package org.keycloak.testsuite.saml;

import com.google.common.base.Charsets;
import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.concurrent.TimeUnit;
import java.util.concurrent.atomic.AtomicReference;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.ws.rs.core.Response;
import javax.xml.transform.dom.DOMSource;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.util.EntityUtils;
import org.awaitility.Awaitility;
import org.awaitility.core.ConditionFactory;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.dom.saml.v2.SAML2Object;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.metadata.EndpointType;
import org.keycloak.dom.saml.v2.metadata.IndexedEndpointType;
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
import org.keycloak.dom.saml.v2.protocol.ArtifactResponseType;
import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
import org.keycloak.dom.saml.v2.protocol.NameIDMappingResponseType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.saml.SamlProtocolUtils;
import org.keycloak.protocol.saml.profile.util.Soap;
import org.keycloak.protocol.saml.util.ArtifactBindingUtils;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.saml.SAML2LogoutResponseBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.oauth.RefreshTokenTest;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.util.InfinispanTestTimeServiceRule;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.SamlUtils;
import org.keycloak.testsuite.util.saml.CreateLogoutRequestStepBuilder;
import org.keycloak.testsuite.util.saml.HandleArtifactStepBuilder;
import org.keycloak.testsuite.util.saml.SamlMessageReceiver;
import org.keycloak.testsuite.util.saml.SessionStateChecker;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.w3c.dom.Document;

/* loaded from: input_file:org/keycloak/testsuite/saml/ArtifactBindingTest.class */
public class ArtifactBindingTest extends AbstractSamlTest {

    @Rule
    public InfinispanTestTimeServiceRule ispnTestTimeService = new InfinispanTestTimeServiceRule(this);

    @Test
    public void testArtifactBindingTimesOutAfterCodeToTokenLifespan() throws Exception {
        getCleanup().addCleanup(new RealmAttributeUpdater(this.adminClient.realm(AbstractSamlTest.REALM_NAME)).setAccessCodeLifespan(1).update());
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(() -> {
            setTimeOffset(1000);
        }).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.nullValue());
    }

    @Test
    public void testArtifactBindingWithResponseAndAssertionSignature() throws Exception {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_ASSERTION_AND_RESPONSE_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_ASSERTION_AND_RESPONSE_SIG, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_ASSERTION_AND_RESPONSE_SIG).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        ResponseType responseType = (ResponseType) samlObject.getAny();
        MatcherAssert.assertThat(responseType, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getSignature(), Matchers.not(Matchers.nullValue()));
        SamlProtocolUtils.verifyDocumentSignature(sAMLDocumentHolder.getSamlDocument(), SamlUtils.getSamlDeploymentForClient("sales-post-assertion-and-response-sig").getIDP().getSignatureValidationKeyLocator());
    }

    @Test
    public void testArtifactBindingWithEncryptedAssertion() throws Exception {
        SamlClientBuilder doNotFollowRedirects = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_ENC, SAML_ASSERTION_CONSUMER_URL_SALES_POST_ENC, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_ENC_PUBLIC_KEY).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_ENC).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_ENC_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_ENC_PUBLIC_KEY).build().doNotFollowRedirects();
        SamlClient.Binding binding = SamlClient.Binding.ARTIFACT_RESPONSE;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) doNotFollowRedirects.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        ResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion(), Matchers.nullValue());
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getEncryptedAssertion(), Matchers.not(Matchers.nullValue()));
        AssertionUtil.decryptAssertion(sAMLDocumentHolder, samlObject, SamlUtils.getSamlDeploymentForClient("sales-post-enc").getDecryptionKey());
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion(), Matchers.not(Matchers.nullValue()));
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getEncryptedAssertion(), Matchers.nullValue());
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion().getIssuer().getValue(), Matchers.equalTo(getAuthServerRealmBase(AbstractSamlTest.REALM_NAME).toString()));
    }

    @Test
    public void testArtifactBindingLoginCheckArtifactWithPost() throws NoSuchAlgorithmException {
        String str = (String) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().doNotFollowRedirects().executeAndTransform(closeableHttpResponse -> {
            return EntityUtils.toString(closeableHttpResponse.getEntity());
        });
        MatcherAssert.assertThat(str, Matchers.containsString("SAMLart"));
        Matcher matcher = Pattern.compile("NAME=\"SAMLart\" VALUE=\"((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))").matcher(str);
        MatcherAssert.assertThat(Boolean.valueOf(matcher.find()), Matchers.is(true));
        String group = matcher.group(1);
        MatcherAssert.assertThat(group, Matchers.not(Matchers.isEmptyOrNullString()));
        byte[] decode = Base64.getDecoder().decode(group);
        MatcherAssert.assertThat(Integer.valueOf(decode.length), Matchers.is(44));
        MatcherAssert.assertThat(Byte.valueOf(decode[0]), Matchers.is((byte) 0));
        MatcherAssert.assertThat(Byte.valueOf(decode[1]), Matchers.is((byte) 4));
        MatcherAssert.assertThat(Byte.valueOf(decode[2]), Matchers.is((byte) 0));
        MatcherAssert.assertThat(Byte.valueOf(decode[3]), Matchers.is((byte) 0));
        byte[] digest = MessageDigest.getInstance("SHA-1").digest(getAuthServerRealmBase(AbstractSamlTest.REALM_NAME).toString().getBytes(Charsets.UTF_8));
        for (int i = 0; i < 20; i++) {
            MatcherAssert.assertThat(Byte.valueOf(digest[i]), Matchers.is(Byte.valueOf(decode[i + 4])));
        }
    }

    @Test
    public void testArtifactBindingLoginFullExchangeWithPost() {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(samlObject.getInResponseTo(), Matchers.not(Matchers.isEmptyOrNullString()));
        MatcherAssert.assertThat((ResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    public void testArtifactBindingLoginCorrectSignature() {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.not(Matchers.nullValue()));
        ResponseType responseType = (ResponseType) samlObject.getAny();
        MatcherAssert.assertThat(responseType, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(((ResponseType.RTChoiceType) responseType.getAssertions().get(0)).getAssertion().getSignature(), Matchers.nullValue());
    }

    @Test
    public void testArtifactBindingLoginIncorrectSignature() {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_EXPIRED_PUBLIC_KEY).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.not(Matchers.nullValue()));
    }

    @Test
    public void testArtifactBindingLoginGetArtifactResponseTwice() {
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        HandleArtifactStepBuilder handleArtifactStepBuilder = new HandleArtifactStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, samlClientBuilder);
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) samlClientBuilder.authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(handleArtifactStepBuilder).build().processSamlResponse(SamlClient.Binding.ARTIFACT_RESPONSE).transformObject(sAML2Object -> {
            MatcherAssert.assertThat(sAML2Object, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            return null;
        }).build().handleArtifact(handleArtifactStepBuilder).replayPost(true).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.nullValue());
    }

    @Test
    public void testArtifactSuccessfulAfterFirstUnsuccessfulRequest() {
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        AtomicReference atomicReference = new AtomicReference();
        SamlClientBuilder build = samlClientBuilder.authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).storeArtifact(atomicReference).build().assertResponse(closeableHttpResponse -> {
            MatcherAssert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.bodyHC(Matchers.containsString(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get())));
        }).handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).useArtifact(atomicReference).build();
        SamlClient.Binding binding = SamlClient.Binding.ARTIFACT_RESPONSE;
        binding.getClass();
        MatcherAssert.assertThat(((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
    }

    @Test
    public void testArtifactBindingLoginForceArtifactBinding() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").update());
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat((ResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    public void testArtifactBindingLoginSignedArtifactResponse() throws Exception {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml.server.signature", "true").update());
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.notNullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(samlObject.getInResponseTo(), Matchers.not(Matchers.isEmptyOrNullString()));
        MatcherAssert.assertThat((ResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        SamlProtocolUtils.verifyDocumentSignature(sAMLDocumentHolder.getSamlDocument(), SamlUtils.getSamlDeploymentForClient("sales-post").getIDP().getSignatureValidationKeyLocator());
    }

    @Test
    public void testArtifactBindingLoginFullExchangeWithRedirect() {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(samlObject.getInResponseTo(), Matchers.not(Matchers.isEmptyOrNullString()));
        MatcherAssert.assertThat((ResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    public void testArtifactResponseContainsCorrectInResponseTo() {
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setArtifactResolveId("TestId").build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(samlObject.getInResponseTo(), Matchers.is("TestId"));
    }

    @Test
    public void testArtifactBindingLogoutSingleClientCheckArtifact() throws NoSuchAlgorithmException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml.server.signature", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        String str = (String) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST).build().doNotFollowRedirects().executeAndTransform(closeableHttpResponse -> {
            return EntityUtils.toString(closeableHttpResponse.getEntity());
        });
        MatcherAssert.assertThat(str, Matchers.containsString("SAMLart"));
        Matcher matcher = Pattern.compile("NAME=\"SAMLart\" VALUE=\"((?:[A-Za-z0-9+/]{4})*(?:[A-Za-z0-9+/]{2}==|[A-Za-z0-9+/]{3}=))").matcher(str);
        MatcherAssert.assertThat(true, Matchers.is(Boolean.valueOf(matcher.find())));
        String group = matcher.group(1);
        MatcherAssert.assertThat(group, Matchers.not(Matchers.isEmptyOrNullString()));
        byte[] decode = Base64.getDecoder().decode(group);
        MatcherAssert.assertThat(Integer.valueOf(decode.length), Matchers.is(44));
        MatcherAssert.assertThat(Byte.valueOf(decode[0]), Matchers.is((byte) 0));
        MatcherAssert.assertThat(Byte.valueOf(decode[1]), Matchers.is((byte) 4));
        MatcherAssert.assertThat(Byte.valueOf(decode[2]), Matchers.is((byte) 0));
        MatcherAssert.assertThat(Byte.valueOf(decode[3]), Matchers.is((byte) 0));
        byte[] digest = MessageDigest.getInstance("SHA-1").digest(getAuthServerRealmBase(AbstractSamlTest.REALM_NAME).toString().getBytes(Charsets.UTF_8));
        for (int i = 0; i < 20; i++) {
            MatcherAssert.assertThat(Byte.valueOf(digest[i]), Matchers.is(Byte.valueOf(decode[i + 4])));
        }
    }

    @Test
    public void testArtifactBindingLogoutSingleClientPost() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ArtifactResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(NameIDMappingResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(StatusResponseType.class));
        MatcherAssert.assertThat((StatusResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    public void testArtifactBindingLogoutSingleClientRedirect() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ArtifactResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(NameIDMappingResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(StatusResponseType.class));
        MatcherAssert.assertThat((StatusResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    public void testArtifactBindingLogoutTwoClientsPostWithSig() throws Exception {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG, SAML_ASSERTION_CONSUMER_URL_SALES_POST_SIG, SamlClient.Binding.POST).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().sso(true).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SamlClient.Binding.POST);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) nameId.sessionIndex(atomicReference2::get).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST_SIG).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.notNullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(LogoutRequestType.class));
        SamlProtocolUtils.verifyDocumentSignature(sAMLDocumentHolder.getSamlDocument(), SamlUtils.getSamlDeploymentForClient("sales-post").getIDP().getSignatureValidationKeyLocator());
    }

    @Test
    public void testArtifactBindingLogoutTwoClientsRedirect() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update()).addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.REDIRECT).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SamlClient.Binding.REDIRECT);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) nameId.sessionIndex(atomicReference2::get).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(LogoutRequestType.class));
    }

    /* JADX WARN: Finally extract failed */
    @Test
    public void testArtifactBindingWithBackchannelLogout() {
        try {
            SamlMessageReceiver samlMessageReceiver = new SamlMessageReceiver(8082);
            Throwable th = null;
            try {
                ClientAttributeUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setFrontchannelLogout(false).setAttribute("saml_single_logout_service_url_post", samlMessageReceiver.getUrl()).update();
                Throwable th2 = null;
                try {
                    try {
                        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, SamlClient.Binding.POST).build().followOneRedirect().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().execute();
                        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SamlClient.Binding.POST);
                        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
                        atomicReference.getClass();
                        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
                        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
                        atomicReference2.getClass();
                        nameId.sessionIndex(atomicReference2::get).build().executeAndTransform(closeableHttpResponse -> {
                            MatcherAssert.assertThat(SamlClient.Binding.POST.extractResponse(closeableHttpResponse).getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
                            return null;
                        });
                        ConditionFactory atMost = Awaitility.await().pollInterval(100L, TimeUnit.MILLISECONDS).atMost(1L, TimeUnit.MINUTES);
                        samlMessageReceiver.getClass();
                        atMost.until(samlMessageReceiver::isMessageReceived);
                        MatcherAssert.assertThat(Boolean.valueOf(samlMessageReceiver.isMessageReceived()), Matchers.is(true));
                        MatcherAssert.assertThat(samlMessageReceiver.getSamlDocumentHolder().getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlLogoutRequest(samlMessageReceiver.getUrl()));
                        if (update != null) {
                            if (0 != 0) {
                                try {
                                    update.close();
                                } catch (Throwable th3) {
                                    th2.addSuppressed(th3);
                                }
                            } else {
                                update.close();
                            }
                        }
                        if (samlMessageReceiver != null) {
                            if (0 != 0) {
                                try {
                                    samlMessageReceiver.close();
                                } catch (Throwable th4) {
                                    th.addSuppressed(th4);
                                }
                            } else {
                                samlMessageReceiver.close();
                            }
                        }
                    } finally {
                    }
                } catch (Throwable th5) {
                    if (update != null) {
                        if (th2 != null) {
                            try {
                                update.close();
                            } catch (Throwable th6) {
                                th2.addSuppressed(th6);
                            }
                        } else {
                            update.close();
                        }
                    }
                    throw th5;
                }
            } catch (Throwable th7) {
                if (samlMessageReceiver != null) {
                    if (0 != 0) {
                        try {
                            samlMessageReceiver.close();
                        } catch (Throwable th8) {
                            th.addSuppressed(th8);
                        }
                    } else {
                        samlMessageReceiver.close();
                    }
                }
                throw th7;
            }
        } catch (Exception e) {
            throw new RuntimeException("Cannot run SamlMessageReceiver", e);
        }
    }

    @Test
    public void testArtifactResolveWithWrongIssuerFails() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_post", "http://url").update());
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).build().execute(closeableHttpResponse -> {
            MatcherAssert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.bodyHC(Matchers.containsString(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get())));
        });
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testSessionStateDuringArtifactBindingLogoutWithOneClient() {
        String id = ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getId();
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        AtomicReference atomicReference = new AtomicReference();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).storeUserSessionId(atomicReference).expectedState(UserSessionModel.State.LOGGED_IN).expectedClientSession(id).consumeUserSession(userSessionModel -> {
            MatcherAssert.assertThat(userSessionModel, Matchers.notNullValue());
        }).consumeClientSession(id, authenticatedClientSessionModel -> {
            MatcherAssert.assertThat(authenticatedClientSessionModel, Matchers.notNullValue());
        })).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).expectedUserSession(atomicReference).expectedState(UserSessionModel.State.LOGGED_OUT_UNCONFIRMED).expectedNumberOfClientSessions(1).expectedAction(id, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(this.testingClient.server()).consumeUserSession(userSessionModel2 -> {
            MatcherAssert.assertThat(userSessionModel2, Matchers.nullValue());
        }).setUserSessionProvider(keycloakSession -> {
            return (String) atomicReference.get();
        })).build().doNotFollowRedirects().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(ArtifactResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.not(Matchers.instanceOf(NameIDMappingResponseType.class)));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(StatusResponseType.class));
        MatcherAssert.assertThat((StatusResponseType) samlObject.getAny(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update()).addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_artifact", "http://url").setFrontchannelLogout(true).update());
        String id = ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getId();
        String id2 = ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).get(0)).getId();
        AtomicReference atomicReference = new AtomicReference();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SAML_ASSERTION_CONSUMER_URL_SALES_POST2, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).storeUserSessionId(atomicReference).expectedClientSession(id2).expectedState(UserSessionModel.State.LOGGED_IN).expectedNumberOfClientSessions(1).consumeUserSession(userSessionModel -> {
            MatcherAssert.assertThat(userSessionModel, Matchers.notNullValue());
        }).consumeClientSession(id2, authenticatedClientSessionModel -> {
            MatcherAssert.assertThat(authenticatedClientSessionModel, Matchers.notNullValue());
        })).verifyRedirect(true).build().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).expectedUserSession(atomicReference).expectedState(UserSessionModel.State.LOGGED_IN).expectedClientSession(id).expectedNumberOfClientSessions(2).expectedAction(id2, (CommonClientSessionModel.Action) null).expectedAction(id, (CommonClientSessionModel.Action) null)).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2, SamlClient.Binding.REDIRECT).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).expectedUserSession(atomicReference).expectedState(UserSessionModel.State.LOGGING_OUT).expectedClientSession(id).expectedNumberOfClientSessions(2).expectedAction(id, CommonClientSessionModel.Action.LOGGING_OUT).expectedAction(id2, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(this.testingClient.server()).setUserSessionProvider(keycloakSession -> {
            return (String) atomicReference.get();
        }).expectedState(UserSessionModel.State.LOGGING_OUT).expectedNumberOfClientSessions(2).expectedAction(id, CommonClientSessionModel.Action.LOGGED_OUT).expectedAction(id2, CommonClientSessionModel.Action.LOGGING_OUT)).verifyRedirect(true).build().doNotFollowRedirects().processSamlResponse(SamlClient.Binding.ARTIFACT_RESPONSE).transformDocument(document -> {
            return new SAML2LogoutResponseBuilder().destination(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME).toString()).issuer(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).logoutRequestID(((SAML2Object) SAMLParser.getInstance().parse(new DOMSource(document))).getID()).buildDocument();
        }).targetBinding(SamlClient.Binding.REDIRECT).targetAttributeSamlResponse().targetUri(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME)).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2).verifyRedirect(true).setBeforeStepChecks(new SessionStateChecker(this.testingClient.server()).expectedUserSession(atomicReference).expectedClientSession(id2).expectedState(UserSessionModel.State.LOGGED_OUT_UNCONFIRMED).expectedNumberOfClientSessions(2).expectedAction(id, CommonClientSessionModel.Action.LOGGED_OUT).expectedAction(id2, CommonClientSessionModel.Action.LOGGING_OUT)).setAfterStepChecks(new SessionStateChecker(this.testingClient.server()).consumeUserSession(userSessionModel2 -> {
            MatcherAssert.assertThat(userSessionModel2, Matchers.nullValue());
        }).setUserSessionProvider(keycloakSession2 -> {
            return (String) atomicReference.get();
        })).build().executeAndTransform(this::getArtifactResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ArtifactResponseType.class));
        ArtifactResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getAny(), Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetRedirect() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_redirect", "http://url").setFrontchannelLogout(true).update());
        SamlClientBuilder doNotFollowRedirects = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).verifyRedirect(true).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT).build().doNotFollowRedirects();
        SamlClient.Binding binding = SamlClient.Binding.REDIRECT;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) doNotFollowRedirects.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
        StatusResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(ResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(ArtifactResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(NameIDMappingResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void testArtifactBindingIsNotUsedForLogoutWhenLogoutUrlNotSetPostTest() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_single_logout_service_url_post", "http://url").setFrontchannelLogout(true).update());
        SamlClientBuilder doNotFollowRedirects = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri()).build().login().user(this.bburkeUser).build().handleArtifact(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST).build().doNotFollowRedirects();
        SamlClient.Binding binding = SamlClient.Binding.POST;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) doNotFollowRedirects.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
        StatusResponseType samlObject = sAMLDocumentHolder.getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
        MatcherAssert.assertThat(samlObject.getSignature(), Matchers.nullValue());
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(ResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(ArtifactResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.not(Matchers.instanceOf(NameIDMappingResponseType.class)));
        MatcherAssert.assertThat(samlObject, Matchers.instanceOf(StatusResponseType.class));
    }

    private SAMLDocumentHolder getArtifactResponse(CloseableHttpResponse closeableHttpResponse) throws IOException, ParsingException, ProcessingException {
        MatcherAssert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Response.Status.OK));
        return SAML2Request.getSAML2ObjectFromDocument(extractSoapMessage(closeableHttpResponse));
    }

    private Document extractSoapMessage(CloseableHttpResponse closeableHttpResponse) throws IOException {
        Document extractSoapMessage = Soap.extractSoapMessage(new ByteArrayInputStream(EntityUtils.toByteArray(closeableHttpResponse.getEntity())));
        closeableHttpResponse.close();
        return extractSoapMessage;
    }

    @Test
    public void testImportClientArtifactResolutionSingleServices() {
        ClientRepresentation convertClientDescription = this.adminClient.realm(AbstractSamlTest.REALM_NAME).convertClientDescription(IOUtil.documentToString(IOUtil.loadXML(ArtifactBindingTest.class.getResourceAsStream("/saml/sp-metadata-artifact-simple.xml"))));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_resolution_service_url"), Matchers.is("https://test.keycloak.com/auth/login/epd/callback/soap"));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_binding_url"), Matchers.is("https://test.keycloak.com/auth/login/epd/callback/http-artifact"));
    }

    @Test
    public void testImportClientMultipleServices() {
        ClientRepresentation convertClientDescription = this.adminClient.realm(AbstractSamlTest.REALM_NAME).convertClientDescription(IOUtil.documentToString(IOUtil.loadXML(ArtifactBindingTest.class.getResourceAsStream("/saml/sp-metadata-artifact-multiple.xml"))));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_resolution_service_url"), Matchers.is("https://test.keycloak.com/auth/login/epd/callback/soap-1"));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_binding_url"), Matchers.startsWith("https://test.keycloak.com/auth/login/epd/callback/http-artifact"));
    }

    @Test
    public void testImportClientMultipleServicesWithDefault() {
        ClientRepresentation convertClientDescription = this.adminClient.realm(AbstractSamlTest.REALM_NAME).convertClientDescription(IOUtil.documentToString(IOUtil.loadXML(ArtifactBindingTest.class.getResourceAsStream("/saml/sp-metadata-artifact-multiple-default.xml"))));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_resolution_service_url"), Matchers.is("https://test.keycloak.com/auth/login/epd/callback/soap-9"));
        MatcherAssert.assertThat(convertClientDescription.getAttributes().get("saml_artifact_binding_url"), Matchers.startsWith("https://test.keycloak.com/auth/login/epd/callback/http-artifact"));
    }

    @Test
    public void testSPMetadataArtifactBindingNotUsedForLogout() throws ParsingException, URISyntaxException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_artifact_binding_url", "http://url.artifact.test").setAdminUrl("http://admin.url.test").update());
        SPSSODescriptorType sPInstallationDescriptor = SamlUtils.getSPInstallationDescriptor(this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST);
        MatcherAssert.assertThat(((IndexedEndpointType) sPInstallationDescriptor.getAssertionConsumerService().get(0)).getBinding(), Matchers.is(Matchers.equalTo(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri())));
        MatcherAssert.assertThat(((IndexedEndpointType) sPInstallationDescriptor.getAssertionConsumerService().get(0)).getLocation(), Matchers.is(Matchers.equalTo(new URI("http://url.artifact.test"))));
        MatcherAssert.assertThat(((EndpointType) sPInstallationDescriptor.getSingleLogoutService().get(0)).getBinding(), Matchers.is(Matchers.equalTo(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri())));
        MatcherAssert.assertThat(((EndpointType) sPInstallationDescriptor.getSingleLogoutService().get(0)).getLocation(), Matchers.is(Matchers.equalTo(new URI("http://admin.url.test"))));
    }

    @Test
    public void testSPMetadataArtifactBindingUsedForLogout() throws ParsingException, URISyntaxException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml.artifact.binding", "true").setAttribute("saml_artifact_binding_url", "http://url.artifact.test").setAttribute("saml_single_logout_service_url_artifact", "http://url.artifact.test").setAdminUrl("http://admin.url.test").update());
        SPSSODescriptorType sPInstallationDescriptor = SamlUtils.getSPInstallationDescriptor(this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients(), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST);
        MatcherAssert.assertThat(((IndexedEndpointType) sPInstallationDescriptor.getAssertionConsumerService().get(0)).getBinding(), Matchers.is(Matchers.equalTo(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri())));
        MatcherAssert.assertThat(((IndexedEndpointType) sPInstallationDescriptor.getAssertionConsumerService().get(0)).getLocation(), Matchers.is(Matchers.equalTo(new URI("http://url.artifact.test"))));
        MatcherAssert.assertThat(((EndpointType) sPInstallationDescriptor.getSingleLogoutService().get(0)).getBinding(), Matchers.is(Matchers.equalTo(JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri())));
        MatcherAssert.assertThat(((EndpointType) sPInstallationDescriptor.getSingleLogoutService().get(0)).getLocation(), Matchers.is(Matchers.equalTo(new URI("http://url.artifact.test"))));
    }

    @Test
    public void testArtifactBindingIdentifierChangedWhenClientIdChanged() throws IOException {
        String str = (String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml.artifact.binding.identifier");
        MatcherAssert.assertThat(str, Matchers.notNullValue());
        ClientAttributeUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setClientId("new_client_id").update();
        Throwable th = null;
        try {
            String str2 = (String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId("new_client_id").get(0)).getAttributes().get("saml.artifact.binding.identifier");
            MatcherAssert.assertThat(str2, Matchers.not(Matchers.equalTo(str)));
            MatcherAssert.assertThat(str2, Matchers.equalTo(ArtifactBindingUtils.computeArtifactBindingIdentifierString("new_client_id")));
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    update.close();
                }
            }
            MatcherAssert.assertThat(((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml.artifact.binding.identifier"), Matchers.equalTo(str));
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 651598968:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithOneClient$25ec4883$1")) {
                    z = 6;
                    break;
                }
                break;
            case 651598969:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithOneClient$25ec4883$2")) {
                    z = 7;
                    break;
                }
                break;
            case 651598970:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithOneClient$25ec4883$3")) {
                    z = 5;
                    break;
                }
                break;
            case 1068937936:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients$25ec4883$1")) {
                    z = true;
                    break;
                }
                break;
            case 1068937937:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients$25ec4883$2")) {
                    z = 3;
                    break;
                }
                break;
            case 1068937938:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients$25ec4883$3")) {
                    z = false;
                    break;
                }
                break;
            case 1501019464:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithOneClient$4623cff0$1")) {
                    z = 8;
                    break;
                }
                break;
            case 1918358432:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients$4623cff0$1")) {
                    z = 4;
                    break;
                }
                break;
            case 1918358433:
                if (implMethodName.equals("lambda$testSessionStateDuringArtifactBindingLogoutWithMoreFrontChannelClients$4623cff0$2")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/UserSessionModel;)V")) {
                    return userSessionModel2 -> {
                        MatcherAssert.assertThat(userSessionModel2, Matchers.nullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/UserSessionModel;)V")) {
                    return userSessionModel -> {
                        MatcherAssert.assertThat(userSessionModel, Matchers.notNullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/util/concurrent/atomic/AtomicReference;Lorg/keycloak/models/KeycloakSession;)Ljava/lang/String;")) {
                    AtomicReference atomicReference = (AtomicReference) serializedLambda.getCapturedArg(0);
                    return keycloakSession2 -> {
                        return (String) atomicReference.get();
                    };
                }
                break;
            case RefreshTokenTest.ALLOWED_CLOCK_SKEW /* 3 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/AuthenticatedClientSessionModel;)V")) {
                    return authenticatedClientSessionModel -> {
                        MatcherAssert.assertThat(authenticatedClientSessionModel, Matchers.notNullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/util/concurrent/atomic/AtomicReference;Lorg/keycloak/models/KeycloakSession;)Ljava/lang/String;")) {
                    AtomicReference atomicReference2 = (AtomicReference) serializedLambda.getCapturedArg(0);
                    return keycloakSession -> {
                        return (String) atomicReference2.get();
                    };
                }
                break;
            case ConcurrentAuthnRequestTest.CONCURRENT_THREADS /* 5 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/UserSessionModel;)V")) {
                    return userSessionModel22 -> {
                        MatcherAssert.assertThat(userSessionModel22, Matchers.nullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/UserSessionModel;)V")) {
                    return userSessionModel3 -> {
                        MatcherAssert.assertThat(userSessionModel3, Matchers.notNullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableConsumer") && serializedLambda.getFunctionalInterfaceMethodName().equals("accept") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/AuthenticatedClientSessionModel;)V")) {
                    return authenticatedClientSessionModel2 -> {
                        MatcherAssert.assertThat(authenticatedClientSessionModel2, Matchers.notNullValue());
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/infinispan/util/function/SerializableFunction") && serializedLambda.getFunctionalInterfaceMethodName().equals("apply") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Ljava/lang/Object;)Ljava/lang/Object;") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/ArtifactBindingTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/util/concurrent/atomic/AtomicReference;Lorg/keycloak/models/KeycloakSession;)Ljava/lang/String;")) {
                    AtomicReference atomicReference3 = (AtomicReference) serializedLambda.getCapturedArg(0);
                    return keycloakSession3 -> {
                        return (String) atomicReference3.get();
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
