package org.keycloak.testsuite.adapter.servlet;

import java.io.File;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.util.Arrays;
import java.util.Map;
import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.concurrent.TimeUnit;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.FileUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.drone.api.annotation.Drone;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.adapters.OIDCAuthenticationError;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Time;
import org.keycloak.events.EventType;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.adapter.page.BasicAuth;
import org.keycloak.testsuite.adapter.page.ClientSecretJwtSecurePortal;
import org.keycloak.testsuite.adapter.page.ClientSecretJwtSecurePortalValidAlg;
import org.keycloak.testsuite.adapter.page.CustomerCookiePortal;
import org.keycloak.testsuite.adapter.page.CustomerCookiePortalRoot;
import org.keycloak.testsuite.adapter.page.CustomerDb;
import org.keycloak.testsuite.adapter.page.CustomerDbErrorPage;
import org.keycloak.testsuite.adapter.page.CustomerPortal;
import org.keycloak.testsuite.adapter.page.CustomerPortalNoConf;
import org.keycloak.testsuite.adapter.page.InputPortal;
import org.keycloak.testsuite.adapter.page.InputPortalNoAccessToken;
import org.keycloak.testsuite.adapter.page.ProductPortal;
import org.keycloak.testsuite.adapter.page.ProductPortalAutodetectBearerOnly;
import org.keycloak.testsuite.adapter.page.SecurePortal;
import org.keycloak.testsuite.adapter.page.SecurePortalRewriteRedirectUri;
import org.keycloak.testsuite.adapter.page.SecurePortalWithCustomSessionConfig;
import org.keycloak.testsuite.adapter.page.TokenMinTTLPage;
import org.keycloak.testsuite.adapter.page.TokenRefreshPage;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.auth.page.account.Applications;
import org.keycloak.testsuite.auth.page.login.OAuthGrant;
import org.keycloak.testsuite.auth.page.login.OIDCLogin;
import org.keycloak.testsuite.auth.page.login.PageWithLoginUrl;
import org.keycloak.testsuite.console.page.events.Config;
import org.keycloak.testsuite.console.page.events.LoginEvents;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.page.AbstractPageWithInjectedUrl;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.JavascriptBrowser;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.util.BasicAuthHelper;
import org.openqa.selenium.By;
import org.openqa.selenium.Cookie;
import org.openqa.selenium.WebDriver;

@AppServerContainers({@AppServerContainer("app-server-undertow"), @AppServerContainer("app-server-wildfly"), @AppServerContainer("app-server-wildfly-deprecated"), @AppServerContainer("app-server-eap"), @AppServerContainer("app-server-eap6"), @AppServerContainer("app-server-eap71"), @AppServerContainer("app-server-tomcat7"), @AppServerContainer("app-server-tomcat8"), @AppServerContainer("app-server-tomcat9")})
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/DemoServletsAdapterTest.class */
public class DemoServletsAdapterTest extends AbstractServletsAdapterTest {

    @Drone
    @JavascriptBrowser
    protected WebDriver jsDriver;

    @JavascriptBrowser
    @Page
    protected OIDCLogin jsDriverTestRealmLoginPage;

    @Page
    protected CustomerPortal customerPortal;

    @Page
    private CustomerPortalNoConf customerPortalNoConf;

    @Page
    private SecurePortal securePortal;

    @Page
    private SecurePortalWithCustomSessionConfig securePortalWithCustomSessionConfig;

    @Page
    private SecurePortalRewriteRedirectUri securePortalRewriteRedirectUri;

    @Page
    private CustomerDb customerDb;

    @Page
    private CustomerDbErrorPage customerDbErrorPage;

    @Page
    private ProductPortal productPortal;

    @Page
    private ProductPortalAutodetectBearerOnly productPortalAutodetectBearerOnly;

    @Page
    private InputPortal inputPortal;

    @Page
    private InputPortalNoAccessToken inputPortalNoAccessToken;

    @Page
    private TokenMinTTLPage tokenMinTTLPage;

    @Page
    private TokenRefreshPage tokenRefreshPage;

    @Page
    private OAuthGrant oAuthGrantPage;

    @Page
    protected Applications applicationsPage;

    @Page
    protected LoginEvents loginEventsPage;

    @Page
    private BasicAuth basicAuthPage;

    @Page
    protected Config configPage;

    @Page
    private ClientSecretJwtSecurePortal clientSecretJwtSecurePortal;

    @Page
    private ClientSecretJwtSecurePortalValidAlg clientSecretJwtSecurePortalValidAlg;

    @Page
    private CustomerCookiePortal customerCookiePortal;

    @Page
    private CustomerCookiePortalRoot customerCookiePortalRoot;

    @Rule
    public AssertEvents assertEvents = new AssertEvents(this);

    @Deployment(name = "customer-portal")
    protected static WebArchive customerPortal() {
        return servletDeployment("customer-portal", CustomerServlet.class, ErrorServlet.class, ServletTestUtils.class);
    }

    @Deployment(name = "customer-cookie-portal")
    protected static WebArchive customerCookiePortal() {
        return servletDeployment("customer-cookie-portal", AdapterActionsFilter.class, CustomerServlet.class, ErrorServlet.class, ServletTestUtils.class);
    }

    @Deployment(name = "customer-portal-noconf")
    protected static WebArchive customerPortalNoConf() {
        return servletDeployment("customer-portal-noconf", CustomerServletNoConf.class, ErrorServlet.class, ServletTestUtils.class);
    }

    @Deployment(name = "secure-portal")
    protected static WebArchive securePortal() {
        return servletDeployment("secure-portal", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "secure-portal-with-rewrite-redirect-uri")
    protected static WebArchive securePortalRewriteRedirectUri() {
        return servletDeployment("secure-portal-with-rewrite-redirect-uri", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "secure-portal-with-custom-session-config")
    protected static WebArchive securePortalWithCustomSessionConfig() {
        return servletDeployment("secure-portal-with-custom-session-config", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "customer-db")
    protected static WebArchive customerDb() {
        return servletDeployment("customer-db", AdapterActionsFilter.class, CustomerDatabaseServlet.class);
    }

    @Deployment(name = "customer-db-audience-required")
    protected static WebArchive customerDbAudienceRequired() {
        return servletDeployment("customer-db-audience-required", AdapterActionsFilter.class, CustomerDatabaseServlet.class);
    }

    @Deployment(name = "customer-db-error-page")
    protected static WebArchive customerDbErrorPage() {
        return servletDeployment("customer-db-error-page", CustomerDatabaseServlet.class, ErrorServlet.class);
    }

    @Deployment(name = "product-portal")
    protected static WebArchive productPortal() {
        return servletDeployment("product-portal", ProductServlet.class);
    }

    @Deployment(name = "product-portal-autodetect-bearer-only")
    protected static WebArchive productPortalAutodetectBearerOnly() {
        return servletDeployment("product-portal-autodetect-bearer-only", ProductServlet.class);
    }

    @Deployment(name = "input-portal")
    protected static WebArchive inputPortal() {
        return servletDeployment("input-portal", "keycloak.json", InputServlet.class, ServletTestUtils.class);
    }

    @Deployment(name = "no-access-token")
    protected static WebArchive inputPortalNoAccessToken() {
        return servletDeployment("no-access-token", "keycloak.json", InputServlet.class, ServletTestUtils.class);
    }

    @Deployment(name = "token-min-ttl")
    protected static WebArchive tokenMinTTLPage() {
        return servletDeployment("token-min-ttl", AdapterActionsFilter.class, AbstractShowTokensServlet.class, TokenMinTTLServlet.class, ErrorServlet.class);
    }

    @Deployment(name = "token-refresh")
    protected static WebArchive tokenRefresh() {
        return servletDeployment("token-refresh", AdapterActionsFilter.class, AbstractShowTokensServlet.class, TokenMinTTLServlet.class, ErrorServlet.class);
    }

    @Deployment(name = "basic-auth")
    protected static WebArchive basicAuth() {
        return servletDeployment("basic-auth", BasicAuthServlet.class);
    }

    @Deployment(name = "client-secret-jwt-secure-portal")
    protected static WebArchive clientSecretSecurePortal() {
        return servletDeployment("client-secret-jwt-secure-portal", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "client-secret-jwt-secure-portal-valid-alg")
    protected static WebArchive clientSecretSecurePortalValidAlg() {
        return servletDeployment("client-secret-jwt-secure-portal-valid-alg", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "customer-cookie-portal-root")
    protected static WebArchive customerCookiePortalRoot() {
        return servletDeployment("customer-cookie-portal-root", AdapterActionsFilter.class, CustomerServlet.class, ErrorServlet.class, ServletTestUtils.class);
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.configPage.setConsoleRealm(AbstractSamlTest.REALM_NAME);
        this.loginEventsPage.setConsoleRealm(AbstractSamlTest.REALM_NAME);
        this.applicationsPage.setAuthRealm(AbstractSamlTest.REALM_NAME);
        this.loginEventsPage.setConsoleRealm(AbstractSamlTest.REALM_NAME);
        this.oAuthGrantPage.setAuthRealm(AbstractSamlTest.REALM_NAME);
    }

    @Before
    public void beforeDemoServletsAdapterTest() {
        this.tokenMinTTLPage.navigateTo();
        this.driver.manage().deleteAllCookies();
    }

    @Test
    public void testTokenInCookieSSO() {
        String loginToCustomerCookiePortal = loginToCustomerCookiePortal();
        this.customerPortal.navigateTo();
        assertLogged();
        this.customerCookiePortal.navigateTo();
        assertLogged();
        Assert.assertEquals(loginToCustomerCookiePortal, this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getValue());
        logoutFromCustomerCookiePortal();
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testTokenInCookieRefresh() {
        this.log.debug("Set token timeout 10 sec");
        RealmRepresentation representation = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation();
        int intValue = representation.getAccessTokenLifespan().intValue();
        representation.setAccessTokenLifespan(10);
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        try {
            this.log.debug("login to customer-cookie-portal");
            String loginToCustomerCookiePortal = loginToCustomerCookiePortal();
            this.log.debug("Simulate waiting 12 seconds");
            setAdapterAndServerTimeOffset(12, this.customerCookiePortal.toString());
            this.log.debug("assert cookie was refreshed");
            this.customerCookiePortal.navigateTo();
            URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerCookiePortal);
            assertLogged();
            Assert.assertNotEquals(loginToCustomerCookiePortal, this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getValue());
            this.log.debug("login to 2nd app and logout from it");
            this.customerPortal.navigateTo();
            URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
            assertLogged();
            this.driver.navigate().to(this.customerPortal.logout().toASCIIString());
            WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present();
            this.customerPortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            this.log.debug("Simulate another 12 seconds");
            setAdapterAndServerTimeOffset(24, this.customerCookiePortal.toString());
            this.log.debug("assert not logged in customer-cookie-portal");
            this.customerCookiePortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            this.log.debug("Set token timeout to original");
            representation.setAccessTokenLifespan(Integer.valueOf(intValue));
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
            this.log.debug("reset time offset");
            setAdapterAndServerTimeOffset(0, this.customerCookiePortal.toString().concat("/unsecured"));
        } catch (Throwable th) {
            this.log.debug("Set token timeout to original");
            representation.setAccessTokenLifespan(Integer.valueOf(intValue));
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
            this.log.debug("reset time offset");
            setAdapterAndServerTimeOffset(0, this.customerCookiePortal.toString().concat("/unsecured"));
            throw th;
        }
    }

    @Test
    public void testInvalidTokenCookie() {
        String loginToCustomerCookiePortal = loginToCustomerCookiePortal();
        String replace = loginToCustomerCookiePortal.replace("a", "b");
        this.driver.manage().addCookie(new Cookie("KEYCLOAK_ADAPTER_STATE", replace, "/customer-cookie-portal"));
        this.customerCookiePortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerCookiePortal);
        String value = this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getValue();
        Assert.assertNotEquals(value, loginToCustomerCookiePortal);
        Assert.assertNotEquals(value, replace);
        logoutFromCustomerCookiePortal();
    }

    private String loginToCustomerCookiePortal() {
        this.customerCookiePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerCookiePortal);
        assertLogged();
        Assert.assertNull(this.driver.manage().getCookieNamed("JSESSIONID"));
        return this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getValue();
    }

    private void logoutFromCustomerCookiePortal() {
        this.driver.navigate().to(this.customerCookiePortal.logoutURL());
        WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present();
        Assert.assertNull(this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE"));
        this.customerCookiePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    protected void assertLogged() {
        assertPageContains("Bill Burke");
        assertPageContains("Stian Thorgersen");
    }

    private void assertPageContains(String str) {
        Assert.assertThat(this.driver.getPageSource(), Matchers.containsString(str));
    }

    @Test
    public void testSavedPostRequest() throws Exception {
        this.inputPortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.inputPortal);
        this.inputPortal.execute("hello");
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals(this.inputPortal.getUriBuilder().clone().path("secured").path("post").build(new Object[0]));
        WaitUtils.waitForPageToLoad();
        assertPageContains("parameter=hello");
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.customerPortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, false);
        try {
            Form form = new Form();
            form.param("parameter", "hello");
            Assert.assertThat((String) createResteasyClient.target(this.inputPortal + "/unsecured").request().post(Entity.form(form), String.class), Matchers.containsString("parameter=hello"));
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    /* JADX WARN: Failed to find 'out' block for switch in B:5:0x0090. Please report as an issue. */
    @Test
    public void testLoginSSOAndLogout() {
        this.customerPortal.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        assertLogged();
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.productPortal);
        assertPageContains("iPhone");
        assertPageContains("iPad");
        Map map = null;
        Map map2 = null;
        for (Map map3 : testRealmResource().getClientSessionStats()) {
            String str = (String) map3.get("clientId");
            boolean z = -1;
            switch (str.hashCode()) {
                case -1497986294:
                    if (str.equals("product-portal")) {
                        z = true;
                        break;
                    }
                    break;
                case 19889467:
                    if (str.equals("customer-portal")) {
                        z = false;
                        break;
                    }
                    break;
            }
            switch (z) {
                case false:
                    map = map3;
                    break;
                case true:
                    map2 = map3;
                    break;
            }
        }
        Assert.assertEquals(1L, Integer.parseInt((String) map.get("active")));
        Assert.assertEquals(1L, Integer.parseInt((String) map2.get("active")));
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.customerPortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testServletRequestLogout() {
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        assertLogged();
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.productPortal);
        assertPageContains("iPhone");
        assertPageContains("iPad");
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        assertLogged();
        this.driver.navigate().to(this.customerPortal + "/logout");
        WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present();
        WaitUtils.waitUntilElement(By.id("customer_database_logout")).is().present();
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testLoginSSOIdle() {
        this.customerPortal.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        assertLogged();
        RealmRepresentation representation = testRealmResource().toRepresentation();
        int intValue = representation.getSsoSessionIdleTimeout().intValue();
        try {
            representation.setSsoSessionIdleTimeout(1);
            testRealmResource().update(representation);
            setAdapterAndServerTimeOffset(122, new String[0]);
            this.productPortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        } finally {
            representation.setSsoSessionIdleTimeout(Integer.valueOf(intValue));
            testRealmResource().update(representation);
        }
    }

    @Test
    public void testLoginSSOIdleRemoveExpiredUserSessions() {
        this.customerPortal.navigateTo();
        this.log.info("Current url: " + this.driver.getCurrentUrl());
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        this.log.info("Current url: " + this.driver.getCurrentUrl());
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        RealmRepresentation representation = testRealmResource().toRepresentation();
        int intValue = representation.getSsoSessionIdleTimeout().intValue();
        try {
            representation.setSsoSessionIdleTimeout(1);
            testRealmResource().update(representation);
            setAdapterAndServerTimeOffset(122, new String[0]);
            this.productPortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        } finally {
            representation.setSsoSessionIdleTimeout(Integer.valueOf(intValue));
            testRealmResource().update(representation);
        }
    }

    @Test
    public void testLoginSSOMax() throws InterruptedException {
        this.driver.navigate().to(this.customerPortal.getUriBuilder().clone().path("error.html").build(new Object[0]).toASCIIString());
        this.driver.manage().deleteAllCookies();
        this.customerPortal.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.customerPortal);
        RealmRepresentation representation = testRealmResource().toRepresentation();
        int intValue = representation.getSsoSessionMaxLifespan().intValue();
        try {
            representation.setSsoSessionMaxLifespan(1);
            testRealmResource().update(representation);
            TimeUnit.SECONDS.sleep(2L);
            this.productPortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        } finally {
            representation.setSsoSessionMaxLifespan(Integer.valueOf(intValue));
            testRealmResource().update(representation);
        }
    }

    @Test
    public void testNullBearerToken() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        WebTarget target = createResteasyClient.target(this.customerDb.toString());
        try {
            Response response = target.request().get();
            Throwable th = null;
            try {
                try {
                    Assert.assertEquals(401L, response.getStatus());
                    if (response != null) {
                        if (0 != 0) {
                            try {
                                response.close();
                            } catch (Throwable th2) {
                                th.addSuppressed(th2);
                            }
                        } else {
                            response.close();
                        }
                    }
                    Response response2 = target.request().header("Authorization", "Bearer null").get();
                    Throwable th3 = null;
                    try {
                        Assert.assertEquals(401L, response2.getStatus());
                        if (response2 != null) {
                            if (0 != 0) {
                                try {
                                    response2.close();
                                } catch (Throwable th4) {
                                    th3.addSuppressed(th4);
                                }
                            } else {
                                response2.close();
                            }
                        }
                    } finally {
                    }
                } finally {
                }
            } finally {
            }
        } finally {
            createResteasyClient.close();
        }
    }

    @Test
    public void testNullBearerTokenCustomErrorPage() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        WebTarget target = createResteasyClient.target(this.customerDbErrorPage.toString());
        Response response = target.request().get();
        Throwable th = null;
        try {
            Assert.assertEquals(401L, response.getStatus());
            String str = (String) response.readEntity(String.class);
            Assert.assertThat(str, Matchers.containsString("Error Page"));
            Assert.assertThat(str, Matchers.containsString(OIDCAuthenticationError.Reason.NO_BEARER_TOKEN.toString()));
            if (response != null) {
                if (0 != 0) {
                    try {
                        response.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    response.close();
                }
            }
            Response response2 = target.request().header("Authorization", "Bearer null").get();
            Throwable th3 = null;
            try {
                try {
                    Assert.assertEquals(401L, response2.getStatus());
                    String str2 = (String) response2.readEntity(String.class);
                    Assert.assertThat(str2, Matchers.containsString("Error Page"));
                    Assert.assertThat(str2, Matchers.containsString(OIDCAuthenticationError.Reason.INVALID_TOKEN.toString()));
                    if (response2 != null) {
                        if (0 != 0) {
                            try {
                                response2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            response2.close();
                        }
                    }
                    createResteasyClient.close();
                } finally {
                }
            } catch (Throwable th5) {
                if (response2 != null) {
                    if (th3 != null) {
                        try {
                            response2.close();
                        } catch (Throwable th6) {
                            th3.addSuppressed(th6);
                        }
                    } else {
                        response2.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (response != null) {
                if (0 != 0) {
                    try {
                        response.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    response.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testBadUser() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        WebTarget target = createResteasyClient.target(OIDCLoginProtocolService.tokenUrl(this.authServerPage.createUriBuilder()).build(new Object[]{AbstractSamlTest.REALM_NAME}));
        String createHeader = BasicAuthHelper.createHeader("customer-portal", "password");
        Form form = new Form();
        form.param("grant_type", "password").param("username", "monkey@redhat.com").param("password", "password");
        Response post = target.request().header("Authorization", createHeader).post(Entity.form(form));
        Throwable th = null;
        try {
            try {
                Assert.assertEquals(401L, post.getStatus());
                if (post != null) {
                    if (0 != 0) {
                        try {
                            post.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        post.close();
                    }
                }
                createResteasyClient.close();
            } finally {
            }
        } catch (Throwable th3) {
            if (post != null) {
                if (th != null) {
                    try {
                        post.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    post.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testAuthenticated() {
        this.securePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.securePortal);
        assertLogged();
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.securePortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.securePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testAuthenticatedWithCustomSessionConfig() {
        this.securePortalWithCustomSessionConfig.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.securePortalWithCustomSessionConfig);
        Assert.assertThat("Cookie CUSTOM_JSESSION_ID_NAME should exist", this.driver.manage().getCookieNamed("CUSTOM_JSESSION_ID_NAME"), Matchers.notNullValue());
        assertLogged();
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.securePortalWithCustomSessionConfig.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.securePortalWithCustomSessionConfig.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testRewriteRedirectUri() {
        this.securePortalRewriteRedirectUri.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        Assert.assertTrue(this.driver.getCurrentUrl().contains("/rewritten"));
    }

    @Test
    public void testTokenMinTTL() {
        this.tokenMinTTLPage.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.tokenMinTTLPage);
        int issuedAt = this.tokenMinTTLPage.getAccessToken().getIssuedAt();
        setAdapterAndServerTimeOffset(300, this.tokenMinTTLPage.toString());
        this.tokenMinTTLPage.navigateTo();
        AccessToken accessToken = this.tokenMinTTLPage.getAccessToken();
        Assert.assertEquals(issuedAt, accessToken.getIssuedAt());
        Assert.assertFalse(accessToken.isExpired());
        setAdapterAndServerTimeOffset(540, this.tokenMinTTLPage.toString());
        this.tokenMinTTLPage.navigateTo();
        Assert.assertTrue(this.tokenMinTTLPage.getAccessToken().getIssuedAt() > issuedAt);
        setAdapterAndServerTimeOffset(0, this.tokenMinTTLPage.toString());
    }

    @Test
    public void testTokenConcurrentRefresh() {
        RealmResource realm = this.adminClient.realm(AbstractSamlTest.REALM_NAME);
        RealmRepresentation representation = realm.toRepresentation();
        representation.setAccessTokenLifespan(2);
        representation.setRevokeRefreshToken(true);
        representation.setRefreshTokenMaxReuse(0);
        realm.update(representation);
        this.tokenRefreshPage.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.tokenRefreshPage);
        setAdapterAndServerTimeOffset(5, this.tokenRefreshPage.toString());
        BasicCookieStore basicCookieStore = new BasicCookieStore();
        BasicClientCookie basicClientCookie = new BasicClientCookie("JSESSIONID", this.driver.manage().getCookieNamed("JSESSIONID").getValue());
        basicClientCookie.setDomain(ServerURLs.APP_SERVER_HOST);
        basicClientCookie.setPath("/");
        basicCookieStore.addCookie(basicClientCookie);
        ExecutorService newWorkStealingPool = Executors.newWorkStealingPool();
        CompletableFuture<Void> completedFuture = CompletableFuture.completedFuture(null);
        for (int i = 0; i < 5; i++) {
            try {
                completedFuture = CompletableFuture.allOf(completedFuture, CompletableFuture.runAsync(() -> {
                    try {
                        try {
                            CloseableHttpClient build = HttpClientBuilder.create().setDefaultCookieStore(basicCookieStore).build();
                            Throwable th = null;
                            CloseableHttpResponse execute = build.execute(new HttpGet(this.tokenRefreshPage.getInjectedUrl().toString()));
                            Throwable th2 = null;
                            try {
                                try {
                                    Assert.assertTrue("Token not refreshed", EntityUtils.toString(execute.getEntity()).contains("accessToken"));
                                    if (execute != null) {
                                        if (0 != 0) {
                                            try {
                                                execute.close();
                                            } catch (Throwable th3) {
                                                th2.addSuppressed(th3);
                                            }
                                        } else {
                                            execute.close();
                                        }
                                    }
                                    if (build != null) {
                                        if (0 != 0) {
                                            try {
                                                build.close();
                                            } catch (Throwable th4) {
                                                th.addSuppressed(th4);
                                            }
                                        } else {
                                            build.close();
                                        }
                                    }
                                } finally {
                                }
                            } catch (Throwable th5) {
                                if (execute != null) {
                                    if (th2 != null) {
                                        try {
                                            execute.close();
                                        } catch (Throwable th6) {
                                            th2.addSuppressed(th6);
                                        }
                                    } else {
                                        execute.close();
                                    }
                                }
                                throw th5;
                            }
                        } finally {
                        }
                    } catch (Exception e) {
                        throw new RuntimeException(e);
                    }
                }, newWorkStealingPool));
            } catch (Throwable th) {
                newWorkStealingPool.shutdownNow();
                throw th;
            }
        }
        completedFuture.join();
        newWorkStealingPool.shutdownNow();
        setAdapterAndServerTimeOffset(0, this.tokenRefreshPage.toString());
    }

    @Test
    public void testOIDCParamsForwarding() {
        this.securePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        WaitUtils.waitForPageToLoad();
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.securePortal);
        assertLogged();
        int currentTime = Time.currentTime();
        try {
            setAdapterAndServerTimeOffset(10, this.securePortal.toString());
            URLUtils.navigateToUri(this.tokenMinTTLPage.getUriBuilder().queryParam("prompt", new Object[]{"login"}).build(new Object[0]).toString());
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
            Assert.assertThat(Integer.valueOf(this.tokenMinTTLPage.getAccessToken().getAuthTime()), Matchers.is(Matchers.greaterThanOrEqualTo(Integer.valueOf(currentTime + 10))));
            setAdapterAndServerTimeOffset(0, this.securePortal.toString());
        } catch (Throwable th) {
            setAdapterAndServerTimeOffset(0, this.securePortal.toString());
            throw th;
        }
    }

    private static Map<String, String> getQueryFromUrl(String str) {
        try {
            return (Map) URLEncodedUtils.parse(new URI(str), "UTF-8").stream().collect(Collectors.toMap(nameValuePair -> {
                return nameValuePair.getName();
            }, nameValuePair2 -> {
                return nameValuePair2.getValue();
            }));
        } catch (URISyntaxException e) {
            return null;
        }
    }

    @Test
    public void testOIDCUiLocalesParamForwarding() {
        ProfileAssume.assumeCommunity();
        RealmRepresentation representation = testRealmResource().toRepresentation();
        boolean booleanValue = representation.isInternationalizationEnabled().booleanValue();
        String defaultLocale = representation.getDefaultLocale();
        Set supportedLocales = representation.getSupportedLocales();
        representation.setInternationalizationEnabled(true);
        representation.setDefaultLocale("en");
        representation.setSupportedLocales((Set) Stream.of((Object[]) new String[]{"en", "de"}).collect(Collectors.toSet()));
        testRealmResource().update(representation);
        try {
            String uri = this.securePortal.getUriBuilder().build(new Object[0]).toString();
            UriBuilder uriBuilder = this.securePortal.getUriBuilder();
            URLUtils.navigateToUri(uriBuilder.clone().queryParam("ui_locales", new Object[]{"de en"}).build(new Object[0]).toString());
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            Assert.assertThat(getQueryFromUrl(this.driver.getCurrentUrl()).get("ui_locales"), Matchers.allOf(Matchers.containsString("de"), Matchers.containsString("en")));
            URLUtils.navigateToUri(uriBuilder.clone().queryParam("ui_locales", new Object[]{"de"}).build(new Object[0]).toString());
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            assertPageContains("Passwort");
            this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
            URLAssert.assertCurrentUrlEquals(uri);
            assertLogged();
            this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.securePortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            this.securePortal.navigateTo();
            URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
            representation.setInternationalizationEnabled(Boolean.valueOf(booleanValue));
            representation.setDefaultLocale(defaultLocale);
            representation.setSupportedLocales(supportedLocales);
            testRealmResource().update(representation);
        } catch (Throwable th) {
            representation.setInternationalizationEnabled(Boolean.valueOf(booleanValue));
            representation.setDefaultLocale(defaultLocale);
            representation.setSupportedLocales(supportedLocales);
            testRealmResource().update(representation);
            throw th;
        }
    }

    @Test
    public void testVerifyTokenAudience() throws Exception {
        ApiUtil.findClientByClientId(this.adminClient.realm(AbstractSamlTest.REALM_NAME), "customer-portal").addOptionalClientScope(this.testingClient.testing().generateAudienceClientScope(AbstractSamlTest.REALM_NAME, "customer-db-audience-required"));
        this.driver.navigate().to(this.customerPortal.callCustomerDbAudienceRequiredUrl(false).toURL());
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals(this.customerPortal.callCustomerDbAudienceRequiredUrl(false));
        String pageSource = this.driver.getPageSource();
        Assert.assertTrue(pageSource.contains("Service returned: 401"));
        Assert.assertFalse(pageSource.contains("Stian Thorgersen"));
        this.driver.navigate().to(this.customerPortal.logout().toURL());
        WaitUtils.waitForPageToLoad();
        this.driver.navigate().to(this.customerPortal.callCustomerDbAudienceRequiredUrl(true).toURL());
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals(this.customerPortal.callCustomerDbAudienceRequiredUrl(false));
        Assert.assertFalse(this.driver.getPageSource().contains("Service returned: 401"));
        assertLogged();
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.customerPortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testBasicAuth() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        Response response = createResteasyClient.target(this.basicAuthPage.setTemplateValues("hello").buildUri()).request().header("Authorization", BasicAuthHelper.createHeader("mposolda", "password")).get();
        Assert.assertThat(response, org.keycloak.testsuite.util.Matchers.statusCodeIs(Response.Status.OK));
        Assert.assertEquals("hello", response.readEntity(String.class));
        response.close();
        Response response2 = createResteasyClient.target(this.basicAuthPage.setTemplateValues("hello").buildUri()).request().header("Authorization", BasicAuthHelper.createHeader("invalid-user", "password")).get();
        Assert.assertThat(response2, org.keycloak.testsuite.util.Matchers.statusCodeIs(Response.Status.UNAUTHORIZED));
        Assert.assertThat(response2, org.keycloak.testsuite.util.Matchers.body(Matchers.anyOf(Matchers.containsString("Unauthorized"), Matchers.containsString("Status 401"))));
        Response response3 = createResteasyClient.target(this.basicAuthPage.setTemplateValues("hello").buildUri()).request().header("Authorization", BasicAuthHelper.createHeader("admin", "invalid-password")).get();
        Assert.assertThat(response3, org.keycloak.testsuite.util.Matchers.statusCodeIs(Response.Status.UNAUTHORIZED));
        Assert.assertThat(response3, org.keycloak.testsuite.util.Matchers.body(Matchers.anyOf(Matchers.containsString("Unauthorized"), Matchers.containsString("Status 401"))));
        createResteasyClient.close();
    }

    @Test
    public void grantServerBasedApp() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(testRealmResource(), "customer-portal");
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        representation.setConsentRequired(true);
        findClientResourceByClientId.update(representation);
        RealmRepresentation representation2 = testRealmResource().toRepresentation();
        representation2.setEventsEnabled(true);
        representation2.setEnabledEventTypes(Arrays.asList("REVOKE_GRANT", "LOGIN"));
        representation2.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        testRealmResource().update(representation2);
        this.customerPortal.navigateTo();
        this.loginPage.form().login("bburke@redhat.com", "password");
        Assert.assertTrue(this.oAuthGrantPage.isCurrent());
        this.oAuthGrantPage.accept();
        WaitUtils.waitForPageToLoad();
        assertLogged();
        String id = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId();
        this.assertEvents.expectLogin().realm(representation2.getId()).client("customer-portal").user(id).detail("username", "bburke@redhat.com").detail("consent", "consent_granted").detail("redirect_uri", (Matcher<? super String>) Matchers.anyOf(Matchers.equalTo(this.customerPortal.getInjectedUrl().toString()), Matchers.equalTo(this.customerPortal.getInjectedUrl().toString() + "/"))).removeDetail("code_id").assertEvent();
        this.assertEvents.expectCodeToToken(null, null).realm(representation2.getId()).client("customer-portal").user(id).session(AssertEvents.isUUID()).removeDetail("code_id").assertEvent();
        this.applicationsPage.navigateTo();
        this.applicationsPage.revokeGrantForApplication("customer-portal");
        this.customerPortal.navigateTo();
        Assert.assertTrue(this.oAuthGrantPage.isCurrent());
        this.assertEvents.expect(EventType.REVOKE_GRANT).realm(representation2.getId()).client(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).user(id).detail("revoked_client", "customer-portal").assertEvent();
        this.assertEvents.assertEmpty();
        ClientRepresentation representation3 = findClientResourceByClientId.toRepresentation();
        representation3.setConsentRequired(false);
        findClientResourceByClientId.update(representation3);
    }

    @Test
    public void historyOfAccessResourceTest() throws IOException {
        RealmRepresentation representation = testRealmResource().toRepresentation();
        representation.setEventsEnabled(true);
        representation.setEnabledEventTypes(Arrays.asList("LOGIN", "LOGIN_ERROR", "LOGOUT", "CODE_TO_TOKEN"));
        representation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        testRealmResource().update(representation);
        this.customerPortal.navigateTo();
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        WaitUtils.waitForPageToLoad();
        assertLogged();
        String id = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId();
        this.assertEvents.expectLogin().realm(representation.getId()).client("customer-portal").user(id).detail("username", "bburke@redhat.com").detail("consent", "no_consent_required").detail("redirect_uri", (Matcher<? super String>) Matchers.anyOf(Matchers.equalTo(this.customerPortal.getInjectedUrl().toString()), Matchers.equalTo(this.customerPortal.getInjectedUrl().toString() + "/"))).removeDetail("code_id").assertEvent();
        this.assertEvents.expectCodeToToken(null, null).realm(representation.getId()).client("customer-portal").user(id).session(AssertEvents.isUUID()).removeDetail("code_id").assertEvent();
        this.driver.navigate().to(this.testRealmPage.getOIDCLogoutUrl() + "?redirect_uri=" + this.customerPortal);
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.assertEvents.expectLogout(null).realm(representation.getId()).user(id).session(AssertEvents.isUUID()).detail("redirect_uri", (Matcher<? super String>) Matchers.anyOf(Matchers.equalTo(this.customerPortal.getInjectedUrl().toString()), Matchers.equalTo(this.customerPortal.getInjectedUrl().toString() + "/"))).assertEvent();
        this.assertEvents.assertEmpty();
        String str = null;
        String property = System.getProperty("app.server");
        if (property != null && (property.equals("wildfly") || property.equals("eap6") || property.equals("eap"))) {
            str = System.getProperty("app.server.home") + "/standalone-test/log/server.log";
        }
        if (str == null) {
            this.log.info("Checking app server log on app-server: \"" + System.getProperty("app.server") + "\" is not supported.");
        } else {
            this.log.info("Checking app server log at: " + str);
            Assert.assertThat(FileUtils.readFileToString(new File(str), "UTF-8"), Matchers.containsString("User '" + ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId() + "' invoking '" + ServerURLs.getAppServerContextRoot() + "/customer-db/' on client 'customer-db'"));
        }
    }

    @Test
    public void testWithoutKeycloakConf() {
        this.customerPortalNoConf.navigateTo();
        Assert.assertThat(this.driver.getPageSource(), Matchers.anyOf(Matchers.containsString("Forbidden"), Matchers.containsString("forbidden"), Matchers.containsString("HTTP Status 401")));
    }

    @Test
    public void testLoginEncodedRedirectUri() {
        this.driver.navigate().to(this.productPortal.getInjectedUrl() + "?encodeTest=a%3Cb");
        System.out.println("Current url: " + this.driver.getCurrentUrl());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        System.out.println("Current url: " + this.driver.getCurrentUrl());
        URLAssert.assertCurrentUrlEquals(this.productPortal + "?encodeTest=a%3Cb");
        assertPageContains("iPhone");
        assertPageContains("uriEncodeTest=true");
        this.driver.navigate().to(this.productPortal.getInjectedUrl());
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.productPortal);
        System.out.println(this.driver.getCurrentUrl());
        assertPageContains("uriEncodeTest=false");
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.customerPortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.productPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testAutodetectBearerOnly() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, false);
        System.out.println(this.productPortalAutodetectBearerOnly.getInjectedUrl().toString());
        WebTarget target = createResteasyClient.target(this.productPortalAutodetectBearerOnly.getInjectedUrl().toString() + "/");
        Response response = target.request().header("X-Requested-With", "XMLHttpRequest").get();
        Assert.assertEquals(401L, response.getStatus());
        response.close();
        Response response2 = target.request().header("Faces-Request", "partial/ajax").get();
        Assert.assertEquals(401L, response2.getStatus());
        response2.close();
        Response response3 = target.request().header("SOAPAction", "").get();
        Assert.assertEquals(401L, response3.getStatus());
        response3.close();
        Response response4 = target.request().get();
        Assert.assertEquals(401L, response4.getStatus());
        response4.close();
        Response response5 = target.request().header("Accept", "application/json,text/xml").get();
        Assert.assertEquals(401L, response5.getStatus());
        response5.close();
        Response response6 = target.request().header("X-Requested-With", "Dont-Know").header("Accept", "*/*").get();
        Assert.assertEquals(302L, response6.getStatus());
        Assert.assertThat(response6.getHeaderString("Location"), Matchers.containsString("response_type=code"));
        response6.close();
        Response response7 = target.request().header("Accept", "text/html,application/xhtml+xml,application/xml;q=0.9").get();
        Assert.assertEquals(302L, response7.getStatus());
        Assert.assertThat(response7.getHeaderString("Location"), Matchers.containsString("response_type=code"));
        response7.close();
        Response response8 = target.request().header("Accept", "*/*").get();
        Assert.assertEquals(302L, response8.getStatus());
        Assert.assertThat(response8.getHeaderString("Location"), Matchers.containsString("response_type=code"));
        response8.close();
        createResteasyClient.close();
    }

    @Test
    public void testBasicAuthErrorHandling() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        WebTarget target = createResteasyClient.target(this.customerDb.getInjectedUrl().toString());
        Response response = target.request().get();
        Assert.assertEquals(401L, response.getStatus());
        response.close();
        for (int i = 0; i < 11; i++) {
            System.out.println("Testing Basic Auth with bad credentials " + i);
            Response response2 = target.request().header("Authorization", "Basic dXNlcm5hbWU6cGFzc3dvcmQ=").get();
            Assert.assertEquals(401L, response2.getStatus());
            response2.close();
        }
        createResteasyClient.close();
    }

    @Test
    public void testNullQueryParameterAccessToken() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        Response response = createResteasyClient.target(this.customerDb.getInjectedUrl().toString()).request().get();
        Assert.assertEquals(401L, response.getStatus());
        response.close();
        Response response2 = createResteasyClient.target(this.customerDb.getInjectedUrl().toString() + "?access_token=").request().get();
        Assert.assertEquals(401L, response2.getStatus());
        response2.close();
        createResteasyClient.close();
    }

    @Test
    public void testRestCallWithAccessTokenAsQueryParameter() throws Exception {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient(true, true);
        try {
            WebTarget target = createResteasyClient.target(this.testRealmPage.toString() + "/protocol/openid-connect/token");
            Form form = new Form();
            form.param("grant_type", "password");
            form.param("client_id", "customer-portal-public");
            form.param("username", "bburke@redhat.com");
            form.param("password", "password");
            Response post = target.request().post(Entity.form(form));
            Assert.assertEquals(200L, post.getStatus());
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) post.readEntity(AccessTokenResponse.class);
            post.close();
            String token = accessTokenResponse.getToken();
            Response response = createResteasyClient.target(this.customerDb.getInjectedUrl().toString()).request().get();
            Assert.assertEquals(401L, response.getStatus());
            response.close();
            Response response2 = createResteasyClient.target(this.customerDb.getInjectedUrl().toString()).queryParam("access_token", new Object[]{token}).request().get();
            Assert.assertEquals(200L, response2.getStatus());
            response2.close();
            createResteasyClient.close();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    @Test
    public void testCallURLWithAccessToken() throws Exception {
        URI build = this.inputPortalNoAccessToken.getUriBuilder().clone().queryParam("access_token", new Object[]{"invalid_token"}).build(new Object[0]);
        this.driver.navigate().to(build.toURL());
        Assert.assertEquals(build.toASCIIString(), this.driver.getCurrentUrl());
        this.inputPortalNoAccessToken.execute("hello");
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    @Test
    public void testClientAuthenticatedInClientSecretJwt() {
        expectResultOfClientAuthenticatedInClientSecretJwt("client-secret-jwt-secure-portal", this.clientSecretJwtSecurePortal);
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.clientSecretJwtSecurePortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
    }

    @Test
    public void testClientNotAuthenticatedInClientSecretJwtBySharedSecretOutOfSync() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(testRealmResource(), "client-secret-jwt-secure-portal");
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        representation.setSecret("passwordChanged");
        findClientResourceByClientId.update(representation);
        expectResultOfClientNotAuthenticatedInClientSecretJwt("client-secret-jwt-secure-portal", "invalid_client_credentials");
    }

    @Test
    public void testClientNotAuthenticatedInClientSecretJwtByAuthnMethodOutOfSync() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(testRealmResource(), "client-secret-jwt-secure-portal");
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        representation.setClientAuthenticatorType("client-secret");
        findClientResourceByClientId.update(representation);
        expectResultOfClientNotAuthenticatedInClientSecretJwt("client-secret-jwt-secure-portal", "invalid_client_credentials");
    }

    @Test
    public void testClientAuthenticatedInClientSecretJwtValidAlg() {
        expectResultOfClientAuthenticatedInClientSecretJwt("client-secret-jwt-secure-portal-valid-alg", this.clientSecretJwtSecurePortalValidAlg);
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.clientSecretJwtSecurePortalValidAlg.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
    }

    @Test
    public void testTokenInCookieSSORoot() {
        String loginToCustomerCookiePortalRoot = loginToCustomerCookiePortalRoot();
        Assert.assertEquals("/", this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getPath());
        this.customerPortal.navigateTo();
        assertLogged();
        this.customerCookiePortalRoot.navigateTo();
        assertLogged();
        Cookie cookieNamed = this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE");
        Assert.assertEquals(loginToCustomerCookiePortalRoot, cookieNamed.getValue());
        Assert.assertEquals("/", cookieNamed.getPath());
        logoutFromCustomerCookiePortalRoot();
        this.customerPortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    private String loginToCustomerCookiePortalRoot() {
        this.customerCookiePortalRoot.navigateTo("relative");
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals(this.customerCookiePortalRoot.getInjectedUrl().toString() + "relative");
        assertLogged();
        Assert.assertNull(this.driver.manage().getCookieNamed("JSESSIONID"));
        return this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE").getValue();
    }

    private void logoutFromCustomerCookiePortalRoot() {
        this.driver.navigate().to(this.customerCookiePortalRoot.logoutURL());
        WaitUtils.waitUntilElement(By.id("customer_portal_logout")).is().present();
        Assert.assertNull(this.driver.manage().getCookieNamed("KEYCLOAK_ADAPTER_STATE"));
        this.customerCookiePortalRoot.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
    }

    private void expectResultOfClientAuthenticatedInClientSecretJwt(String str, AbstractPageWithInjectedUrl abstractPageWithInjectedUrl) {
        RealmRepresentation representation = testRealmResource().toRepresentation();
        representation.setEventsEnabled(true);
        representation.setEnabledEventTypes(Arrays.asList("LOGIN", "CODE_TO_TOKEN"));
        representation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        testRealmResource().update(representation);
        abstractPageWithInjectedUrl.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        String id = ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId();
        this.assertEvents.expectLogin().realm(representation.getId()).client(str).user(id).detail("username", "bburke@redhat.com").detail("consent", "no_consent_required").detail("redirect_uri", (Matcher<? super String>) Matchers.anyOf(Matchers.equalTo(abstractPageWithInjectedUrl.getInjectedUrl().toString()), Matchers.equalTo(abstractPageWithInjectedUrl.getInjectedUrl().toString() + "/"))).removeDetail("code_id").assertEvent();
        this.assertEvents.expectCodeToToken(null, null).realm(representation.getId()).client(str).user(id).session(AssertEvents.isUUID()).clearDetails().assertEvent();
    }

    private void expectResultOfClientNotAuthenticatedInClientSecretJwt(String str, String str2) {
        RealmRepresentation representation = testRealmResource().toRepresentation();
        representation.setEventsEnabled(true);
        representation.setEnabledEventTypes(Arrays.asList("LOGIN", "CODE_TO_TOKEN_ERROR"));
        representation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        testRealmResource().update(representation);
        this.clientSecretJwtSecurePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        this.assertEvents.expectLogin().realm(representation.getId()).client(str).user(ApiUtil.findUserByUsername(testRealmResource(), "bburke@redhat.com").getId()).detail("username", "bburke@redhat.com").detail("consent", "no_consent_required").detail("redirect_uri", (Matcher<? super String>) Matchers.anyOf(Matchers.equalTo(this.clientSecretJwtSecurePortal.getInjectedUrl().toString()), Matchers.equalTo(this.clientSecretJwtSecurePortal.getInjectedUrl().toString() + "/"))).removeDetail("code_id").assertEvent();
        this.assertEvents.expectCodeToToken(null, null).realm(representation.getId()).client(str).user((String) null).error(str2).clearDetails().assertEvent();
    }

    @Test
    public void testLoginHintFromClientRequest() {
        this.driver.navigate().to(this.customerPortal + "?login_hint=blah%3d");
        WaitUtils.waitForPageToLoad();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        Assert.assertThat(this.testRealmLoginPage.form().getUsername(), Matchers.is("blah="));
    }
}
