package org.keycloak.testsuite.oauth;

import java.util.Arrays;
import java.util.Collections;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.EventRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ServerURLs;

/* loaded from: input_file:org/keycloak/testsuite/oauth/OAuth2OnlyTest.class */
public class OAuth2OnlyTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected OAuthGrantPage grantPage;

    @Page
    protected ErrorPage errorPage;

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("more-uris-client");
        clientRepresentation.setEnabled(true);
        clientRepresentation.setRedirectUris(Arrays.asList("http://localhost:8180/auth/realms/master/app/auth", "http://localhost:8180/foo", "https://localhost:8543/auth/realms/master/app/auth", "https://localhost:8543/foo"));
        clientRepresentation.setBaseUrl("http://localhost:8180/auth/realms/master/app/auth");
        realmRepresentation.getClients().add(clientRepresentation);
        ClientRepresentation clientRepresentation2 = (ClientRepresentation) realmRepresentation.getClients().stream().filter(clientRepresentation3 -> {
            return clientRepresentation3.getClientId().equals(AssertEvents.DEFAULT_CLIENT_ID);
        }).findFirst().get();
        clientRepresentation2.setImplicitFlowEnabled(true);
        trimRedirectUris(clientRepresentation2);
    }

    private final void trimRedirectUris(ClientRepresentation clientRepresentation) {
        clientRepresentation.setRedirectUris(Collections.singletonList((String) clientRepresentation.getRedirectUris().stream().filter(str -> {
            return ServerURLs.AUTH_SERVER_SSL_REQUIRED ? str.startsWith("https://") : str.startsWith("http://");
        }).findFirst().get()));
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
        this.oauth.init(this.driver);
    }

    @Test
    public void testMissingIDToken() {
        this.driver.navigate().to(ActionURIUtils.removeQueryParamFromURI(this.oauth.getLoginFormUrl(), "scope"));
        this.oauth.fillLoginForm(AssertEvents.DEFAULT_USERNAME, "password");
        EventRepresentation assertEvent = this.events.expectLogin().assertEvent();
        OAuthClient.AccessTokenResponse doAccessTokenRequest = this.oauth.doAccessTokenRequest(new OAuthClient.AuthorizationEndpointResponse(this.oauth).getCode(), "password");
        Assert.assertEquals(200L, doAccessTokenRequest.getStatusCode());
        Assert.assertNull(doAccessTokenRequest.getIdToken());
        Assert.assertNotNull(doAccessTokenRequest.getRefreshToken());
        Assert.assertEquals(this.oauth.verifyToken(doAccessTokenRequest.getAccessToken()).getSubject(), assertEvent.getUserId());
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(doAccessTokenRequest.getRefreshToken(), "password");
        Assert.assertEquals(200L, doRefreshTokenRequest.getStatusCode());
        Assert.assertNull(doRefreshTokenRequest.getIdToken());
        Assert.assertEquals(this.oauth.verifyToken(doRefreshTokenRequest.getAccessToken()).getSubject(), assertEvent.getUserId());
    }

    @Test
    public void testMissingScopeOpenidInResourceOwnerPasswordCredentialRequest() throws Exception {
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password");
        org.junit.Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        Assert.assertNull(doGrantAccessTokenRequest.getIdToken());
        Assert.assertNotNull(doGrantAccessTokenRequest.getRefreshToken());
        Assert.assertEquals(this.oauth.verifyToken(doGrantAccessTokenRequest.getAccessToken()).getPreferredUsername(), AssertEvents.DEFAULT_USERNAME);
    }

    @Test
    public void testMissingRedirectUri() throws Exception {
        this.driver.navigate().to(ActionURIUtils.removeQueryParamFromURI(ActionURIUtils.removeQueryParamFromURI(this.oauth.getLoginFormUrl(), "scope"), "redirect_uri"));
        this.loginPage.assertCurrent();
        this.oauth.fillLoginForm(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().assertEvent();
        this.oauth.clientId("more-uris-client");
        this.driver.navigate().to(ActionURIUtils.removeQueryParamFromURI(ActionURIUtils.removeQueryParamFromURI(this.oauth.getLoginFormUrl(), "scope"), "redirect_uri"));
        this.errorPage.assertCurrent();
        Assert.assertEquals("Invalid parameter: redirect_uri", this.errorPage.getError());
        this.events.expectLogin().error("invalid_redirect_uri").client("more-uris-client").user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).removeDetail("redirect_uri").removeDetail("code_id").removeDetail("consent").assertEvent();
    }

    @Test
    public void testMissingNonceInOAuth2ImplicitFlow() throws Exception {
        this.oauth.responseType("token");
        this.oauth.nonce((String) null);
        this.driver.navigate().to(ActionURIUtils.removeQueryParamFromURI(this.oauth.getLoginFormUrl(), "scope"));
        this.loginPage.assertCurrent();
        this.oauth.fillLoginForm(AssertEvents.DEFAULT_USERNAME, "password");
        this.events.expectLogin().assertEvent();
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertNull(authorizationEndpointResponse.getError());
        Assert.assertNull(authorizationEndpointResponse.getCode());
        Assert.assertNull(authorizationEndpointResponse.getIdToken());
        Assert.assertNotNull(authorizationEndpointResponse.getAccessToken());
    }
}
