package org.keycloak.testsuite.saml;

import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.SAML2Object;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.ConditionsType;
import org.keycloak.dom.saml.v2.assertion.SubjectConfirmationDataType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/saml/SessionNotOnOrAfterTest.class */
public class SessionNotOnOrAfterTest extends AbstractSamlTest {
    private static final int SSO_MAX_LIFESPAN = 3602;
    private static final int ACCESS_CODE_LIFESPAN = 600;
    private static final int ACCESS_TOKEN_LIFESPAN = 1200;

    private SAML2Object checkSessionNotOnOrAfter(SAML2Object sAML2Object, int i, int i2, int i3) {
        Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        ResponseType responseType = (ResponseType) sAML2Object;
        Assert.assertNotNull(responseType);
        Assert.assertNotNull(responseType.getAssertions());
        Assert.assertThat(Integer.valueOf(responseType.getAssertions().size()), org.hamcrest.Matchers.greaterThan(0));
        Assert.assertNotNull(responseType.getAssertions().get(0));
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion());
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getStatements());
        AuthnStatementType authnStatementType = (AuthnStatementType) ((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getStatements().stream().filter(statementAbstractType -> {
            return statementAbstractType instanceof AuthnStatementType;
        }).map(statementAbstractType2 -> {
            return (AuthnStatementType) statementAbstractType2;
        }).findFirst().orElse(null);
        Assert.assertThat(authnStatementType, org.hamcrest.Matchers.notNullValue());
        Assert.assertThat(authnStatementType.getSessionNotOnOrAfter(), org.hamcrest.Matchers.notNullValue());
        Assert.assertThat(authnStatementType.getSessionNotOnOrAfter(), org.hamcrest.Matchers.is(XMLTimeUtil.add(authnStatementType.getAuthnInstant(), i * 1000)));
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getConditions());
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getConditions());
        ConditionsType conditions = ((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getConditions();
        Assert.assertEquals(XMLTimeUtil.add(conditions.getNotBefore(), i2 * 1000), conditions.getNotOnOrAfter());
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getSubject());
        Assert.assertNotNull(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getSubject().getConfirmation());
        SubjectConfirmationDataType subjectConfirmationDataType = (SubjectConfirmationDataType) ((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getSubject().getConfirmation().stream().map(subjectConfirmationType -> {
            return subjectConfirmationType.getSubjectConfirmationData();
        }).filter(subjectConfirmationDataType2 -> {
            return subjectConfirmationDataType2 != null;
        }).findFirst().orElse(null);
        Assert.assertNotNull(subjectConfirmationDataType);
        Assert.assertEquals(XMLTimeUtil.add(conditions.getNotBefore(), i3 * 1000), subjectConfirmationDataType.getNotOnOrAfter());
        return null;
    }

    @Test
    public void testSamlResponseContainsSessionNotOnOrAfterIdpInitiatedLogin() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm(AbstractSamlTest.REALM_NAME)).updateWith(realmRepresentation -> {
            realmRepresentation.setSsoSessionMaxLifespan(Integer.valueOf(SSO_MAX_LIFESPAN));
            realmRepresentation.setAccessCodeLifespan(Integer.valueOf(ACCESS_CODE_LIFESPAN));
            realmRepresentation.setAccessTokenLifespan(Integer.valueOf(ACCESS_TOKEN_LIFESPAN));
        }).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                return checkSessionNotOnOrAfter(sAML2Object, SSO_MAX_LIFESPAN, ACCESS_CODE_LIFESPAN, ACCESS_TOKEN_LIFESPAN);
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testMaxValuesForAllTimeouts() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm(AbstractSamlTest.REALM_NAME)).updateWith(realmRepresentation -> {
            realmRepresentation.setSsoSessionMaxLifespan(Integer.MAX_VALUE);
            realmRepresentation.setAccessCodeLifespan(Integer.MAX_VALUE);
            realmRepresentation.setAccessTokenLifespan(Integer.MAX_VALUE);
        }).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                return checkSessionNotOnOrAfter(sAML2Object, Integer.MAX_VALUE, Integer.MAX_VALUE, Integer.MAX_VALUE);
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testSamlResponseContainsSessionNotOnOrAfterAuthnLogin() throws Exception {
        ServerResourceUpdater update = new RealmAttributeUpdater(this.adminClient.realm(AbstractSamlTest.REALM_NAME)).updateWith(realmRepresentation -> {
            realmRepresentation.setSsoSessionMaxLifespan(Integer.valueOf(SSO_MAX_LIFESPAN));
            realmRepresentation.setAccessCodeLifespan(Integer.valueOf(ACCESS_CODE_LIFESPAN));
            realmRepresentation.setAccessTokenLifespan(Integer.valueOf(ACCESS_TOKEN_LIFESPAN));
        }).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                return checkSessionNotOnOrAfter(sAML2Object, SSO_MAX_LIFESPAN, ACCESS_CODE_LIFESPAN, ACCESS_TOKEN_LIFESPAN);
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testSamlResponseClientConfigurationIdpInitiatedLogin() throws Exception {
        int intValue = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation().getSsoSessionMaxLifespan().intValue();
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.assertion.lifespan", "2000").update();
        Throwable th = null;
        try {
            try {
                new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                    return checkSessionNotOnOrAfter(sAML2Object, intValue, 2000, 2000);
                }).build().execute();
                if (update != null) {
                    if (0 == 0) {
                        update.close();
                        return;
                    }
                    try {
                        update.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (update != null) {
                if (th != null) {
                    try {
                        update.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    update.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testSamlResponseClientConfigurationAfterAuthnLogin() throws Exception {
        int intValue = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation().getSsoSessionMaxLifespan().intValue();
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.assertion.lifespan", "1800").update();
        Throwable th = null;
        try {
            try {
                new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                    return checkSessionNotOnOrAfter(sAML2Object, intValue, 1800, 1800);
                }).build().execute();
                if (update != null) {
                    if (0 == 0) {
                        update.close();
                        return;
                    }
                    try {
                        update.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (update != null) {
                if (th != null) {
                    try {
                        update.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    update.close();
                }
            }
            throw th4;
        }
    }
}
