package org.keycloak.testsuite.federation.ldap.base;

import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.junit.Assert;
import org.junit.Before;
import org.junit.ClassRule;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.rules.RuleChain;
import org.junit.rules.TestRule;
import org.junit.runners.MethodSorters;
import org.keycloak.federation.ldap.LDAPFederationProvider;
import org.keycloak.federation.ldap.LDAPUtils;
import org.keycloak.federation.ldap.idm.model.LDAPObject;
import org.keycloak.federation.ldap.mappers.membership.LDAPGroupMapperMode;
import org.keycloak.federation.ldap.mappers.membership.MembershipType;
import org.keycloak.federation.ldap.mappers.membership.group.GroupLDAPFederationMapper;
import org.keycloak.federation.ldap.mappers.membership.group.GroupLDAPFederationMapperFactory;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ModelException;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserFederationMapperModel;
import org.keycloak.models.UserFederationProvider;
import org.keycloak.models.UserFederationProviderModel;
import org.keycloak.models.UserFederationSyncResult;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.federation.ldap.FederationTestUtils;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.LDAPRule;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/testsuite/federation/ldap/base/LDAPGroupMapperSyncTest.class */
public class LDAPGroupMapperSyncTest {
    private static LDAPRule ldapRule = new LDAPRule();
    private static UserFederationProviderModel ldapModel = null;
    private static String descriptionAttrName = null;
    private static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.federation.ldap.base.LDAPGroupMapperSyncTest.1
        @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
        public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
            Map<String, String> config = LDAPGroupMapperSyncTest.ldapRule.getConfig();
            config.put("syncRegistrations", "true");
            config.put("editMode", UserFederationProvider.EditMode.WRITABLE.toString());
            UserFederationProviderModel unused = LDAPGroupMapperSyncTest.ldapModel = realmModel2.addUserFederationProvider("ldap", config, 0, "test-ldap", -1, -1, 0);
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(this.session, LDAPGroupMapperSyncTest.ldapModel);
            String unused2 = LDAPGroupMapperSyncTest.descriptionAttrName = ldapProvider.getLdapIdentityStore().getConfig().isActiveDirectory() ? "displayName" : "description";
            FederationTestUtils.addOrUpdateGroupMapper(realmModel2, LDAPGroupMapperSyncTest.ldapModel, LDAPGroupMapperMode.LDAP_ONLY, LDAPGroupMapperSyncTest.descriptionAttrName, new String[0]);
            FederationTestUtils.removeAllLDAPGroups(this.session, realmModel2, LDAPGroupMapperSyncTest.ldapModel, "groupsMapper");
            LDAPObject createLDAPGroup = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperSyncTest.ldapModel, "group1", LDAPGroupMapperSyncTest.descriptionAttrName, "group1 - description");
            LDAPObject createLDAPGroup2 = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperSyncTest.ldapModel, "group11", new String[0]);
            LDAPObject createLDAPGroup3 = FederationTestUtils.createLDAPGroup(realmManager.getSession(), realmModel2, LDAPGroupMapperSyncTest.ldapModel, "group12", LDAPGroupMapperSyncTest.descriptionAttrName, "group12 - description");
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, createLDAPGroup2, false);
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", createLDAPGroup, createLDAPGroup3, true);
        }
    });

    @ClassRule
    public static TestRule chain = RuleChain.outerRule(ldapRule).around(keycloakRule);

    @Before
    public void before() {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            Iterator it = realmByName.getTopLevelGroups().iterator();
            while (it.hasNext()) {
                realmByName.removeGroup((GroupModel) it.next());
            }
            keycloakRule.stopSession(startSession, true);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, true);
            throw th;
        }
    }

    @Test
    public void test01_syncNoPreserveGroupInheritance() throws Exception {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            LDAPObject loadLDAPGroupByName = groupMapper.loadLDAPGroupByName("group1");
            LDAPObject loadLDAPGroupByName2 = groupMapper.loadLDAPGroupByName("group12");
            LDAPUtils.addMember(ldapProvider, MembershipType.DN, "member", loadLDAPGroupByName2, loadLDAPGroupByName, true);
            try {
                new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName);
                Assert.fail("Not expected group sync to pass");
            } catch (ModelException e) {
                Assert.assertTrue(e.getMessage().contains("Recursion detected"));
            }
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "preserve.group.inheritance", "false");
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName);
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group11");
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group12");
            Assert.assertEquals(0L, findGroupByPath.getSubGroups().size());
            Assert.assertEquals("group1 - description", findGroupByPath.getFirstAttribute(descriptionAttrName));
            Assert.assertNull(findGroupByPath2.getFirstAttribute(descriptionAttrName));
            Assert.assertEquals("group12 - description", findGroupByPath3.getFirstAttribute(descriptionAttrName));
            LDAPUtils.deleteMember(ldapProvider, MembershipType.DN, "member", loadLDAPGroupByName2, loadLDAPGroupByName, true);
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test02_syncWithGroupInheritance() throws Exception {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            FederationTestUtils.assertSyncEquals(new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName), 3, 0, 0, 0);
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group11"));
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group12"));
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11");
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12");
            Assert.assertEquals(2L, findGroupByPath.getSubGroups().size());
            Assert.assertEquals("group1 - description", findGroupByPath.getFirstAttribute(descriptionAttrName));
            Assert.assertNull(findGroupByPath2.getFirstAttribute(descriptionAttrName));
            Assert.assertEquals("group12 - description", findGroupByPath3.getFirstAttribute(descriptionAttrName));
            LDAPObject loadLDAPGroupByName = groupMapper.loadLDAPGroupByName("group1");
            loadLDAPGroupByName.setSingleAttribute(descriptionAttrName, "group1 - changed description");
            ldapProvider.getLdapIdentityStore().update(loadLDAPGroupByName);
            LDAPObject loadLDAPGroupByName2 = groupMapper.loadLDAPGroupByName("group12");
            loadLDAPGroupByName2.setAttribute(descriptionAttrName, (Set) null);
            ldapProvider.getLdapIdentityStore().update(loadLDAPGroupByName2);
            FederationTestUtils.assertSyncEquals(new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName), 0, 3, 0, 0);
            GroupModel findGroupByPath4 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            GroupModel findGroupByPath5 = KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12");
            Assert.assertEquals("group1 - changed description", findGroupByPath4.getFirstAttribute(descriptionAttrName));
            Assert.assertNull(findGroupByPath5.getFirstAttribute(descriptionAttrName));
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test03_syncWithDropNonExistingGroups() throws Exception {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            FederationTestUtils.assertSyncEquals(new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName), 3, 0, 0, 0);
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11"));
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12"));
            Assert.assertEquals(2L, findGroupByPath.getSubGroups().size());
            realmByName.moveGroup(realmByName.createGroup("model1"), (GroupModel) null);
            findGroupByPath.addChild(realmByName.createGroup("model2"));
            FederationTestUtils.assertSyncEquals(new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName), 0, 3, 0, 0);
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11"));
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12"));
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/model1"));
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/model2"));
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "drop.non.existing.groups.during.sync", "true");
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            UserFederationSyncResult syncDataFromFederationProviderToKeycloak = new GroupLDAPFederationMapperFactory().create(startSession).syncDataFromFederationProviderToKeycloak(userFederationMapperByName, ldapProvider, startSession, realmByName);
            Assert.assertEquals(3L, syncDataFromFederationProviderToKeycloak.getUpdated());
            Assert.assertTrue(syncDataFromFederationProviderToKeycloak.getRemoved() == 2);
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group11"));
            Assert.assertNotNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/group12"));
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/model1"));
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1/model2"));
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }

    @Test
    public void test04_syncNoPreserveGroupInheritanceWithLazySync() throws Exception {
        KeycloakSession startSession = keycloakRule.startSession();
        try {
            RealmModel realmByName = startSession.realms().getRealmByName("test");
            UserFederationMapperModel userFederationMapperByName = realmByName.getUserFederationMapperByName(ldapModel.getId(), "groupsMapper");
            LDAPFederationProvider ldapProvider = FederationTestUtils.getLdapProvider(startSession, ldapModel);
            GroupLDAPFederationMapper groupMapper = FederationTestUtils.getGroupMapper(userFederationMapperByName, ldapProvider, realmByName);
            FederationTestUtils.updateGroupMapperConfigOptions(userFederationMapperByName, "preserve.group.inheritance", "false");
            realmByName.updateUserFederationMapper(userFederationMapperByName);
            FederationTestUtils.removeAllLDAPUsers(ldapProvider, realmByName);
            LDAPObject addLDAPUser = FederationTestUtils.addLDAPUser(ldapProvider, realmByName, "johnkeycloak", "John", "Doe", "john@email.org", null, "1234");
            FederationTestUtils.updateLDAPPassword(ldapProvider, addLDAPUser, "Password1");
            groupMapper.addGroupMappingInLDAP("group11", addLDAPUser);
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group1"));
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group11"));
            Assert.assertNull(KeycloakModelUtils.findGroupByPath(realmByName, "/group12"));
            UserModel userByUsername = startSession.users().getUserByUsername("johnkeycloak", realmByName);
            Set groups = userByUsername.getGroups();
            GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "/group1");
            GroupModel findGroupByPath2 = KeycloakModelUtils.findGroupByPath(realmByName, "/group11");
            GroupModel findGroupByPath3 = KeycloakModelUtils.findGroupByPath(realmByName, "/group12");
            Assert.assertNull(findGroupByPath);
            Assert.assertNotNull(findGroupByPath2);
            Assert.assertNull(findGroupByPath3);
            Assert.assertEquals(1L, groups.size());
            Assert.assertTrue(groups.contains(findGroupByPath2));
            userByUsername.leaveGroup(findGroupByPath2);
            keycloakRule.stopSession(startSession, false);
        } catch (Throwable th) {
            keycloakRule.stopSession(startSession, false);
            throw th;
        }
    }
}
