package org.keycloak.testsuite.federation.ldap.base;

import java.util.List;
import java.util.Map;
import java.util.Set;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPDn;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.federation.ldap.mappers.membership.MembershipType;
import org.keycloak.federation.ldap.mappers.membership.group.GroupLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.membership.group.GroupLDAPFederationMapperFactory;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.federation.ldap.FederationTestUtils;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.LDAPRule;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapperTest.class */
public class LDAPGroupMapperTest {
    private static LDAPRule ldapRule = new LDAPRule();
    private static UserFederationProviderModel ldapModel = null;
    private static String descriptionAttrName = null;
    private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.ldap.base.LDAPGroupMapperTest.1
        @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
        public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
            FederationTestUtils.addLocalUser(realmManager.getSession(), realmModel2, "mary", "mary@test.com", "password-app");
            FederationTestUtils.addLocalUser(realmManager.getSession(), realmModel2, "john", "john@test.com", "password-app");
            Map<String, String> config = LDAPGroupMapperTest.ldapRule.getConfig();
            config.put("syncRegistrations", "true");
            config.put("editMode", UserFederationProvider.EditMode.WRITABLE.toString());
            UserFederationProviderModel unused = LDAPGroupMapperTest.ldapModel = realmModel2.addUserFederationProvider("ldap", config, 0, "test-ldap", -1, -1, 0);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(this.session, LDAPGroupMapperTest.ldapModel);
            String unused2 = LDAPGroupMapperTest.descriptionAttrName = ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description";
            FederationTestUtils.addOrUpdateGroupMapper(realmModel2, LDAPGroupMapperTest.ldapModel, LDAPGroupMapperMode.LDAP_ONLY, LDAPGroupMapperTest.descriptionAttrName, new String[0]);
            FederationTestUtils.removeAllLDAPGroups(this.session, realmModel2, LDAPGroupMapperTest.ldapModel, "groupsMapper");
            LDAPObject createLDAPGroup = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperTest.ldapModel, "group1", LDAPGroupMapperTest.descriptionAttrName, "group1 - description");
            LDAPObject createLDAPGroup2 = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperTest.ldapModel, "group11", new String[0]);
            LDAPObject createLDAPGroup3 = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperTest.ldapModel, "group12", LDAPGroupMapperTest.descriptionAttrName, "group12 - description");
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, createLDAPGroup2, false);
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, createLDAPGroup3, true);
            new GroupLDAPFederationMapperFactory().create(this.session).syncDataFromFederationProviderToKeycloak(realmModel2.getUserFederationMapperByName(LDAPGroupMapperTest.ldapModel.getId(), "groupsMapper"), ldapProvider, this.session, realmModel2);
            FederationTestUtils.removeAllLDAPUsers(ldapProvider, realmModel2);
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "marykeycloak", "Mary", "Kelly", "mary@email.org", null, "5678"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "robkeycloak", "Rob", "Brown", "rob@email.org", null, "8910"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "jameskeycloak", "James", "Brown", "james@email.org", null, "8910"), "Password1");
        }
    });

    @ClassRule
    public static TestRule chain = RuleChain.outerRule(ldapRule).around(keycloakRule);

    @Test
    public void test01_ldapOnlyGroupMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "mode", LDAPGroupMapperMode.LDAP_ONLY.toString());
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName);
            UserModel userByUsername2 = startSession.users().getUserByUsername("marykeycloak", realmByName);
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            userByUsername.joinGroup(findGroupByPath);
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11");
            userByUsername2.joinGroup(findGroupByPath2);
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12");
            userByUsername.joinGroup(findGroupByPath3);
            userByUsername2.joinGroup(findGroupByPath3);
            Assert.assertEquals(0L, startSession.userStorage().getUserByUsername("johnkeycloak", realmByName).getGroups().size());
            Set groups = userByUsername.getGroups();
            Assert.assertEquals(2L, groups.size());
            Assert.assertTrue(groups.contains(findGroupByPath));
            Assert.assertFalse(groups.contains(findGroupByPath2));
            Assert.assertTrue(groups.contains(findGroupByPath3));
            List groupMembers = startSession.users().getGroupMembers(realmByName, findGroupByPath, 0, 10);
            List groupMembers2 = startSession.users().getGroupMembers(realmByName, findGroupByPath2, 0, 10);
            List groupMembers3 = startSession.users().getGroupMembers(realmByName, findGroupByPath3, 0, 10);
            Assert.assertEquals(1L, groupMembers.size());
            Assert.assertEquals("johnkeycloak", ((UserModel) groupMembers.get(0)).getUsername());
            Assert.assertEquals(1L, groupMembers2.size());
            Assert.assertEquals("marykeycloak", ((UserModel) groupMembers2.get(0)).getUsername());
            Assert.assertEquals(2L, groupMembers3.size());
            userByUsername.leaveGroup(findGroupByPath);
            userByUsername.leaveGroup(findGroupByPath3);
            userByUsername2.leaveGroup(findGroupByPath);
            userByUsername2.leaveGroup(findGroupByPath3);
            Assert.assertEquals(0L, userByUsername.getGroups().size());
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test02_readOnlyGroupMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            System.out.println("starting test02_readOnlyGroupMappings");
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "mode", LDAPGroupMapperMode.READ_ONLY.toString());
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            UserModel userByUsername = startSession.users().getUserByUsername("marykeycloak", realmByName);
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11");
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject loadLDAPUserByUsername = ldapProvider.loadLDAPUserByUsername(realmByName, "marykeycloak");
            groupMapper.addGroupMappingInLDAP("group1", loadLDAPUserByUsername);
            groupMapper.addGroupMappingInLDAP("group11", loadLDAPUserByUsername);
            userByUsername.joinGroup(findGroupByPath3);
            Set groups = userByUsername.getGroups();
            Assert.assertEquals(3L, groups.size());
            Assert.assertTrue(groups.contains(findGroupByPath));
            Assert.assertTrue(groups.contains(findGroupByPath2));
            Assert.assertTrue(groups.contains(findGroupByPath3));
            System.out.println("******");
            Set groups2 = startSession.userStorage().getUserByUsername("marykeycloak", realmByName).getGroups();
            Assert.assertFalse(groups2.contains(findGroupByPath));
            Assert.assertFalse(groups2.contains(findGroupByPath2));
            Assert.assertTrue(groups2.contains(findGroupByPath3));
            List groupMembers = startSession.users().getGroupMembers(realmByName, findGroupByPath, 0, 10);
            List groupMembers2 = startSession.users().getGroupMembers(realmByName, findGroupByPath2, 0, 10);
            List groupMembers3 = startSession.users().getGroupMembers(realmByName, findGroupByPath3, 0, 10);
            Assert.assertEquals(1L, groupMembers.size());
            Assert.assertEquals("marykeycloak", ((UserModel) groupMembers.get(0)).getUsername());
            Assert.assertEquals(1L, groupMembers2.size());
            Assert.assertEquals("marykeycloak", ((UserModel) groupMembers2.get(0)).getUsername());
            Assert.assertEquals(1L, groupMembers3.size());
            Assert.assertEquals("marykeycloak", ((UserModel) groupMembers3.get(0)).getUsername());
            userByUsername.leaveGroup(findGroupByPath3);
            try {
                userByUsername.leaveGroup(findGroupByPath);
                Assert.fail("It wasn't expected to successfully delete LDAP group mappings in READ_ONLY mode");
            } catch (ModelException e) {
            }
            deleteGroupMappingsInLDAP(groupMapper, loadLDAPUserByUsername, "group1");
            deleteGroupMappingsInLDAP(groupMapper, loadLDAPUserByUsername, "group11");
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test03_importGroupMappings() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "mode", LDAPGroupMapperMode.IMPORT.toString());
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject loadLDAPUserByUsername = ldapProvider.loadLDAPUserByUsername(realmByName, "robkeycloak");
            groupMapper.addGroupMappingInLDAP("group11", loadLDAPUserByUsername);
            groupMapper.addGroupMappingInLDAP("group12", loadLDAPUserByUsername);
            UserModel userByUsername = startSession.users().getUserByUsername("robkeycloak", realmByName);
            Set groups = userByUsername.getGroups();
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11");
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12");
            Assert.assertFalse(groups.contains(findGroupByPath));
            Assert.assertTrue(groups.contains(findGroupByPath2));
            Assert.assertTrue(groups.contains(findGroupByPath3));
            deleteGroupMappingsInLDAP(groupMapper, loadLDAPUserByUsername, "group11");
            deleteGroupMappingsInLDAP(groupMapper, loadLDAPUserByUsername, "group12");
            Set groups2 = userByUsername.getGroups();
            Assert.assertTrue(groups2.contains(findGroupByPath2));
            Assert.assertTrue(groups2.contains(findGroupByPath3));
            userByUsername.leaveGroup(findGroupByPath2);
            userByUsername.leaveGroup(findGroupByPath3);
            Assert.assertEquals(0L, userByUsername.getGroups().size());
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test04_groupReferencingNonExistentMember() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            if (FederationTestUtils.getLdapProvider(startSession, ldapModel).getLdapIdentityStore().getConfig().isActiveDirectory()) {
                keycloakRule.stopSession(startSession, false);
                return;
            }
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "mode", LDAPGroupMapperMode.LDAP_ONLY.toString());
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject createLDAPGroup = FederationTestUtils.createLDAPGroup(startSession, realmByName, ldapModel, "group2", descriptionAttrName, "group2 - description");
            LDAPObject loadLDAPUserByUsername = ldapProvider.loadLDAPUserByUsername(realmByName, "jameskeycloak");
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, loadLDAPUserByUsername, false);
            LDAPDn fromString = LDAPDn.fromString(ldapProvider.getLdapIdentityStore().getConfig().getUsersDn());
            fromString.addFirst(loadLDAPUserByUsername.getRdnAttributeName(), "nonexistent");
            LDAPObject lDAPObject = new LDAPObject();
            lDAPObject.setDn(fromString);
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, lDAPObject, true);
            groupMapper.syncDataFromFederationProviderToKeycloak();
            List groupMembers = startSession.users().getGroupMembers(realmByName, KeycloakModelUtils.findGroupByPath(realmByName, "/group2"), 0, 5);
            Assert.assertEquals(1L, groupMembers.size());
            Assert.assertEquals("jameskeycloak", ((UserModel) groupMembers.get(0)).getUsername());
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    private void deleteGroupMappingsInLDAP(GroupLDAPFederationMapper groupLDAPFederationMapper, LDAPObject lDAPObject, String str) {
        groupLDAPFederationMapper.deleteGroupMappingInLDAP(lDAPObject, groupLDAPFederationMapper.loadLDAPGroupByName(str));
    }
}
