package org.keycloak.testsuite.saml;

import java.util.List;
import org.hamcrest.CoreMatchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.utils.io.IOUtil;

/* loaded from: input_file:org/keycloak/testsuite/saml/SamlConsentTest.class */
public class SamlConsentTest extends AbstractSamlTest {
    @Override // org.keycloak.testsuite.saml.AbstractSamlTest, org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm("/adapter-test/keycloak-saml/testsaml.json"));
    }

    @Test
    public void rejectedConsentResponseTest() throws ParsingException, ConfigurationException, ProcessingException {
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0);
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().get(clientRepresentation.getId()).update(ClientBuilder.edit(clientRepresentation).consentRequired(true).attribute("saml_idp_initiated_sso_url_name", "sales-post").attribute("saml_assertion_consumer_url_post", SAML_ASSERTION_CONSUMER_URL_SALES_POST + "saml").attribute("saml.server.signature", "true").build());
        this.log.debug("Log in using idp initiated login");
        String documentToString = IOUtil.documentToString(new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().consentRequired().approveConsent(false).build().getSamlResponse(SamlClient.Binding.POST).getSamlDocument());
        Assert.assertThat(documentToString, CoreMatchers.containsString("<dsig:Signature"));
        Assert.assertThat(documentToString, CoreMatchers.not(CoreMatchers.containsString("<samlp:LogoutResponse")));
        Assert.assertThat(documentToString, CoreMatchers.containsString("<samlp:Response"));
        Assert.assertThat(documentToString, CoreMatchers.containsString("<samlp:Status"));
        Assert.assertThat(documentToString, CoreMatchers.containsString("<samlp:StatusCode Value=\"urn:oasis:names:tc:SAML:2.0:status:RequestDenied\""));
    }
}
