package org.keycloak.testsuite.saml;

import java.util.List;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.NameIDPolicyType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/saml/AuthnRequestNameIdFormatTest.class */
public class AuthnRequestNameIdFormatTest extends AbstractSamlTest {
    private void testLoginWithNameIdPolicy(SamlClient.Binding binding, SamlClient.Binding binding2, NameIDPolicyType nameIDPolicyType, Matcher<String> matcher) throws Exception {
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, binding).transformObject(authnRequestType -> {
            authnRequestType.setProtocolBinding(binding.getBindingUri());
            authnRequestType.setNameIDPolicy(nameIDPolicyType);
            return authnRequestType;
        }).build().login().user(this.bburkeUser).build().getSamlResponse(binding2);
        Assert.assertThat(samlResponse.getSamlObject(), Matchers.notNullValue());
        Assert.assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        ResponseType samlObject = samlResponse.getSamlObject();
        Assert.assertThat(samlObject.getAssertions(), Matchers.not(Matchers.empty()));
        Assert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion().getSubject().getSubType().getBaseID(), Matchers.instanceOf(NameIDType.class));
        Assert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion().getSubject().getSubType().getBaseID().getValue(), matcher);
    }

    @Test
    public void testPostLoginNameIdPolicyUnspecified() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.POST, SamlClient.Binding.POST, nameIDPolicyType, Matchers.is("bburke"));
    }

    @Test
    public void testPostLoginNameIdPolicyEmail() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.POST, SamlClient.Binding.POST, nameIDPolicyType, Matchers.is("bburke@redhat.com"));
    }

    @Test
    public void testPostLoginNameIdPolicyPersistent() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.POST, SamlClient.Binding.POST, nameIDPolicyType, Matchers.startsWith("G-"));
    }

    @Test
    public void testPostLoginNoNameIdPolicyUnset() throws Exception {
        testLoginWithNameIdPolicy(SamlClient.Binding.POST, SamlClient.Binding.POST, null, Matchers.is("bburke"));
    }

    @Test
    public void testRedirectLoginNameIdPolicyUnspecified() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_UNSPECIFIED.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.REDIRECT, SamlClient.Binding.REDIRECT, nameIDPolicyType, Matchers.is("bburke"));
    }

    @Test
    public void testRedirectLoginNameIdPolicyEmail() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_EMAIL.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.REDIRECT, SamlClient.Binding.REDIRECT, nameIDPolicyType, Matchers.is("bburke@redhat.com"));
    }

    @Test
    public void testRedirectLoginNameIdPolicyPersistent() throws Exception {
        NameIDPolicyType nameIDPolicyType = new NameIDPolicyType();
        nameIDPolicyType.setFormat(JBossSAMLURIConstants.NAMEID_FORMAT_PERSISTENT.getUri());
        testLoginWithNameIdPolicy(SamlClient.Binding.REDIRECT, SamlClient.Binding.REDIRECT, nameIDPolicyType, Matchers.startsWith("G-"));
    }

    @Test
    public void testRedirectLoginNoNameIdPolicyUnset() throws Exception {
        testLoginWithNameIdPolicy(SamlClient.Binding.REDIRECT, SamlClient.Binding.REDIRECT, null, Matchers.is("bburke"));
    }

    @Test
    public void testRedirectLoginNoNameIdPolicyForcePostBinding() throws Exception {
        ClientsResource clients = this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients();
        List findByClientId = clients.findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST);
        Assert.assertThat(findByClientId, Matchers.hasSize(1));
        ClientResource clientResource = clients.get(((ClientRepresentation) findByClientId.get(0)).getId());
        ClientRepresentation representation = clientResource.toRepresentation();
        representation.getAttributes().put("saml.force.post.binding", "true");
        clientResource.update(representation);
        testLoginWithNameIdPolicy(SamlClient.Binding.REDIRECT, SamlClient.Binding.POST, null, Matchers.is("bburke"));
        ClientRepresentation representation2 = clientResource.toRepresentation();
        representation2.getAttributes().put("saml.force.post.binding", "false");
        clientResource.update(representation2);
    }
}
