package org.keycloak.testsuite.oidc;

import java.io.IOException;
import java.net.URI;
import javax.ws.rs.core.UriBuilder;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.representations.AuthorizationResponseToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.openqa.selenium.By;

/* loaded from: input_file:org/keycloak/testsuite/oidc/AuthorizationTokenResponseModeTest.class */
public class AuthorizationTokenResponseModeTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Test
    public void authorizationRequestQueryJWTResponseMode() throws Exception {
        this.oauth.responseMode(OIDCResponseMode.QUERY_JWT.value());
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(doLogin.getResponse());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
    }

    @Test
    public void authorizationRequestJWTResponseMode() throws Exception {
        this.oauth.responseMode("jwt");
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(doLogin.getResponse());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertFalse(verifyAuthorizationResponseToken.getOtherClaims().containsKey("scope"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
        URI uri = new URI(this.driver.getCurrentUrl());
        Assert.assertNotNull(uri.getRawQuery());
        Assert.assertNull(uri.getRawFragment());
    }

    @Test
    public void authorizationRequestFragmentJWTResponseMode() throws Exception {
        this.oauth.responseMode(OIDCResponseMode.FRAGMENT_JWT.value());
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(doLogin.getResponse());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
        URI uri = new URI(this.driver.getCurrentUrl());
        Assert.assertNull(uri.getRawQuery());
        Assert.assertNotNull(uri.getRawFragment());
    }

    @Test
    public void authorizationRequestFormPostJWTResponseMode() throws IOException {
        this.oauth.responseMode(OIDCResponseMode.FORM_POST_JWT.value());
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        System.out.println(this.driver.getPageSource());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(this.driver.findElement(By.id("response")).getText());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
    }

    @Test
    public void authorizationRequestJWTResponseModeIdTokenResponseType() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).implicitFlow(true);
        this.oauth.responseMode("jwt");
        this.oauth.responseType("code id_token");
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.nonce("123456");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(doLogin.getResponse());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("id_token"));
        Assert.assertEquals("123456", this.oauth.verifyIDToken((String) verifyAuthorizationResponseToken.getOtherClaims().get("id_token")).getNonce());
        URI uri = new URI(this.driver.getCurrentUrl());
        Assert.assertNull(uri.getRawQuery());
        Assert.assertNotNull(uri.getRawFragment());
    }

    @Test
    public void authorizationRequestJWTResponseModeAccessTokenResponseType() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).implicitFlow(true);
        this.oauth.responseMode("jwt");
        this.oauth.responseType("token id_token");
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.nonce("123456");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(doLogin.getResponse());
        Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyAuthorizationResponseToken.getAudience()[0]);
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("code"));
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", verifyAuthorizationResponseToken.getOtherClaims().get("state"));
        Assert.assertNull(verifyAuthorizationResponseToken.getOtherClaims().get("error"));
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("id_token"));
        Assert.assertEquals("123456", this.oauth.verifyIDToken((String) verifyAuthorizationResponseToken.getOtherClaims().get("id_token")).getNonce());
        Assert.assertNotNull(verifyAuthorizationResponseToken.getOtherClaims().get("access_token"));
        Assert.assertEquals("123456", this.oauth.verifyToken((String) verifyAuthorizationResponseToken.getOtherClaims().get("access_token")).getNonce());
        URI uri = new URI(this.driver.getCurrentUrl());
        Assert.assertNull(uri.getRawQuery());
        Assert.assertNotNull(uri.getRawFragment());
    }

    @Test
    public void authorizationRequestFailInvalidResponseModeQueryJWT() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).implicitFlow(true);
        this.oauth.responseMode("query.jwt");
        this.oauth.responseType("code id_token");
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.nonce("123456");
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(new OAuthClient.AuthorizationEndpointResponse(this.oauth).getResponse());
        Assert.assertEquals("invalid_request", verifyAuthorizationResponseToken.getOtherClaims().get("error"));
        Assert.assertEquals("Response_mode 'query.jwt' is allowed only when the authorization response token is encrypted", verifyAuthorizationResponseToken.getOtherClaims().get("error_description"));
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).clearDetails().assertEvent();
    }

    @Test
    public void testErrorObjectExpectedClaims() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).implicitFlow(true);
        this.oauth.responseMode("query.jwt");
        this.oauth.responseType("code id_token");
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.nonce("123456");
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        AuthorizationResponseToken verifyAuthorizationResponseToken = this.oauth.verifyAuthorizationResponseToken(new OAuthClient.AuthorizationEndpointResponse(this.oauth).getResponse());
        Assert.assertNotNull(verifyAuthorizationResponseToken.getIssuer());
        Assert.assertNotNull(verifyAuthorizationResponseToken.getExp());
        Assert.assertNotNull(verifyAuthorizationResponseToken.getAudience());
        Assert.assertNotEquals(0L, verifyAuthorizationResponseToken.getAudience().length);
        Assert.assertTrue(verifyAuthorizationResponseToken.getOtherClaims().containsKey("error"));
        Assert.assertTrue(verifyAuthorizationResponseToken.getOtherClaims().containsKey("error_description"));
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }
}
