package org.keycloak.testsuite.broker;

import java.io.Closeable;
import java.net.URI;
import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.protocol.saml.SamlPrincipalType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater;
import org.keycloak.testsuite.updaters.UserAttributeUpdater;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.saml.CreateLogoutRequestStepBuilder;
import org.keycloak.testsuite.util.saml.SamlMessageReceiver;
import org.w3c.dom.Document;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcSamlLogoutTest.class */
public class KcSamlLogoutTest extends AbstractInitializedBaseBrokerTest {
    private static final String PROVIDER_SAML_CLIENT_ID = BrokerTestTools.getProviderRoot() + "/sales-post/";

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcSamlBrokerConfiguration(false) { // from class: org.keycloak.testsuite.broker.KcSamlLogoutTest.1
            @Override // org.keycloak.testsuite.broker.KcSamlBrokerConfiguration, org.keycloak.testsuite.broker.BrokerConfiguration
            public List<ClientRepresentation> createProviderClients() {
                List<ClientRepresentation> createProviderClients = super.createProviderClients();
                createProviderClients.add(ClientBuilder.create().clientId(KcSamlLogoutTest.PROVIDER_SAML_CLIENT_ID).enabled(true).fullScopeEnabled(true).protocol("saml").baseUrl(BrokerTestTools.getProviderRoot() + "/sales-post").addRedirectUri(BrokerTestTools.getProviderRoot() + "/sales-post/*").attribute("saml.authnstatement", "true").attribute("saml.client.signature", "false").frontchannelLogout(true).build());
                return createProviderClients;
            }
        };
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testProviderInitiatedLogoutCorrectlyLogsOutConsumerClients() throws Exception {
        SamlMessageReceiver samlMessageReceiver = new SamlMessageReceiver(8082);
        Throwable th = null;
        try {
            ClientAttributeUpdater update = ClientAttributeUpdater.forClient(this.adminClient, this.bc.consumerRealmName(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setFrontchannelLogout(false).setAttribute("saml_single_logout_service_url_post", samlMessageReceiver.getUrl()).update();
            Throwable th2 = null;
            try {
                ClientAttributeUpdater update2 = ClientAttributeUpdater.forClient(this.adminClient, this.bc.providerRealmName(), this.bc.getIDPClientIdInProviderRealm()).setFrontchannelLogout(true).update();
                Throwable th3 = null;
                try {
                    try {
                        Document convert = SAML2Request.convert(SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null));
                        AtomicReference atomicReference = new AtomicReference();
                        AtomicReference atomicReference2 = new AtomicReference();
                        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), convert, SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user(this.bc.getUserLogin(), this.bc.getUserPassword()).build().processSamlResponse(SamlClient.Binding.POST).build().updateProfile().firstName("a").lastName("b").email(this.bc.getUserEmail()).username(this.bc.getUserLogin()).build().followOneRedirect().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                            MatcherAssert.assertThat(sAML2Object, Matchers.notNullValue());
                            MatcherAssert.assertThat(sAML2Object, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
                            return null;
                        }).build().authnRequest(getProviderSamlEndpoint(this.bc.providerRealmName()), PROVIDER_SAML_CLIENT_ID, PROVIDER_SAML_CLIENT_ID + "saml", SamlClient.Binding.POST).build().followOneRedirect().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object2 -> {
                            MatcherAssert.assertThat(sAML2Object2, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
                            AssertionType assertion = ((ResponseType.RTChoiceType) ((ResponseType) sAML2Object2).getAssertions().get(0)).getAssertion();
                            MatcherAssert.assertThat(assertion, Matchers.notNullValue());
                            MatcherAssert.assertThat(assertion.getSubject().getSubType().getBaseID(), CoreMatchers.instanceOf(NameIDType.class));
                            NameIDType baseID = assertion.getSubject().getSubType().getBaseID();
                            AuthnStatementType authnStatementType = (AuthnStatementType) assertion.getStatements().iterator().next();
                            atomicReference.set(baseID);
                            atomicReference2.set(authnStatementType.getSessionIndex());
                            return null;
                        }).build().logoutRequest(getProviderSamlEndpoint(this.bc.providerRealmName()), PROVIDER_SAML_CLIENT_ID, SamlClient.Binding.POST);
                        atomicReference.getClass();
                        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
                        atomicReference2.getClass();
                        nameId.sessionIndex(atomicReference2::get).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object3 -> {
                            MatcherAssert.assertThat(sAML2Object3, org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-saml-idp/endpoint"));
                            return sAML2Object3;
                        }).build().executeAndTransform(closeableHttpResponse -> {
                            MatcherAssert.assertThat(SamlClient.Binding.POST.extractResponse(closeableHttpResponse).getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
                            return null;
                        });
                        MatcherAssert.assertThat(Boolean.valueOf(samlMessageReceiver.isMessageReceived()), CoreMatchers.is(true));
                        MatcherAssert.assertThat(samlMessageReceiver.getSamlDocumentHolder().getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest(samlMessageReceiver.getUrl()));
                        if (update2 != null) {
                            if (0 != 0) {
                                try {
                                    update2.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                update2.close();
                            }
                        }
                        if (update != null) {
                            if (0 != 0) {
                                try {
                                    update.close();
                                } catch (Throwable th5) {
                                    th2.addSuppressed(th5);
                                }
                            } else {
                                update.close();
                            }
                        }
                        if (samlMessageReceiver != null) {
                            if (0 == 0) {
                                samlMessageReceiver.close();
                                return;
                            }
                            try {
                                samlMessageReceiver.close();
                            } catch (Throwable th6) {
                                th.addSuppressed(th6);
                            }
                        }
                    } catch (Throwable th7) {
                        th3 = th7;
                        throw th7;
                    }
                } catch (Throwable th8) {
                    if (update2 != null) {
                        if (th3 != null) {
                            try {
                                update2.close();
                            } catch (Throwable th9) {
                                th3.addSuppressed(th9);
                            }
                        } else {
                            update2.close();
                        }
                    }
                    throw th8;
                }
            } catch (Throwable th10) {
                if (update != null) {
                    if (0 != 0) {
                        try {
                            update.close();
                        } catch (Throwable th11) {
                            th2.addSuppressed(th11);
                        }
                    } else {
                        update.close();
                    }
                }
                throw th10;
            }
        } catch (Throwable th12) {
            if (samlMessageReceiver != null) {
                if (0 != 0) {
                    try {
                        samlMessageReceiver.close();
                    } catch (Throwable th13) {
                        th.addSuppressed(th13);
                    }
                } else {
                    samlMessageReceiver.close();
                }
            }
            throw th12;
        }
    }

    @Test
    public void testProviderInitiatedLogoutCorrectlyLogsOutConsumerClientsWhenPrincipalTypeAttribute() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("principalType", SamlPrincipalType.ATTRIBUTE.name()).setAttribute("principalAttribute", JsonUserAttributeMapperTest.USER_ATTRIBUTE).update();
        Throwable th = null;
        try {
            UserAttributeUpdater update2 = UserAttributeUpdater.forUserByUsername(this.adminClient, this.bc.providerRealmName(), this.bc.getUserLogin()).setAttribute(JsonUserAttributeMapperTest.USER_ATTRIBUTE, new String[]{"masked_principal_for_consumer_idp"}).update();
            Throwable th2 = null;
            try {
                try {
                    testProviderInitiatedLogoutCorrectlyLogsOutConsumerClients();
                    if (update2 != null) {
                        if (0 != 0) {
                            try {
                                update2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            update2.close();
                        }
                    }
                    if (update != null) {
                        if (0 == 0) {
                            update.close();
                            return;
                        }
                        try {
                            update.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (update2 != null) {
                    if (th2 != null) {
                        try {
                            update2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        update2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    update.close();
                }
            }
            throw th8;
        }
    }
}
