package org.keycloak.testsuite.oauth;

import java.io.IOException;
import java.security.KeyPair;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.hamcrest.CoreMatchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.events.EventType;
import org.keycloak.protocol.oidc.LogoutTokenValidationCode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.broker.AbstractNestedBrokerTest;
import org.keycloak.testsuite.broker.BrokerTestTools;
import org.keycloak.testsuite.broker.NestedBrokerConfiguration;
import org.keycloak.testsuite.broker.OidcBackchannelLogoutBrokerConfiguration;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.LogoutTokenUtil;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmManager;
import org.keycloak.testsuite.util.SecondBrowser;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/oauth/BackchannelLogoutTest.class */
public class BackchannelLogoutTest extends AbstractNestedBrokerTest {
    public static final String ACCOUNT_CLIENT_NAME = "account";
    public static final String BROKER_CLIENT_ID = "brokerapp";
    public static final String USER_PASSWORD_CONSUMER_REALM = "password";
    private static final KeyPair KEY_PAIR = KeyUtils.generateRsaKeyPair(2048);
    private String userIdProviderRealm;
    private String realmIdConsumerRealm;
    private String accountClientIdConsumerRealm;
    private String accountClientIdSubConsumerRealm;
    private String providerId;
    private RealmManager providerRealmManager;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Drone
    @SecondBrowser
    WebDriver driver2;

    @Override // org.keycloak.testsuite.broker.AbstractNestedBrokerTest
    protected NestedBrokerConfiguration getNestedBrokerConfiguration() {
        return OidcBackchannelLogoutBrokerConfiguration.INSTANCE;
    }

    @Before
    public void createProviderRealmUser() {
        this.log.debug("creating user for realm " + this.nbc.providerRealmName());
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername(this.nbc.getUserLogin());
        userRepresentation.setEmail(this.nbc.getUserEmail());
        userRepresentation.setEmailVerified(true);
        userRepresentation.setEnabled(true);
        RealmResource realm = this.adminClient.realm(this.nbc.providerRealmName());
        this.userIdProviderRealm = ApiUtil.createUserWithAdminClient(realm, userRepresentation);
        ApiUtil.resetUserPassword(realm.users().get(this.userIdProviderRealm), this.nbc.getUserPassword(), false);
    }

    @Before
    public void addIdentityProviders() {
        this.log.debug("adding identity provider to realm " + this.nbc.consumerRealmName());
        this.adminClient.realm(this.nbc.consumerRealmName()).identityProviders().create(this.nbc.setUpIdentityProvider()).close();
        this.log.debug("adding identity provider to realm " + this.nbc.subConsumerRealmName());
        this.adminClient.realm(this.nbc.subConsumerRealmName()).identityProviders().create(this.nbc.setUpConsumerIdentityProvider()).close();
    }

    @Before
    public void addClients() {
        addClientsToProviderAndConsumer();
    }

    @Before
    public void fetchConsumerRealmDetails() {
        this.realmIdConsumerRealm = this.adminClient.realm(this.nbc.consumerRealmName()).toRepresentation().getId();
        this.accountClientIdConsumerRealm = ((ClientRepresentation) this.adminClient.realm(this.nbc.consumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0)).getId();
        this.adminClient.realm(this.nbc.subConsumerRealmName());
        this.accountClientIdSubConsumerRealm = ((ClientRepresentation) this.adminClient.realm(this.nbc.subConsumerRealmName()).clients().findByClientId(ACCOUNT_CLIENT_NAME).get(0)).getId();
    }

    @Before
    public void createNewRsaKeyForProviderRealm() {
        this.providerRealmManager = RealmManager.realm(this.adminClient.realm(this.nbc.providerRealmName()));
        this.providerId = this.providerRealmManager.generateNewRsaKey(KEY_PAIR, "rsa-test-2");
    }

    @Test
    public void postBackchannelLogoutWithSessionId() throws Exception {
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEventAccountManagement, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutSessionId() throws Exception {
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEventAccountManagement, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutLogoutToken() throws Exception {
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout((String) null);
        Throwable th = null;
        try {
            Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
            Assert.assertThat(doBackchannelLogout, Matchers.bodyHC(CoreMatchers.containsString("No logout token")));
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            this.events.expectLogoutError("invalid_token").realm(this.realmIdConsumerRealm).assertEvent();
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithInvalidLogoutToken() throws Exception {
        String encode = Base64Url.encode(JsonSerialization.writeValueAsBytes(JsonSerialization.createObjectNode()));
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(encode);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
                Assert.assertThat(doBackchannelLogout, Matchers.bodyHC(CoreMatchers.containsString(LogoutTokenValidationCode.DECODE_TOKEN_FAILED.getErrorMessage())));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                this.events.expectLogoutError("invalid_token").realm(this.realmIdConsumerRealm).assertEvent();
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithSessionIdUserNotLoggedIn() throws Exception {
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, UUID.randomUUID().toString());
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 == 0) {
                        doBackchannelLogout.close();
                        return;
                    }
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutSessionIdUserNotLoggedIn() throws Exception {
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 == 0) {
                        doBackchannelLogout.close();
                        return;
                    }
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutSessionIdUserDoesntExist() throws Exception {
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(UUID.randomUUID().toString());
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 == 0) {
                        doBackchannelLogout.close();
                        return;
                    }
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void postBackchannelLogoutWithSessionIdMultipleOpenSession() throws Exception {
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        OAuthClient oAuthClient = new OAuthClient();
        oAuthClient.init(this.driver2);
        oAuthClient.realm(this.nbc.consumerRealmName()).clientId(ACCOUNT_CLIENT_NAME).redirectUri(getAuthServerRoot() + "realms/" + this.nbc.consumerRealmName() + "/account").doLoginSocial(this.nbc.getIDPAlias(), this.nbc.getUserLogin(), this.nbc.getUserPassword());
        String assertProviderLoginEventIdpClient2 = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement2 = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEventAccountManagement, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient2);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutSessionIdMultipleOpenSession() throws Exception {
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        loginWithSecondBrowser(this.nbc.getIDPAlias());
        String assertProviderLoginEventIdpClient2 = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement2 = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvents(Arrays.asList(assertConsumerLoginEventAccountManagement, assertConsumerLoginEventAccountManagement2), userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient2);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
        IdentityProviderRepresentation addSecondIdentityProviderToConsumerRealm = addSecondIdentityProviderToConsumerRealm();
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        this.adminClient.realm(this.nbc.consumerRealmName()).users().get(userIdConsumerRealm).resetPassword(CredentialBuilder.create().password("password").build());
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        linkUsers(loginWithSecondBrowser(addSecondIdentityProviderToConsumerRealm.getDisplayName()));
        String assertProviderLoginEventIdpClient2 = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement2 = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEventAccountManagement, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient2);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutWithoutSessionIdMultipleOpenSessionDifferentIdentityProvider() throws Exception {
        IdentityProviderRepresentation addSecondIdentityProviderToConsumerRealm = addSecondIdentityProviderToConsumerRealm();
        String clientId = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        this.adminClient.realm(this.nbc.consumerRealmName()).users().get(userIdConsumerRealm).resetPassword(CredentialBuilder.create().password("password").build());
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
        linkUsers(loginWithSecondBrowser(addSecondIdentityProviderToConsumerRealm.getDisplayName()));
        String assertProviderLoginEventIdpClient2 = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEventAccountManagement2 = assertConsumerLoginEventAccountManagement(userIdConsumerRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvents(Arrays.asList(assertConsumerLoginEventAccountManagement, assertConsumerLoginEventAccountManagement2), userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement);
                assertNoSessionsInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement2);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId, this.userIdProviderRealm, assertProviderLoginEventIdpClient2);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutOnDisabledClientReturnsNotImplemented() throws Exception {
        logInAsUserInIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm, userIdConsumerRealm, assertConsumerLoginEventAccountManagement(userIdConsumerRealm));
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        disableClient(this.nbc.consumerRealmName(), this.accountClientIdConsumerRealm);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.NOT_IMPLEMENTED));
            Assert.assertThat(doBackchannelLogout, Matchers.bodyHC(CoreMatchers.containsString("There was an error in the local logout")));
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            assertLogoutErrorEvent(this.nbc.consumerRealmName());
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutNestedBrokering() throws Exception {
        String clientId = getClientId(this.nbc.consumerRealmName(), OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        String clientId2 = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        logInAsUserInNestedIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String userIdSubConsumerRealm = getUserIdSubConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEvent = assertConsumerLoginEvent(userIdConsumerRealm, OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        String assertLoginEvent = assertLoginEvent(userIdSubConsumerRealm, ACCOUNT_CLIENT_NAME, this.nbc.subConsumerRealmName());
        assertActiveSessionInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEvent, userIdConsumerRealm);
                assertLogoutEvent(assertLoginEvent, userIdSubConsumerRealm, this.nbc.subConsumerRealmName());
                assertNoSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
                assertNoSessionsInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId2, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutNestedBrokeringDownstreamLogoutOfSubConsumerFails() throws Exception {
        String clientId = getClientId(this.nbc.consumerRealmName(), OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        logInAsUserInNestedIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String userIdSubConsumerRealm = getUserIdSubConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEvent = assertConsumerLoginEvent(userIdConsumerRealm, OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        assertActiveSessionInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent(userIdSubConsumerRealm, ACCOUNT_CLIENT_NAME, this.nbc.subConsumerRealmName()));
        disableClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.GATEWAY_TIMEOUT));
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            assertLogoutErrorEvent(this.nbc.subConsumerRealmName());
            assertConsumerLogoutEvent(assertConsumerLoginEvent, userIdConsumerRealm);
            assertNoSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (0 != 0) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutNestedBrokeringRevokeOfflineSessions() throws Exception {
        String clientId = getClientId(this.nbc.consumerRealmName(), OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        String clientId2 = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        subConsumerIdpRequestsOfflineSessions();
        logInAsUserInNestedIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String userIdSubConsumerRealm = getUserIdSubConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEvent = assertConsumerLoginEvent(userIdConsumerRealm, OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        String assertLoginEvent = assertLoginEvent(userIdSubConsumerRealm, ACCOUNT_CLIENT_NAME, this.nbc.subConsumerRealmName());
        assertActiveSessionInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient, true);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEvent, userIdConsumerRealm);
                assertLogoutEvent(assertLoginEvent, userIdSubConsumerRealm, this.nbc.subConsumerRealmName());
                assertNoSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
                assertNoOfflineSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId2, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutNestedBrokeringDoNotRevokeOfflineSessions() throws Exception {
        String clientId = getClientId(this.nbc.consumerRealmName(), OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        String clientId2 = getClientId(this.nbc.providerRealmName(), BROKER_CLIENT_ID);
        subConsumerIdpRequestsOfflineSessions();
        logInAsUserInNestedIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String userIdSubConsumerRealm = getUserIdSubConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEvent = assertConsumerLoginEvent(userIdConsumerRealm, OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        String assertLoginEvent = assertLoginEvent(userIdSubConsumerRealm, ACCOUNT_CLIENT_NAME, this.nbc.subConsumerRealmName());
        assertActiveSessionInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient, false);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertConsumerLogoutEvent(assertConsumerLoginEvent, userIdConsumerRealm);
                assertLogoutEvent(assertLoginEvent, userIdSubConsumerRealm, this.nbc.subConsumerRealmName());
                assertNoSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
                assertActiveOfflineSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm);
                assertNoSessionsInClient(this.nbc.subConsumerRealmName(), this.accountClientIdSubConsumerRealm, userIdSubConsumerRealm, assertLoginEvent);
                assertActiveSessionInClient(this.nbc.providerRealmName(), clientId2, this.userIdProviderRealm, assertProviderLoginEventIdpClient);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postBackchannelLogoutNestedBrokeringRevokeOfflineSessionsWithoutActiveUserSession() throws Exception {
        String clientId = getClientId(this.nbc.consumerRealmName(), OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        subConsumerIdpRequestsOfflineSessions();
        logInAsUserInNestedIDPForFirstTime();
        String userIdConsumerRealm = getUserIdConsumerRealm();
        String assertProviderLoginEventIdpClient = assertProviderLoginEventIdpClient(this.userIdProviderRealm);
        String assertConsumerLoginEvent = assertConsumerLoginEvent(userIdConsumerRealm, OidcBackchannelLogoutBrokerConfiguration.CONSUMER_CLIENT_ID);
        assertActiveSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.nbc.consumerRealmName());
        assertNoSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm, assertConsumerLoginEvent);
        assertActiveOfflineSessionInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm);
        String logoutTokenEncodedAndSigned = getLogoutTokenEncodedAndSigned(this.userIdProviderRealm, assertProviderLoginEventIdpClient, true);
        this.oauth.realm(this.nbc.consumerRealmName());
        CloseableHttpResponse doBackchannelLogout = this.oauth.doBackchannelLogout(logoutTokenEncodedAndSigned);
        Throwable th = null;
        try {
            try {
                Assert.assertThat(doBackchannelLogout, Matchers.statusCodeIsHC(Response.Status.OK));
                if (doBackchannelLogout != null) {
                    if (0 != 0) {
                        try {
                            doBackchannelLogout.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        doBackchannelLogout.close();
                    }
                }
                assertNoOfflineSessionsInClient(this.nbc.consumerRealmName(), clientId, userIdConsumerRealm);
            } finally {
            }
        } catch (Throwable th3) {
            if (doBackchannelLogout != null) {
                if (th != null) {
                    try {
                        doBackchannelLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doBackchannelLogout.close();
                }
            }
            throw th3;
        }
    }

    private void subConsumerIdpRequestsOfflineSessions() {
        IdentityProviderResource identityProviderResource = this.adminClient.realm(this.nbc.subConsumerRealmName()).identityProviders().get(this.nbc.getSubConsumerIDPDisplayName());
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        Map config = representation.getConfig();
        config.put("defaultScope", ((String) config.get("defaultScope")) + " offline_access");
        identityProviderResource.update(representation);
    }

    private String getLogoutTokenEncodedAndSigned(String str) throws IOException {
        return getLogoutTokenEncodedAndSigned(str, null);
    }

    private String getLogoutTokenEncodedAndSigned(String str, String str2) throws IOException {
        return getLogoutTokenEncodedAndSigned(str, str2, false);
    }

    private String getLogoutTokenEncodedAndSigned(String str, String str2, boolean z) throws IOException {
        return LogoutTokenUtil.generateSignedLogoutToken(KEY_PAIR.getPrivate(), ((KeysMetadataRepresentation.KeyMetadataRepresentation) this.adminClient.realm(this.nbc.providerRealmName()).keys().getKeyMetadata().getKeys().stream().filter(keyMetadataRepresentation -> {
            return this.providerId.equals(keyMetadataRepresentation.getProviderId());
        }).findFirst().get()).getKid(), BrokerTestTools.getConsumerRoot() + "/auth/realms/" + this.nbc.providerRealmName(), this.nbc.getIDPClientIdInProviderRealm(), str, str2, z);
    }

    private String assertConsumerLoginEventAccountManagement(String str) {
        return assertConsumerLoginEvent(str, ACCOUNT_CLIENT_NAME);
    }

    private String assertConsumerLoginEvent(String str, String str2) {
        return assertLoginEvent(str, str2, this.nbc.consumerRealmName());
    }

    private String assertLoginEvent(String str, String str2, String str3) {
        String str4 = null;
        String id = this.adminClient.realm(str3).toRepresentation().getId();
        Optional findAny = this.adminClient.realm(str3).getEvents().stream().filter(eventRepresentation -> {
            return str.equals(eventRepresentation.getUserId());
        }).filter(eventRepresentation2 -> {
            return eventRepresentation2.getType().equals(EventType.LOGIN.name());
        }).findAny();
        if (findAny.isPresent()) {
            EventRepresentation eventRepresentation3 = (EventRepresentation) findAny.get();
            this.events.expectLogin().realm(id).client(str2).user(str).removeDetail("code_id").removeDetail("redirect_uri").removeDetail("consent").assertEvent(eventRepresentation3);
            str4 = eventRepresentation3.getSessionId();
        } else {
            Assert.fail("No Login event found for user " + str);
        }
        return str4;
    }

    private String assertProviderLoginEventIdpClient(String str) {
        return assertLoginEvent(str, BROKER_CLIENT_ID, this.nbc.providerRealmName());
    }

    private void assertConsumerLogoutEvent(String str, String str2) {
        assertLogoutEvent(str, str2, this.nbc.consumerRealmName());
    }

    private void assertLogoutEvent(String str, String str2, String str3) {
        String id = this.adminClient.realm(str3).toRepresentation().getId();
        Optional findAny = this.adminClient.realm(str3).getEvents().stream().filter(eventRepresentation -> {
            return str.equals(eventRepresentation.getSessionId());
        }).findAny();
        if (!findAny.isPresent()) {
            Assert.fail("No Logout event found for session " + str);
        } else {
            this.events.expectLogout(str).realm(id).user(str2).removeDetail("redirect_uri").assertEvent((EventRepresentation) findAny.get());
        }
    }

    private void assertLogoutErrorEvent(String str) {
        String id = this.adminClient.realm(str).toRepresentation().getId();
        Optional findAny = this.adminClient.realm(str).getEvents().stream().filter(eventRepresentation -> {
            return eventRepresentation.getError().equals("logout_failed");
        }).findAny();
        if (!findAny.isPresent()) {
            Assert.fail("No Logout error event found in realm " + str);
        } else {
            this.events.expectLogoutError("logout_failed").realm(id).assertEvent((EventRepresentation) findAny.get());
        }
    }

    private void assertConsumerLogoutEvents(List<String> list, String str) {
        List events = this.adminClient.realm(this.nbc.consumerRealmName()).getEvents();
        for (String str2 : list) {
            Optional findAny = events.stream().filter(eventRepresentation -> {
                return str2.equals(eventRepresentation.getSessionId());
            }).findAny();
            if (findAny.isPresent()) {
                this.events.expectLogout(str2).realm(this.realmIdConsumerRealm).user(str).removeDetail("redirect_uri").assertEvent((EventRepresentation) findAny.get());
            } else {
                Assert.fail("No Logout event found for session " + str2);
            }
        }
    }

    private String getUserIdConsumerRealm() {
        return getUserId(this.nbc.consumerRealmName());
    }

    private String getUserIdSubConsumerRealm() {
        return getUserId(this.nbc.subConsumerRealmName());
    }

    private String getUserId(String str) {
        return ((UserRepresentation) this.adminClient.realm(str).users().list().get(0)).getId();
    }

    private void assertActiveSessionInClient(String str, String str2, String str3, String str4) {
        Assert.assertThat(Integer.valueOf(getClientSessions(str, str2, str3, str4).size()), CoreMatchers.is(1));
    }

    private void assertNoSessionsInClient(String str, String str2, String str3, String str4) {
        Assert.assertThat(Integer.valueOf(getClientSessions(str, str2, str3, str4).size()), CoreMatchers.is(0));
    }

    private List<UserSessionRepresentation> getClientSessions(String str, String str2, String str3, String str4) {
        return (List) this.adminClient.realm(str).clients().get(str2).getUserSessions(0, 5).stream().filter(userSessionRepresentation -> {
            return userSessionRepresentation.getUserId().equals(str3) && userSessionRepresentation.getId().equals(str4);
        }).collect(Collectors.toList());
    }

    private void assertActiveOfflineSessionInClient(String str, String str2, String str3) {
        Assert.assertThat(Integer.valueOf(getOfflineClientSessions(str, str2, str3).size()), CoreMatchers.is(1));
    }

    private void assertNoOfflineSessionsInClient(String str, String str2, String str3) {
        Assert.assertThat(Integer.valueOf(getOfflineClientSessions(str, str2, str3).size()), CoreMatchers.is(0));
    }

    private List<UserSessionRepresentation> getOfflineClientSessions(String str, String str2, String str3) {
        return (List) this.adminClient.realm(str).clients().get(str2).getOfflineUserSessions(0, 5).stream().filter(userSessionRepresentation -> {
            return userSessionRepresentation.getUserId().equals(str3);
        }).collect(Collectors.toList());
    }

    private IdentityProviderRepresentation addSecondIdentityProviderToConsumerRealm() {
        this.log.debug("adding second identity provider to realm " + this.nbc.consumerRealmName());
        IdentityProviderRepresentation upIdentityProvider = this.nbc.setUpIdentityProvider();
        upIdentityProvider.setAlias(upIdentityProvider.getAlias() + "2");
        upIdentityProvider.setDisplayName(upIdentityProvider.getDisplayName() + "2");
        upIdentityProvider.getConfig().put("clientId", BROKER_CLIENT_ID);
        this.adminClient.realm(this.nbc.consumerRealmName()).identityProviders().create(upIdentityProvider).close();
        ClientResource byClientId = getByClientId(this.nbc.providerRealmName(), this.nbc.getIDPClientIdInProviderRealm());
        ClientRepresentation representation = byClientId.toRepresentation();
        representation.getRedirectUris().add(BrokerTestTools.getConsumerRoot() + "/auth/realms/" + this.nbc.consumerRealmName() + "/broker/" + upIdentityProvider.getAlias() + "/endpoint/*");
        byClientId.update(representation);
        return upIdentityProvider;
    }

    private ClientResource getByClientId(String str, String str2) {
        ClientsResource clients = this.adminClient.realm(str).clients();
        return (ClientResource) clients.findByClientId(str2).stream().findAny().map(clientRepresentation -> {
            return clients.get(clientRepresentation.getId());
        }).orElseThrow(IllegalArgumentException::new);
    }

    private void disableClient(String str, String str2) {
        ClientResource clientResource = this.adminClient.realm(str).clients().get(str2);
        ClientRepresentation representation = clientResource.toRepresentation();
        representation.setEnabled(false);
        clientResource.update(representation);
    }

    private OAuthClient loginWithSecondBrowser(String str) {
        OAuthClient oAuthClient = new OAuthClient();
        oAuthClient.init(this.driver2);
        oAuthClient.realm(this.nbc.consumerRealmName()).clientId(ACCOUNT_CLIENT_NAME).redirectUri(getAuthServerRoot() + "realms/" + this.nbc.consumerRealmName() + "/account").doLoginSocial(str, this.nbc.getUserLogin(), this.nbc.getUserPassword());
        return oAuthClient;
    }

    private void linkUsers(OAuthClient oAuthClient) {
        oAuthClient.updateAccountInformation(this.nbc.getUserLogin(), this.nbc.getUserEmail());
        oAuthClient.linkUsers(this.nbc.getUserLogin(), "password");
    }

    private String getClientId(String str, String str2) {
        return (String) this.adminClient.realm(str).clients().findByClientId(str2).stream().findAny().map((v0) -> {
            return v0.getId();
        }).orElse(null);
    }
}
