package org.keycloak.testsuite.adapter.servlet;

import java.util.List;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.adapters.rotation.PublicKeyLocator;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.adapter.page.SalesPostClockSkewServlet;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.utils.io.IOUtil;

@AppServerContainers({@AppServerContainer("app-server-undertow"), @AppServerContainer("app-server-wildfly"), @AppServerContainer("app-server-wildfly-deprecated"), @AppServerContainer("app-server-eap"), @AppServerContainer("app-server-eap6"), @AppServerContainer("app-server-eap71"), @AppServerContainer("app-server-jetty92"), @AppServerContainer("app-server-jetty93"), @AppServerContainer("app-server-jetty94")})
/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/SAMLClockSkewAdapterTest.class */
public class SAMLClockSkewAdapterTest extends AbstractSAMLServletAdapterTest {

    @Page
    protected SalesPostClockSkewServlet salesPostClockSkewServletPage;
    private static final String DEPLOYMENT_NAME_3_SEC = "sales-post-clock-skew_3Sec";
    private static final String DEPLOYMENT_NAME_30_SEC = "sales-post-clock-skew_30Sec";

    @ArquillianResource
    private Deployer deployer;

    @Deployment(name = DEPLOYMENT_NAME_3_SEC, managed = false)
    protected static WebArchive salesPostClockSkewServlet3Sec() {
        return samlServletDeployment("sales-post-clock-skew", DEPLOYMENT_NAME_3_SEC, "sales-post-clock-skew/WEB-INF/web.xml", 3, AdapterActionsFilter.class, PublicKeyLocator.class, SendUsernameServlet.class);
    }

    @Deployment(name = DEPLOYMENT_NAME_30_SEC, managed = false)
    protected static WebArchive salesPostClockSkewServlet30Sec() {
        return samlServletDeployment("sales-post-clock-skew", DEPLOYMENT_NAME_30_SEC, "sales-post-clock-skew/WEB-INF/web.xml", 30, AdapterActionsFilter.class, PublicKeyLocator.class, SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-clock-skew", managed = false)
    protected static WebArchive salesPostClockSkewServlet5Sec() {
        return samlServletDeployment("sales-post-clock-skew", "sales-post-clock-skew/WEB-INF/web.xml", 5, AdapterActionsFilter.class, PublicKeyLocator.class, SendUsernameServlet.class);
    }

    @Override // org.keycloak.testsuite.adapter.servlet.AbstractSAMLServletAdapterTest, org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.adapter.AbstractAdapterTest
    public void addAdapterTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm("/adapter-test/keycloak-saml/testsaml.json"));
    }

    private void assertOutcome(int i, Matcher matcher) throws Exception {
        try {
            Assert.assertThat((String) new SamlClientBuilder().navigateTo(this.salesPostClockSkewServletPage.toString()).processSamlResponse(SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformDocument(document -> {
                setAdapterAndServerTimeOffset(i, this.salesPostClockSkewServletPage.toString());
                return document;
            }).build().executeAndTransform(closeableHttpResponse -> {
                return EntityUtils.toString(closeableHttpResponse.getEntity());
            }), matcher);
            setAdapterAndServerTimeOffset(0, this.salesPostClockSkewServletPage.toString());
        } catch (Throwable th) {
            setAdapterAndServerTimeOffset(0, this.salesPostClockSkewServletPage.toString());
            throw th;
        }
    }

    private void assertTokenIsNotValid(int i) throws Exception {
        this.deployer.deploy(DEPLOYMENT_NAME_3_SEC);
        try {
            assertOutcome(i, Matchers.allOf(Matchers.not(Matchers.containsString("request-path: principal=bburke")), Matchers.containsString("SAMLRequest"), Matchers.containsString("FORM METHOD=\"POST\"")));
        } finally {
            this.deployer.undeploy(DEPLOYMENT_NAME_3_SEC);
        }
    }

    @Test
    public void testTokenHasExpired() throws Exception {
        assertTokenIsNotValid(65);
    }

    @Test
    public void testTokenIsNotYetValid() throws Exception {
        assertTokenIsNotValid(-65);
    }

    @Test
    public void testTokenTimeIsValid() throws Exception {
        this.deployer.deploy(DEPLOYMENT_NAME_30_SEC);
        try {
            assertOutcome(-10, Matchers.allOf(Matchers.containsString("request-path:"), Matchers.containsString("principal=bburke")));
        } finally {
            this.deployer.undeploy(DEPLOYMENT_NAME_30_SEC);
        }
    }

    @Test
    @AppServerContainers({@AppServerContainer("app-server-tomcat7"), @AppServerContainer("app-server-tomcat8"), @AppServerContainer("app-server-tomcat9"), @AppServerContainer(value = "app-server-undertow", skip = true), @AppServerContainer(value = "app-server-wildfly", skip = true), @AppServerContainer(value = "app-server-wildfly-deprecated", skip = true), @AppServerContainer(value = "app-server-eap", skip = true), @AppServerContainer(value = "app-server-eap6", skip = true), @AppServerContainer(value = "app-server-eap71", skip = true), @AppServerContainer(value = "app-server-jetty92", skip = true), @AppServerContainer(value = "app-server-jetty93", skip = true), @AppServerContainer(value = "app-server-jetty94", skip = true)})
    public void testClockSkewTomcat() throws Exception {
        this.deployer.deploy("sales-post-clock-skew");
        try {
            assertOutcome(-4, Matchers.allOf(Matchers.containsString("request-path:"), Matchers.containsString("principal=bburke")));
            assertTokenIsNotValid(65);
            assertTokenIsNotValid(-65);
        } finally {
            this.deployer.undeploy("sales-post-clock-skew");
        }
    }
}
