package org.keycloak.testsuite.federation.ldap.base;

import java.util.List;
import java.util.Map;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPConfig;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.ModelReadOnlyException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserCredentialValueModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.federation.ldap.FederationTestUtils;
import org.keycloak.testsuite.pages.AccountPasswordPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.RegisterPage;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.LDAPRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/base/FederationProvidersIntegrationTest.class */
public class FederationProvidersIntegrationTest {
    private static LDAPRule ldapRule = new LDAPRule();
    private static UserFederationProviderModel ldapModel = null;
    private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.ldap.base.FederationProvidersIntegrationTest.1
        @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
        public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
            FederationTestUtils.addLocalUser(realmManager.getSession(), realmModel2, "marykeycloak", "mary@test.com", "password-app");
            Map<String, String> config = FederationProvidersIntegrationTest.ldapRule.getConfig();
            config.put("syncRegistrations", "true");
            config.put("editMode", UserFederationProvider.EditMode.WRITABLE.toString());
            UserFederationProviderModel unused = FederationProvidersIntegrationTest.ldapModel = realmModel2.addUserFederationProvider("ldap", config, 0, "test-ldap", -1, -1, 0);
            FederationTestUtils.addZipCodeLDAPMapper(realmModel2, FederationProvidersIntegrationTest.ldapModel);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(this.session, FederationProvidersIntegrationTest.ldapModel);
            FederationTestUtils.removeAllLDAPUsers(ldapProvider, realmModel2);
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234"), "Password1");
            FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "existing", "Existing", "Foo", "existing@email.org", null, "5678");
            realmModel2.getClientByClientId("test-app").setDirectAccessGrantsEnabled(true);
        }
    });

    @ClassRule
    public static TestRule chain = RuleChain.outerRule(ldapRule).around(keycloakRule);

    @Rule
    public WebRule webRule = new WebRule(this);

    @WebResource
    protected OAuthClient oauth;

    @WebResource
    protected WebDriver driver;

    @WebResource
    protected AppPage appPage;

    @WebResource
    protected RegisterPage registerPage;

    @WebResource
    protected LoginPage loginPage;

    @WebResource
    protected AccountUpdateProfilePage profilePage;

    @WebResource
    protected AccountPasswordPage changePasswordPage;

    @Test
    public void caseInSensitiveImport() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realm = new RealmManager(startSession).getRealm("test");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realm, "JBrown2", "John", "Brown2", "jbrown2@email.org", null, "1234"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realm, "jbrown3", "John", "Brown3", "JBrown3@email.org", null, "1234"), "Password1");
            keycloakRule.stopSession(startSession, true);
            loginSuccessAndLogout("jbrown2", "Password1");
            loginSuccessAndLogout("JBrown2", "Password1");
            loginSuccessAndLogout("jbrown2@email.org", "Password1");
            loginSuccessAndLogout("JBrown2@email.org", "Password1");
            loginSuccessAndLogout("jbrown3", "Password1");
            loginSuccessAndLogout("JBrown3", "Password1");
            loginSuccessAndLogout("jbrown3@email.org", "Password1");
            loginSuccessAndLogout("JBrown3@email.org", "Password1");
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    private void loginSuccessAndLogout(String str, String str2) {
        this.loginPage.open();
        this.loginPage.login(str, str2);
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.oauth.openLogout();
    }

    @Test
    public void caseInsensitiveSearch() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realm = new RealmManager(startSession).getRealm("test");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realm, "JBrown4", "John", "Brown4", "jbrown4@email.org", null, "1234"), "Password1");
            FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realm, "jbrown5", "John", "Brown5", "JBrown5@Email.org", null, "1234"), "Password1");
            keycloakRule.stopSession(startSession, true);
            startSession = keycloakRule.startSession();
            try {
                RealmModel realm2 = new RealmManager(startSession).getRealm("test");
                List searchForUser = startSession.users().searchForUser("JBROwn4", realm2);
                Assert.assertEquals(1L, searchForUser.size());
                UserModel userModel = (UserModel) searchForUser.get(0);
                Assert.assertEquals("jbrown4", userModel.getUsername());
                Assert.assertEquals("jbrown4@email.org", userModel.getEmail());
                List searchForUser2 = startSession.users().searchForUser("JBROwn5@eMAil.org", realm2);
                Assert.assertEquals(1L, searchForUser2.size());
                UserModel userModel2 = (UserModel) searchForUser2.get(0);
                Assert.assertEquals("jbrown5", userModel2.getUsername());
                Assert.assertEquals("jbrown5@email.org", userModel2.getEmail());
                keycloakRule.stopSession(startSession, true);
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void deleteFederationLink() {
        loginLdap();
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            new RealmManager(startSession).getRealm("test").removeUserFederationProvider(ldapModel);
            Assert.assertEquals(0L, r0.getUserFederationProviders().size());
            keycloakRule.stopSession(startSession, true);
            this.loginPage.open();
            this.loginPage.login("johnkeycloak", "Password1");
            this.loginPage.assertCurrent();
            Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
            startSession = keycloakRule.startSession();
            try {
                RealmModel realm = new RealmManager(startSession).getRealm("test");
                ldapModel = realm.addUserFederationProvider(ldapModel.getProviderName(), ldapModel.getConfig(), ldapModel.getPriority(), ldapModel.getDisplayName(), -1, -1, 0);
                FederationTestUtils.addZipCodeLDAPMapper(realm, ldapModel);
                keycloakRule.stopSession(startSession, true);
                loginLdap();
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void loginClassic() {
        this.loginPage.open();
        this.loginPage.login("marykeycloak", "password-app");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
    }

    @Test
    public void loginLdap() {
        this.loginPage.open();
        this.loginPage.login("johnkeycloak", "Password1");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
        this.profilePage.open();
        Assert.assertEquals("John", this.profilePage.getFirstName());
        Assert.assertEquals("Doe", this.profilePage.getLastName());
        Assert.assertEquals("john@email.org", this.profilePage.getEmail());
    }

    @Test
    public void loginLdapWithDirectGrant() throws Exception {
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "Password1");
        Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken());
        Assert.assertEquals(401L, this.oauth.doGrantAccessTokenRequest("password", "johnkeycloak", "").getStatusCode());
    }

    @Test
    public void loginLdapWithEmail() {
        this.loginPage.open();
        this.loginPage.login("john@email.org", "Password1");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(this.oauth.getCurrentQuery().get("code"));
    }

    @Test
    public void loginLdapWithoutPassword() {
        this.loginPage.open();
        this.loginPage.login("john@email.org", "");
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
    }

    @Test
    public void passwordChangeLdap() throws Exception {
        this.changePasswordPage.open();
        this.loginPage.login("johnkeycloak", "Password1");
        this.changePasswordPage.changePassword("Password1", "New-password1", "New-password1");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
        this.changePasswordPage.logout();
        this.loginPage.open();
        this.loginPage.login("johnkeycloak", "Bad-password1");
        Assert.assertEquals("Invalid username or password.", this.loginPage.getError());
        this.loginPage.open();
        this.loginPage.login("johnkeycloak", "New-password1");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.changePasswordPage.open();
        this.changePasswordPage.changePassword("New-password1", "Password1", "Password1");
        Assert.assertEquals("Your password has been updated.", this.profilePage.getSuccess());
    }

    @Test
    public void registerExistingLdapUser() {
        this.loginPage.open();
        this.loginPage.clickRegister();
        this.registerPage.assertCurrent();
        this.registerPage.register("firstName", "lastName", "email@mail.cz", "existing", "Password1", "Password1");
        this.registerPage.assertCurrent();
        Assert.assertEquals("Username already exists.", this.registerPage.getError());
        this.registerPage.register("firstName", "lastName", "existing@email.org", "nonExisting", "Password1", "Password1");
        this.registerPage.assertCurrent();
        Assert.assertEquals("Email already exists.", this.registerPage.getError());
    }

    @Test
    public void registerUserLdapSuccess() {
        this.loginPage.open();
        this.loginPage.clickRegister();
        this.registerPage.assertCurrent();
        this.registerPage.register("firstName", "lastName", "email2@check.cz", "registerUserSuccess2", "Password1", "Password1");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            UserModel userByUsername = startSession.users().getUserByUsername("registerUserSuccess2", startSession.realms().getRealmByName("test"));
            Assert.assertNotNull(userByUsername);
            Assert.assertNotNull(userByUsername.getFederationLink());
            Assert.assertEquals(userByUsername.getFederationLink(), ldapModel.getId());
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void testCaseSensitiveAttributeName() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = new RealmManager(startSession).getRealmByName("test");
            FederationTestUtils.addLDAPUser(FederationTestUtils.getLdapProvider(startSession, ldapModel), realmByName, "johnzip", "John", "Zip", "johnzip@email.org", null, "12398");
            realmByName.removeUserFederationMapper(realmByName.getUserFederationMapperByName(ldapModel.getId(), "zipCodeMapper"));
            FederationTestUtils.addUserAttributeMapper(realmByName, ldapModel, "zipCodeMapper-cs", "postal_code", "POstalCode");
            Assert.assertEquals("12398", startSession.users().getUserByUsername("johnzip", realmByName).getFirstAttribute("postal_code"));
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void testCommaInUsername() {
        KeycloakSession startSession = keycloakRule.startSession();
        boolean z = false;
        try {
            RealmModel realmByName = new RealmManager(startSession).getRealmByName("test");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            LDAPConfig config = ldapProvider.getLdapIdentityStore().getConfig();
            if (config.isActiveDirectory() && config.getUsernameLdapAttribute().equals("sAMAccountName")) {
                z = true;
            }
            if (!z) {
                FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "john,comma", "John", "Comma", "johncomma@email.org", null, "12387"), "Password1");
                FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "john+plus,comma", "John", "Plus", "johnplus@email.org", null, "12387"), "Password1");
            }
            keycloakRule.stopSession(startSession, false);
            if (z) {
                return;
            }
            loginSuccessAndLogout("john,comma", "Password1");
            loginSuccessAndLogout("john+plus,comma", "Password1");
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void testDirectLDAPUpdate() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = new RealmManager(startSession).getRealmByName("test");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            LDAPObject addLDAPUser = FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "johndirect", "John", "Direct", "johndirect@email.org", null, "12399");
            Assert.assertEquals("12399", startSession.users().getUserByUsername("johndirect", realmByName).getFirstAttribute("postal_code"));
            addLDAPUser.setSingleAttribute("postalCode", "12400");
            addLDAPUser.setSingleAttribute("sn", "DirectLDAPUpdated");
            ldapProvider.getLdapIdentityStore().update(addLDAPUser);
            keycloakRule.stopSession(startSession, true);
            startSession = keycloakRule.startSession();
            try {
                RealmModel realmByName2 = new RealmManager(startSession).getRealmByName("test");
                startSession.users().getUserByUsername("johndirect", realmByName2);
                UserModel userByUsername = startSession.users().getUserByUsername("johndirect", realmByName2);
                Assert.assertEquals("12399", userByUsername.getFirstAttribute("postal_code"));
                Assert.assertEquals("12399", (String) ((List) userByUsername.getAttributes().get("postal_code")).get(0));
                Assert.assertEquals("DirectLDAPUpdated", userByUsername.getLastName());
                keycloakRule.stopSession(startSession, true);
                KeycloakSession startSession2 = keycloakRule.startSession();
                try {
                    RealmModel realmByName3 = new RealmManager(startSession2).getRealmByName("test");
                    UserFederationMapperModel userFederationMapperByName = realmByName3.getUserFederationMapperByName(ldapModel.getId(), "zipCodeMapper");
                    userFederationMapperByName.getConfig().put("always.read.value.from.ldap", "true");
                    realmByName3.updateUserFederationMapper(userFederationMapperByName);
                    UserFederationMapperModel userFederationMapperByName2 = realmByName3.getUserFederationMapperByName(ldapModel.getId(), "last name");
                    userFederationMapperByName2.getConfig().put("always.read.value.from.ldap", "false");
                    realmByName3.updateUserFederationMapper(userFederationMapperByName2);
                    UserModel userByUsername2 = startSession2.users().getUserByUsername("johndirect", realmByName3);
                    Assert.assertEquals("12400", userByUsername2.getFirstAttribute("postal_code"));
                    Assert.assertEquals("12400", (String) ((List) userByUsername2.getAttributes().get("postal_code")).get(0));
                    Assert.assertFalse(userByUsername2.getAttributes().containsKey("lastName"));
                    Assert.assertEquals("Direct", userByUsername2.getLastName());
                    keycloakRule.stopSession(startSession2, false);
                } finally {
                    keycloakRule.stopSession(startSession2, false);
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testFullNameMapper() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = new RealmManager(startSession).getRealmByName("test");
            Assert.assertNull(startSession.users().getUserByUsername("fullname", realmByName));
            FederationTestUtils.addLDAPUser(FederationTestUtils.getLdapProvider(startSession, ldapModel), realmByName, "fullname", "James Dee", "Dee", "fullname@email.org", null, "4578");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "first name");
            String str = (String) userFederationMapperByName.getConfig().get("ldap.attribute");
            realmByName.removeUserFederationMapper(userFederationMapperByName);
            realmByName.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("full name", ldapModel.getId(), "full-name-ldap-mapper", new String[]{"ldap.full.name.attribute", str, "read.only", "false"}));
            keycloakRule.stopSession(startSession, true);
            KeycloakSession startSession2 = keycloakRule.startSession();
            try {
                RealmModel realmByName2 = new RealmManager(startSession2).getRealmByName("test");
                FederationTestUtils.assertUserImported(startSession2.users(), realmByName2, "fullname", "James", "Dee", "fullname@email.org", "4578");
                UserFederationMapperModel userFederationMapperByName2 = realmByName2.getUserFederationMapperByName(ldapModel.getId(), "full name");
                userFederationMapperByName2.getConfig().put("write.only", "true");
                realmByName2.updateUserFederationMapper(userFederationMapperByName2);
                keycloakRule.stopSession(startSession2, true);
                KeycloakSession startSession3 = keycloakRule.startSession();
                try {
                    UserModel userByUsername = startSession3.users().getUserByUsername("fullname", new RealmManager(startSession3).getRealmByName("test"));
                    userByUsername.setFirstName("James2");
                    userByUsername.setLastName("Dee2");
                    keycloakRule.stopSession(startSession3, true);
                    startSession = keycloakRule.startSession();
                    try {
                        RealmModel realmByName3 = new RealmManager(startSession).getRealmByName("test");
                        FederationTestUtils.assertUserImported(startSession.users(), realmByName3, "fullname", "James2", "Dee2", "fullname@email.org", "4578");
                        startSession.users().removeUser(realmByName3, startSession.users().getUserByUsername("fullname", realmByName3));
                        realmByName3.removeUserFederationMapper(realmByName3.getUserFederationMapperByName(ldapModel.getId(), "full name"));
                        userFederationMapperByName.setId((String) null);
                        realmByName3.addUserFederationMapper(userFederationMapperByName);
                        keycloakRule.stopSession(startSession, true);
                    } finally {
                        keycloakRule.stopSession(startSession, true);
                    }
                } finally {
                    keycloakRule.stopSession(startSession3, true);
                }
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testHardcodedRoleMapper() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = new RealmManager(startSession).getRealmByName("test");
            Assert.assertFalse(startSession.users().getUserByUsername("johnkeycloak", realmByName).hasRole(realmByName.addRole("hardcoded-role")));
            realmByName.addUserFederationMapper(KeycloakModelUtils.createUserFederationMapperModel("hardcoded role", ldapModel.getId(), "hardcoded-ldap-role-mapper", new String[]{"role", "hardcoded-role"}));
            keycloakRule.stopSession(startSession, true);
            startSession = keycloakRule.startSession();
            try {
                RealmModel realmByName2 = new RealmManager(startSession).getRealmByName("test");
                RoleModel role = realmByName2.getRole("hardcoded-role");
                UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName2);
                Assert.assertTrue(userByUsername.hasRole(role));
                try {
                    userByUsername.deleteRoleMapping(role);
                    Assert.fail("Didn't expected to remove role mapping");
                } catch (ModelException e) {
                }
                realmByName2.removeUserFederationMapper(realmByName2.getUserFederationMapperByName(ldapModel.getId(), "hardcoded role"));
                keycloakRule.stopSession(startSession, true);
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testImportExistingUserFromLDAP() throws Exception {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.ldap.base.FederationProvidersIntegrationTest.2
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(this.session, FederationProvidersIntegrationTest.ldapModel);
                FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "marykeycloak", "Mary1", "Kelly1", "mary1@email.org", null, "123");
                FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "mary-duplicatemail", "Mary2", "Kelly2", "mary@test.com", null, "123");
                FederationTestUtils.updateLDAPPassword(ldapProvider, FederationTestUtils.addLDAPUser(ldapProvider, realmModel2, "marynoemail", "Mary1", "Kelly1", null, null, "123"), "Password1");
            }
        });
        this.loginPage.open();
        this.loginPage.login("mary-duplicatemail", "password");
        Assert.assertEquals("Email already exists.", this.loginPage.getError());
        this.loginPage.login("mary1@email.org", "password");
        Assert.assertEquals("Username already exists.", this.loginPage.getError());
        loginSuccessAndLogout("marynoemail", "Password1");
    }

    @Test
    public void testReadonly() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationProviderModel userFederationProviderModel = new UserFederationProviderModel(ldapModel.getId(), ldapModel.getProviderName(), ldapModel.getConfig(), ldapModel.getPriority(), ldapModel.getDisplayName(), -1, -1, 0);
            userFederationProviderModel.getConfig().put("editMode", UserFederationProvider.EditMode.READ_ONLY.toString());
            realmByName.updateUserFederationProvider(userFederationProviderModel);
            UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName);
            Assert.assertNotNull(userByUsername);
            Assert.assertNotNull(userByUsername.getFederationLink());
            Assert.assertEquals(userByUsername.getFederationLink(), ldapModel.getId());
            try {
                userByUsername.setEmail("error@error.com");
                Assert.fail("should fail");
            } catch (ModelReadOnlyException e) {
            }
            try {
                userByUsername.setLastName("Berk");
                Assert.fail("should fail");
            } catch (ModelReadOnlyException e2) {
            }
            try {
                userByUsername.setFirstName("Bilbo");
                Assert.fail("should fail");
            } catch (ModelReadOnlyException e3) {
            }
            try {
                userByUsername.updateCredential(UserCredentialModel.password("PoopyPoop1"));
                Assert.fail("should fail");
            } catch (ModelReadOnlyException e4) {
            }
            Assert.assertTrue(startSession.users().removeUser(realmByName, userByUsername));
            keycloakRule.stopSession(startSession, false);
            startSession = keycloakRule.startSession();
            try {
                Assert.assertEquals(UserFederationProvider.EditMode.WRITABLE.toString(), ((UserFederationProviderModel) startSession.realms().getRealmByName("test").getUserFederationProviders().get(0)).getConfig().get("editMode"));
                keycloakRule.stopSession(startSession, false);
            } finally {
            }
        } finally {
        }
    }

    @Test
    public void testRemoveFederatedUser() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserModel userByUsername = startSession.users().getUserByUsername("registerUserSuccess2", realmByName);
            Assert.assertNotNull(userByUsername);
            Assert.assertNotNull(userByUsername.getFederationLink());
            Assert.assertEquals(userByUsername.getFederationLink(), ldapModel.getId());
            Assert.assertTrue(startSession.users().removeUser(realmByName, userByUsername));
            Assert.assertNull(startSession.users().getUserByUsername("registerUserSuccess2", realmByName));
            keycloakRule.stopSession(startSession, true);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    @Test
    public void testSearch() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "username1", "John1", "Doel1", "user1@email.org", null, "121");
            FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "username2", "John2", "Doel2", "user2@email.org", null, "122");
            FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "username3", "John3", "Doel3", "user3@email.org", null, "123");
            FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "username4", "John4", "Doel4", "user4@email.org", null, "124");
            Assert.assertNull(startSession.userStorage().getUserByUsername("username1", realmByName));
            Assert.assertNull(startSession.userStorage().getUserByUsername("username2", realmByName));
            Assert.assertNull(startSession.userStorage().getUserByUsername("username3", realmByName));
            Assert.assertNull(startSession.userStorage().getUserByUsername("username4", realmByName));
            startSession.users().searchForUser("username1", realmByName);
            FederationTestUtils.assertUserImported(startSession.userStorage(), realmByName, "username1", "John1", "Doel1", "user1@email.org", "121");
            startSession.users().searchForUser("user2@email.org", realmByName);
            FederationTestUtils.assertUserImported(startSession.userStorage(), realmByName, "username2", "John2", "Doel2", "user2@email.org", "122");
            startSession.users().searchForUser("Doel3", realmByName);
            FederationTestUtils.assertUserImported(startSession.userStorage(), realmByName, "username3", "John3", "Doel3", "user3@email.org", "123");
            startSession.users().searchForUser("John4 Doel4", realmByName);
            FederationTestUtils.assertUserImported(startSession.userStorage(), realmByName, "username4", "John4", "Doel4", "user4@email.org", "124");
            keycloakRule.stopSession(startSession, true);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    @Test
    public void testSearchWithCustomLDAPFilter() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            ldapModel.getConfig().put("customUserSearchFilter", "(|(mail=user5@email.org)(mail=user6@email.org))");
            realmByName.updateUserFederationProvider(ldapModel);
            keycloakRule.stopSession(startSession, true);
            KeycloakSession startSession2 = keycloakRule.startSession();
            try {
                LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession2, ldapModel);
                RealmModel realmByName2 = startSession2.realms().getRealmByName("test");
                FederationTestUtils.addLDAPUser(ldapProvider, realmByName2, "username5", "John5", "Doel5", "user5@email.org", null, "125");
                FederationTestUtils.addLDAPUser(ldapProvider, realmByName2, "username6", "John6", "Doel6", "user6@email.org", null, "126");
                FederationTestUtils.addLDAPUser(ldapProvider, realmByName2, "username7", "John7", "Doel7", "user7@email.org", null, "127");
                startSession2.users().searchForUser("user5@email.org", realmByName2);
                FederationTestUtils.assertUserImported(startSession2.userStorage(), realmByName2, "username5", "John5", "Doel5", "user5@email.org", "125");
                startSession2.users().searchForUser("John6 Doel6", realmByName2);
                FederationTestUtils.assertUserImported(startSession2.userStorage(), realmByName2, "username6", "John6", "Doel6", "user6@email.org", "126");
                startSession2.users().searchForUser("user7@email.org", realmByName2);
                startSession2.users().searchForUser("John7 Doel7", realmByName2);
                Assert.assertNull(startSession2.userStorage().getUserByUsername("username7", realmByName2));
                ldapModel.getConfig().remove("customUserSearchFilter");
                realmByName2.updateUserFederationProvider(ldapModel);
                keycloakRule.stopSession(startSession2, true);
            } finally {
                keycloakRule.stopSession(startSession2, true);
            }
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    @Test
    public void testUnsynced() throws Exception {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationProviderModel userFederationProviderModel = new UserFederationProviderModel(ldapModel.getId(), ldapModel.getProviderName(), ldapModel.getConfig(), ldapModel.getPriority(), ldapModel.getDisplayName(), -1, -1, 0);
            userFederationProviderModel.getConfig().put("editMode", UserFederationProvider.EditMode.UNSYNCED.toString());
            realmByName.updateUserFederationProvider(userFederationProviderModel);
            UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName);
            Assert.assertNotNull(userByUsername);
            Assert.assertNotNull(userByUsername.getFederationLink());
            Assert.assertEquals(userByUsername.getFederationLink(), ldapModel.getId());
            UserCredentialModel password = UserCredentialModel.password("Candycand1");
            userByUsername.updateCredential(password);
            Assert.assertEquals("password", ((UserCredentialValueModel) userByUsername.getCredentialsDirectly().get(0)).getType());
            Assert.assertTrue(startSession.users().validCredentials(startSession, realmByName, userByUsername, new UserCredentialModel[]{password}));
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, userFederationProviderModel);
            ldapProvider.getLdapIdentityStore().validatePassword(ldapProvider.loadLDAPUserByUsername(realmByName, "johnkeycloak"), "Password1");
            Assert.assertTrue(startSession.users().removeUser(realmByName, userByUsername));
            Assert.assertNull(startSession.userStorage().getUserByUsername("johnkeycloak", realmByName));
            Assert.assertNotNull(startSession.users().getUserByUsername("johnkeycloak", realmByName));
            keycloakRule.stopSession(startSession, false);
            startSession = keycloakRule.startSession();
            try {
                Assert.assertEquals(UserFederationProvider.EditMode.WRITABLE.toString(), ((UserFederationProviderModel) startSession.realms().getRealmByName("test").getUserFederationProviders().get(0)).getConfig().get("editMode"));
                keycloakRule.stopSession(startSession, false);
            } finally {
            }
        } finally {
        }
    }
}
