package org.keycloak.testsuite.admin;

import java.util.HashMap;
import java.util.LinkedList;
import java.util.List;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserFederationProvidersResource;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.ConfigPropertyRepresentation;
import org.keycloak.representations.idm.UserFederationProviderFactoryRepresentation;
import org.keycloak.representations.idm.UserFederationProviderRepresentation;
import org.keycloak.representations.idm.UserFederationSyncResultRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.UserFederationProviderBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/UserFederationTest.class */
public class UserFederationTest extends AbstractAdminTest {
    @Test
    public void testProviderFactories() {
        Assert.assertNames(userFederation().getProviderFactories(), "ldap", "kerberos", "dummy", "dummy-configurable");
        Assert.assertEquals(userFederation().getProviderFactory("ldap").getId(), "ldap");
        Assert.assertEquals(0L, r0.getOptions().size());
        UserFederationProviderFactoryRepresentation providerFactory = userFederation().getProviderFactory("dummy");
        Assert.assertEquals(providerFactory.getId(), "dummy");
        Assert.assertNames(new LinkedList(providerFactory.getOptions()), "important.config");
        UserFederationProviderFactoryRepresentation providerFactory2 = userFederation().getProviderFactory("dummy-configurable");
        Assert.assertEquals(providerFactory2.getId(), "dummy-configurable");
        Assert.assertTrue(providerFactory2.getOptions() == null || providerFactory2.getOptions().isEmpty());
        Assert.assertEquals("Dummy User Federation Provider Help Text", providerFactory2.getHelpText());
        Assert.assertEquals(2L, providerFactory2.getProperties().size());
        Assert.assertProviderConfigProperty((ConfigPropertyRepresentation) providerFactory2.getProperties().get(0), "prop1", "Prop1", "prop1Default", "Prop1 HelpText", "String");
        Assert.assertProviderConfigProperty((ConfigPropertyRepresentation) providerFactory2.getProperties().get(1), "prop2", "Prop2", "true", "Prop2 HelpText", "boolean");
        try {
            userFederation().getProviderFactory("not-existent");
            Assert.fail("Not expected to find not-existent provider");
        } catch (NotFoundException e) {
        }
    }

    private UserFederationProvidersResource userFederation() {
        return this.realm.userFederation();
    }

    @Test
    public void testCreateProvider() {
        String createUserFederationProvider = createUserFederationProvider(UserFederationProviderBuilder.create().providerName("dummy").displayName("").priority(2).fullSyncPeriod(1000).changedSyncPeriod(500).lastSync(123).build());
        String createUserFederationProvider2 = createUserFederationProvider(UserFederationProviderBuilder.create().providerName("dummy").displayName("dn1").priority(1).configProperty("prop1", "prop1Val").configProperty("prop2", "true").build());
        assertFederationProvider(userFederation().get(createUserFederationProvider).toRepresentation(), createUserFederationProvider, createUserFederationProvider, "dummy", 2, 1000, 500, 123, new String[0]);
        assertFederationProvider(userFederation().get(createUserFederationProvider2).toRepresentation(), createUserFederationProvider2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
        List providerInstances = userFederation().getProviderInstances();
        Assert.assertEquals(providerInstances.size(), 2L);
        assertFederationProvider((UserFederationProviderRepresentation) providerInstances.get(0), createUserFederationProvider2, "dn1", "dummy", 1, -1, -1, -1, "prop1", "prop1Val", "prop2", "true");
        assertFederationProvider((UserFederationProviderRepresentation) providerInstances.get(1), createUserFederationProvider, createUserFederationProvider, "dummy", 2, 1000, 500, 123, new String[0]);
        removeUserFederationProvider(createUserFederationProvider);
        removeUserFederationProvider(createUserFederationProvider2);
    }

    @Test
    public void testValidateAndCreateLdapProvider() {
        UserFederationProviderRepresentation build = UserFederationProviderBuilder.create().displayName("ldap1").providerName("ldap").priority(1).configProperty("customUserSearchFilter", "dc=something").build();
        Response create = userFederation().create(build);
        Assert.assertEquals(400L, create.getStatus());
        create.close();
        build.getConfig().put("customUserSearchFilter", "(dc=something");
        Response create2 = userFederation().create(build);
        Assert.assertEquals(400L, create2.getStatus());
        create2.close();
        build.getConfig().put("customUserSearchFilter", "dc=something)");
        Response create3 = userFederation().create(build);
        Assert.assertEquals(400L, create3.getStatus());
        create3.close();
        Assert.assertTrue(userFederation().getProviderInstances().isEmpty());
        this.assertAdminEvents.assertEmpty();
        build.getConfig().put("customUserSearchFilter", "(dc=something)");
        String createUserFederationProvider = createUserFederationProvider(build);
        String createUserFederationProvider2 = createUserFederationProvider(UserFederationProviderBuilder.create().displayName("ldap2").providerName("ldap").priority(2).configProperty("bindDn", "cn=manager").configProperty("bindCredential", "password").build());
        List providerInstances = userFederation().getProviderInstances();
        Assert.assertEquals(providerInstances.size(), 2L);
        assertFederationProvider((UserFederationProviderRepresentation) providerInstances.get(0), createUserFederationProvider, "ldap1", "ldap", 1, -1, -1, -1, "customUserSearchFilter", "(dc=something)");
        assertFederationProvider((UserFederationProviderRepresentation) providerInstances.get(1), createUserFederationProvider2, "ldap2", "ldap", 2, -1, -1, -1, "bindDn", "cn=manager", "bindCredential", "password");
        removeUserFederationProvider(createUserFederationProvider);
        removeUserFederationProvider(createUserFederationProvider2);
    }

    @Test
    public void testUpdateProvider() {
        String createUserFederationProvider = createUserFederationProvider(UserFederationProviderBuilder.create().providerName("ldap").priority(2).configProperty("bindDn", "cn=manager").configProperty("bindCredential", "password").build());
        assertFederationProvider(userFederation().get(createUserFederationProvider).toRepresentation(), createUserFederationProvider, createUserFederationProvider, "ldap", 2, -1, -1, -1, "bindDn", "cn=manager", "bindCredential", "password");
        UserFederationProviderRepresentation representation = userFederation().get(createUserFederationProvider).toRepresentation();
        representation.setDisplayName("");
        representation.getConfig().put("customUserSearchFilter", "(dc=something2");
        representation.getConfig().put("bindDn", "cn=manager-updated");
        try {
            userFederation().get(createUserFederationProvider).update(representation);
            Assert.fail("Not expected to successfull update");
        } catch (BadRequestException e) {
        }
        assertFederationProvider(userFederation().get(createUserFederationProvider).toRepresentation(), createUserFederationProvider, createUserFederationProvider, "ldap", 2, -1, -1, -1, "bindDn", "cn=manager", "bindCredential", "password");
        representation.getConfig().put("customUserSearchFilter", "(dc=something2)");
        userFederation().get(createUserFederationProvider).update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(createUserFederationProvider), representation, ResourceType.USER_FEDERATION_PROVIDER);
        UserFederationProviderRepresentation representation2 = userFederation().get(createUserFederationProvider).toRepresentation();
        assertFederationProvider(representation2, createUserFederationProvider, createUserFederationProvider, "ldap", 2, -1, -1, -1, "bindDn", "cn=manager-updated", "bindCredential", "password", "customUserSearchFilter", "(dc=something2)");
        representation2.setDisplayName("ldap2");
        userFederation().get(createUserFederationProvider).update(representation2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(createUserFederationProvider), representation2, ResourceType.USER_FEDERATION_PROVIDER);
        assertFederationProvider(userFederation().get(createUserFederationProvider).toRepresentation(), createUserFederationProvider, "ldap2", "ldap", 2, -1, -1, -1, "bindDn", "cn=manager-updated", "bindCredential", "password", "customUserSearchFilter", "(dc=something2)");
        removeUserFederationProvider(createUserFederationProvider);
    }

    @Test
    public void testKerberosAuthenticatorEnabledAutomatically() {
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.DISABLED.toString());
        String createUserFederationProvider = createUserFederationProvider(UserFederationProviderBuilder.create().displayName("ldap2").providerName("ldap").priority(2).configProperty("allowKerberosAuthentication", "true").build());
        AuthenticationExecutionInfoRepresentation findKerberosExecution = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        findKerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution, ResourceType.AUTH_EXECUTION);
        UserFederationProviderRepresentation representation = userFederation().get(createUserFederationProvider).toRepresentation();
        userFederation().get(createUserFederationProvider).update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(createUserFederationProvider), representation, ResourceType.USER_FEDERATION_PROVIDER);
        AuthenticationExecutionInfoRepresentation findKerberosExecution2 = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution2.getRequirement(), AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        findKerberosExecution2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution2, ResourceType.AUTH_EXECUTION);
        removeUserFederationProvider(createUserFederationProvider);
    }

    @Test
    public void testKerberosAuthenticatorChangedOnlyIfDisabled() {
        AuthenticationExecutionInfoRepresentation findKerberosExecution = findKerberosExecution();
        findKerberosExecution.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution, ResourceType.AUTH_EXECUTION);
        String createUserFederationProvider = createUserFederationProvider(UserFederationProviderBuilder.create().displayName("ldap2").providerName("ldap").priority(2).configProperty("allowKerberosAuthentication", "true").build());
        Assert.assertEquals(findKerberosExecution().getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        UserFederationProviderRepresentation representation = userFederation().get(createUserFederationProvider).toRepresentation();
        userFederation().get(createUserFederationProvider).update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.userFederationResourcePath(createUserFederationProvider), representation, ResourceType.USER_FEDERATION_PROVIDER);
        AuthenticationExecutionInfoRepresentation findKerberosExecution2 = findKerberosExecution();
        Assert.assertEquals(findKerberosExecution2.getRequirement(), AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        findKerberosExecution2.setRequirement(AuthenticationExecutionModel.Requirement.DISABLED.toString());
        this.realm.flows().updateExecutions("browser", findKerberosExecution2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.authUpdateExecutionPath("browser"), findKerberosExecution2, ResourceType.AUTH_EXECUTION);
        removeUserFederationProvider(createUserFederationProvider);
    }

    @Test(expected = NotFoundException.class)
    public void testLookupNotExistentProvider() {
        userFederation().get("not-existent").toRepresentation();
    }

    @Test
    public void testSyncFederationProvider() {
        String createUserFederationProvider = createUserFederationProvider(UserFederationProviderBuilder.create().providerName("dummy").build());
        try {
            userFederation().get(createUserFederationProvider).syncUsers("unknown");
            Assert.fail("Not expected to sync with unknown action");
        } catch (NotFoundException e) {
        }
        Assert.assertEquals(-1L, userFederation().get(createUserFederationProvider).toRepresentation().getLastSync());
        Assert.assertEquals("0 imported users, 0 updated users", userFederation().get(createUserFederationProvider).syncUsers("triggerFullSync").getStatus());
        HashMap hashMap = new HashMap();
        hashMap.put("action", "triggerFullSync");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(createUserFederationProvider) + "/sync", hashMap, ResourceType.USER_FEDERATION_PROVIDER);
        int lastSync = userFederation().get(createUserFederationProvider).toRepresentation().getLastSync();
        Assert.assertTrue(lastSync > 0);
        setTimeOffset(50);
        UserFederationSyncResultRepresentation syncUsers = userFederation().get(createUserFederationProvider).syncUsers("triggerChangedUsersSync");
        hashMap.put("action", "triggerChangedUsersSync");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.userFederationResourcePath(createUserFederationProvider) + "/sync", hashMap, ResourceType.USER_FEDERATION_PROVIDER);
        Assert.assertEquals("0 imported users, 0 updated users", syncUsers.getStatus());
        Assert.assertTrue(lastSync + 50 <= userFederation().get(createUserFederationProvider).toRepresentation().getLastSync());
        resetTimeOffset();
        removeUserFederationProvider(createUserFederationProvider);
    }

    private String createUserFederationProvider(UserFederationProviderRepresentation userFederationProviderRepresentation) {
        Response create = userFederation().create(userFederationProviderRepresentation);
        Assert.assertEquals(201L, create.getStatus());
        create.close();
        String createdId = ApiUtil.getCreatedId(create);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userFederationResourcePath(createdId), userFederationProviderRepresentation, ResourceType.USER_FEDERATION_PROVIDER);
        return createdId;
    }

    private void removeUserFederationProvider(String str) {
        userFederation().get(str).remove();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.userFederationResourcePath(str), ResourceType.USER_FEDERATION_PROVIDER);
    }

    private void assertFederationProvider(UserFederationProviderRepresentation userFederationProviderRepresentation, String str, String str2, String str3, int i, int i2, int i3, int i4, String... strArr) {
        Assert.assertEquals(str, userFederationProviderRepresentation.getId());
        Assert.assertEquals(str2, userFederationProviderRepresentation.getDisplayName());
        Assert.assertEquals(str3, userFederationProviderRepresentation.getProviderName());
        Assert.assertEquals(i, userFederationProviderRepresentation.getPriority());
        Assert.assertEquals(i2, userFederationProviderRepresentation.getFullSyncPeriod());
        Assert.assertEquals(i3, userFederationProviderRepresentation.getChangedSyncPeriod());
        Assert.assertEquals(i4, userFederationProviderRepresentation.getLastSync());
        Assert.assertMap(userFederationProviderRepresentation.getConfig(), strArr);
    }

    private AuthenticationExecutionInfoRepresentation findKerberosExecution() {
        AuthenticationExecutionInfoRepresentation findExecutionByProvider = AbstractAuthenticationTest.findExecutionByProvider("auth-spnego", this.realm.flows().getExecutions("browser"));
        Assert.assertNotNull(findExecutionByProvider);
        return findExecutionByProvider;
    }
}
