package org.keycloak.testsuite.broker;

import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.UriUtils;
import org.keycloak.events.EventType;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginExpiredPage;
import org.keycloak.testsuite.util.OAuthClient;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerStateParameterTest.class */
public class KcOidcBrokerStateParameterTest extends AbstractInitializedBaseBrokerTest {

    @Page
    protected AppPage appPage;

    @Page
    protected LoginExpiredPage loginExpiredPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcOidcBrokerConfiguration.INSTANCE;
    }

    @Test
    public void testMissingStateParameter() {
        String str = getURLOfOIDCIdpEndpointOnConsumerSide() + "?code=foo123";
        this.events.clear();
        this.driver.navigate().to(str);
        BrokerTestTools.waitForPage(this.driver, "sign in to consumer", true);
        this.errorPage.assertCurrent();
        Assert.assertThat(this.errorPage.getError(), Matchers.is("Missing state parameter in response from identity provider."));
        this.events.expect(EventType.IDENTITY_PROVIDER_LOGIN_ERROR).clearDetails().session((String) null).realm(realmsResouce().realm(this.bc.consumerRealmName()).toRepresentation().getId()).user((String) null).client((String) null).error("identity_provider_login_failure").assertEvent();
        this.events.assertEmpty();
    }

    @Test
    public void testIncorrectStateParameter() throws Exception {
        String uri = KeycloakUriBuilder.fromUri(getURLOfOIDCIdpEndpointOnConsumerSide()).queryParam("code", new Object[]{"foo456"}).queryParam("state", new Object[]{"someIncorrectState"}).build(new Object[0]).toString();
        this.events.clear();
        String id = realmsResouce().realm(this.bc.consumerRealmName()).toRepresentation().getId();
        this.driver.navigate().to(uri);
        this.events.expect(EventType.IDENTITY_PROVIDER_LOGIN_ERROR).clearDetails().session((String) null).realm(id).user((String) null).client((String) null).error("invalidRequestMessage").assertEvent();
        this.events.assertEmpty();
    }

    @Test
    public void testCorrectStateParameterButIncorrectCode() throws Exception {
        this.driver.navigate().to(getAccountUrl(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName()));
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        this.loginPage.clickSocial(this.bc.getIDPAlias());
        BrokerTestTools.waitForPage(this.driver, "sign in to", true);
        String uri = KeycloakUriBuilder.fromUri(getURLOfOIDCIdpEndpointOnConsumerSide()).queryParam("code", new Object[]{"foo123"}).queryParam("state", new Object[]{(String) UriUtils.decodeQueryString(this.driver.getCurrentUrl()).getFirst("state")}).build(new Object[0]).toString();
        this.events.clear();
        String id = realmsResouce().realm(this.bc.providerRealmName()).toRepresentation().getId();
        String id2 = realmsResouce().realm(this.bc.consumerRealmName()).toRepresentation().getId();
        this.driver.navigate().to(uri);
        this.events.expect(EventType.CODE_TO_TOKEN_ERROR).clearDetails().session((String) null).realm(id).user((String) null).client(BackchannelLogoutTest.BROKER_CLIENT_ID).error("invalid_code").assertEvent();
        this.events.expect(EventType.IDENTITY_PROVIDER_LOGIN_ERROR).clearDetails().session((String) null).realm(id2).user((String) null).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).error("identity_provider_login_failure").assertEvent();
        this.driver.navigate().to(uri);
        this.loginExpiredPage.assertCurrent();
        this.events.assertEmpty();
    }

    private String getURLOfOIDCIdpEndpointOnConsumerSide() {
        BrokerConfiguration brokerConfiguration = getBrokerConfiguration();
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        return sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/").append(brokerConfiguration.consumerRealmName()).append("/broker/").append(brokerConfiguration.getIDPAlias()).append("/endpoint").toString();
    }
}
