package org.keycloak.testsuite.account;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.List;
import java.util.stream.Collectors;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Test;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.representations.account.DeviceRepresentation;
import org.keycloak.representations.account.SessionRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.SecondBrowser;
import org.keycloak.testsuite.util.ThirdBrowser;
import org.keycloak.testsuite.util.TokenUtil;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/account/SessionRestServiceTest.class */
public class SessionRestServiceTest extends AbstractRestServiceTest {

    @Drone
    @SecondBrowser
    protected WebDriver secondBrowser;

    @Drone
    @ThirdBrowser
    protected WebDriver thirdBrowser;

    @Override // org.keycloak.testsuite.account.AbstractRestServiceTest, org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        super.configureTestRealm(realmRepresentation);
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("public-client-0").name("Public Client 0").baseUrl("http://client0.example.com").redirectUris(OAuthClient.APP_ROOT + "/auth").publicClient().build());
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("public-client-1").name("Public Client 1").baseUrl("http://client1.example.com").redirectUris(OAuthClient.APP_ROOT + "/auth").publicClient().build());
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("confidential-client-0").name("Confidential Client 0").secret("secret").serviceAccount().directAccessGrants().redirectUris(OAuthClient.APP_ROOT + "/auth").build());
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("confidential-client-1").name("Confidential Client 1").secret("secret").serviceAccount().directAccessGrants().redirectUris(OAuthClient.APP_ROOT + "/auth").build());
    }

    @Test
    public void testProfilePreviewPermissions() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("no-account-access", "password");
        TokenUtil tokenUtil2 = new TokenUtil("view-account-access", "password");
        Assert.assertEquals(403L, SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("sessions"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("sessions"), this.httpClient).header("Accept", "application/json").auth(tokenUtil2.getToken()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("sessions/bogusId"), this.httpClient).header("Accept", "application/json").auth(tokenUtil2.getToken()).asStatus());
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testGetSessions() throws Exception {
        this.oauth.setDriver(this.secondBrowser);
        codeGrant("public-client-0");
        List<SessionRepresentation> sessions = getSessions();
        Assert.assertEquals(2L, sessions.size());
        for (SessionRepresentation sessionRepresentation : sessions) {
            Assert.assertNotNull(sessionRepresentation.getId());
            Assert.assertThat(sessionRepresentation.getIpAddress(), Matchers.anyOf(Matchers.equalTo(AssertEvents.DEFAULT_IP_ADDRESS), Matchers.equalTo(AssertEvents.DEFAULT_IP_ADDRESS_V6)));
            Assert.assertTrue(sessionRepresentation.getLastAccess() > 0);
            Assert.assertTrue(sessionRepresentation.getExpires() > 0);
            Assert.assertTrue(sessionRepresentation.getStarted() > 0);
            Assert.assertThat(sessionRepresentation.getClients(), Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.anyOf(Matchers.is("direct-grant"), Matchers.is("public-client-0")))));
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testGetDevicesResponse() throws Exception {
        Assume.assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) Gecko/20100101 Firefox/15.0.1");
        OAuthClient.AccessTokenResponse codeGrant = codeGrant("public-client-0");
        joinSsoSession("public-client-1");
        List<DeviceRepresentation> devicesOtherThanOther = getDevicesOtherThanOther(codeGrant.getAccessToken());
        Assert.assertEquals("Should have a single device", 1L, devicesOtherThanOther.size());
        DeviceRepresentation deviceRepresentation = devicesOtherThanOther.get(0);
        Assert.assertTrue(deviceRepresentation.getCurrent().booleanValue());
        Assert.assertEquals("Windows", deviceRepresentation.getOs());
        Assert.assertEquals("10", deviceRepresentation.getOsVersion());
        Assert.assertEquals("Other", deviceRepresentation.getDevice());
        List sessions = deviceRepresentation.getSessions();
        Assert.assertEquals(1L, sessions.size());
        SessionRepresentation sessionRepresentation = (SessionRepresentation) sessions.get(0);
        Assert.assertEquals(AssertEvents.DEFAULT_IP_ADDRESS, sessionRepresentation.getIpAddress());
        Assert.assertTrue(deviceRepresentation.getLastAccess() == sessionRepresentation.getLastAccess());
        Assert.assertEquals(2L, sessionRepresentation.getClients().size());
        Assert.assertThat(sessionRepresentation.getClients(), Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.anyOf(Matchers.is("public-client-0"), Matchers.is("public-client-1")))));
        Assert.assertThat(sessionRepresentation.getClients(), Matchers.hasItem(Matchers.hasProperty("clientName", Matchers.anyOf(Matchers.is("Public Client 0"), Matchers.is("Public Client 1")))));
    }

    @Test
    public void testGetDevicesSessions() throws Exception {
        ContainerAssume.assumeAuthServerUndertow();
        Assume.assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
        WebDriver driver = this.oauth.getDriver();
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
        codeGrant("public-client-0");
        List<DeviceRepresentation> devicesOtherThanOther = getDevicesOtherThanOther();
        Assert.assertEquals("Should have a single device", 1L, devicesOtherThanOther.size());
        List list = (List) devicesOtherThanOther.stream().filter(deviceRepresentation -> {
            return "Fedora".equals(deviceRepresentation.getOs());
        }).collect(Collectors.toList());
        Assert.assertEquals("Should have a single Fedora device", 1L, list.size());
        list.stream().forEach(deviceRepresentation2 -> {
            List sessions = deviceRepresentation2.getSessions();
            Assert.assertEquals(1L, sessions.size());
            Assert.assertThat(sessions, Matchers.hasItem(Matchers.hasProperty("browser", Matchers.is("Firefox/15.0.1"))));
        });
        this.oauth.setDriver(this.secondBrowser);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Gecko/20100101 Firefox/15.0.1");
        codeGrant("public-client-0");
        List<DeviceRepresentation> devicesOtherThanOther2 = getDevicesOtherThanOther();
        Assert.assertEquals("Should have two devices", 2L, devicesOtherThanOther2.size());
        Assert.assertEquals(1L, ((List) devicesOtherThanOther2.stream().filter(deviceRepresentation3 -> {
            return "Fedora".equals(deviceRepresentation3.getOs());
        }).collect(Collectors.toList())).size());
        List list2 = (List) devicesOtherThanOther2.stream().filter(deviceRepresentation4 -> {
            return "Windows".equals(deviceRepresentation4.getOs());
        }).collect(Collectors.toList());
        Assert.assertEquals(1L, list2.size());
        list2.stream().forEach(deviceRepresentation5 -> {
            List sessions = deviceRepresentation5.getSessions();
            Assert.assertEquals(1L, sessions.size());
            Assert.assertThat(sessions, Matchers.hasItem(Matchers.hasProperty("browser", Matchers.is("Firefox/15.0.1"))));
        });
        this.oauth.setDriver(driver);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.71 Safari/537.36 Edge/12.0");
        codeGrant("public-client-0");
        this.oauth.setDriver(this.secondBrowser);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Gecko/20100101 Firefox/15.0.1");
        codeGrant("public-client-0");
        this.oauth.setDriver(this.thirdBrowser);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows NT 10.0) AppleWebKit/537.36 (KHTML, like Gecko) Version/11.0 Safari/603.1.30");
        this.oauth.setBrowserHeader("X-Forwarded-For", "192.168.10.3");
        List<DeviceRepresentation> devicesOtherThanOther3 = getDevicesOtherThanOther(codeGrant("public-client-0").getAccessToken());
        Assert.assertEquals("Should have a single device because all browsers (and sessions) are from the same platform (OS + OS version)", 1L, devicesOtherThanOther3.size());
        List list3 = (List) devicesOtherThanOther3.stream().filter(deviceRepresentation6 -> {
            return "Windows".equals(deviceRepresentation6.getOs());
        }).collect(Collectors.toList());
        Assert.assertEquals(1L, list3.size());
        list3.stream().forEach(deviceRepresentation7 -> {
            List sessions = deviceRepresentation7.getSessions();
            Assert.assertEquals(3L, sessions.size());
            Assert.assertEquals(1L, sessions.stream().filter(sessionRepresentation -> {
                return sessionRepresentation.getIpAddress().equals(AssertEvents.DEFAULT_IP_ADDRESS) && sessionRepresentation.getBrowser().equals("Firefox/15.0.1") && sessionRepresentation.getCurrent() == null;
            }).count());
            Assert.assertEquals(1L, sessions.stream().filter(sessionRepresentation2 -> {
                return sessionRepresentation2.getIpAddress().equals(AssertEvents.DEFAULT_IP_ADDRESS) && sessionRepresentation2.getBrowser().equals("Edge/12.0") && sessionRepresentation2.getCurrent() == null;
            }).count());
            Assert.assertEquals(1L, sessions.stream().filter(sessionRepresentation3 -> {
                return sessionRepresentation3.getIpAddress().equals("192.168.10.3") && sessionRepresentation3.getBrowser().equals("Safari/11.0") && sessionRepresentation3.getCurrent().booleanValue();
            }).count());
        });
        this.oauth.setDriver(this.thirdBrowser);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (Windows 7) AppleWebKit/537.36 (KHTML, like Gecko) Version/11.0 Safari/603.1.30");
        this.oauth.setBrowserHeader("X-Forwarded-For", "192.168.10.3");
        codeGrant("public-client-0");
        List list4 = (List) getDevicesOtherThanOther().stream().filter(deviceRepresentation8 -> {
            return "Windows".equals(deviceRepresentation8.getOs());
        }).collect(Collectors.toList());
        Assert.assertEquals("Should have two devices for two distinct Windows versions", 2L, r0.size());
        Assert.assertEquals(2L, list4.size());
        this.oauth.setDriver(driver);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (iPhone; CPU iPhone OS 5_1_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9B206 Safari/7534.48.3");
        codeGrant("public-client-0");
        this.oauth.setDriver(this.secondBrowser);
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
        codeGrant("public-client-0");
        List<DeviceRepresentation> devicesOtherThanOther4 = getDevicesOtherThanOther();
        Assert.assertEquals("Should have 3 devices", 3L, devicesOtherThanOther4.size());
        Assert.assertEquals(1L, ((List) devicesOtherThanOther4.stream().filter(deviceRepresentation9 -> {
            return "Windows".equals(deviceRepresentation9.getOs());
        }).collect(Collectors.toList())).size());
        Assert.assertEquals(1L, ((List) devicesOtherThanOther4.stream().filter(deviceRepresentation10 -> {
            return "Fedora".equals(deviceRepresentation10.getOs());
        }).collect(Collectors.toList())).size());
        List list5 = (List) devicesOtherThanOther4.stream().filter(deviceRepresentation11 -> {
            return "iOS".equals(deviceRepresentation11.getOs()) && "iPhone".equals(deviceRepresentation11.getDevice());
        }).collect(Collectors.toList());
        Assert.assertEquals(1L, list5.size());
        list5.stream().forEach(deviceRepresentation12 -> {
            Assert.assertTrue(deviceRepresentation12.isMobile());
            List sessions = deviceRepresentation12.getSessions();
            Assert.assertEquals(1L, sessions.size());
            Assert.assertEquals(1L, sessions.stream().filter(sessionRepresentation -> {
                return sessionRepresentation.getBrowser().equals("Mobile Safari/5.1");
            }).count());
        });
    }

    @Test
    public void testLogout() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("view-account-access", "password");
        String sessionState = this.oauth.doLogin("view-account-access", "password").getSessionState();
        Assert.assertEquals(2L, getSessions(tokenUtil.getToken()).size());
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("sessions/" + sessionState), this.httpClient).acceptJson().auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(2L, getSessions(tokenUtil.getToken()).size());
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("sessions/" + sessionState), this.httpClient).acceptJson().auth(this.tokenUtil.getToken()).asStatus());
        Assert.assertEquals(1L, getSessions(this.tokenUtil.getToken()).size());
    }

    @Test
    public void testLogoutAll() throws IOException {
        codeGrant("public-client-0");
        this.oauth.setDriver(this.secondBrowser);
        OAuthClient.AccessTokenResponse codeGrant = codeGrant("public-client-0");
        Assert.assertEquals(3L, getSessions().size());
        String accessToken = codeGrant.getAccessToken();
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("sessions"), this.httpClient).acceptJson().auth(accessToken).asStatus());
        Assert.assertEquals(1L, getSessions(accessToken).size());
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("sessions?current=true"), this.httpClient).acceptJson().auth(accessToken).asStatus());
        Assert.assertEquals(401L, SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).acceptJson().auth(accessToken).asStatus());
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testNullOrEmptyUserAgent() throws Exception {
        Assume.assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
        this.oauth.setBrowserHeader("User-Agent", (String) null);
        List<DeviceRepresentation> queryDevices = queryDevices(codeGrant("public-client-0").getAccessToken());
        Assert.assertEquals("Should have a single device", 1L, queryDevices.size());
        DeviceRepresentation deviceRepresentation = queryDevices.get(0);
        Assert.assertTrue(deviceRepresentation.getCurrent().booleanValue());
        Assert.assertEquals("Other", deviceRepresentation.getOs());
        Assert.assertEquals("Other", deviceRepresentation.getDevice());
        List sessions = deviceRepresentation.getSessions();
        Assert.assertEquals(1L, sessions.size());
        Assert.assertEquals(AssertEvents.DEFAULT_IP_ADDRESS, ((SessionRepresentation) sessions.get(0)).getIpAddress());
        Assert.assertEquals(deviceRepresentation.getLastAccess(), r0.getLastAccess());
        Assert.assertEquals(1L, r0.getClients().size());
    }

    @Test
    public void testNonBrowserSession() throws Exception {
        Assume.assumeTrue("Browser must be htmlunit. Otherwise we are not able to set desired BrowserHeaders", System.getProperty("browser").equals("htmlUnit"));
        this.oauth.setBrowserHeader("User-Agent", "Mozilla/5.0 (X11; Fedora; Linux x86_64; rv:15.0) Gecko/20100101 Firefox/15.0.1");
        codeGrant("public-client-0");
        this.oauth.setBrowserHeader("User-Agent", (String) null);
        this.oauth.clientId("confidential-client-0");
        this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
        this.oauth.clientId("confidential-client-1");
        this.oauth.doGrantAccessTokenRequest("secret", AssertEvents.DEFAULT_USERNAME, "password");
        List<DeviceRepresentation> allDevices = getAllDevices();
        Assert.assertEquals(2L, allDevices.size());
        Assert.assertThat(allDevices, Matchers.hasItems(new Matcher[]{Matchers.hasProperty("os", Matchers.anyOf(Matchers.is("Fedora"), Matchers.is("Other")))}));
        Assert.assertEquals(3L, ((Integer) allDevices.stream().filter(deviceRepresentation -> {
            return "Other".equals(deviceRepresentation.getOs());
        }).map(deviceRepresentation2 -> {
            return Integer.valueOf(deviceRepresentation2.getSessions().size());
        }).findFirst().get()).intValue());
    }

    private List<SessionRepresentation> getSessions(String str) throws IOException {
        return (List) SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).auth(str).asJson(new TypeReference<List<SessionRepresentation>>() { // from class: org.keycloak.testsuite.account.SessionRestServiceTest.1
        });
    }

    private List<DeviceRepresentation> getDevicesOtherThanOther() throws IOException {
        return getDevicesOtherThanOther(this.tokenUtil.getToken());
    }

    private List<DeviceRepresentation> getAllDevices() throws IOException {
        return queryDevices(this.tokenUtil.getToken());
    }

    private List<DeviceRepresentation> getDevicesOtherThanOther(String str) throws IOException {
        return (List) queryDevices(str).stream().filter(deviceRepresentation -> {
            return !"Other".equals(deviceRepresentation.getOs());
        }).collect(Collectors.toList());
    }

    private List<DeviceRepresentation> queryDevices(String str) throws IOException {
        return (List) SimpleHttp.doGet(getAccountUrl("sessions/devices"), this.httpClient).auth(str).asJson(new TypeReference<List<DeviceRepresentation>>() { // from class: org.keycloak.testsuite.account.SessionRestServiceTest.2
        });
    }

    private OAuthClient.AccessTokenResponse codeGrant(String str) {
        this.oauth.clientId(str);
        this.oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
        this.oauth.openLogout();
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        return this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password");
    }

    private void joinSsoSession(String str) {
        this.oauth.clientId(str);
        this.oauth.redirectUri(OAuthClient.APP_ROOT + "/auth");
        this.oauth.openLoginForm();
    }

    private List<SessionRepresentation> getSessions() throws IOException {
        return (List) SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).auth(this.tokenUtil.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() { // from class: org.keycloak.testsuite.account.SessionRestServiceTest.3
        });
    }
}
