package org.keycloak.testsuite.admin.concurrency;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import java.util.concurrent.atomic.AtomicInteger;
import java.util.concurrent.atomic.AtomicReference;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matchers;
import org.jsoup.Jsoup;
import org.jsoup.nodes.Element;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.Config;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Retry;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/admin/concurrency/ConcurrentLoginTest.class */
public class ConcurrentLoginTest extends AbstractConcurrencyTest {
    protected static final int DEFAULT_THREADS = 4;
    protected static final int CLIENTS_PER_THREAD = 30;
    protected static final int DEFAULT_CLIENTS_COUNT = 120;
    private String userSessionProvider;

    /* loaded from: input_file:org/keycloak/testsuite/admin/concurrency/ConcurrentLoginTest$LoginTask.class */
    public class LoginTask implements AbstractConcurrencyTest.KeycloakRunnable {
        private final CloseableHttpClient httpClient;
        private final AtomicReference<String> userSessionId;
        private final int retryDelayMs;
        private final int retryCount;
        private final AtomicInteger[] retryHistogram;
        private final boolean sameClient;
        private final List<HttpClientContext> clientContexts;
        private final AtomicInteger clientIndex = new AtomicInteger();
        private final ThreadLocal<OAuthClient> oauthClient = new ThreadLocal<OAuthClient>() { // from class: org.keycloak.testsuite.admin.concurrency.ConcurrentLoginTest.LoginTask.1
            /* JADX INFO: Access modifiers changed from: protected */
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // java.lang.ThreadLocal
            public OAuthClient initialValue() {
                OAuthClient oAuthClient = new OAuthClient();
                oAuthClient.init(ConcurrentLoginTest.this.driver);
                oAuthClient.stateParamHardcoded(KeycloakModelUtils.generateId());
                oAuthClient.nonce(KeycloakModelUtils.generateId());
                oAuthClient.redirectUri(ConcurrentLoginTest.this.oauth.getRedirectUri() + "?some=" + new Random().nextInt(1024));
                return oAuthClient;
            }
        };
        private final AtomicInteger totalInvocations = new AtomicInteger();

        public LoginTask(CloseableHttpClient closeableHttpClient, AtomicReference<String> atomicReference, int i, int i2, boolean z, List<HttpClientContext> list) {
            this.httpClient = closeableHttpClient;
            this.userSessionId = atomicReference;
            this.retryDelayMs = i;
            this.retryCount = i2;
            this.retryHistogram = new AtomicInteger[i2];
            for (int i3 = 0; i3 < this.retryHistogram.length; i3++) {
                this.retryHistogram[i3] = new AtomicInteger();
            }
            this.sameClient = z;
            this.clientContexts = list;
        }

        @Override // org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest.KeycloakRunnable
        public void run(int i, Keycloak keycloak, RealmResource realmResource) throws Throwable {
            int andIncrement = this.sameClient ? 0 : this.clientIndex.getAndIncrement();
            OAuthClient oAuthClient = this.oauthClient.get();
            oAuthClient.clientId("client" + andIncrement);
            ConcurrentLoginTest.this.log.infof("%d [%s]: Accessing login page for %s", Integer.valueOf(i), Thread.currentThread().getName(), oAuthClient.getClientId());
            HttpClientContext httpClientContext = this.clientContexts.get(andIncrement % this.clientContexts.size());
            HttpClientContext create = HttpClientContext.create();
            create.setCookieStore(httpClientContext.getCookieStore());
            Assert.assertThat(ConcurrentLoginTest.this.getPageContent(oAuthClient.getLoginFormUrl(), this.httpClient, create), Matchers.containsString("<title>AUTH_RESPONSE</title>"));
            Assert.assertThat(create.getRedirectLocations(), Matchers.notNullValue());
            Assert.assertThat(create.getRedirectLocations(), Matchers.not(Matchers.empty()));
            Map queryFromUrl = ConcurrentLoginTest.getQueryFromUrl(((URI) create.getRedirectLocations().get(0)).toString());
            String str = (String) queryFromUrl.get("code");
            Assert.assertEquals("Invalid state.", (String) queryFromUrl.get("state"), oAuthClient.getState());
            AtomicReference atomicReference = new AtomicReference();
            this.totalInvocations.incrementAndGet();
            OAuthClient.AccessTokenResponse doAccessTokenRequest = oAuthClient.doAccessTokenRequest(str, "password");
            Assert.assertEquals("AccessTokenResponse: client: " + oAuthClient.getClientId() + ", error: '" + doAccessTokenRequest.getError() + "' desc: '" + doAccessTokenRequest.getErrorDescription() + "'", 200L, doAccessTokenRequest.getStatusCode());
            atomicReference.set(doAccessTokenRequest);
            AtomicReference atomicReference2 = new AtomicReference();
            this.retryHistogram[Retry.execute(() -> {
                OAuthClient.AccessTokenResponse doRefreshTokenRequest = oAuthClient.doRefreshTokenRequest(((OAuthClient.AccessTokenResponse) atomicReference.get()).getRefreshToken(), "password");
                Assert.assertEquals("AccessTokenResponse: client: " + oAuthClient.getClientId() + ", error: '" + doRefreshTokenRequest.getError() + "' desc: '" + doRefreshTokenRequest.getErrorDescription() + "'", 200L, doRefreshTokenRequest.getStatusCode());
                atomicReference2.set(doRefreshTokenRequest);
            }, this.retryCount, this.retryDelayMs)].incrementAndGet();
            AccessToken accessToken = (AccessToken) JsonSerialization.readValue(new JWSInput(((OAuthClient.AccessTokenResponse) atomicReference.get()).getAccessToken()).getContent(), AccessToken.class);
            Assert.assertEquals("Invalid nonce.", accessToken.getNonce(), oAuthClient.getNonce());
            Assert.assertEquals("Invalid nonce.", ((AccessToken) JsonSerialization.readValue(new JWSInput(((OAuthClient.AccessTokenResponse) atomicReference2.get()).getAccessToken()).getContent(), AccessToken.class)).getNonce(), oAuthClient.getNonce());
            if (this.userSessionId.get() == null) {
                this.userSessionId.set(accessToken.getSessionState());
            }
        }

        public int getRetryDelayMs() {
            return this.retryDelayMs;
        }

        public int getRetryCount() {
            return this.retryCount;
        }

        public Map<Integer, Integer> getHistogram() {
            LinkedHashMap linkedHashMap = new LinkedHashMap(this.retryCount);
            for (int i = 0; i < this.retryHistogram.length; i++) {
                linkedHashMap.put(Integer.valueOf(i * this.retryDelayMs), Integer.valueOf(this.retryHistogram[i].get()));
            }
            return linkedHashMap;
        }
    }

    @Before
    public void beforeTest() {
        this.userSessionProvider = (String) this.testingClient.server().fetch(keycloakSession -> {
            return Config.getProvider("userSessions");
        }, String.class);
        createClients();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createClients() {
        ClientsResource clients = this.adminClient.realm("test").clients();
        for (int i = 0; i < DEFAULT_CLIENTS_COUNT; i++) {
            ClientRepresentation build = ClientBuilder.create().clientId("client" + i).directAccessGrants().redirectUris("*").addWebOrigin("*").secret("password").build();
            Response create = clients.create(build);
            String createdId = ApiUtil.getCreatedId(create);
            create.close();
            getCleanup("test").addClientUuid(createdId);
            this.log.debugf("created %s [uuid=%s]", build.getClientId(), createdId);
        }
        this.log.debug("clients created");
    }

    @Test
    public void concurrentLoginSingleUser() throws Throwable {
        Assume.assumeThat("Test runs only with InfinispanUserSessionProvider", this.userSessionProvider, Matchers.is("infinispan"));
        this.log.info("*********************************************");
        long currentTimeMillis = System.currentTimeMillis();
        AtomicReference atomicReference = new AtomicReference();
        LoginTask loginTask = null;
        try {
            CloseableHttpClient httpsAwareClient = getHttpsAwareClient();
            Throwable th = null;
            try {
                try {
                    loginTask = new LoginTask(httpsAwareClient, atomicReference, 100, 1, false, Arrays.asList(createHttpClientContextForUser(httpsAwareClient, AssertEvents.DEFAULT_USERNAME, "password")));
                    run(DEFAULT_THREADS, DEFAULT_CLIENTS_COUNT, loginTask);
                    Assert.assertEquals(121L, this.testingClient.testing().getClientSessionsCountInUserSession("test", (String) atomicReference.get()).intValue());
                    if (httpsAwareClient != null) {
                        if (0 != 0) {
                            try {
                                httpsAwareClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            httpsAwareClient.close();
                        }
                    }
                    long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                    this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
                    this.log.info("concurrentLoginSingleUser took " + (currentTimeMillis2 / 1000) + "s");
                    this.log.info("*********************************************");
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
            this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
            this.log.info("concurrentLoginSingleUser took " + (currentTimeMillis3 / 1000) + "s");
            this.log.info("*********************************************");
            throw th3;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public CloseableHttpClient getHttpsAwareClient() {
        HttpClientBuilder redirectStrategy = HttpClientBuilder.create().setRedirectStrategy(new LaxRedirectStrategy());
        if (ServerURLs.AUTH_SERVER_SSL_REQUIRED) {
            redirectStrategy.setSSLHostnameVerifier((str, sSLSession) -> {
                return true;
            });
        }
        return redirectStrategy.build();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpClientContext createHttpClientContextForUser(CloseableHttpClient closeableHttpClient, String str, String str2) throws IOException {
        HttpClientContext create = HttpClientContext.create();
        create.setCookieStore(new BasicCookieStore());
        Assert.assertThat(parseAndCloseResponse(closeableHttpClient.execute(handleLogin(getPageContent(this.oauth.getLoginFormUrl(), closeableHttpClient, create), str, str2), create)), Matchers.containsString("<title>AUTH_RESPONSE</title>"));
        return create;
    }

    @Test
    public void concurrentLoginSingleUserSingleClient() throws Throwable {
        this.log.info("*********************************************");
        long currentTimeMillis = System.currentTimeMillis();
        AtomicReference atomicReference = new AtomicReference();
        LoginTask loginTask = null;
        try {
            CloseableHttpClient httpsAwareClient = getHttpsAwareClient();
            Throwable th = null;
            try {
                try {
                    loginTask = new LoginTask(httpsAwareClient, atomicReference, 100, 1, true, Arrays.asList(createHttpClientContextForUser(httpsAwareClient, AssertEvents.DEFAULT_USERNAME, "password")));
                    run(DEFAULT_THREADS, DEFAULT_CLIENTS_COUNT, loginTask);
                    Assert.assertEquals(2L, this.testingClient.testing().getClientSessionsCountInUserSession("test", (String) atomicReference.get()).intValue());
                    if (httpsAwareClient != null) {
                        if (0 != 0) {
                            try {
                                httpsAwareClient.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            httpsAwareClient.close();
                        }
                    }
                    long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                    this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
                    this.log.info("concurrentLoginSingleUserSingleClient took " + (currentTimeMillis2 / 1000) + "s");
                    this.log.info("*********************************************");
                } finally {
                }
            } finally {
            }
        } catch (Throwable th3) {
            long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
            this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
            this.log.info("concurrentLoginSingleUserSingleClient took " + (currentTimeMillis3 / 1000) + "s");
            this.log.info("*********************************************");
            throw th3;
        }
    }

    @Test
    public void concurrentLoginMultipleUsers() throws Throwable {
        Assume.assumeThat("Test runs only with InfinispanUserSessionProvider", this.userSessionProvider, Matchers.is("infinispan"));
        this.log.info("*********************************************");
        long currentTimeMillis = System.currentTimeMillis();
        AtomicReference atomicReference = new AtomicReference();
        LoginTask loginTask = null;
        try {
            CloseableHttpClient httpsAwareClient = getHttpsAwareClient();
            Throwable th = null;
            try {
                loginTask = new LoginTask(httpsAwareClient, atomicReference, 100, 1, false, Arrays.asList(createHttpClientContextForUser(httpsAwareClient, AssertEvents.DEFAULT_USERNAME, "password"), createHttpClientContextForUser(httpsAwareClient, "john-doh@localhost", "password"), createHttpClientContextForUser(httpsAwareClient, "roleRichUser", "password")));
                run(DEFAULT_THREADS, DEFAULT_CLIENTS_COUNT, loginTask);
                Assert.assertEquals(41L, this.testingClient.testing().getClientSessionsCountInUserSession("test", (String) atomicReference.get()).intValue());
                if (httpsAwareClient != null) {
                    if (0 != 0) {
                        try {
                            httpsAwareClient.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        httpsAwareClient.close();
                    }
                }
                long currentTimeMillis2 = System.currentTimeMillis() - currentTimeMillis;
                this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
                this.log.info("concurrentLoginMultipleUsers took " + (currentTimeMillis2 / 1000) + "s");
                this.log.info("*********************************************");
            } finally {
            }
        } catch (Throwable th3) {
            long currentTimeMillis3 = System.currentTimeMillis() - currentTimeMillis;
            this.log.infof("Statistics: %s", loginTask == null ? "??" : loginTask.getHistogram());
            this.log.info("concurrentLoginMultipleUsers took " + (currentTimeMillis3 / 1000) + "s");
            this.log.info("*********************************************");
            throw th3;
        }
    }

    @Test
    public void concurrentCodeReuseShouldFail() throws Throwable {
        this.log.info("*********************************************");
        long currentTimeMillis = System.currentTimeMillis();
        for (int i = 0; i < 10; i++) {
            final OAuthClient oAuthClient = new OAuthClient();
            oAuthClient.init(this.driver);
            oAuthClient.clientId("client0");
            final String code = oAuthClient.doLogin(AssertEvents.DEFAULT_USERNAME, "password").getCode();
            Assert.assertNotNull(code);
            final String currentUrl = this.driver.getCurrentUrl();
            final AtomicInteger atomicInteger = new AtomicInteger(0);
            final AtomicInteger atomicInteger2 = new AtomicInteger(0);
            run(DEFAULT_THREADS, DEFAULT_THREADS, new AbstractConcurrencyTest.KeycloakRunnable() { // from class: org.keycloak.testsuite.admin.concurrency.ConcurrentLoginTest.1
                @Override // org.keycloak.testsuite.admin.concurrency.AbstractConcurrencyTest.KeycloakRunnable
                public void run(int i2, Keycloak keycloak, RealmResource realmResource) throws Throwable {
                    ConcurrentLoginTest.this.log.infof("Trying to execute codeURL: %s, threadIndex: %d", currentUrl, Integer.valueOf(i2));
                    OAuthClient.AccessTokenResponse doAccessTokenRequest = oAuthClient.doAccessTokenRequest(code, "password");
                    if (doAccessTokenRequest.getAccessToken() != null && doAccessTokenRequest.getError() == null) {
                        atomicInteger.incrementAndGet();
                    } else {
                        if (doAccessTokenRequest.getAccessToken() != null || doAccessTokenRequest.getError() == null) {
                            return;
                        }
                        atomicInteger2.incrementAndGet();
                    }
                }
            });
            oAuthClient.openLogout();
            Assert.assertThat(Integer.valueOf(atomicInteger.get()), Matchers.lessThanOrEqualTo(1));
            Assert.assertThat(Integer.valueOf(atomicInteger2.get()), Matchers.greaterThanOrEqualTo(3));
            this.log.infof("Iteration %d passed successfully", Integer.valueOf(i));
        }
        this.log.info("concurrentCodeReuseShouldFail took " + ((System.currentTimeMillis() - currentTimeMillis) / 1000) + "s");
        this.log.info("*********************************************");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getPageContent(String str, CloseableHttpClient closeableHttpClient, HttpClientContext httpClientContext) throws IOException {
        HttpGet httpGet = new HttpGet(str);
        httpGet.setHeader("User-Agent", "Mozilla/5.0");
        httpGet.setHeader("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8");
        httpGet.setHeader("Accept-Language", "en-US,en;q=0.5");
        return parseAndCloseResponse(closeableHttpClient.execute(httpGet, httpClientContext));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String parseAndCloseResponse(CloseableHttpResponse closeableHttpResponse) {
        try {
            try {
                int statusCode = closeableHttpResponse.getStatusLine().getStatusCode();
                String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity());
                if (statusCode != 200) {
                    this.log.debugf("Response Code: %d, Body: %s", statusCode, entityUtils);
                }
                return entityUtils;
            } finally {
                if (closeableHttpResponse != null) {
                    EntityUtils.consumeQuietly(closeableHttpResponse.getEntity());
                    try {
                        closeableHttpResponse.close();
                    } catch (IOException e) {
                    }
                }
            }
        } catch (IOException | UnsupportedOperationException e2) {
            throw new RuntimeException(e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpUriRequest handleLogin(String str, String str2, String str3) throws UnsupportedEncodingException {
        this.log.debug("Extracting form's data...");
        Element elementById = Jsoup.parse(str).getElementById("kc-form-login");
        String attr = elementById.attr("method");
        String attr2 = elementById.attr("action");
        ArrayList arrayList = new ArrayList();
        Iterator it = elementById.getElementsByTag("input").iterator();
        while (it.hasNext()) {
            String attr3 = ((Element) it.next()).attr("name");
            if (attr3.equals("username")) {
                arrayList.add(new BasicNameValuePair(attr3, str2));
            } else if (attr3.equals("password")) {
                arrayList.add(new BasicNameValuePair(attr3, str3));
            }
        }
        if (!(attr != null && "post".equalsIgnoreCase(attr))) {
            throw new UnsupportedOperationException("not supported yet!");
        }
        HttpPost httpPost = new HttpPost(attr2);
        try {
            httpPost.setEntity(new UrlEncodedFormEntity(arrayList, "UTF-8"));
            return httpPost;
        } catch (UnsupportedEncodingException e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Map<String, String> getQueryFromUrl(String str) throws URISyntaxException {
        return (Map) URLEncodedUtils.parse(new URI(str), "UTF-8").stream().collect(Collectors.toMap(nameValuePair -> {
            return nameValuePair.getName();
        }, nameValuePair2 -> {
            return nameValuePair2.getValue();
        }));
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1883045657:
                if (implMethodName.equals("lambda$beforeTest$8809bd7b$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/FetchOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/concurrency/ConcurrentLoginTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)Ljava/lang/Object;")) {
                    return keycloakSession -> {
                        return Config.getProvider("userSessions");
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
