catch (AuthenticationProviderException e3) {
            }
        } finally {
            ResteasyProviderFactory.clearContextData();
        }
    }

    private void setupAuthenticationProviders() {
        AuthenticationProviderModel authenticationProviderModel = new AuthenticationProviderModel("model", true, Collections.EMPTY_MAP);
        HashMap hashMap = new HashMap();
        hashMap.put("externalRealmId", "realm1");
        this.realm2.setAuthenticationProviders(Arrays.asList(authenticationProviderModel, new AuthenticationProviderModel("externalModel", true, hashMap)));
    }

    public static void setPasswordUpdateForProvider(boolean z, String str, RealmModel realmModel) {
        List authenticationProviders = realmModel.getAuthenticationProviders();
        Iterator it = authenticationProviders.iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            AuthenticationProviderModel authenticationProviderModel = (AuthenticationProviderModel) it.next();
            if (str.equals(authenticationProviderModel.getProviderName())) {
                authenticationProviderModel.setPasswordUpdateSupported(z);
                break;
            }
        }
        realmModel.setAuthenticationProviders(authenticationProviders);
    }

    public static MultivaluedMap<String, String> createFormData(String str, String str2) {
        MultivaluedMapImpl multivaluedMapImpl = new MultivaluedMapImpl();
        multivaluedMapImpl.add("username", str);
        multivaluedMapImpl.add("password", str2);
        return multivaluedMapImpl;
    }
}
