package org.keycloak.testsuite.account.custom;

import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.AuthenticatorConfigRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.testsuite.admin.Users;
import org.keycloak.testsuite.auth.page.login.OneTimeCode;
import org.keycloak.testsuite.util.URLAssert;

/* loaded from: input_file:org/keycloak/testsuite/account/custom/CustomAuthFlowOTPTest.class */
public class CustomAuthFlowOTPTest extends AbstractCustomAccountManagementTest {
    private final TimeBasedOTP totp = new TimeBasedOTP();

    @Page
    private OneTimeCode testLoginOneTimeCodePage;

    @Override // org.keycloak.testsuite.account.custom.AbstractCustomAccountManagementTest, org.keycloak.testsuite.account.custom.AbstractAccountManagementTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.testLoginOneTimeCodePage.setAuthRealm(this.testRealmPage);
    }

    @Override // org.keycloak.testsuite.account.custom.AbstractCustomAccountManagementTest
    @Before
    public void beforeTest() {
        super.beforeTest();
        ArrayList arrayList = new ArrayList();
        arrayList.add(UserModel.RequiredAction.CONFIGURE_TOTP.name());
        this.testUser.setRequiredActions(arrayList);
        testRealmResource().users().get(this.testUser.getId()).update(this.testUser);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        this.testRealmLoginPage.form().totpForm().setTotp(this.totp.generateTOTP(this.testRealmLoginPage.form().totpForm().getTotpSecret()));
        this.testRealmLoginPage.form().totpForm().submit();
        this.testRealmAccountManagementPage.signOut();
        this.testUser = testRealmResource().users().get(this.testUser.getId()).toRepresentation();
        Users.setPasswordFor(this.testUser, "password");
        Assert.assertTrue(this.testUser.getRequiredActions().isEmpty());
    }

    @Test
    public void requireOTPTest() {
        updateRequirement("browser", "auth-otp-form", AuthenticationExecutionModel.Requirement.REQUIRED);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    @Test
    public void conditionalOTPNoDefault() {
        setConditionalOTPForm(new HashMap());
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    @Test
    public void conditionalOTPDefaultSkip() {
        HashMap hashMap = new HashMap();
        hashMap.put("defaultOtpOutcome", "skip");
        setConditionalOTPForm(hashMap);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        URLAssert.assertCurrentUrlStartsWith(this.testRealmAccountManagementPage);
    }

    @Test
    public void conditionalOTPDefaultForce() {
        HashMap hashMap = new HashMap();
        hashMap.put("defaultOtpOutcome", "force");
        setConditionalOTPForm(hashMap);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    @Test
    public void conditionalOTPUserAttributeSkip() {
        HashMap hashMap = new HashMap();
        hashMap.put("otpControlAttribute", "userSkipAttribute");
        hashMap.put("defaultOtpOutcome", "force");
        setConditionalOTPForm(hashMap);
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        arrayList.add("skip");
        hashMap2.put("userSkipAttribute", arrayList);
        this.testUser.setAttributes(hashMap2);
        testRealmResource().users().get(this.testUser.getId()).update(this.testUser);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        URLAssert.assertCurrentUrlStartsWith(this.testRealmAccountManagementPage);
    }

    @Test
    public void conditionalOTPUserAttributeForce() {
        HashMap hashMap = new HashMap();
        hashMap.put("otpControlAttribute", "userSkipAttribute");
        hashMap.put("defaultOtpOutcome", "skip");
        setConditionalOTPForm(hashMap);
        HashMap hashMap2 = new HashMap();
        ArrayList arrayList = new ArrayList();
        arrayList.add("force");
        hashMap2.put("userSkipAttribute", arrayList);
        this.testUser.setAttributes(hashMap2);
        testRealmResource().users().get(this.testUser.getId()).update(this.testUser);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    @Test
    public void conditionalOTPRoleSkip() {
        HashMap hashMap = new HashMap();
        hashMap.put("skipOtpRole", "otp_role");
        hashMap.put("defaultOtpOutcome", "force");
        setConditionalOTPForm(hashMap);
        testRealmResource().roles().create(new RoleRepresentation("otp_role", "", false));
        RoleRepresentation representation = testRealmResource().roles().get("otp_role").toRepresentation();
        ArrayList arrayList = new ArrayList();
        arrayList.add(representation);
        testRealmResource().users().get(this.testUser.getId()).roles().realmLevel().add(arrayList);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        URLAssert.assertCurrentUrlStartsWith(this.testRealmAccountManagementPage);
    }

    @Test
    public void conditionalOTPRoleForce() {
        HashMap hashMap = new HashMap();
        hashMap.put("forceOtpRole", "otp_role");
        hashMap.put("defaultOtpOutcome", "skip");
        setConditionalOTPForm(hashMap);
        testRealmResource().roles().create(new RoleRepresentation("otp_role", "", false));
        RoleRepresentation representation = testRealmResource().roles().get("otp_role").toRepresentation();
        ArrayList arrayList = new ArrayList();
        arrayList.add(representation);
        testRealmResource().users().get(this.testUser.getId()).roles().realmLevel().add(arrayList);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    @Test
    public void conditionalOTPRequestHeaderSkip() {
        HashMap hashMap = new HashMap();
        hashMap.put("noOtpRequiredForHeaderPattern", "Host: localhost:" + System.getProperty("auth.server.http.port", "8180"));
        hashMap.put("defaultOtpOutcome", "force");
        setConditionalOTPForm(hashMap);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        URLAssert.assertCurrentUrlStartsWith(this.testRealmAccountManagementPage);
    }

    @Test
    public void conditionalOTPRequestHeaderForce() {
        HashMap hashMap = new HashMap();
        hashMap.put("forceOtpForHeaderPattern", "Host: localhost:" + System.getProperty("auth.server.http.port", "8180"));
        hashMap.put("defaultOtpOutcome", "skip");
        setConditionalOTPForm(hashMap);
        this.testRealmAccountManagementPage.navigateTo();
        this.testRealmLoginPage.form().login(this.testUser);
        this.testRealmLoginPage.form().totpForm().waitForTotpInputFieldPresent();
        URLAssert.assertCurrentUrlStartsWith(this.testLoginOneTimeCodePage);
    }

    private void setConditionalOTPForm(Map<String, String> map) {
        AuthenticationFlowRepresentation authenticationFlowRepresentation = new AuthenticationFlowRepresentation();
        authenticationFlowRepresentation.setAlias("ConditionalOTPFlow");
        authenticationFlowRepresentation.setDescription("");
        authenticationFlowRepresentation.setProviderId("basic-flow");
        authenticationFlowRepresentation.setTopLevel(true);
        authenticationFlowRepresentation.setBuiltIn(false);
        Response createFlow = getAuthMgmtResource().createFlow(authenticationFlowRepresentation);
        Assert.assertEquals("ConditionalOTPFlow create success", 201L, createFlow.getStatus());
        createFlow.close();
        HashMap hashMap = new HashMap();
        hashMap.put("provider", "auth-username-password-form");
        getAuthMgmtResource().addExecution("ConditionalOTPFlow", hashMap);
        updateRequirement("ConditionalOTPFlow", "auth-username-password-form", AuthenticationExecutionModel.Requirement.REQUIRED);
        hashMap.clear();
        hashMap.put("provider", "auth-conditional-otp-form");
        getAuthMgmtResource().addExecution("ConditionalOTPFlow", hashMap);
        updateRequirement("ConditionalOTPFlow", "auth-conditional-otp-form", AuthenticationExecutionModel.Requirement.REQUIRED);
        RealmRepresentation representation = testRealmResource().toRepresentation();
        representation.setBrowserFlow("ConditionalOTPFlow");
        testRealmResource().update(representation);
        String id = getExecution("ConditionalOTPFlow", "auth-conditional-otp-form").getId();
        AuthenticatorConfigRepresentation authenticatorConfigRepresentation = new AuthenticatorConfigRepresentation();
        authenticatorConfigRepresentation.setAlias("Config alias");
        authenticatorConfigRepresentation.setConfig(map);
        Response newExecutionConfig = getAuthMgmtResource().newExecutionConfig(id, authenticatorConfigRepresentation);
        Assert.assertEquals("new execution success", 201L, newExecutionConfig.getStatus());
        newExecutionConfig.close();
    }
}
