package org.keycloak.testsuite.broker;

import java.io.Closeable;
import java.net.URI;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcSamlBrokerAllowedClockSkewTest.class */
public class KcSamlBrokerAllowedClockSkewTest extends AbstractInitializedBaseBrokerTest {
    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcSamlBrokerConfiguration.INSTANCE;
    }

    @Test
    public void loginClientExpiredResponseFromIdP() throws Exception {
        new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(this.bc.getUserLogin(), this.bc.getUserPassword()).build().addStep(() -> {
            setTimeOffset(-30);
        }).processSamlResponse(SamlClient.Binding.POST).build().execute(closeableHttpResponse -> {
            Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
        });
    }

    @Test
    public void loginClientExpiredResponseFromIdPWithClockSkew() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("allowedClockSkew", "60").update();
        Throwable th = null;
        try {
            SAMLDocumentHolder samlResponse = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(this.bc.getUserLogin(), this.bc.getUserPassword()).build().addStep(() -> {
                setTimeOffset(-30);
            }).processSamlResponse(SamlClient.Binding.POST).build().updateProfile().firstName("a").lastName("b").email(this.bc.getUserEmail()).username(this.bc.getUserLogin()).build().followOneRedirect().getSamlResponse(SamlClient.Binding.POST);
            Assert.assertThat(samlResponse, org.hamcrest.Matchers.notNullValue());
            Assert.assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }
}
