package org.keycloak.testsuite.ssl;

import org.junit.Assume;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.util.ServerURLs;

/* loaded from: input_file:org/keycloak/testsuite/ssl/TLSTest.class */
public class TLSTest extends AbstractTestRealmKeycloakTest {
    public static final String AUTH_SERVER_ROOT_WITHOUT_TLS = "http://localhost:" + System.getProperty("auth.server.http.port", "8180") + "/auth";

    @BeforeClass
    public static void checkIfTLSIsTurnedOn() {
        Assume.assumeTrue(ServerURLs.AUTH_SERVER_SSL_REQUIRED);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    protected boolean modifyRealmForSSL() {
        return false;
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        realmRepresentation.setSslRequired(SslRequired.NONE.toString());
    }

    @Test
    public void testTurningTLSOn() throws Exception {
        this.oauth.baseUrl(AUTH_SERVER_ROOT_WITHOUT_TLS);
        Assert.assertTrue(this.oauth.doWellKnownRequest("test").getAuthorizationEndpoint().startsWith(AUTH_SERVER_ROOT_WITHOUT_TLS));
    }

    @Test
    public void testSSLAlwaysRequired() throws Exception {
        RealmRepresentation representation = testRealm().toRepresentation();
        String sslRequired = representation.getSslRequired();
        representation.setSslRequired(SslRequired.ALL.toString());
        testRealm().update(representation);
        this.oauth.baseUrl(AUTH_SERVER_ROOT_WITHOUT_TLS);
        OIDCConfigurationRepresentation doWellKnownRequest = this.oauth.doWellKnownRequest("test");
        Assert.assertNull(doWellKnownRequest.getAuthorizationEndpoint());
        Assert.assertEquals("HTTPS required", doWellKnownRequest.getOtherClaims().get("error_description"));
        try {
            this.oauth.doCertsRequest("test");
            Assert.fail("This should not be successful");
        } catch (Exception e) {
        }
        representation.setSslRequired(sslRequired);
        testRealm().update(representation);
    }
}
