package org.keycloak.testsuite.forms;

import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginPasswordUpdatePage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rest.representation.AuthenticatorState;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.ExecutionBuilder;
import org.keycloak.testsuite.util.FlowBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/CustomFlowTest.class */
public class CustomFlowTest extends AbstractFlowTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected ErrorPage errorPage;

    @Page
    protected LoginPasswordUpdatePage updatePasswordPage;

    @Page
    protected RegisterPage registerPage;
    private static String userId;

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        realmRepresentation.getUsers().add(UserBuilder.create().username("login-test").email("login@test.com").enabled(true).build());
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("dummy-client").name("dummy-client").authenticatorType("testsuite-client-passthrough").directAccessGrants().build());
        ClientRepresentation findClientByClientId = RealmRepUtil.findClientByClientId(realmRepresentation, AssertEvents.DEFAULT_CLIENT_ID);
        findClientByClientId.setClientAuthenticatorType("testsuite-client-passthrough");
        findClientByClientId.setDirectAccessGrantsEnabled(true);
    }

    @Before
    public void configureFlows() {
        userId = findUser("login-test").getId();
        AuthenticationFlowRepresentation build = FlowBuilder.create().alias("dummy").description("dummy pass through flow").providerId("basic-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build);
        RealmRepresentation representation = testRealm().toRepresentation();
        representation.setBrowserFlow(build.getAlias());
        representation.setDirectGrantFlow(build.getAlias());
        testRealm().update(representation);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-dummy-passthrough").priority(10).authenticatorFlow(false).build());
        AuthenticationFlowRepresentation build2 = FlowBuilder.create().alias("dummy registration").description("dummy pass through registration").providerId("basic-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build2);
        setRegistrationFlow(build2);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build2.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-dummy-registration").priority(10).authenticatorFlow(false).build());
        AuthenticationFlowRepresentation build3 = FlowBuilder.create().alias("client-dummy").description("dummy pass through flow").providerId("client-flow").topLevel(true).builtIn(false).build();
        testRealm().flows().createFlow(build3);
        RealmRepresentation representation2 = testRealm().toRepresentation();
        representation2.setClientAuthenticationFlow(build3.getAlias());
        testRealm().update(representation2);
        testRealm().flows().addExecution(ExecutionBuilder.create().parentFlow(findFlowByAlias(build3.getAlias()).getId()).requirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString()).authenticator("testsuite-client-passthrough").priority(10).authenticatorFlow(false).build());
    }

    @Test
    public void loginSuccess() {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setUsername("login-test");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        this.oauth.openLoginForm();
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.events.expectLogin().user(userId).detail("username", "login-test").assertEvent();
    }

    @Test
    public void grantTest() throws Exception {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setUsername("login-test");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken(AssertEvents.DEFAULT_CLIENT_ID, "login-test");
    }

    @Test
    public void clientAuthTest() throws Exception {
        AuthenticatorState authenticatorState = new AuthenticatorState();
        authenticatorState.setClientId("dummy-client");
        authenticatorState.setUsername("login-test");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken("dummy-client", "login-test");
        authenticatorState.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        grantAccessToken(AssertEvents.DEFAULT_CLIENT_ID, "login-test");
        authenticatorState.setClientId("unknown");
        this.testingClient.testing().updateAuthenticator(authenticatorState);
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", "test-user", "password");
        Assert.assertEquals(400L, doGrantAccessTokenRequest.getStatusCode());
        Assert.assertEquals("unauthorized_client", doGrantAccessTokenRequest.getError());
        this.events.expectLogin().client((String) null).user((String) null).session((String) null).removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").error("invalid_client_credentials").assertEvent();
    }

    private void grantAccessToken(String str, String str2) throws Exception {
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", str2, "password");
        Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        AccessToken verifyToken = this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        RefreshToken verifyRefreshToken = this.oauth.verifyRefreshToken(doGrantAccessTokenRequest.getRefreshToken());
        this.events.expectLogin().client(str).user(userId).session(verifyToken.getSessionState()).detail("grant_type", "password").detail("token_id", verifyToken.getId()).detail("refresh_token_id", verifyRefreshToken.getId()).detail("username", str2).detail("client_auth_method", "testsuite-client-passthrough").removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").assertEvent();
        Assert.assertEquals(verifyToken.getSessionState(), verifyRefreshToken.getSessionState());
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doGrantAccessTokenRequest.getRefreshToken(), "password");
        AccessToken verifyToken2 = this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken());
        RefreshToken verifyRefreshToken2 = this.oauth.verifyRefreshToken(doRefreshTokenRequest.getRefreshToken());
        Assert.assertEquals(verifyToken.getSessionState(), verifyToken2.getSessionState());
        Assert.assertEquals(verifyToken.getSessionState(), verifyRefreshToken2.getSessionState());
        this.events.expectRefresh(verifyRefreshToken.getId(), verifyRefreshToken.getSessionState()).user(userId).client(str).detail("client_auth_method", "testsuite-client-passthrough").assertEvent();
    }
}
