package org.keycloak.testsuite.client;

import java.net.URI;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.RealmBuilder;

/* loaded from: input_file:org/keycloak/testsuite/client/ClientRedirectTest.class */
public class ClientRedirectTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        RealmBuilder.edit(realmRepresentation).client(ClientBuilder.create().clientId("launchpad-test").baseUrl("").rootUrl("http://example.org/launchpad")).client(ClientBuilder.create().clientId("dummy-test").baseUrl("/base-path").rootUrl("http://example.org/dummy"));
    }

    @Test
    @DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
    public void testClientRedirectEndpoint() throws Exception {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        this.driver.get(getAuthServerRoot().toString() + "realms/test/clients/launchpad-test/redirect");
        Assert.assertEquals("http://example.org/launchpad", this.driver.getCurrentUrl());
        this.driver.get(getAuthServerRoot().toString() + "realms/test/clients/dummy-test/redirect");
        Assert.assertEquals("http://example.org/dummy/base-path", this.driver.getCurrentUrl());
        this.driver.get(getAuthServerRoot().toString() + "realms/test/clients/account/redirect");
        Assert.assertEquals(getAuthServerRoot().toString() + "realms/test/account/", this.driver.getCurrentUrl());
    }

    @Test
    public void testRedirectStatusCode() {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        String accessToken = this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken();
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        Assert.assertEquals(303L, createResteasyClient.target(getAuthServerRoot().toString() + "realms/test/clients/launchpad-test/redirect").request().header("Authorization", "Bearer " + accessToken).get().getStatus());
        createResteasyClient.close();
    }

    @Test
    public void testRedirectToDisabledClientRedirectURI() throws Exception {
        this.log.debug("Creating disabled-client with redirect uri \"*\"");
        Response create = this.adminClient.realm("test").clients().create(ClientBuilder.create().clientId("disabled-client").enabled(false).redirectUris("*").build());
        Throwable th = null;
        try {
            try {
                String createdId = ApiUtil.getCreatedId(create);
                Assert.assertThat(create, Matchers.statusCodeIs(Response.Status.CREATED));
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                try {
                    this.log.debug("log in");
                    this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
                    this.events.expectLogin().assertEvent();
                    URI build = KeycloakUriBuilder.fromUri(this.suiteContext.getAuthServerInfo().getBrowserContextRoot().toURI()).path("auth/realms/{realm-name}/protocol/openid-connect/logout").queryParam("redirect_uri", new Object[]{"http://example.org/redirected"}).build(new Object[]{"test"});
                    this.log.debug("log out using: " + build.toURL());
                    this.driver.navigate().to(build.toURL());
                    this.log.debug("Current URL: " + this.driver.getCurrentUrl());
                    this.log.debug("check logout_error");
                    this.events.expectLogoutError("invalid_redirect_uri").assertEvent();
                    Assert.assertThat(this.driver.getCurrentUrl(), org.hamcrest.Matchers.is(org.hamcrest.Matchers.not(org.hamcrest.Matchers.equalTo("http://example.org/redirected"))));
                    this.log.debug("removing disabled-client");
                    this.adminClient.realm("test").clients().get(createdId).remove();
                } catch (Throwable th3) {
                    this.log.debug("removing disabled-client");
                    this.adminClient.realm("test").clients().get(createdId).remove();
                    throw th3;
                }
            } finally {
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }
}
