package org.keycloak.testsuite.saml;

import java.net.URI;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.SAML2Object;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.saml.SAML2LogoutRequestBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.ArtifactResolutionService;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.saml.CreateArtifactMessageStepBuilder;
import org.w3c.dom.Document;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/saml/ArtifactBindingWithResolutionServiceTest.class */
public class ArtifactBindingWithResolutionServiceTest extends AbstractSamlTest {
    @Test
    public void testReceiveArtifactLoginFullWithPost() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").update());
        Document convert = SAML2Request.convert(SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, (URI) null));
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, samlClientBuilder);
        ArtifactResolutionService responseDocument = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(convert);
        Thread thread = new Thread((Runnable) responseDocument);
        try {
            thread.start();
            synchronized (responseDocument) {
                responseDocument.wait();
                SAMLDocumentHolder samlResponse = samlClientBuilder.artifactMessage(createArtifactMessageStepBuilder).build().login().user(this.bburkeUser).build().getSamlResponse(SamlClient.Binding.POST);
                Assert.assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(ResponseType.class));
                Assert.assertThat(samlResponse.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
                Assert.assertThat(responseDocument.getLastArtifactResolve(), Matchers.notNullValue());
                Assert.assertThat(createArtifactMessageStepBuilder.getLastArtifact(), Matchers.is(responseDocument.getLastArtifactResolve().getArtifact()));
            }
        } finally {
            responseDocument.stop();
            thread.join();
        }
    }

    @Test
    public void testReceiveArtifactLoginFullWithRedirect() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").update());
        AuthnRequestType createLoginRequestDocument = SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, (URI) null);
        createLoginRequestDocument.setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri());
        Document convert = SAML2Request.convert(createLoginRequestDocument);
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, samlClientBuilder);
        ArtifactResolutionService responseDocument = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(convert);
        Thread thread = new Thread((Runnable) responseDocument);
        try {
            thread.start();
            synchronized (responseDocument) {
                responseDocument.wait();
                SAMLDocumentHolder samlResponse = samlClientBuilder.artifactMessage(createArtifactMessageStepBuilder).build().login().user(this.bburkeUser).build().getSamlResponse(SamlClient.Binding.REDIRECT);
                Assert.assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(ResponseType.class));
                Assert.assertThat(samlResponse.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
                Assert.assertThat(responseDocument.getLastArtifactResolve(), Matchers.notNullValue());
                Assert.assertThat(createArtifactMessageStepBuilder.getLastArtifact(), Matchers.is(responseDocument.getLastArtifactResolve().getArtifact()));
            }
        } finally {
            responseDocument.stop();
            thread.join();
        }
    }

    @Test
    public void testReceiveArtifactNonExistingClient() throws ParsingException, ConfigurationException, ProcessingException, InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").update());
        Document convert = SAML2Request.convert(SamlClient.createLoginRequestDocument("blabla", AbstractSamlTest.SAML_ASSERTION_CONSUMER_URL_SALES_POST, (URI) null));
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "blabla", SamlClient.Binding.POST, samlClientBuilder);
        ArtifactResolutionService responseDocument = new ArtifactResolutionService("http://127.0.0.1:8082/").setResponseDocument(convert);
        Thread thread = new Thread((Runnable) responseDocument);
        try {
            thread.start();
            synchronized (responseDocument) {
                responseDocument.wait();
                Assert.assertThat((String) samlClientBuilder.artifactMessage(createArtifactMessageStepBuilder).build().executeAndTransform(closeableHttpResponse -> {
                    return EntityUtils.toString(closeableHttpResponse.getEntity());
                }), Matchers.containsString("Invalid Request"));
            }
        } finally {
            responseDocument.stop();
            thread.join();
        }
    }

    @Test
    public void testReceiveEmptyArtifactResponse() throws InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").update());
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, samlClientBuilder);
        ArtifactResolutionService emptyArtifactResponse = new ArtifactResolutionService("http://127.0.0.1:8082/").setEmptyArtifactResponse(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST);
        Thread thread = new Thread((Runnable) emptyArtifactResponse);
        try {
            thread.start();
            synchronized (emptyArtifactResponse) {
                emptyArtifactResponse.wait();
                samlClientBuilder.artifactMessage(createArtifactMessageStepBuilder).build().execute(closeableHttpResponse -> {
                    Assert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.statusCodeIsHC(400));
                    Assert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.bodyHC(Matchers.containsString("Unable to resolve artifact.")));
                });
            }
        } finally {
            emptyArtifactResponse.stop();
            thread.join();
        }
    }

    @Test
    public void testReceiveArtifactLogoutFullWithPost() throws InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").update());
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.POST, samlClientBuilder);
        ArtifactResolutionService artifactResolutionService = new ArtifactResolutionService("http://127.0.0.1:8082/");
        Thread thread = new Thread((Runnable) artifactResolutionService);
        try {
            thread.start();
            synchronized (artifactResolutionService) {
                artifactResolutionService.wait();
                SAMLDocumentHolder samlResponse = samlClientBuilder.authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                    SAML2Object extractNameIdAndSessionIndexAndTerminate = extractNameIdAndSessionIndexAndTerminate(sAML2Object);
                    setArtifactResolutionServiceLogoutRequest(artifactResolutionService);
                    return extractNameIdAndSessionIndexAndTerminate;
                }).build().artifactMessage(createArtifactMessageStepBuilder).build().getSamlResponse(SamlClient.Binding.POST);
                Assert.assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
                Assert.assertThat(samlResponse.getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
                Assert.assertThat(createArtifactMessageStepBuilder.getLastArtifact(), Matchers.is(artifactResolutionService.getLastArtifactResolve().getArtifact()));
            }
        } finally {
            artifactResolutionService.stop();
            thread.join();
        }
    }

    @Test
    public void testReceiveArtifactLogoutFullWithRedirect() throws InterruptedException {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_artifact_resolution_service_url", "http://127.0.0.1:8082/").setAttribute("saml_single_logout_service_url_redirect", "http://url").setFrontchannelLogout(true).update());
        SamlClientBuilder samlClientBuilder = new SamlClientBuilder();
        CreateArtifactMessageStepBuilder createArtifactMessageStepBuilder = new CreateArtifactMessageStepBuilder(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SamlClient.Binding.REDIRECT, samlClientBuilder);
        ArtifactResolutionService artifactResolutionService = new ArtifactResolutionService("http://127.0.0.1:8082/");
        Thread thread = new Thread((Runnable) artifactResolutionService);
        try {
            thread.start();
            synchronized (artifactResolutionService) {
                artifactResolutionService.wait();
                SAMLDocumentHolder samlResponse = samlClientBuilder.authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, SamlClient.Binding.REDIRECT).setProtocolBinding(JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri()).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.REDIRECT).transformObject(sAML2Object -> {
                    SAML2Object extractNameIdAndSessionIndexAndTerminate = extractNameIdAndSessionIndexAndTerminate(sAML2Object);
                    setArtifactResolutionServiceLogoutRequest(artifactResolutionService);
                    return extractNameIdAndSessionIndexAndTerminate;
                }).build().artifactMessage(createArtifactMessageStepBuilder).build().getSamlResponse(SamlClient.Binding.REDIRECT);
                Assert.assertThat(samlResponse.getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
                Assert.assertThat(samlResponse.getSamlObject(), org.keycloak.testsuite.util.Matchers.isSamlStatusResponse(new JBossSAMLURIConstants[]{JBossSAMLURIConstants.STATUS_SUCCESS}));
                Assert.assertThat(createArtifactMessageStepBuilder.getLastArtifact(), Matchers.is(artifactResolutionService.getLastArtifactResolve().getArtifact()));
            }
        } finally {
            artifactResolutionService.stop();
            thread.join();
        }
    }

    private void setArtifactResolutionServiceLogoutRequest(ArtifactResolutionService artifactResolutionService) throws ParsingException, ConfigurationException, ProcessingException {
        SAML2LogoutRequestBuilder sessionIndex = new SAML2LogoutRequestBuilder().destination(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME).toString()).issuer(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).sessionIndex(this.sessionIndexRef.get());
        NameIDType nameIDType = this.nameIdRef.get();
        if (nameIDType != null) {
            sessionIndex = sessionIndex.userPrincipal(nameIDType.getValue(), nameIDType.getFormat() == null ? null : nameIDType.getFormat().toString());
        }
        artifactResolutionService.setResponseDocument(sessionIndex.buildDocument());
    }
}
