package org.keycloak.testsuite.oauth;

import java.util.List;
import javax.ws.rs.core.Response;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;

/* loaded from: input_file:org/keycloak/testsuite/oauth/LogoutCorsTest.class */
public class LogoutCorsTest extends AbstractKeycloakTest {
    private static final String VALID_CORS_URL = "http://localtest.me:8180";
    private static final String INVALID_CORS_URL = "http://invalid.localtest.me:8180";

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addWebOrigins(VALID_CORS_URL);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(RealmBuilder.edit((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class)).testEventListener().build());
    }

    @Test
    public void postLogout_validRequestWithValidOrigin() throws Exception {
        String refreshToken = loginUser().getRefreshToken();
        this.oauth.origin(VALID_CORS_URL);
        CloseableHttpResponse doLogout = this.oauth.doLogout(refreshToken, "password");
        Throwable th = null;
        try {
            Assert.assertThat(doLogout, Matchers.statusCodeIsHC(Response.Status.NO_CONTENT));
            assertCors(doLogout);
            if (doLogout != null) {
                if (0 == 0) {
                    doLogout.close();
                    return;
                }
                try {
                    doLogout.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (doLogout != null) {
                if (0 != 0) {
                    try {
                        doLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postLogout_validRequestWithInValidOriginShouldFail() throws Exception {
        String refreshToken = loginUser().getRefreshToken();
        this.oauth.origin(INVALID_CORS_URL);
        CloseableHttpResponse doLogout = this.oauth.doLogout(refreshToken, "password");
        Throwable th = null;
        try {
            Assert.assertThat(doLogout, Matchers.statusCodeIsHC(Response.Status.NO_CONTENT));
            assertNotCors(doLogout);
            if (doLogout != null) {
                if (0 == 0) {
                    doLogout.close();
                    return;
                }
                try {
                    doLogout.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (doLogout != null) {
                if (0 != 0) {
                    try {
                        doLogout.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    doLogout.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void postLogout_invalidRequestWithValidOrigin() throws Exception {
        Throwable th;
        String refreshToken = loginUser().getRefreshToken();
        this.oauth.origin(VALID_CORS_URL);
        CloseableHttpResponse doLogout = this.oauth.doLogout("invalid-refresh-token", "password");
        Throwable th2 = null;
        try {
            try {
                Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), doLogout.getStatusLine().getStatusCode());
                assertCors(doLogout);
                if (doLogout != null) {
                    if (0 != 0) {
                        try {
                            doLogout.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        doLogout.close();
                    }
                }
                doLogout = this.oauth.doLogout(refreshToken, "invalid-secret");
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), doLogout.getStatusLine().getStatusCode());
                    assertCors(doLogout);
                    if (doLogout != null) {
                        if (0 == 0) {
                            doLogout.close();
                            return;
                        }
                        try {
                            doLogout.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } finally {
            }
        } finally {
        }
    }

    private OAuthClient.AccessTokenResponse loginUser() {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        String str = (String) this.oauth.getCurrentQuery().get("code");
        this.oauth.clientSessionState("client-session");
        return this.oauth.doAccessTokenRequest(str, "password");
    }

    private static void assertCors(CloseableHttpResponse closeableHttpResponse) {
        Assert.assertEquals("true", closeableHttpResponse.getFirstHeader("Access-Control-Allow-Credentials").getValue());
        Assert.assertEquals(VALID_CORS_URL, closeableHttpResponse.getFirstHeader("Access-Control-Allow-Origin").getValue());
        Assert.assertEquals("Access-Control-Allow-Methods", closeableHttpResponse.getFirstHeader("Access-Control-Expose-Headers").getValue());
    }

    private static void assertNotCors(CloseableHttpResponse closeableHttpResponse) {
        Assert.assertNull(closeableHttpResponse.getFirstHeader("Access-Control-Allow-Credentials"));
        Assert.assertNull(closeableHttpResponse.getFirstHeader("Access-Control-Allow-Origin"));
        Assert.assertNull(closeableHttpResponse.getFirstHeader("Access-Control-Expose-Headers"));
    }
}
