package org.keycloak.testsuite.federation.ldap.base;

import java.util.Map;
import java.util.Set;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.federation.ldap.mappers.membership.role.RoleLDAPFederationMapper;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.federation.ldap.FederationTestUtils;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.LDAPRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/base/LDAPRoleMappingsTest.class */
public class LDAPRoleMappingsTest {
    private static LDAPRule ldapRule = new LDAPRule();
    private static UserFederationProviderModel ldapModel = null;
    private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.ldap.base.LDAPRoleMappingsTest.1
        @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
        public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
            FederationTestUtils.addLocalUser(realmManager.getSession(), realmModel2, "mary", "mary@test.com", "password-app");
            Map<String, String> config = LDAPRoleMappingsTest.ldapRule.getConfig();
            config.put("syncRegistrations", "true");
            config.put("editMode", UserFederationProvider.EditMode.WRITABLE.toString());
            UserFederationProviderModel unused = LDAPRoleMappingsTest.ldapModel = realmModel2.addUserFederationProvider("ldap", config, 0, "test-ldap", -1, -1, 0);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(this.session, LDAPRoleMappingsTest.ldapModel);
            FederationTestUtils.removeAllLDAPUsers(ldapProvider, realmModel2);
            realmModel2.addClient("finance");
            FederationTestUtils.addOrUpdateRoleLDAPMappers(realmModel2, LDAPRoleMappingsTest.ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
            FederationTestUtils.removeAllLDAPRoles(realmManager.getSession(), realmModel2, LDAPRoleMappingsTest.ldapModel, "realmRolesMapper");
            FederationTestUtils.removeAllLDAPRoles(realmManager.getSession(), realmModel2, LDAPRoleMappingsTest.ldapModel, "financeRolesMapper");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"), "Password1");
            FederationTestUtils.createLDAPRole(realmManager.getSession(), realmModel2, LDAPRoleMappingsTest.ldapModel, "realmRolesMapper", "realmRole1");
            FederationTestUtils.createLDAPRole(realmManager.getSession(), realmModel2, LDAPRoleMappingsTest.ldapModel, "realmRolesMapper", "realmRole2");
            FederationTestUtils.createLDAPRole(realmManager.getSession(), realmModel2, LDAPRoleMappingsTest.ldapModel, "financeRolesMapper", "financeRole1");
            FederationTestUtils.syncRolesFromLDAP(realmModel2, ldapProvider, LDAPRoleMappingsTest.ldapModel);
        }
    });

    @ClassRule
    public static TestRule chain = RuleChain.outerRule(ldapRule).around(keycloakRule);

    @Rule
    public WebRule webRule = new WebRule(this);

    @WebResource
    protected OAuthClient oauth;

    @WebResource
    protected WebDriver driver;

    @WebResource
    protected AppPage appPage;

    @WebResource
    protected LoginPage loginPage;

    @Test
    public void test01_ldapOnlyRoleMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            FederationTestUtils.addOrUpdateRoleLDAPMappers(realmByName, ldapModel, LDAPGroupMapperMode.LDAP_ONLY);
            UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName);
            UserModel userByUsername2 = startSession.users().getUserByUsername("marykeycloak", realmByName);
            RoleModel role = realmByName.getRole("realmRole1");
            userByUsername.grantRole(role);
            RoleModel role2 = realmByName.getRole("realmRole2");
            userByUsername2.grantRole(role2);
            RoleModel role3 = realmByName.getRole("realmRole3");
            if (role3 == null) {
                role3 = realmByName.addRole("realmRole3");
            }
            userByUsername.grantRole(role3);
            userByUsername2.grantRole(role3);
            ClientModel clientByClientId = realmByName.getClientByClientId("account");
            ClientModel clientByClientId2 = realmByName.getClientByClientId("finance");
            RoleModel role4 = clientByClientId.getRole("manage-account");
            RoleModel role5 = clientByClientId2.getRole("financeRole1");
            userByUsername.grantRole(role5);
            Set roleMappings = startSession.userStorage().getUserByUsername("johnkeycloak", realmByName).getRoleMappings();
            Assert.assertFalse(roleMappings.contains(role));
            Assert.assertFalse(roleMappings.contains(role2));
            Assert.assertFalse(roleMappings.contains(role3));
            Assert.assertFalse(roleMappings.contains(role5));
            Assert.assertTrue(roleMappings.contains(role4));
            Set roleMappings2 = userByUsername.getRoleMappings();
            Assert.assertTrue(roleMappings2.contains(role));
            Assert.assertFalse(roleMappings2.contains(role2));
            Assert.assertTrue(roleMappings2.contains(role3));
            Assert.assertTrue(roleMappings2.contains(role5));
            Assert.assertTrue(roleMappings2.contains(role4));
            Set realmRoleMappings = userByUsername.getRealmRoleMappings();
            Assert.assertEquals(2L, realmRoleMappings.size());
            Assert.assertTrue(realmRoleMappings.contains(role));
            Assert.assertTrue(realmRoleMappings.contains(role3));
            Assert.assertTrue(userByUsername.getClientRoleMappings(clientByClientId).contains(role4));
            Set clientRoleMappings = userByUsername.getClientRoleMappings(clientByClientId2);
            Assert.assertEquals(1L, clientRoleMappings.size());
            Assert.assertTrue(clientRoleMappings.contains(role5));
            userByUsername.deleteRoleMapping(role3);
            userByUsername.deleteRoleMapping(role);
            userByUsername.deleteRoleMapping(role5);
            userByUsername.deleteRoleMapping(role4);
            Set roleMappings3 = userByUsername.getRoleMappings();
            Assert.assertFalse(roleMappings3.contains(role));
            Assert.assertFalse(roleMappings3.contains(role2));
            Assert.assertFalse(roleMappings3.contains(role3));
            Assert.assertFalse(roleMappings3.contains(role5));
            Assert.assertFalse(roleMappings3.contains(role4));
            userByUsername2.deleteRoleMapping(role2);
            userByUsername2.deleteRoleMapping(role3);
            userByUsername.grantRole(role4);
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test02_readOnlyRoleMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            FederationTestUtils.addOrUpdateRoleLDAPMappers(realmByName, ldapModel, LDAPGroupMapperMode.READ_ONLY);
            UserModel userByUsername = startSession.users().getUserByUsername("marykeycloak", realmByName);
            RoleModel role = realmByName.getRole("realmRole1");
            RoleModel role2 = realmByName.getRole("realmRole2");
            RoleModel role3 = realmByName.getRole("realmRole3");
            if (role3 == null) {
                role3 = realmByName.addRole("realmRole3");
            }
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "realmRolesMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            RoleLDAPFederationMapper roleMapper = FederationTestUtils.getRoleMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject loadLDAPUserByUsername = ldapProvider.loadLDAPUserByUsername(realmByName, "marykeycloak");
            roleMapper.addRoleMappingInLDAP("realmRole1", loadLDAPUserByUsername);
            roleMapper.addRoleMappingInLDAP("realmRole2", loadLDAPUserByUsername);
            userByUsername.grantRole(role3);
            Set realmRoleMappings = userByUsername.getRealmRoleMappings();
            Assert.assertTrue(realmRoleMappings.contains(role));
            Assert.assertTrue(realmRoleMappings.contains(role2));
            Assert.assertTrue(realmRoleMappings.contains(role3));
            Set realmRoleMappings2 = startSession.userStorage().getUserByUsername("marykeycloak", realmByName).getRealmRoleMappings();
            Assert.assertFalse(realmRoleMappings2.contains(role));
            Assert.assertFalse(realmRoleMappings2.contains(role2));
            Assert.assertTrue(realmRoleMappings2.contains(role3));
            userByUsername.deleteRoleMapping(role3);
            try {
                userByUsername.deleteRoleMapping(role);
                Assert.fail("It wasn't expected to successfully delete LDAP role mappings in READ_ONLY mode");
            } catch (ModelException e) {
            }
            deleteRoleMappingsInLDAP(roleMapper, loadLDAPUserByUsername, "realmRole1");
            deleteRoleMappingsInLDAP(roleMapper, loadLDAPUserByUsername, "realmRole2");
            keycloakRule.stopSession(startSession, false);
            startSession = keycloakRule.startSession();
            try {
                RealmModel realmByName2 = startSession.realms().getRealmByName("test");
                Set realmRoleMappings3 = startSession.users().getUserByUsername("marykeycloak", realmByName2).getRealmRoleMappings();
                Assert.assertFalse(realmRoleMappings3.contains(realmByName2.getRole("realmRole1")));
                Assert.assertFalse(realmRoleMappings3.contains(realmByName2.getRole("realmRole2")));
                Assert.assertFalse(realmRoleMappings3.contains(realmByName2.getRole("realmRole3")));
                keycloakRule.stopSession(startSession, false);
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void test03_importRoleMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            FederationTestUtils.addOrUpdateRoleLDAPMappers(realmByName, ldapModel, LDAPGroupMapperMode.IMPORT);
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "realmRolesMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            RoleLDAPFederationMapper roleMapper = FederationTestUtils.getRoleMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject loadLDAPUserByUsername = ldapProvider.loadLDAPUserByUsername(realmByName, "robkeycloak");
            roleMapper.addRoleMappingInLDAP("realmRole1", loadLDAPUserByUsername);
            roleMapper.addRoleMappingInLDAP("realmRole2", loadLDAPUserByUsername);
            UserModel userByUsername = startSession.users().getUserByUsername("robkeycloak", realmByName);
            RoleModel role = realmByName.getRole("realmRole1");
            RoleModel role2 = realmByName.getRole("realmRole2");
            RoleModel role3 = realmByName.getRole("realmRole3");
            if (role3 == null) {
                role3 = realmByName.addRole("realmRole3");
            }
            Set realmRoleMappings = userByUsername.getRealmRoleMappings();
            Assert.assertTrue(realmRoleMappings.contains(role));
            Assert.assertTrue(realmRoleMappings.contains(role2));
            Assert.assertFalse(realmRoleMappings.contains(role3));
            userByUsername.grantRole(role3);
            Assert.assertTrue(userByUsername.getRealmRoleMappings().contains(role3));
            deleteRoleMappingsInLDAP(roleMapper, loadLDAPUserByUsername, "realmRole1");
            deleteRoleMappingsInLDAP(roleMapper, loadLDAPUserByUsername, "realmRole2");
            Set realmRoleMappings2 = userByUsername.getRealmRoleMappings();
            Assert.assertTrue(realmRoleMappings2.contains(role));
            Assert.assertTrue(realmRoleMappings2.contains(role2));
            userByUsername.deleteRoleMapping(role);
            userByUsername.deleteRoleMapping(role2);
            userByUsername.deleteRoleMapping(role3);
            Set realmRoleMappings3 = userByUsername.getRealmRoleMappings();
            Assert.assertFalse(realmRoleMappings3.contains(role));
            Assert.assertFalse(realmRoleMappings3.contains(role2));
            Assert.assertFalse(realmRoleMappings3.contains(role3));
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    private void deleteRoleMappingsInLDAP(RoleLDAPFederationMapper roleLDAPFederationMapper, LDAPObject lDAPObject, String str) {
        roleLDAPFederationMapper.deleteRoleMappingInLDAP(lDAPObject, roleLDAPFederationMapper.loadLDAPRoleByName(str));
    }
}
