package org.keycloak.testsuite.keys;

import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.util.List;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.CertificateUtils;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.PemUtils;
import org.keycloak.jose.jws.AlgorithmType;
import org.keycloak.keys.KeyProvider;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;

/* loaded from: input_file:org/keycloak/testsuite/keys/ImportedRsaKeyProviderTest.class */
public class ImportedRsaKeyProviderTest extends AbstractKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Test
    public void privateKeyOnly() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        String createKeyId = KeyUtils.createKeyId(generateRsaKeyPair.getPublic());
        ComponentRepresentation createRep = createRep("valid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("priority", Long.toString(currentTimeMillis));
        Response add = this.adminClient.realm("test").components().add(createRep);
        String createdId = ApiUtil.getCreatedId(add);
        add.close();
        ComponentRepresentation representation = this.adminClient.realm("test").components().component(createdId).toRepresentation();
        Assert.assertEquals("**********", representation.getConfig().getFirst("privateKey"));
        Assert.assertNotNull(representation.getConfig().getFirst("certificate"));
        Assert.assertEquals(generateRsaKeyPair.getPublic(), PemUtils.decodeCertificate((String) representation.getConfig().getFirst("certificate")).getPublicKey());
        KeysMetadataRepresentation keyMetadata = this.adminClient.realm("test").keys().getKeyMetadata();
        Assert.assertEquals(createKeyId, keyMetadata.getActive().get("RS256"));
        KeysMetadataRepresentation.KeyMetadataRepresentation keyMetadataRepresentation = (KeysMetadataRepresentation.KeyMetadataRepresentation) keyMetadata.getKeys().get(0);
        Assert.assertEquals(createdId, keyMetadataRepresentation.getProviderId());
        Assert.assertEquals(AlgorithmType.RSA.name(), keyMetadataRepresentation.getType());
        Assert.assertEquals(currentTimeMillis, keyMetadataRepresentation.getProviderPriority());
        Assert.assertEquals(createKeyId, keyMetadataRepresentation.getKid());
        Assert.assertEquals(PemUtils.encodeKey(generateRsaKeyPair.getPublic()), ((KeysMetadataRepresentation.KeyMetadataRepresentation) keyMetadata.getKeys().get(0)).getPublicKey());
        Assert.assertEquals(generateRsaKeyPair.getPublic(), PemUtils.decodeCertificate(keyMetadataRepresentation.getCertificate()).getPublicKey());
    }

    @Test
    public void keyAndCertificate() throws Exception {
        long currentTimeMillis = System.currentTimeMillis();
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        String encodeCertificate = PemUtils.encodeCertificate(CertificateUtils.generateV1SelfSignedCertificate(generateRsaKeyPair, "test"));
        ComponentRepresentation createRep = createRep("valid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("certificate", encodeCertificate);
        createRep.getConfig().putSingle("priority", Long.toString(currentTimeMillis));
        Response add = this.adminClient.realm("test").components().add(createRep);
        String createdId = ApiUtil.getCreatedId(add);
        add.close();
        ComponentRepresentation representation = this.adminClient.realm("test").components().component(createdId).toRepresentation();
        Assert.assertEquals("**********", representation.getConfig().getFirst("privateKey"));
        Assert.assertEquals(encodeCertificate, representation.getConfig().getFirst("certificate"));
        Assert.assertEquals(encodeCertificate, ((KeysMetadataRepresentation.KeyMetadataRepresentation) this.adminClient.realm("test").keys().getKeyMetadata().getKeys().get(0)).getCertificate());
    }

    @Test
    public void invalidPriority() throws Exception {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        ComponentRepresentation createRep = createRep("invalid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("priority", "invalid");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "'Priority' should be a number");
    }

    @Test
    public void invalidEnabled() throws Exception {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        ComponentRepresentation createRep = createRep("invalid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("enabled", "invalid");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "'Enabled' should be 'true' or 'false'");
    }

    @Test
    public void invalidActive() throws Exception {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        ComponentRepresentation createRep = createRep("invalid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("active", "invalid");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "'Active' should be 'true' or 'false'");
    }

    @Test
    public void invalidPrivateKey() throws Exception {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        ComponentRepresentation createRep = createRep("invalid", "rsa");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "'Private RSA Key' is required");
        createRep.getConfig().putSingle("privateKey", "nonsense");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "Failed to decode private key");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPublic()));
        assertErrror(this.adminClient.realm("test").components().add(createRep), "Failed to decode private key");
    }

    @Test
    public void invalidCertificate() throws Exception {
        KeyPair generateRsaKeyPair = KeyUtils.generateRsaKeyPair(2048);
        X509Certificate generateV1SelfSignedCertificate = CertificateUtils.generateV1SelfSignedCertificate(KeyUtils.generateRsaKeyPair(2048), "test");
        ComponentRepresentation createRep = createRep("invalid", "rsa");
        createRep.getConfig().putSingle("privateKey", PemUtils.encodeKey(generateRsaKeyPair.getPrivate()));
        createRep.getConfig().putSingle("certificate", "nonsense");
        assertErrror(this.adminClient.realm("test").components().add(createRep), "Failed to decode certificate");
        createRep.getConfig().putSingle("certificate", PemUtils.encodeCertificate(generateV1SelfSignedCertificate));
        assertErrror(this.adminClient.realm("test").components().add(createRep), "Certificate does not match private key");
    }

    protected void assertErrror(Response response, String str) {
        if (!response.hasEntity()) {
            Assert.fail("No error message set");
        }
        Assert.assertEquals(str, ((ErrorRepresentation) response.readEntity(ErrorRepresentation.class)).getErrorMessage());
        response.close();
    }

    protected ComponentRepresentation createRep(String str, String str2) {
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName(str);
        componentRepresentation.setParentId("test");
        componentRepresentation.setProviderId(str2);
        componentRepresentation.setProviderType(KeyProvider.class.getName());
        componentRepresentation.setConfig(new MultivaluedHashMap());
        return componentRepresentation;
    }
}
