package org.keycloak.testsuite.oauth;

import java.util.List;
import javax.ws.rs.core.Response;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.UserInfoClientUtil;

/* loaded from: input_file:org/keycloak/testsuite/oauth/UserInfoEndpointCorsTest.class */
public class UserInfoEndpointCorsTest extends AbstractKeycloakTest {
    private static final String VALID_CORS_URL = "http://localtest.me:8180";
    private static final String INVALID_CORS_URL = "http://invalid.localtest.me:8180";

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation realmRepresentation = (RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class);
        realmRepresentation.getClients().add(ClientBuilder.create().redirectUris("http://localtest.me:8180/realms/master/app").addWebOrigin(VALID_CORS_URL).clientId("test-app2").publicClient().directAccessGrants().build());
        list.add(realmRepresentation);
    }

    @Test
    public void userInfoCorsValidRequestWithValidUrl() throws Exception {
        this.oauth.realm("test");
        this.oauth.clientId("test-app2");
        this.oauth.redirectUri("http://localtest.me:8180/realms/master/app");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest((String) null, AssertEvents.DEFAULT_USERNAME, "password");
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.getUserInfoWebTarget(createResteasyClient).request().header("Authorization", "bearer " + doGrantAccessTokenRequest.getAccessToken()).header("Origin", VALID_CORS_URL).get();
            UserInfoClientUtil.testSuccessfulUserInfoResponse(response, AssertEvents.DEFAULT_USERNAME, AssertEvents.DEFAULT_USERNAME);
            assertCors(response);
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    @Test
    public void userInfoCorsInvalidRequestWithValidUrl() throws Exception {
        this.oauth.realm("test");
        this.oauth.clientId("test-app2");
        this.oauth.redirectUri("http://localtest.me:8180/realms/master/app");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest((String) null, AssertEvents.DEFAULT_USERNAME, "password");
        setTimeOffset(600);
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.getUserInfoWebTarget(createResteasyClient).request().header("Authorization", "bearer " + doGrantAccessTokenRequest.getAccessToken()).header("Origin", VALID_CORS_URL).get();
            Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), response.getStatus());
            assertCors(response);
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    @Test
    public void userInfoCorsValidRequestWithInvalidUrlShouldFail() throws Exception {
        this.oauth.realm("test");
        this.oauth.clientId("test-app2");
        this.oauth.redirectUri("http://localtest.me:8180/realms/master/app");
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest((String) null, AssertEvents.DEFAULT_USERNAME, "password");
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            Response response = UserInfoClientUtil.getUserInfoWebTarget(createResteasyClient).request().header("Authorization", "bearer " + doGrantAccessTokenRequest.getAccessToken()).header("Origin", INVALID_CORS_URL).get();
            UserInfoClientUtil.testSuccessfulUserInfoResponse(response, AssertEvents.DEFAULT_USERNAME, AssertEvents.DEFAULT_USERNAME);
            assertNotCors(response);
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    private static void assertCors(Response response) {
        Assert.assertEquals("true", response.getHeaders().getFirst("Access-Control-Allow-Credentials"));
        Assert.assertEquals(VALID_CORS_URL, response.getHeaders().getFirst("Access-Control-Allow-Origin"));
        response.close();
    }

    private static void assertNotCors(Response response) {
        Assert.assertNull(response.getHeaders().get("Access-Control-Allow-Credentials"));
        Assert.assertNull(response.getHeaders().get("Access-Control-Allow-Origin"));
        Assert.assertNull(response.getHeaders().get("Access-Control-Expose-Headers"));
        response.close();
    }
}
