package org.keycloak.testsuite.adapter;

import java.net.URL;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.function.BiConsumer;
import java.util.stream.Collectors;
import org.apache.http.client.methods.HttpGet;
import org.jboss.arquillian.container.test.api.OperateOnDeployment;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Retry;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.Users;
import org.keycloak.testsuite.arquillian.ContainerInfo;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.io.IOUtil;

/* loaded from: input_file:org/keycloak/testsuite/adapter/AbstractSAMLAdapterClusteredTest.class */
public abstract class AbstractSAMLAdapterClusteredTest extends AbstractAdapterClusteredTest {
    @Override // org.keycloak.testsuite.adapter.AbstractAdapterTest, org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm("/adapter-test/keycloak-saml/testsaml-behind-lb.json"));
        if (DockerClientTest.REGISTRY_HOSTNAME.equals(ServerURLs.APP_SERVER_HOST)) {
            return;
        }
        Iterator<RealmRepresentation> it = list.iterator();
        while (it.hasNext()) {
            it.next().getClients().stream().filter(clientRepresentation -> {
                return clientRepresentation.getClientId().equals("http://localhost:8580/employee-distributable/");
            }).findFirst().ifPresent(clientRepresentation2 -> {
                clientRepresentation2.setBaseUrl(clientRepresentation2.getBaseUrl().replace(DockerClientTest.REGISTRY_HOSTNAME, ServerURLs.APP_SERVER_HOST));
                clientRepresentation2.setRedirectUris((List) clientRepresentation2.getRedirectUris().stream().map(str -> {
                    return str.replace(DockerClientTest.REGISTRY_HOSTNAME, ServerURLs.APP_SERVER_HOST);
                }).collect(Collectors.toList()));
                clientRepresentation2.setAttributes((Map) clientRepresentation2.getAttributes().entrySet().stream().collect(Collectors.toMap((v0) -> {
                    return v0.getKey();
                }, entry -> {
                    return ((String) entry.getValue()).replace(DockerClientTest.REGISTRY_HOSTNAME, ServerURLs.APP_SERVER_HOST);
                })));
            });
        }
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.testRealmSAMLPostLoginPage.setAuthRealm(AbstractSamlTest.REALM_NAME);
        this.loginPage.setAuthRealm(AbstractSamlTest.REALM_NAME);
        this.loginActionsPage.setAuthRealm(AbstractSamlTest.REALM_NAME);
    }

    @Override // org.keycloak.testsuite.adapter.AbstractAdapterClusteredTest
    protected void deploy() {
        this.deployer.deploy("employee-distributable");
        this.deployer.deploy("employee-distributable_2");
    }

    @Override // org.keycloak.testsuite.adapter.AbstractAdapterClusteredTest
    protected void undeploy() {
        this.deployer.undeploy("employee-distributable");
        this.deployer.undeploy("employee-distributable_2");
    }

    private void testLogoutViaSessionIndex(URL url, boolean z, BiConsumer<SamlClientBuilder, String> biConsumer) {
        Users.setPasswordFor(this.bburkeUser, "password");
        String proxiedUrl = getProxiedUrl(url);
        SamlClientBuilder addStep = new SamlClientBuilder().navigateTo(proxiedUrl).processSamlResponse(SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).build().assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("principal=bburke"))).addStep(() -> {
            updateProxy("ha-node-2", NODE_2_URI, NODE_1_URI);
        });
        if (z) {
            addStep.navigateTo(proxiedUrl).doNotFollowRedirects().assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("principal=bburke")));
        }
        biConsumer.accept(addStep, proxiedUrl);
        SamlClient execute = addStep.execute();
        delayedCheckLoggedOut(execute, proxiedUrl);
        updateProxy("ha-node-1", NODE_1_URI, NODE_2_URI);
        delayedCheckLoggedOut(execute, proxiedUrl);
    }

    private void delayedCheckLoggedOut(SamlClient samlClient, String str) {
        Retry.execute(() -> {
            samlClient.execute(new SamlClient.Step[]{(closeableHttpClient, uri, closeableHttpResponse, httpClientContext) -> {
                return new HttpGet(str);
            }, (closeableHttpClient2, uri2, closeableHttpResponse2, httpClientContext2) -> {
                Assert.assertThat(closeableHttpResponse2, Matchers.bodyHC(org.hamcrest.Matchers.not(org.hamcrest.Matchers.containsString("principal=bburke"))));
                return null;
            }});
        }, 10, 300L);
    }

    private void logoutViaAdminConsole() {
        RealmResource realm = this.adminClient.realm(AbstractSamlTest.REALM_NAME);
        realm.users().get(ApiUtil.findUserByUsername(realm, "bburke").getId()).logout();
        this.log.infov("Logged out via admin console", new Object[0]);
    }

    @Test
    public void testAdminInitiatedBackchannelLogout(@ArquillianResource @OperateOnDeployment("employee-distributable") URL url) throws Exception {
        testLogoutViaSessionIndex(url, false, (samlClientBuilder, str) -> {
            samlClientBuilder.addStep(this::logoutViaAdminConsole);
        });
    }

    @Test
    public void testAdminInitiatedBackchannelLogoutWithAssertionOfLoggedIn(@ArquillianResource @OperateOnDeployment("employee-distributable") URL url) throws Exception {
        testLogoutViaSessionIndex(url, true, (samlClientBuilder, str) -> {
            samlClientBuilder.addStep(this::logoutViaAdminConsole);
        });
    }

    @Test
    public void testUserInitiatedFrontchannelLogout(@ArquillianResource @OperateOnDeployment("employee-distributable") URL url) throws Exception {
        testLogoutViaSessionIndex(url, false, (samlClientBuilder, str) -> {
            samlClientBuilder.navigateTo(str + "?GLO=true").processSamlResponse(SamlClient.Binding.POST).build().processSamlResponse(SamlClient.Binding.POST).build();
        });
    }

    @Test
    public void testUserInitiatedFrontchannelLogoutWithAssertionOfLoggedIn(@ArquillianResource @OperateOnDeployment("employee-distributable") URL url) throws Exception {
        testLogoutViaSessionIndex(url, true, (samlClientBuilder, str) -> {
            samlClientBuilder.navigateTo(str + "?GLO=true").processSamlResponse(SamlClient.Binding.POST).build().processSamlResponse(SamlClient.Binding.POST).build();
        });
    }

    @Test
    public void testNodeRestartResiliency(@ArquillianResource @OperateOnDeployment("employee-distributable") URL url) throws Exception {
        ContainerInfo containerInfo = (ContainerInfo) this.testContext.getAppServerBackendsInfo().get(0);
        Users.setPasswordFor(this.bburkeUser, "password");
        String proxiedUrl = getProxiedUrl(url);
        SamlClient execute = new SamlClientBuilder().navigateTo(proxiedUrl).processSamlResponse(SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).build().assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("principal=bburke"))).execute();
        this.controller.stop(containerInfo.getQualifier());
        updateProxy("ha-node-2", NODE_2_URI, NODE_1_URI);
        execute.execute(new SamlClientBuilder().navigateTo(proxiedUrl).doNotFollowRedirects().assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("principal=bburke"))).getSteps());
        this.controller.start(containerInfo.getQualifier());
        updateProxy("ha-node-1", NODE_1_URI, NODE_2_URI);
        execute.execute(new SamlClientBuilder().navigateTo(proxiedUrl).doNotFollowRedirects().assertResponse(Matchers.bodyHC(org.hamcrest.Matchers.containsString("principal=bburke"))).getSteps());
    }
}
