package org.keycloak.testsuite.client;

import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.apache.commons.io.IOUtils;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.protocol.saml.util.ArtifactBindingUtils;
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.util.KeycloakModelUtils;

/* loaded from: input_file:org/keycloak/testsuite/client/SAMLClientRegistrationTest.class */
public class SAMLClientRegistrationTest extends AbstractClientRegistrationTest {
    @Override // org.keycloak.testsuite.client.AbstractClientRegistrationTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        super.addTestRealms(list);
        ClientRepresentation createClient = KeycloakModelUtils.createClient(list.get(0), "oidc-client");
        createClient.setSecret("secret");
        createClient.setServiceAccountsEnabled(true);
        createClient.setDirectAccessGrantsEnabled(true);
    }

    @Override // org.keycloak.testsuite.client.AbstractClientRegistrationTest
    @Before
    public void before() throws Exception {
        super.before();
        this.reg.auth(Auth.token(this.adminClient.realm("test").clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10))));
    }

    @Test
    public void createClient() throws ClientRegistrationException, IOException {
        ClientRepresentation create = this.reg.saml().create(IOUtils.toString(getClass().getResourceAsStream("/clientreg-test/saml-entity-descriptor.xml")));
        Assert.assertThat(create.getRegistrationAccessToken(), Matchers.notNullValue());
        Assert.assertThat(create.getClientId(), Matchers.is("loadbalancer-9.siroe.com"));
        Assert.assertThat(create.getRedirectUris(), Matchers.containsInAnyOrder(new String[]{"https://LoadBalancer-9.siroe.com:3443/federation/Consumer/metaAlias/sp/post", "https://LoadBalancer-9.siroe.com:3443/federation/Consumer/metaAlias/sp/soap", "https://LoadBalancer-9.siroe.com:3443/federation/Consumer/metaAlias/sp/paos", "https://LoadBalancer-9.siroe.com:3443/federation/Consumer/metaAlias/sp/redirect", "https://LoadBalancer-9.siroe.com:3443/federation/Consumer/metaAlias/sp/artifact"}));
        Assert.assertThat(create.getAttributes().get("saml_single_logout_service_url_redirect"), Matchers.is("https://LoadBalancer-9.siroe.com:3443/federation/SPSloRedirect/metaAlias/sp"));
        Assert.assertThat(create.getAttributes().get("saml.artifact.binding.identifier"), Matchers.is(ArtifactBindingUtils.computeArtifactBindingIdentifierString("loadbalancer-9.siroe.com")));
        org.keycloak.testsuite.Assert.assertNotNull(create.getProtocolMappers());
        org.keycloak.testsuite.Assert.assertEquals(1L, create.getProtocolMappers().size());
        ProtocolMapperRepresentation protocolMapperRepresentation = (ProtocolMapperRepresentation) create.getProtocolMappers().get(0);
        org.keycloak.testsuite.Assert.assertEquals("saml-user-attribute-mapper", protocolMapperRepresentation.getProtocolMapper());
        org.keycloak.testsuite.Assert.assertEquals("urn:oid:2.5.4.42", protocolMapperRepresentation.getConfig().get("attribute.name"));
        org.keycloak.testsuite.Assert.assertEquals("givenName", protocolMapperRepresentation.getConfig().get("friendly.name"));
        org.keycloak.testsuite.Assert.assertEquals("URI Reference", protocolMapperRepresentation.getConfig().get("attribute.nameformat"));
    }

    @Test
    public void testSAMLEndpointCreateWithOIDCClient() throws Exception {
        ClientsResource clients = this.adminClient.realm("test").clients();
        String id = clients.get(((ClientRepresentation) clients.findByClientId("oidc-client").get(0)).getId()).getServiceAccountUser().getId();
        String id2 = ((ClientRepresentation) clients.findByClientId("realm-management").get(0)).getId();
        this.adminClient.realm("test").users().get(id).roles().clientLevel(id2).add(Arrays.asList(clients.get(id2).roles().get("create-client").toRepresentation()));
        this.reg.auth(Auth.token(this.oauth.clientId("oidc-client").doClientCredentialsGrantAccessTokenRequest("secret").getAccessToken()));
        assertCreateFail(IOUtils.toString(getClass().getResourceAsStream("/clientreg-test/saml-entity-descriptor.xml")), 400, "invalid_client");
    }

    private void assertCreateFail(String str, int i, String str2) {
        try {
            this.reg.saml().create(str);
            org.keycloak.testsuite.Assert.fail("Not expected to successfully register client");
        } catch (ClientRegistrationException e) {
            HttpErrorException cause = e.getCause();
            org.keycloak.testsuite.Assert.assertEquals(i, cause.getStatusLine().getStatusCode());
            if (str2 != null) {
                Assert.assertTrue("Error response doesn't contain expected text", cause.getErrorResponse().contains(str2));
            }
        }
    }
}
