package org.keycloak.testsuite.cookies;

import java.util.List;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.protocol.BasicHttpContext;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.login.PageWithLoginUrl;
import org.keycloak.testsuite.cluster.AbstractFailoverClusterTest;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.URLAssert;
import org.openqa.selenium.Cookie;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/cookies/CookieTest.class */
public class CookieTest extends AbstractKeycloakTest {

    @Page
    protected LoginPage loginPage;

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(RealmBuilder.edit((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class)).testEventListener().build());
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.accountPage.setAuthRealm("test");
    }

    @Test
    public void testCookieValue() throws Exception {
        testCookieValue("KEYCLOAK_IDENTITY");
    }

    @Test
    public void testLegacyCookieValue() throws Exception {
        testCookieValue("KEYCLOAK_IDENTITY_LEGACY");
    }

    private void testCookieValue(String str) throws Exception {
        String accessToken = this.oauth.doAccessTokenRequest(this.oauth.clientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).redirectUri(this.accountPage.buildUri().toString()).doLogin(AssertEvents.DEFAULT_USERNAME, "password").getCode(), realmsResouce().realm("test").clients().get(((ClientRepresentation) realmsResouce().realm("test").clients().findByClientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).get(0)).getId()).getSecret().getValue()).getAccessToken();
        this.accountPage.navigateTo();
        this.accountPage.assertCurrent();
        CloseableHttpClient newCloseableHttpClient = OAuthClient.newCloseableHttpClient();
        Throwable th = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            BasicClientCookie basicClientCookie = new BasicClientCookie(str, accessToken);
            basicClientCookie.setDomain(DockerClientTest.REGISTRY_HOSTNAME);
            basicClientCookie.setPath("/");
            basicCookieStore.addCookie(basicClientCookie);
            BasicHttpContext basicHttpContext = new BasicHttpContext();
            basicHttpContext.setAttribute("http.cookie-store", basicCookieStore);
            CloseableHttpResponse execute = newCloseableHttpClient.execute(new HttpGet(this.oauth.clientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).redirectUri(this.accountPage.buildUri().toString()).getLoginFormUrl()), basicHttpContext);
            Throwable th2 = null;
            try {
                try {
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    Assert.assertThat(entityUtils, Matchers.not(Matchers.containsString("First name")));
                    Assert.assertThat(entityUtils, Matchers.not(Matchers.containsString("Last name")));
                    Assert.assertThat(entityUtils, Matchers.containsString("Sign In"));
                    Assert.assertThat(entityUtils, Matchers.containsString("Forgot Password?"));
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (newCloseableHttpClient != null) {
                        if (0 == 0) {
                            newCloseableHttpClient.close();
                            return;
                        }
                        try {
                            newCloseableHttpClient.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (execute != null) {
                    if (th2 != null) {
                        try {
                            execute.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (newCloseableHttpClient != null) {
                if (0 != 0) {
                    try {
                        newCloseableHttpClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    newCloseableHttpClient.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void testCookieValueLoggedOut() throws Exception {
        String accessToken = this.oauth.doAccessTokenRequest(this.oauth.clientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).redirectUri(this.accountPage.buildUri().toString()).doLogin(AssertEvents.DEFAULT_USERNAME, "password").getCode(), realmsResouce().realm("test").clients().get(((ClientRepresentation) realmsResouce().realm("test").clients().findByClientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).get(0)).getId()).getSecret().getValue()).getAccessToken();
        this.accountPage.navigateTo();
        this.accountPage.assertCurrent();
        this.accountPage.logOut();
        CloseableHttpClient newCloseableHttpClient = OAuthClient.newCloseableHttpClient();
        Throwable th = null;
        try {
            BasicCookieStore basicCookieStore = new BasicCookieStore();
            BasicClientCookie basicClientCookie = new BasicClientCookie("KEYCLOAK_IDENTITY", accessToken);
            basicClientCookie.setDomain(DockerClientTest.REGISTRY_HOSTNAME);
            basicClientCookie.setPath("/");
            basicCookieStore.addCookie(basicClientCookie);
            BasicHttpContext basicHttpContext = new BasicHttpContext();
            basicHttpContext.setAttribute("http.cookie-store", basicCookieStore);
            CloseableHttpResponse execute = newCloseableHttpClient.execute(new HttpGet(this.oauth.clientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).redirectUri(this.accountPage.buildUri().toString()).getLoginFormUrl()), basicHttpContext);
            Throwable th2 = null;
            try {
                try {
                    String entityUtils = EntityUtils.toString(execute.getEntity());
                    Assert.assertThat(entityUtils, Matchers.not(Matchers.containsString("First name")));
                    Assert.assertThat(entityUtils, Matchers.not(Matchers.containsString("Last name")));
                    Assert.assertThat(entityUtils, Matchers.containsString("Sign In"));
                    Assert.assertThat(entityUtils, Matchers.containsString("Forgot Password?"));
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (newCloseableHttpClient != null) {
                        if (0 == 0) {
                            newCloseableHttpClient.close();
                            return;
                        }
                        try {
                            newCloseableHttpClient.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (execute != null) {
                    if (th2 != null) {
                        try {
                            execute.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (newCloseableHttpClient != null) {
                if (0 != 0) {
                    try {
                        newCloseableHttpClient.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    newCloseableHttpClient.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void legacyCookiesTest() {
        ContainerAssume.assumeAuthServerSSL();
        this.accountPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.accountPage);
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Cookie cookieNamed = this.driver.manage().getCookieNamed("KEYCLOAK_IDENTITY");
        Cookie cookieNamed2 = this.driver.manage().getCookieNamed("KEYCLOAK_IDENTITY_LEGACY");
        Cookie cookieNamed3 = this.driver.manage().getCookieNamed(AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE);
        Cookie cookieNamed4 = this.driver.manage().getCookieNamed("KEYCLOAK_SESSION_LEGACY");
        Cookie cookieNamed5 = this.driver.manage().getCookieNamed("AUTH_SESSION_ID");
        Cookie cookieNamed6 = this.driver.manage().getCookieNamed("AUTH_SESSION_ID_LEGACY");
        assertSameSiteCookies(cookieNamed, cookieNamed2);
        assertSameSiteCookies(cookieNamed3, cookieNamed4);
        assertSameSiteCookies(cookieNamed5, cookieNamed6);
    }

    private void assertSameSiteCookies(Cookie cookie, Cookie cookie2) {
        Assert.assertNotNull("SameSite cookie shouldn't be null", cookie);
        Assert.assertNotNull("Legacy cookie shouldn't be null", cookie2);
        Assert.assertEquals(cookie.getValue(), cookie2.getValue());
        Assert.assertEquals(cookie.getDomain(), cookie2.getDomain());
        Assert.assertEquals(cookie.getPath(), cookie2.getPath());
        Assert.assertEquals(cookie.getExpiry(), cookie2.getExpiry());
        Assert.assertTrue("SameSite cookie should always have Secure attribute", cookie.isSecure());
        Assert.assertFalse("Legacy cookie shouldn't have Secure attribute", cookie2.isSecure());
        Assert.assertEquals(Boolean.valueOf(cookie.isHttpOnly()), Boolean.valueOf(cookie2.isHttpOnly()));
    }
}
