package org.keycloak.testsuite.saml;

import java.util.List;
import java.util.UUID;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/saml/SamlRelayStateTest.class */
public class SamlRelayStateTest extends AbstractSamlTest {
    private static final String RELAY_STATE = "/importantRelayState";

    @Test
    public void testRelayStateDoesNotRetainBetweenTwoRequestsPost() throws Exception {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(RELAY_STATE).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, str -> {
            MatcherAssert.assertThat(str, Matchers.is(Matchers.equalTo(RELAY_STATE)));
        }).authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().followOneRedirect().assertSamlRelayState(SamlClient.Binding.POST, str2 -> {
            MatcherAssert.assertThat(str2, Matchers.is(Matchers.nullValue()));
        }).execute();
    }

    @Test
    public void testRelayStateDoesNotRetainBetweenTwoRequestsRedirect() throws Exception {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_assertion_consumer_url_post", (String) null).setAttribute("saml_assertion_consumer_url_redirect", (String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml_assertion_consumer_url_post")).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).relayState(RELAY_STATE).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.REDIRECT, str -> {
                MatcherAssert.assertThat(str, Matchers.is(Matchers.equalTo(RELAY_STATE)));
            }).authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).build().assertSamlRelayState(SamlClient.Binding.REDIRECT, str2 -> {
                MatcherAssert.assertThat(str2, Matchers.is(Matchers.nullValue()));
            }).execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testRelayStateDoesNotRetainBetweenTwoRequestsIdpInitiatedPost() throws Exception {
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").relayState(RELAY_STATE).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, str -> {
            MatcherAssert.assertThat(str, Matchers.is(Matchers.equalTo(RELAY_STATE)));
        }).idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().assertSamlRelayState(SamlClient.Binding.POST, str2 -> {
            MatcherAssert.assertThat(str2, Matchers.is(Matchers.nullValue()));
        }).execute();
    }

    @Test
    public void testRelayStateDoesNotRetainBetweenTwoRequestsIdpInitiatedRedirect() throws Exception {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_assertion_consumer_url_post", (String) null).setAttribute("saml_assertion_consumer_url_redirect", (String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml_assertion_consumer_url_post")).update();
        Throwable th = null;
        try {
            try {
                new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").relayState(RELAY_STATE).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.REDIRECT, str -> {
                    MatcherAssert.assertThat(str, Matchers.is(Matchers.equalTo(RELAY_STATE)));
                }).idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().assertSamlRelayState(SamlClient.Binding.REDIRECT, str2 -> {
                    MatcherAssert.assertThat(str2, Matchers.is(Matchers.nullValue()));
                }).execute();
                if (update != null) {
                    if (0 == 0) {
                        update.close();
                        return;
                    }
                    try {
                        update.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (update != null) {
                if (th != null) {
                    try {
                        update.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    update.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testRelayStateForSameAuthSession() throws Exception {
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(RELAY_STATE).build().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, str -> {
            MatcherAssert.assertThat(str, Matchers.is(Matchers.nullValue()));
        }).execute();
    }

    @Test
    public void testRelayStateForSameAuthSessionIDPInitiated() throws Exception {
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").relayState(RELAY_STATE).build().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, str -> {
            MatcherAssert.assertThat(str, Matchers.is(Matchers.nullValue()));
        }).execute();
    }

    @Test
    @Ignore("KEYCLOAK-5179")
    public void relayStateConcurrencyTest() throws Exception {
        ThreadLocal threadLocal = new ThreadLocal();
        List steps = new SamlClientBuilder().addStep(() -> {
            threadLocal.set(UUID.randomUUID());
        }).authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).relayState(() -> {
            return ((UUID) threadLocal.get()).toString();
        }).build().login().user(this.bburkeUser).build().assertSamlRelayState(SamlClient.Binding.POST, str -> {
            MatcherAssert.assertThat(str, Matchers.is(Matchers.notNullValue()));
            MatcherAssert.assertThat(str, Matchers.is(Matchers.equalTo(((UUID) threadLocal.get()).toString())));
        }).getSteps();
        SamlClient samlClient = new SamlClient();
        samlClient.execute(steps);
        steps.remove(2);
        AbstractConcurrencyTest.run(2, 10, this, (i, keycloak, realmResource) -> {
            samlClient.execute(steps);
        });
    }
}
