package org.keycloak.testsuite.federation;

import java.security.Principal;
import javax.ws.rs.core.Response;
import org.apache.http.auth.AuthScope;
import org.apache.http.auth.Credentials;
import org.apache.http.impl.client.DefaultHttpClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.authentication.authenticators.browser.SpnegoAuthenticator;
import org.keycloak.federation.kerberos.CommonKerberosConfig;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.BypassKerberosPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/federation/AbstractKerberosTest.class */
public abstract class AbstractKerberosTest {
    protected String KERBEROS_APP_URL = "http://localhost:8081/kerberos-portal";
    protected KeycloakSPNegoSchemeFactory spnegoSchemeFactory;
    protected ResteasyClient client;

    @WebResource
    protected OAuthClient oauth;

    @WebResource
    protected WebDriver driver;

    @WebResource
    protected LoginPage loginPage;

    @WebResource
    protected BypassKerberosPage bypassPage;

    @WebResource
    protected AccountPasswordPage changePasswordPage;

    protected abstract CommonKerberosConfig getKerberosConfig();

    protected abstract KeycloakRule getKeycloakRule();

    protected abstract AssertEvents getAssertEvents();

    @Before
    public void before() {
        this.spnegoSchemeFactory = new KeycloakSPNegoSchemeFactory(getKerberosConfig());
        initHttpClient(true);
        removeAllUsers();
    }

    @After
    public void after() {
        this.client.close();
        this.client = null;
    }

    @Test
    public void spnegoNotAvailableTest() throws Exception {
        initHttpClient(false);
        SpnegoAuthenticator.bypassChallengeJavascript = true;
        this.driver.navigate().to(this.KERBEROS_APP_URL);
        Response response = this.client.target(this.driver.getCurrentUrl()).request().get();
        Assert.assertEquals(401L, response.getStatus());
        Assert.assertEquals("Negotiate", response.getHeaderString("WWW-Authenticate"));
        ((String) response.readEntity(String.class)).contains("Log in to test");
        response.close();
        SpnegoAuthenticator.bypassChallengeJavascript = false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void spnegoLoginTestImpl() throws Exception {
        KeycloakRule keycloakRule = getKeycloakRule();
        AssertEvents assertEvents = getAssertEvents();
        Response spnegoLogin = spnegoLogin("hnelson", "secret");
        Assert.assertEquals(302L, spnegoLogin.getStatus());
        assertEvents.expectLogin().client("kerberos-app").user(keycloakRule.getUser("test", "hnelson").getId()).detail("redirect_uri", this.KERBEROS_APP_URL).detail("username", "hnelson").assertEvent();
        this.driver.navigate().to(spnegoLogin.getLocation().toString());
        String pageSource = this.driver.getPageSource();
        Assert.assertTrue(pageSource.contains("Kerberos Test") && pageSource.contains("Kerberos servlet secured content"));
        spnegoLogin.close();
        assertEvents.clear();
    }

    @Test
    public void spnegoCaseInsensitiveTest() throws Exception {
        KeycloakRule keycloakRule = getKeycloakRule();
        AssertEvents assertEvents = getAssertEvents();
        Response spnegoLogin = spnegoLogin("MyDuke", "theduke");
        Assert.assertEquals(302L, spnegoLogin.getStatus());
        assertEvents.expectLogin().client("kerberos-app").user(keycloakRule.getUser("test", "myduke").getId()).detail("redirect_uri", this.KERBEROS_APP_URL).detail("username", "myduke").assertEvent();
        this.driver.navigate().to(spnegoLogin.getLocation().toString());
        String pageSource = this.driver.getPageSource();
        Assert.assertTrue(pageSource.contains("Kerberos Test") && pageSource.contains("Kerberos servlet secured content"));
        spnegoLogin.close();
        assertEvents.clear();
    }

    @Test
    public void usernamePasswordLoginTest() throws Exception {
        KeycloakRule keycloakRule = getKeycloakRule();
        AssertEvents assertEvents = getAssertEvents();
        updateProviderEditMode(UserFederationProvider.EditMode.READ_ONLY);
        this.changePasswordPage.open();
        this.loginPage.assertCurrent();
        this.loginPage.login("jduke", "theduke");
        this.changePasswordPage.assertCurrent();
        this.changePasswordPage.changePassword("theduke-invalid", "newPass", "newPass");
        Assert.assertTrue(this.driver.getPageSource().contains("Invalid existing password."));
        this.changePasswordPage.changePassword("theduke", "newPass", "newPass");
        Assert.assertTrue(this.driver.getPageSource().contains("You can't update your password as your account is read only"));
        updateProviderEditMode(UserFederationProvider.EditMode.UNSYNCED);
        this.changePasswordPage.changePassword("theduke", "newPass", "newPass");
        Assert.assertTrue(this.driver.getPageSource().contains("Your password has been updated."));
        this.changePasswordPage.logout();
        this.loginPage.login("jduke", "theduke");
        this.loginPage.assertCurrent();
        this.loginPage.login("jduke", "newPass");
        this.changePasswordPage.assertCurrent();
        this.changePasswordPage.logout();
        assertEvents.clear();
        Response spnegoLogin = spnegoLogin("jduke", "theduke");
        Assert.assertEquals(302L, spnegoLogin.getStatus());
        spnegoLogin.getLocation().toString();
        assertEvents.expectLogin().client("kerberos-app").user(keycloakRule.getUser("test", "jduke").getId()).detail("redirect_uri", this.KERBEROS_APP_URL).detail("username", "jduke").assertEvent();
        spnegoLogin.close();
    }

    @Test
    public void credentialDelegationTest() throws Exception {
        getKeycloakRule().update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.AbstractKerberosTest.1
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                realmModel2.getClientByClientId("kerberos-app").addProtocolMapper(UserSessionNoteMapper.createClaimMapper("gss delegation credential", "gss_delegation_credential", "gss_delegation_credential", "String", true, "gss delegation credential", true, false));
            }
        });
        spnegoLoginTestImpl();
        this.driver.navigate().to(this.KERBEROS_APP_URL + KerberosCredDelegServlet.CRED_DELEG_TEST_PATH);
        Assert.assertTrue(this.driver.getPageSource().contains("LDAP Data: Horatio Nelson"));
        getKeycloakRule().update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.AbstractKerberosTest.2
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                ClientModel clientByClientId = realmModel2.getClientByClientId("kerberos-app");
                clientByClientId.removeProtocolMapper(clientByClientId.getProtocolMapperByName("openid-connect", "gss delegation credential"));
            }
        });
        this.driver.manage().deleteAllCookies();
        spnegoLoginTestImpl();
        this.driver.navigate().to(this.KERBEROS_APP_URL + KerberosCredDelegServlet.CRED_DELEG_TEST_PATH);
        String pageSource = this.driver.getPageSource();
        Assert.assertFalse(pageSource.contains("LDAP Data: Horatio Nelson"));
        Assert.assertTrue(pageSource.contains("LDAP Data: ERROR"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Response spnegoLogin(String str, String str2) {
        SpnegoAuthenticator.bypassChallengeJavascript = true;
        this.driver.navigate().to(this.KERBEROS_APP_URL);
        String currentUrl = this.driver.getCurrentUrl();
        this.spnegoSchemeFactory.setCredentials(str, str2);
        Response response = this.client.target(currentUrl).request().get();
        SpnegoAuthenticator.bypassChallengeJavascript = false;
        if (response.getStatus() == 302) {
            if (response.getLocation() == null) {
                return response;
            }
            String uri = response.getLocation().toString();
            if (uri.contains("login-actions/required-action")) {
                response = this.client.target(uri).request().get();
            }
        }
        return response;
    }

    protected void initHttpClient(boolean z) {
        if (this.client != null) {
            after();
        }
        DefaultHttpClient defaultHttpClient = (DefaultHttpClient) new HttpClientBuilder().build();
        defaultHttpClient.getAuthSchemes().register("Negotiate", this.spnegoSchemeFactory);
        if (z) {
            defaultHttpClient.getCredentialsProvider().setCredentials(new AuthScope(null, -1, null), new Credentials() { // from class: org.keycloak.testsuite.federation.AbstractKerberosTest.3
                @Override // org.apache.http.auth.Credentials
                public String getPassword() {
                    return null;
                }

                @Override // org.apache.http.auth.Credentials
                public Principal getUserPrincipal() {
                    return null;
                }
            });
        }
        this.client = new ResteasyClientBuilder().httpEngine(new ApacheHttpClient4Engine(defaultHttpClient)).build();
    }

    protected void removeAllUsers() {
        KeycloakRule keycloakRule = getKeycloakRule();
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realm = new RealmManager(startSession).getRealm("test");
            for (UserModel userModel : startSession.userStorage().getUsers(realm, true)) {
                if (!userModel.getUsername().equals(AssertEvents.DEFAULT_USERNAME)) {
                    startSession.userStorage().removeUser(realm, userModel);
                }
            }
            Assert.assertEquals(1L, startSession.userStorage().getUsers(realm, true).size());
            keycloakRule.stopSession(startSession, true);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertUser(String str, String str2, String str3, String str4, boolean z) {
        KeycloakRule keycloakRule = getKeycloakRule();
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            UserModel userByUsername = startSession.users().getUserByUsername(str, new RealmManager(startSession).getRealm("test"));
            Assert.assertNotNull(userByUsername);
            Assert.assertEquals(userByUsername.getEmail(), str2);
            Assert.assertEquals(userByUsername.getFirstName(), str3);
            Assert.assertEquals(userByUsername.getLastName(), str4);
            if (z) {
                Assert.assertEquals(UserModel.RequiredAction.UPDATE_PROFILE.toString(), userByUsername.getRequiredActions().iterator().next());
            } else {
                Assert.assertTrue(userByUsername.getRequiredActions().isEmpty());
            }
        } finally {
            keycloakRule.stopSession(startSession, true);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateProviderEditMode(UserFederationProvider.EditMode editMode) {
        KeycloakRule keycloakRule = getKeycloakRule();
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realm = startSession.realms().getRealm("test");
            UserFederationProviderModel userFederationProviderModel = (UserFederationProviderModel) realm.getUserFederationProviders().get(0);
            userFederationProviderModel.getConfig().put("editMode", editMode.toString());
            realm.updateUserFederationProvider(userFederationProviderModel);
            keycloakRule.stopSession(startSession, true);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }
}
