package org.keycloak.testsuite.adapter.servlet;

import java.io.IOException;
import java.util.List;
import javax.ws.rs.core.UriBuilder;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.graphene.wait.StringMatcher;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.events.EventType;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.adapter.page.OfflineToken;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.pages.AccountApplicationsPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.openqa.selenium.By;

@AppServerContainers({@AppServerContainer("app-server-undertow"), @AppServerContainer("app-server-wildfly"), @AppServerContainer("app-server-wildfly-deprecated"), @AppServerContainer("app-server-eap"), @AppServerContainer("app-server-eap6"), @AppServerContainer("app-server-eap71")})
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/OfflineServletsAdapterTest.class */
public class OfflineServletsAdapterTest extends AbstractServletsAdapterTest {

    @Page
    protected OfflineToken offlineTokenPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected AccountApplicationsPage accountAppPage;

    @Page
    protected OAuthGrantPage oauthGrantPage;

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Rule
    public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);
    private final String DEFAULT_USERNAME = AssertEvents.DEFAULT_USERNAME;
    private final String DEFAULT_PASSWORD = "password";
    private final String OFFLINE_CLIENT_ID = "offline-client";

    @Deployment(name = "offline-client")
    protected static WebArchive offlineClient() {
        return servletDeployment("offline-client", AdapterActionsFilter.class, AbstractShowTokensServlet.class, OfflineTokenServlet.class, ErrorServlet.class, ServletTestUtils.class);
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.testRealmPage.setAuthRealm("test");
        this.testRealmLoginPage.setAuthRealm("test");
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.adapter.AbstractAdapterTest
    public void addAdapterTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm("/adapter-test/offline-client/offlinerealm.json"));
    }

    @Test
    public void testServlet() {
        try {
            String uri = UriBuilder.fromUri(this.offlineTokenPage.toString()).queryParam("scope", new Object[]{"offline_access"}).build(new Object[0]).toString();
            this.oauth.redirectUri(this.offlineTokenPage.toString());
            this.oauth.clientId("offline-client");
            this.driver.navigate().to(uri);
            WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
            this.loginPage.assertCurrent();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
            MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken(), CoreMatchers.notNullValue());
            MatcherAssert.assertThat("Offline", CoreMatchers.is(this.offlineTokenPage.getRefreshToken().getType()));
            MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken().getExp(), CoreMatchers.nullValue());
            String id = this.offlineTokenPage.getAccessToken().getId();
            String id2 = this.offlineTokenPage.getRefreshToken().getId();
            setAdapterAndServerTimeOffset(9999);
            this.offlineTokenPage.navigateTo();
            URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
            MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken().getId(), CoreMatchers.not(id2));
            MatcherAssert.assertThat(this.offlineTokenPage.getAccessToken().getId(), CoreMatchers.not(id));
            this.driver.navigate().to(this.oauth.getLoginFormUrl());
            WaitUtils.waitForPageToLoad();
            this.loginPage.assertCurrent();
            this.offlineTokenPage.navigateTo();
            URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
            this.oauth.doLogout(this.offlineTokenPage.getRefreshTokenString(), "secret1");
            this.offlineTokenPage.navigateTo();
            URLAssert.assertCurrentUrlDoesntStartWith((AbstractPage) this.offlineTokenPage);
            this.loginPage.assertCurrent();
            this.events.clear();
            resetTimeOffsetAuthenticated();
        } catch (Throwable th) {
            this.events.clear();
            resetTimeOffsetAuthenticated();
            throw th;
        }
    }

    @Test
    public void testServletWithRevoke() {
        try {
            this.driver.navigate().to(UriBuilder.fromUri(this.offlineTokenPage.toString()).queryParam("scope", new Object[]{"offline_access"}).build(new Object[0]).toString());
            WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
            this.loginPage.assertCurrent();
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
            MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken(), CoreMatchers.notNullValue());
            MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken().getType(), CoreMatchers.is("Offline"));
            setAdapterAndServerTimeOffset(9999);
            this.offlineTokenPage.navigateTo();
            URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
            setAdapterAndServerTimeOffset(0);
            this.events.clear();
            this.accountAppPage.open();
            List additionalGrants = ((AccountApplicationsPage.AppEntry) this.accountAppPage.getApplications().get("offline-client")).getAdditionalGrants();
            MatcherAssert.assertThat(Integer.valueOf(additionalGrants.size()), CoreMatchers.is(1));
            MatcherAssert.assertThat(additionalGrants.get(0), CoreMatchers.is("Offline Token"));
            this.accountAppPage.revokeGrant("offline-client");
            WaitUtils.pause(500L);
            MatcherAssert.assertThat(Integer.valueOf(((AccountApplicationsPage.AppEntry) this.accountAppPage.getApplications().get("offline-client")).getAdditionalGrants().size()), CoreMatchers.is(0));
            this.events.expect(EventType.REVOKE_GRANT).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).detail("revoked_client", "offline-client").assertEvent();
            setAdapterAndServerTimeOffset(19999);
            this.offlineTokenPage.navigateTo();
            URLAssert.assertCurrentUrlDoesntStartWith((AbstractPage) this.offlineTokenPage);
            this.loginPage.assertCurrent();
        } finally {
            this.events.clear();
            resetTimeOffsetAuthenticated();
        }
    }

    @Test
    public void testServletWithConsent() throws IOException {
        try {
            ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, "test", "offline-client").setConsentRequired(true).update();
            Throwable th = null;
            try {
                this.offlineTokenPage.navigateTo();
                this.loginPage.assertCurrent();
                this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
                this.oauthGrantPage.assertCurrent();
                ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("Offline access");
                this.oauthGrantPage.cancel();
                this.driver.navigate().to(UriBuilder.fromUri(this.offlineTokenPage.toString()).queryParam("scope", new Object[]{"offline_access"}).build(new Object[0]).toString());
                WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
                this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
                this.oauthGrantPage.assertCurrent();
                WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("Offline Access");
                this.oauthGrantPage.accept();
                URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.offlineTokenPage);
                MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken(), CoreMatchers.notNullValue());
                MatcherAssert.assertThat(this.offlineTokenPage.getRefreshToken().getType(), CoreMatchers.is("Offline"));
                this.accountAppPage.open();
                AccountApplicationsPage.AppEntry appEntry = (AccountApplicationsPage.AppEntry) this.accountAppPage.getApplications().get("offline-client");
                MatcherAssert.assertThat(appEntry.getClientScopesGranted(), Matchers.hasItem("Offline Access"));
                MatcherAssert.assertThat(appEntry.getAdditionalGrants(), Matchers.hasItem("Offline Token"));
                this.offlineTokenPage.logout();
                URLAssert.assertCurrentUrlDoesntStartWith((AbstractPage) this.offlineTokenPage);
                this.loginPage.assertCurrent();
                if (update != null) {
                    if (0 != 0) {
                        try {
                            update.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        update.close();
                    }
                }
            } finally {
            }
        } finally {
            this.events.clear();
            resetTimeOffsetAuthenticated();
        }
    }

    private void setAdapterAndServerTimeOffset(int i) {
        super.setAdapterAndServerTimeOffset(i, this.offlineTokenPage.toString());
    }

    private void resetTimeOffsetAuthenticated() {
        resetTimeOffsetAuthenticated(AssertEvents.DEFAULT_USERNAME, "password");
    }

    private void resetTimeOffsetAuthenticated(String str, String str2) {
        if (this.testContext.getAppServerInfo().isUndertow()) {
            setAdapterAndServerTimeOffset(0);
            return;
        }
        super.setAdapterServletTimeOffset(0, this.offlineTokenPage.toString());
        if (this.loginPage.isCurrent()) {
            this.loginPage.login(str, str2);
            WaitUtils.waitForPageToLoad();
            this.offlineTokenPage.logout();
        }
        setTimeOffset(0);
    }
}
