package org.keycloak.model.test;

import java.util.Arrays;
import java.util.Collections;
import javax.ws.rs.core.MultivaluedMap;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.authentication.AuthenticationProviderException;
import org.keycloak.authentication.AuthenticationProviderManager;
import org.keycloak.models.AuthenticationLinkModel;
import org.keycloak.models.AuthenticationProviderModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.ClientConnection;
import org.keycloak.services.managers.AuthenticationManager;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/model/test/AuthProvidersLDAPTest.class */
public class AuthProvidersLDAPTest extends AbstractModelTest {
    private static LDAPEmbeddedServer embeddedServer;
    private RealmModel realm;
    private AuthenticationManager am;

    @BeforeClass
    public static void beforeClass() {
        AbstractModelTest.beforeClass();
        try {
            embeddedServer = new LDAPEmbeddedServer();
            embeddedServer.setup();
            embeddedServer.importLDIF("ldap/users.ldif");
        } catch (Exception e) {
            throw new RuntimeException("Error starting Embedded LDAP server.", e);
        }
    }

    @AfterClass
    public static void afterClass() {
        AbstractModelTest.afterClass();
        try {
            embeddedServer.tearDown();
        } catch (Exception e) {
            throw new RuntimeException("Error starting Embedded LDAP server.", e);
        }
    }

    @Override // org.keycloak.model.test.AbstractModelTest
    @Before
    public void before() throws Exception {
        super.before();
        this.realm = this.realmManager.createRealm("realm");
        this.realm.setBruteForceProtected(false);
        this.realm.addRequiredCredential("password");
        embeddedServer.setupLdapInRealm(this.realm);
        this.am = new AuthenticationManager(this.providerSession);
    }

    @Test
    public void testLdapAuthentication() {
        MultivaluedMap<String, String> createFormData = AuthProvidersExternalModelTest.createFormData("john", "password");
        LdapTestUtils.setLdapPassword(this.providerSession, this.realm, "john", "password");
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, this.am.authenticateForm((ClientConnection) null, this.realm, createFormData));
        Assert.assertNull(this.realm.getUser("john"));
        setupAuthenticationProviders();
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm, createFormData));
        UserModel user = this.realm.getUser("john");
        Assert.assertNotNull(user);
        Assert.assertEquals("john", user.getLoginName());
        Assert.assertEquals("John", user.getFirstName());
        Assert.assertEquals("Doe", user.getLastName());
        Assert.assertEquals("john@email.org", user.getEmail());
        AuthenticationLinkModel authenticationLink = this.realm.getAuthenticationLink(user);
        Assert.assertNotNull(authenticationLink);
        Assert.assertEquals(authenticationLink.getAuthProvider(), "picketlink");
    }

    @Test
    public void testLdapInvalidAuthentication() {
        setupAuthenticationProviders();
        UserModel addUser = this.realm.addUser("realmUser");
        addUser.setEnabled(true);
        UserCredentialModel userCredentialModel = new UserCredentialModel();
        userCredentialModel.setType("password");
        userCredentialModel.setValue("pass");
        this.realm.updateCredential(addUser, userCredentialModel);
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_USER, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("invalid", "invalid")));
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("john", "invalid")));
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("realmUser", "invalid")));
        addUser.setEnabled(false);
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.ACCOUNT_DISABLED, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("realmUser", "pass")));
        addUser.setEnabled(true);
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("realmUser", "pass")));
    }

    @Test
    public void testLdapPasswordUpdate() {
        setupAuthenticationProviders();
        LdapTestUtils.setLdapPassword(this.providerSession, this.realm, "john", "password");
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("john", "password")));
        AuthenticationProviderManager manager = AuthenticationProviderManager.getManager(this.realm, this.providerSession);
        UserModel user = this.realm.getUser("john");
        try {
            Assert.assertTrue(manager.updatePassword(user, "password-updated"));
        } catch (AuthenticationProviderException e) {
            e.printStackTrace();
            Assert.fail("Error not expected");
        }
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.SUCCESS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("john", "password-updated")));
        Assert.assertFalse(this.realm.validatePassword(user, "password-updated"));
        AuthProvidersExternalModelTest.setPasswordUpdateForProvider(false, "picketlink", this.realm);
        try {
            Assert.assertFalse(manager.updatePassword(user, "password-updated2"));
        } catch (AuthenticationProviderException e2) {
            e2.printStackTrace();
            Assert.fail("Error not expected");
        }
        Assert.assertEquals(AuthenticationManager.AuthenticationStatus.INVALID_CREDENTIALS, this.am.authenticateForm((ClientConnection) null, this.realm, AuthProvidersExternalModelTest.createFormData("john", "password-updated2")));
    }

    private void setupAuthenticationProviders() {
        this.realm.setAuthenticationProviders(Arrays.asList(new AuthenticationProviderModel("model", false, Collections.EMPTY_MAP), new AuthenticationProviderModel("picketlink", true, Collections.EMPTY_MAP)));
    }
}
