package org.keycloak.testsuite.admin.client.authorization;

import com.fasterxml.jackson.core.TreeNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import io.undertow.Undertow;
import io.undertow.server.handlers.form.FormData;
import io.undertow.server.handlers.form.FormParserFactory;
import java.io.BufferedInputStream;
import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Collections;
import java.util.Deque;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.security.cert.X509Certificate;
import org.apache.http.impl.client.HttpClients;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.KeycloakSecurityContext;
import org.keycloak.adapters.KeycloakDeployment;
import org.keycloak.adapters.KeycloakDeploymentBuilder;
import org.keycloak.adapters.OIDCHttpFacade;
import org.keycloak.adapters.authorization.ClaimInformationPointProvider;
import org.keycloak.adapters.authorization.ClaimInformationPointProviderFactory;
import org.keycloak.adapters.authorization.PolicyEnforcer;
import org.keycloak.adapters.spi.AuthenticationError;
import org.keycloak.adapters.spi.HttpFacade;
import org.keycloak.adapters.spi.LogoutError;
import org.keycloak.common.Profile;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.adapters.config.PolicyEnforcerConfig;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.keycloak.util.JsonSerialization;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/admin/client/authorization/ClaimInformationPointProviderTest.class */
public class ClaimInformationPointProviderTest extends AbstractKeycloakTest {
    private static Undertow httpService;

    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @BeforeClass
    public static void onBeforeClass() {
        httpService = Undertow.builder().addHttpListener(8989, DockerClientTest.REGISTRY_HOSTNAME).setHandler(httpServerExchange -> {
            if (httpServerExchange.isInIoThread()) {
                try {
                    if (httpServerExchange.getRelativePath().equals("/post-claim-information-provider")) {
                        FormData parseBlocking = FormParserFactory.builder().build().createParser(httpServerExchange).parseBlocking();
                        if (!"Bearer tokenString".equals(httpServerExchange.getRequestHeaders().getFirst("Authorization")) || !"post".equalsIgnoreCase(httpServerExchange.getRequestMethod().toString()) || !"application/x-www-form-urlencoded".equals(httpServerExchange.getRequestHeaders().getFirst("Content-Type")) || !httpServerExchange.getRequestHeaders().get("header-b").contains("header-b-value1") || !httpServerExchange.getRequestHeaders().get("header-b").contains("header-b-value2") || !((FormData.FormValue) parseBlocking.get("param-a").getFirst()).getValue().equals("param-a-value1") || !((FormData.FormValue) parseBlocking.get("param-a").getLast()).getValue().equals("param-a-value2") || !((FormData.FormValue) parseBlocking.get("param-subject").getFirst()).getValue().equals("sub") || !((FormData.FormValue) parseBlocking.get("param-user-name").getFirst()).getValue().equals("username") || !((FormData.FormValue) parseBlocking.get("param-other-claims").getFirst()).getValue().equals("param-other-claims-value1") || !((FormData.FormValue) parseBlocking.get("param-other-claims").getLast()).getValue().equals("param-other-claims-value2")) {
                            httpServerExchange.setStatusCode(400);
                            if (httpServerExchange.getStatusCode() == 200) {
                                try {
                                    ObjectMapper objectMapper = JsonSerialization.mapper;
                                    httpServerExchange.getResponseSender().send(objectMapper.readTree(objectMapper.getFactory().createParser("{\"a\": \"a-value1\", \"b\": \"b-value1\", \"d\": [\"d-value1\", \"d-value2\"]}")).toString());
                                } catch (Exception e) {
                                    e.printStackTrace();
                                }
                            }
                            httpServerExchange.endExchange();
                            return;
                        }
                        httpServerExchange.setStatusCode(200);
                    } else if (!httpServerExchange.getRelativePath().equals("/get-claim-information-provider")) {
                        httpServerExchange.setStatusCode(404);
                    } else {
                        if (!"Bearer idTokenString".equals(httpServerExchange.getRequestHeaders().getFirst("Authorization")) || !"get".equalsIgnoreCase(httpServerExchange.getRequestMethod().toString()) || !httpServerExchange.getRequestHeaders().get("header-b").contains("header-b-value1") || !httpServerExchange.getRequestHeaders().get("header-b").contains("header-b-value2") || !((Deque) httpServerExchange.getQueryParameters().get("param-a")).contains("param-a-value1") || !((Deque) httpServerExchange.getQueryParameters().get("param-a")).contains("param-a-value2") || !((Deque) httpServerExchange.getQueryParameters().get("param-subject")).contains("sub") || !((Deque) httpServerExchange.getQueryParameters().get("param-user-name")).contains("username")) {
                            httpServerExchange.setStatusCode(400);
                            if (httpServerExchange.getStatusCode() == 200) {
                                try {
                                    ObjectMapper objectMapper2 = JsonSerialization.mapper;
                                    httpServerExchange.getResponseSender().send(objectMapper2.readTree(objectMapper2.getFactory().createParser("{\"a\": \"a-value1\", \"b\": \"b-value1\", \"d\": [\"d-value1\", \"d-value2\"]}")).toString());
                                } catch (Exception e2) {
                                    e2.printStackTrace();
                                }
                            }
                            httpServerExchange.endExchange();
                            return;
                        }
                        httpServerExchange.setStatusCode(200);
                    }
                    if (httpServerExchange.getStatusCode() == 200) {
                        try {
                            ObjectMapper objectMapper3 = JsonSerialization.mapper;
                            httpServerExchange.getResponseSender().send(objectMapper3.readTree(objectMapper3.getFactory().createParser("{\"a\": \"a-value1\", \"b\": \"b-value1\", \"d\": [\"d-value1\", \"d-value2\"]}")).toString());
                        } catch (Exception e3) {
                            e3.printStackTrace();
                        }
                    }
                    httpServerExchange.endExchange();
                } catch (Throwable th) {
                    if (httpServerExchange.getStatusCode() == 200) {
                        try {
                            ObjectMapper objectMapper4 = JsonSerialization.mapper;
                            httpServerExchange.getResponseSender().send(objectMapper4.readTree(objectMapper4.getFactory().createParser("{\"a\": \"a-value1\", \"b\": \"b-value1\", \"d\": [\"d-value1\", \"d-value2\"]}")).toString());
                        } catch (Exception e4) {
                            e4.printStackTrace();
                        }
                    }
                    httpServerExchange.endExchange();
                    throw th;
                }
            }
        }).build();
        httpService.start();
    }

    @AfterClass
    public static void onAfterClass() {
        if (httpService != null) {
            httpService.stop();
        }
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm(getClass().getResourceAsStream("/authorization-test/test-authz-realm.json")));
    }

    private ClaimInformationPointProvider getClaimInformationProviderForPath(String str, String str2) {
        KeycloakDeployment build = KeycloakDeploymentBuilder.build(getClass().getResourceAsStream("/authorization-test/enforcer-config-claims-provider.json"));
        build.setClient(HttpClients.createDefault());
        PolicyEnforcer policyEnforcer = build.getPolicyEnforcer();
        Map claimInformationPointProviderFactories = policyEnforcer.getClaimInformationPointProviderFactories();
        PolicyEnforcerConfig.PathConfig pathConfig = (PolicyEnforcerConfig.PathConfig) policyEnforcer.getPaths().get(str);
        Assert.assertNotNull(pathConfig);
        Map claimInformationPointConfig = pathConfig.getClaimInformationPointConfig();
        Assert.assertNotNull(claimInformationPointConfig);
        ClaimInformationPointProviderFactory claimInformationPointProviderFactory = (ClaimInformationPointProviderFactory) claimInformationPointProviderFactories.get(str2);
        Assert.assertNotNull(claimInformationPointProviderFactory);
        return claimInformationPointProviderFactory.create((Map) claimInformationPointConfig.get(str2));
    }

    @Test
    public void testBasicClaimsInformationPoint() {
        Map resolve = getClaimInformationProviderForPath("/claims-provider", "claims").resolve(createHttpFacade());
        Assert.assertEquals("parameter-a", ((List) resolve.get("claim-from-request-parameter")).get(0));
        Assert.assertEquals("header-b", ((List) resolve.get("claim-from-header")).get(0));
        Assert.assertEquals("cookie-c", ((List) resolve.get("claim-from-cookie")).get(0));
        Assert.assertEquals("user-remote-addr", ((List) resolve.get("claim-from-remoteAddr")).get(0));
        Assert.assertEquals("GET", ((List) resolve.get("claim-from-method")).get(0));
        Assert.assertEquals("/app/request-uri", ((List) resolve.get("claim-from-uri")).get(0));
        Assert.assertEquals("/request-relative-path", ((List) resolve.get("claim-from-relativePath")).get(0));
        Assert.assertEquals("true", ((List) resolve.get("claim-from-secure")).get(0));
        Assert.assertEquals("static value", ((List) resolve.get("claim-from-static-value")).get(0));
        Assert.assertEquals("static", ((List) resolve.get("claim-from-multiple-static-value")).get(0));
        Assert.assertEquals("value", ((List) resolve.get("claim-from-multiple-static-value")).get(1));
        Assert.assertEquals("Test param-other-claims-value1 and parameter-a", ((List) resolve.get("param-replace-multiple-placeholder")).get(0));
    }

    @Test
    public void testBodyJsonClaimsInformationPoint() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", Arrays.asList("application/json"));
        ObjectMapper objectMapper = JsonSerialization.mapper;
        Map resolve = getClaimInformationProviderForPath("/claims-provider", "claims").resolve(createHttpFacade(hashMap, new ByteArrayInputStream(objectMapper.readTree(objectMapper.getFactory().createParser("{\"a\": {\"b\": {\"c\": \"c-value\"}}, \"d\": [\"d-value1\", \"d-value2\"], \"e\": {\"number\": 123}}")).toString().getBytes())));
        Assert.assertEquals("c-value", ((List) resolve.get("claim-from-json-body-object")).get(0));
        Assert.assertEquals("d-value2", ((List) resolve.get("claim-from-json-body-array")).get(0));
        Assert.assertEquals("123", ((List) resolve.get("claim-from-json-body-number")).get(0));
    }

    @Test
    public void testBodyJsonObjectClaim() throws Exception {
        HashMap hashMap = new HashMap();
        hashMap.put("Content-Type", Arrays.asList("application/json"));
        ObjectMapper objectMapper = JsonSerialization.mapper;
        TreeNode readTree = objectMapper.readTree(objectMapper.getFactory().createParser("{\"Individual\" : {\n\n                \"Name\":  \"John\",\n\n                \"Lastname\": \"Doe\",\n\n                \"individualRoles\" : [ {\n\n                                \"roleSpec\": 2342,\n\n                                \"roleId\": 4234},\n\n{\n\n                                \"roleSpec\": 4223,\n\n                                \"roleId\": 523\n\n                }\n\n                ]\n\n}}"));
        Map resolve = getClaimInformationProviderForPath("/claims-from-body-json-object", "claims").resolve(createHttpFacade(hashMap, new ByteArrayInputStream(readTree.toString().getBytes())));
        Assert.assertEquals(1L, resolve.size());
        Assert.assertEquals(2L, ((List) resolve.get("individualRoles")).size());
        Assert.assertEquals("{\"roleSpec\":2342,\"roleId\":4234}", ((List) resolve.get("individualRoles")).get(0));
        Assert.assertEquals("{\"roleSpec\":4223,\"roleId\":523}", ((List) resolve.get("individualRoles")).get(1));
        hashMap.put("Content-Type", Arrays.asList("application/json; charset=utf-8"));
        Map resolve2 = getClaimInformationProviderForPath("/claims-from-body-json-object", "claims").resolve(createHttpFacade(hashMap, new ByteArrayInputStream(readTree.toString().getBytes())));
        Assert.assertEquals(1L, resolve2.size());
        Assert.assertEquals(2L, ((List) resolve2.get("individualRoles")).size());
        Assert.assertEquals("{\"roleSpec\":2342,\"roleId\":4234}", ((List) resolve2.get("individualRoles")).get(0));
        Assert.assertEquals("{\"roleSpec\":4223,\"roleId\":523}", ((List) resolve2.get("individualRoles")).get(1));
    }

    @Test
    public void testBodyClaimsInformationPoint() {
        Assert.assertEquals("raw-body-text", ((List) getClaimInformationProviderForPath("/claims-provider", "claims").resolve(createHttpFacade(new HashMap(), new ByteArrayInputStream("raw-body-text".getBytes()))).get("claim-from-body")).get(0));
    }

    @Test
    public void testHttpClaimInformationPointProviderWithoutClaims() {
        Map resolve = getClaimInformationProviderForPath("/http-get-claim-provider", "http").resolve(createHttpFacade());
        Assert.assertEquals("a-value1", ((List) resolve.get("a")).get(0));
        Assert.assertEquals("b-value1", ((List) resolve.get("b")).get(0));
        Assert.assertEquals("d-value1", ((List) resolve.get("d")).get(0));
        Assert.assertEquals("d-value2", ((List) resolve.get("d")).get(1));
        Assert.assertNull(resolve.get("claim-a"));
        Assert.assertNull(resolve.get("claim-d"));
        Assert.assertNull(resolve.get("claim-d0"));
        Assert.assertNull(resolve.get("claim-d-all"));
    }

    @Test
    public void testHttpClaimInformationPointProviderWithClaims() {
        Map resolve = getClaimInformationProviderForPath("/http-post-claim-provider", "http").resolve(createHttpFacade());
        Assert.assertEquals("a-value1", ((List) resolve.get("claim-a")).get(0));
        Assert.assertEquals("d-value1", ((List) resolve.get("claim-d")).get(0));
        Assert.assertEquals("d-value2", ((List) resolve.get("claim-d")).get(1));
        Assert.assertEquals("d-value1", ((List) resolve.get("claim-d0")).get(0));
        Assert.assertEquals("d-value1", ((List) resolve.get("claim-d-all")).get(0));
        Assert.assertEquals("d-value2", ((List) resolve.get("claim-d-all")).get(1));
        Assert.assertNull(resolve.get("a"));
        Assert.assertNull(resolve.get("b"));
        Assert.assertNull(resolve.get("d"));
    }

    private HttpFacade createHttpFacade(final Map<String, List<String>> map, final InputStream inputStream) {
        return new OIDCHttpFacade() { // from class: org.keycloak.testsuite.admin.client.authorization.ClaimInformationPointProviderTest.1
            private HttpFacade.Request request;

            public KeycloakSecurityContext getSecurityContext() {
                AccessToken accessToken = new AccessToken();
                accessToken.subject("sub");
                accessToken.setPreferredUsername("username");
                accessToken.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
                IDToken iDToken = new IDToken();
                iDToken.subject("sub");
                iDToken.setPreferredUsername("username");
                iDToken.getOtherClaims().put("custom_claim", Arrays.asList("param-other-claims-value1", "param-other-claims-value2"));
                return new KeycloakSecurityContext("tokenString", accessToken, "idTokenString", iDToken);
            }

            public HttpFacade.Request getRequest() {
                if (this.request == null) {
                    this.request = ClaimInformationPointProviderTest.this.createHttpRequest(map, inputStream);
                }
                return this.request;
            }

            public HttpFacade.Response getResponse() {
                return ClaimInformationPointProviderTest.this.createHttpResponse();
            }

            public X509Certificate[] getCertificateChain() {
                return new X509Certificate[0];
            }
        };
    }

    private HttpFacade createHttpFacade() {
        return createHttpFacade(new HashMap(), null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpFacade.Response createHttpResponse() {
        return new HttpFacade.Response() { // from class: org.keycloak.testsuite.admin.client.authorization.ClaimInformationPointProviderTest.2
            public void setStatus(int i) {
            }

            public void addHeader(String str, String str2) {
            }

            public void setHeader(String str, String str2) {
            }

            public void resetCookie(String str, String str2) {
            }

            public void setCookie(String str, String str2, String str3, String str4, int i, boolean z, boolean z2) {
            }

            public OutputStream getOutputStream() {
                return null;
            }

            public void sendError(int i) {
            }

            public void sendError(int i, String str) {
            }

            public void end() {
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: private */
    public HttpFacade.Request createHttpRequest(final Map<String, List<String>> map, final InputStream inputStream) {
        final HashMap hashMap = new HashMap();
        hashMap.put("a", Arrays.asList("parameter-a"));
        map.put("b", Arrays.asList("header-b"));
        final HashMap hashMap2 = new HashMap();
        hashMap2.put("c", new HttpFacade.Cookie("c", "cookie-c", 1, DockerClientTest.REGISTRY_HOSTNAME, "/"));
        return new HttpFacade.Request() { // from class: org.keycloak.testsuite.admin.client.authorization.ClaimInformationPointProviderTest.3
            private InputStream inputStream;

            public String getMethod() {
                return "GET";
            }

            public String getURI() {
                return "/app/request-uri";
            }

            public String getRelativePath() {
                return "/request-relative-path";
            }

            public boolean isSecure() {
                return true;
            }

            public String getFirstParam(String str) {
                List list = (List) hashMap.getOrDefault(str, Collections.emptyList());
                if (list.isEmpty()) {
                    return null;
                }
                return (String) list.get(0);
            }

            public String getQueryParamValue(String str) {
                return getFirstParam(str);
            }

            public HttpFacade.Cookie getCookie(String str) {
                return (HttpFacade.Cookie) hashMap2.get(str);
            }

            public String getHeader(String str) {
                List<String> headers = getHeaders(str);
                if (headers.isEmpty()) {
                    return null;
                }
                return headers.get(0);
            }

            public List<String> getHeaders(String str) {
                return (List) map.getOrDefault(str, Collections.emptyList());
            }

            public InputStream getInputStream() {
                return getInputStream(false);
            }

            public InputStream getInputStream(boolean z) {
                if (inputStream == null) {
                    return new ByteArrayInputStream(new byte[0]);
                }
                if (this.inputStream != null) {
                    return this.inputStream;
                }
                if (!z) {
                    return inputStream;
                }
                BufferedInputStream bufferedInputStream = new BufferedInputStream(inputStream);
                this.inputStream = bufferedInputStream;
                return bufferedInputStream;
            }

            public String getRemoteAddr() {
                return "user-remote-addr";
            }

            public void setError(AuthenticationError authenticationError) {
            }

            public void setError(LogoutError logoutError) {
            }
        };
    }
}
