package org.keycloak.testsuite.forms;

import java.net.MalformedURLException;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.models.utils.TimeBasedOTP;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.LoginTotpPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.util.GreenMailRule;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/forms/BruteForceTest.class */
public class BruteForceTest extends TestRealmKeycloakTest {

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    private RegisterPage registerPage;

    @Page
    protected LoginTotpPage loginTotpPage;
    private int lifespan;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Rule
    public GreenMailRule greenMail = new GreenMailRule();
    private TimeBasedOTP totp = new TimeBasedOTP();

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation findUser = RealmRepUtil.findUser(realmRepresentation, AssertEvents.DEFAULT_USERNAME);
        CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
        credentialRepresentation.setType("totp");
        credentialRepresentation.setValue("totpSecret");
        findUser.getCredentials().add(credentialRepresentation);
        findUser.setTotp(Boolean.TRUE);
        realmRepresentation.setBruteForceProtected(true);
        realmRepresentation.setFailureFactor(2);
        RealmRepUtil.findClientByClientId(realmRepresentation, AssertEvents.DEFAULT_CLIENT_ID).setDirectAccessGrantsEnabled(true);
        realmRepresentation.getUsers().add(UserBuilder.create().username("user2").email("user2@localhost").password("password").build());
    }

    @Before
    public void config() {
    }

    @Before
    public void before() throws MalformedURLException {
        this.totp = new TimeBasedOTP();
    }

    public String getAdminToken() throws Exception {
        return this.oauth.doGrantAccessTokenRequest("master", "admin", "admin", (String) null, "admin-cli", (String) null).getAccessToken();
    }

    public OAuthClient.AccessTokenResponse getTestToken(String str, String str2) throws Exception {
        return this.oauth.doGrantAccessTokenRequest("test", AssertEvents.DEFAULT_USERNAME, str, str2, this.oauth.getClientId(), "password");
    }

    protected void clearUserFailures() throws Exception {
        this.adminClient.realm("test").attackDetection().clearBruteForceForUser(findUser(AssertEvents.DEFAULT_USERNAME).getId());
    }

    protected void clearAllUserFailures() throws Exception {
        this.adminClient.realm("test").attackDetection().clearAllBruteForce();
    }

    @Test
    public void testGrantInvalidPassword() throws Exception {
        OAuthClient.AccessTokenResponse testToken = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken.getAccessToken());
        Assert.assertNull(testToken.getError());
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken2 = getTestToken("invalid", this.totp.generateTOTP("totpSecret"));
        Assert.assertNull(testToken2.getAccessToken());
        Assert.assertEquals(testToken2.getError(), "invalid_grant");
        Assert.assertEquals(testToken2.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken3 = getTestToken("invalid", this.totp.generateTOTP("totpSecret"));
        Assert.assertNull(testToken3.getAccessToken());
        Assert.assertEquals(testToken3.getError(), "invalid_grant");
        Assert.assertEquals(testToken3.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken4 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNull(testToken4.getAccessToken());
        Assert.assertNotNull(testToken4.getError());
        Assert.assertEquals("invalid_grant", testToken4.getError());
        Assert.assertEquals("Account temporarily disabled", testToken4.getErrorDescription());
        this.events.clear();
        clearUserFailures();
        OAuthClient.AccessTokenResponse testToken5 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken5.getAccessToken());
        Assert.assertNull(testToken5.getError());
        this.events.clear();
    }

    @Test
    public void testGrantInvalidOtp() throws Exception {
        OAuthClient.AccessTokenResponse testToken = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken.getAccessToken());
        Assert.assertNull(testToken.getError());
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken2 = getTestToken("password", "shite");
        Assert.assertNull(testToken2.getAccessToken());
        Assert.assertEquals(testToken2.getError(), "invalid_grant");
        Assert.assertEquals(testToken2.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken3 = getTestToken("password", "shite");
        Assert.assertNull(testToken3.getAccessToken());
        Assert.assertEquals(testToken3.getError(), "invalid_grant");
        Assert.assertEquals(testToken3.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken4 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNull(testToken4.getAccessToken());
        Assert.assertNotNull(testToken4.getError());
        Assert.assertEquals(testToken4.getError(), "invalid_grant");
        Assert.assertEquals(testToken4.getErrorDescription(), "Account temporarily disabled");
        this.events.clear();
        clearUserFailures();
        OAuthClient.AccessTokenResponse testToken5 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken5.getAccessToken());
        Assert.assertNull(testToken5.getError());
        this.events.clear();
    }

    @Test
    public void testGrantMissingOtp() throws Exception {
        OAuthClient.AccessTokenResponse testToken = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken.getAccessToken());
        Assert.assertNull(testToken.getError());
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken2 = getTestToken("password", null);
        Assert.assertNull(testToken2.getAccessToken());
        Assert.assertEquals(testToken2.getError(), "invalid_grant");
        Assert.assertEquals(testToken2.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken3 = getTestToken("password", null);
        Assert.assertNull(testToken3.getAccessToken());
        Assert.assertEquals(testToken3.getError(), "invalid_grant");
        Assert.assertEquals(testToken3.getErrorDescription(), "Invalid user credentials");
        this.events.clear();
        OAuthClient.AccessTokenResponse testToken4 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNull(testToken4.getAccessToken());
        Assert.assertNotNull(testToken4.getError());
        Assert.assertEquals(testToken4.getError(), "invalid_grant");
        Assert.assertEquals(testToken4.getErrorDescription(), "Account temporarily disabled");
        this.events.clear();
        clearUserFailures();
        OAuthClient.AccessTokenResponse testToken5 = getTestToken("password", this.totp.generateTOTP("totpSecret"));
        Assert.assertNotNull(testToken5.getAccessToken());
        Assert.assertNull(testToken5.getError());
        this.events.clear();
    }

    @Test
    public void testBrowserInvalidPassword() throws Exception {
        loginSuccess();
        loginInvalidPassword();
        loginInvalidPassword();
        expectTemporarilyDisabled();
        clearUserFailures();
        loginSuccess();
        loginInvalidPassword();
        loginInvalidPassword();
        expectTemporarilyDisabled();
        clearAllUserFailures();
        loginSuccess();
    }

    @Test
    public void testBrowserInvalidPasswordDifferentCase() throws Exception {
        loginSuccess(AssertEvents.DEFAULT_USERNAME);
        loginInvalidPassword("test-User@localhost");
        loginInvalidPassword("Test-user@localhost");
        expectTemporarilyDisabled();
        clearAllUserFailures();
    }

    @Test
    public void testEmail() throws Exception {
        String id = ((UserRepresentation) this.adminClient.realm("test").users().search("user2", (String) null, (String) null, (String) null, 0, 1).get(0)).getId();
        loginSuccess("user2@localhost");
        loginInvalidPassword("user2@localhost");
        loginInvalidPassword("user2@localhost");
        expectTemporarilyDisabled("user2@localhost", id);
        clearAllUserFailures();
    }

    @Test
    public void testBrowserMissingPassword() throws Exception {
        loginSuccess();
        loginMissingPassword();
        loginMissingPassword();
        expectTemporarilyDisabled();
        clearUserFailures();
        loginSuccess();
    }

    @Test
    public void testBrowserInvalidTotp() throws Exception {
        loginSuccess();
        loginWithTotpFailure();
        loginWithTotpFailure();
        expectTemporarilyDisabled();
        clearUserFailures();
        loginSuccess();
    }

    @Test
    public void testBrowserMissingTotp() throws Exception {
        loginSuccess();
        loginWithMissingTotp();
        loginWithMissingTotp();
        expectTemporarilyDisabled();
        clearUserFailures();
        loginSuccess();
    }

    @Test
    public void testNonExistingAccounts() throws Exception {
        loginInvalidPassword("non-existent-user");
        loginInvalidPassword("non-existent-user");
        loginInvalidPassword("non-existent-user");
        registerUser("non-existent-user");
    }

    public void expectTemporarilyDisabled() throws Exception {
        expectTemporarilyDisabled(AssertEvents.DEFAULT_USERNAME, null);
    }

    public void expectTemporarilyDisabled(String str, String str2) throws Exception {
        this.loginPage.open();
        this.loginPage.login(str, "password");
        this.loginPage.assertCurrent();
        this.driver.getPageSource();
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        AssertEvents.ExpectedEvent removeDetail = this.events.expectLogin().session((String) null).error("user_temporarily_disabled").detail("username", str).removeDetail("consent");
        if (str2 != null) {
            removeDetail.user(str2);
        }
        removeDetail.assertEvent();
    }

    public void loginSuccess() throws Exception {
        loginSuccess(AssertEvents.DEFAULT_USERNAME);
    }

    public void loginSuccess(String str) throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login(this.totp.generateTOTP("totpSecret"));
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().assertEvent();
        this.appPage.logout();
        this.events.clear();
    }

    public void loginWithTotpFailure() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login("123456");
        this.loginTotpPage.assertCurrent();
        Assert.assertEquals("Invalid authenticator code.", this.loginPage.getError());
        this.events.clear();
    }

    public void loginWithMissingTotp() throws Exception {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        this.loginTotpPage.assertCurrent();
        this.loginTotpPage.login((String) null);
        this.loginTotpPage.assertCurrent();
        Assert.assertEquals("Invalid authenticator code.", this.loginPage.getError());
        this.events.clear();
    }

    public void loginInvalidPassword() throws Exception {
        loginInvalidPassword(AssertEvents.DEFAULT_USERNAME);
    }

    public void loginInvalidPassword(String str) throws Exception {
        this.loginPage.open();
        this.loginPage.login(str, "invalid");
        this.loginPage.assertCurrent();
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.clear();
    }

    public void loginMissingPassword() {
        this.loginPage.open();
        this.loginPage.missingPassword(AssertEvents.DEFAULT_USERNAME);
        this.loginPage.assertCurrent();
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.events.clear();
    }

    public void registerUser(String str) {
        this.loginPage.open();
        this.loginPage.clickRegister();
        this.registerPage.assertCurrent();
        this.registerPage.register("user", "name", str + "@localhost", str, "password", "password");
        Assert.assertNull(this.registerPage.getInstruction());
        this.events.clear();
    }
}
