package org.keycloak.testsuite.cookies;

import java.io.IOException;
import java.util.Arrays;
import java.util.Calendar;
import java.util.Date;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.io.IOUtils;
import org.apache.http.Header;
import org.apache.http.client.CookieStore;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpRequestBase;
import org.apache.http.impl.client.BasicCookieStore;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.apache.http.impl.cookie.BasicClientCookie;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.protocol.HttpCoreContext;
import org.hamcrest.Matchers;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.After;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ActionURIUtils;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.cluster.AbstractFailoverClusterTest;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.UserBuilder;
import org.openqa.selenium.Cookie;

@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/cookies/CookiesPathTest.class */
public class CookiesPathTest extends AbstractKeycloakTest {

    @Page
    protected LoginPage loginPage;
    public static final String AUTH_SESSION_VALUE = "1869c345-2f90-4724-936d-a1a1ef41dea7";
    public static final String AUTH_SESSION_VALUE_NODE = "1869c345-2f90-4724-936d-a1a1ef41dea7.host";
    public static final String OLD_COOKIE_PATH = "/auth/realms/foo";
    private CloseableHttpClient httpClient = null;
    public static final String KC_RESTART = "KC_RESTART";
    private static final List<String> KEYCLOAK_COOKIE_NAMES = Arrays.asList(KC_RESTART, "AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE);

    @After
    public void closeHttpClient() throws IOException {
        if (this.httpClient != null) {
            this.httpClient.close();
        }
    }

    @Test
    public void testCookiesPath() {
        URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
        this.driver.manage().deleteAllCookies();
        Assert.assertTrue("There shouldn't be any cookies sent!", this.driver.manage().getCookies().isEmpty());
        this.driver.navigate().refresh();
        Set cookies = this.driver.manage().getCookies();
        Assert.assertTrue("There should be cookies sent!", cookies.size() > 0);
        cookies.stream().filter(cookie -> {
            return KEYCLOAK_COOKIE_NAMES.contains(cookie.getName());
        }).forEach(cookie2 -> {
            Assert.assertThat(cookie2.getPath(), Matchers.endsWith("/auth/realms/foo/"));
        });
        URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foobar/account");
        this.driver.manage().deleteAllCookies();
        Assert.assertTrue("There shouldn't be any cookies sent!", this.driver.manage().getCookies().isEmpty());
        URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foobar/account");
        Set cookies2 = this.driver.manage().getCookies();
        Assert.assertTrue("There should be cookies sent!", cookies2.size() > 0);
        cookies2.stream().filter(cookie3 -> {
            return KEYCLOAK_COOKIE_NAMES.contains(cookie3.getName());
        }).forEach(cookie4 -> {
            Assert.assertThat(cookie4.getPath(), Matchers.endsWith("/auth/realms/foobar/"));
        });
        URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
        Set cookies3 = this.driver.manage().getCookies();
        Assert.assertTrue("There should be cookies sent!", cookies3.size() > 0);
        cookies3.stream().filter(cookie5 -> {
            return KEYCLOAK_COOKIE_NAMES.contains(cookie5.getName());
        }).forEach(cookie6 -> {
            Assert.assertThat(cookie6.getPath(), Matchers.endsWith("/auth/realms/foo/"));
        });
    }

    @Test
    public void testMultipleCookies() throws IOException {
        String str = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 1);
        BasicClientCookie basicClientCookie = new BasicClientCookie("AUTH_SESSION_ID", AUTH_SESSION_VALUE);
        basicClientCookie.setDomain(ServerURLs.AUTH_SERVER_HOST);
        basicClientCookie.setPath(OLD_COOKIE_PATH);
        basicClientCookie.setExpiryDate(calendar.getTime());
        CookieStore correctCookies = getCorrectCookies(str);
        correctCookies.addCookie(basicClientCookie);
        Assert.assertThat(correctCookies.getCookies(), Matchers.hasSize(3));
        login(str, correctCookies);
        Assert.assertThat(correctCookies.getCookies().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()), Matchers.hasItems(new String[]{"AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE}));
        correctCookies.getCookies().stream().filter(cookie -> {
            return !"OAuth_Token_Request_State".equals(cookie.getName());
        }).map((v0) -> {
            return v0.getPath();
        }).forEach(str2 -> {
            Assert.assertThat(str2, Matchers.endsWith("/"));
        });
        Assert.assertThat(correctCookies.getCookies().stream().filter(cookie2 -> {
            return "AUTH_SESSION_ID".equals(cookie2.getName());
        }).findFirst().get().getValue(), Matchers.containsString(correctCookies.getCookies().stream().filter(cookie3 -> {
            return AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE.equals(cookie3.getName());
        }).findFirst().get().getValue().split("/")[2]));
    }

    @Test
    public void testOldCookieWithWrongPath() {
        ContainerAssume.assumeAuthServerSSL();
        Cookie cookie = new Cookie("AUTH_SESSION_ID", AUTH_SESSION_VALUE, (String) null, OLD_COOKIE_PATH, (Date) null, false, true);
        URLUtils.navigateToUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account");
        this.driver.manage().deleteAllCookies();
        this.driver.manage().addCookie(cookie);
        Assert.assertThat(this.driver.manage().getCookies(), Matchers.hasSize(1));
        this.oauth.realm("foo").redirectUri(OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account").clientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).openLoginForm();
        this.loginPage.login("foo", "password");
        Set set = (Set) this.driver.manage().getCookies().stream().filter(cookie2 -> {
            return KEYCLOAK_COOKIE_NAMES.contains(cookie2.getName());
        }).collect(Collectors.toSet());
        Assert.assertThat(set, Matchers.hasSize(3));
        set.stream().map((v0) -> {
            return v0.getPath();
        }).forEach(str -> {
            Assert.assertThat(str, Matchers.endsWith("/"));
        });
        Assert.assertThat(((Cookie) set.stream().filter(cookie3 -> {
            return "AUTH_SESSION_ID".equals(cookie3.getName());
        }).findFirst().get()).getValue(), Matchers.containsString(((Cookie) set.stream().filter(cookie4 -> {
            return AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE.equals(cookie4.getName());
        }).findFirst().get()).getValue().split("/")[2]));
    }

    @Test
    public void testOldCookieWithNodeInValue() throws IOException {
        String str = OAuthClient.AUTH_SERVER_ROOT + "/realms/foo/account";
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 1);
        BasicClientCookie basicClientCookie = new BasicClientCookie("AUTH_SESSION_ID", AUTH_SESSION_VALUE_NODE);
        basicClientCookie.setDomain(ServerURLs.AUTH_SERVER_HOST);
        basicClientCookie.setPath(OLD_COOKIE_PATH);
        basicClientCookie.setExpiryDate(calendar.getTime());
        CookieStore correctCookies = getCorrectCookies(str);
        correctCookies.addCookie(basicClientCookie);
        Assert.assertThat(correctCookies.getCookies(), Matchers.hasSize(3));
        login(str, correctCookies);
        Assert.assertThat(correctCookies.getCookies().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()), Matchers.hasItems(new String[]{"AUTH_SESSION_ID", "KEYCLOAK_IDENTITY", AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE}));
        correctCookies.getCookies().stream().filter(cookie -> {
            return !"OAuth_Token_Request_State".equals(cookie.getName());
        }).map((v0) -> {
            return v0.getPath();
        }).forEach(str2 -> {
            Assert.assertThat(str2, Matchers.endsWith("/"));
        });
        Assert.assertThat(correctCookies.getCookies().stream().filter(cookie2 -> {
            return "AUTH_SESSION_ID".equals(cookie2.getName());
        }).findFirst().get().getValue(), Matchers.containsString(correctCookies.getCookies().stream().filter(cookie3 -> {
            return AbstractFailoverClusterTest.KEYCLOAK_SESSION_COOKIE.equals(cookie3.getName());
        }).findFirst().get().getValue().split("/")[2]));
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmBuilder name = RealmBuilder.create().name("foo");
        name.user(UserBuilder.create().username("foo").password("password").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, AdminRoles.ADMIN).role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "view-profile").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account-links"));
        list.add(name.build());
        RealmBuilder name2 = RealmBuilder.create().name("foobar");
        name.user(UserBuilder.create().username("foobar").password("password").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, AdminRoles.ADMIN).role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "view-profile").role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account-links"));
        list.add(name2.build());
    }

    private CloseableHttpResponse sendRequest(HttpRequestBase httpRequestBase, CookieStore cookieStore, HttpCoreContext httpCoreContext) throws IOException {
        if (this.httpClient != null) {
            this.httpClient.close();
        }
        this.httpClient = HttpClientBuilder.create().setDefaultCookieStore(cookieStore).setRedirectStrategy(new LaxRedirectStrategy()).build();
        return this.httpClient.execute(httpRequestBase, httpCoreContext);
    }

    private CookieStore getCorrectCookies(String str) throws IOException {
        BasicCookieStore basicCookieStore = new BasicCookieStore();
        CloseableHttpResponse sendRequest = sendRequest(new HttpGet(str), new BasicCookieStore(), new HttpCoreContext());
        Throwable th = null;
        try {
            try {
                for (Header header : sendRequest.getHeaders("Set-Cookie")) {
                    if (header.getValue().contains("AUTH_SESSION_ID")) {
                        basicCookieStore.addCookie(parseCookie(header.getValue(), "AUTH_SESSION_ID"));
                    } else if (header.getValue().contains(KC_RESTART)) {
                        basicCookieStore.addCookie(parseCookie(header.getValue(), KC_RESTART));
                    }
                }
                if (sendRequest != null) {
                    if (0 != 0) {
                        try {
                            sendRequest.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        sendRequest.close();
                    }
                }
                return basicCookieStore;
            } finally {
            }
        } catch (Throwable th3) {
            if (sendRequest != null) {
                if (th != null) {
                    try {
                        sendRequest.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    sendRequest.close();
                }
            }
            throw th3;
        }
    }

    private BasicClientCookie parseCookie(String str, String str2) {
        Calendar calendar = Calendar.getInstance();
        calendar.add(6, 1);
        String str3 = "";
        String str4 = "";
        for (String str5 : str.split(";")) {
            if (str5.contains(str2)) {
                str4 = str5.split("=")[1];
            } else if (str5.contains("Path")) {
                str3 = str5.split("=")[1];
            }
        }
        BasicClientCookie basicClientCookie = new BasicClientCookie(str2, str4);
        basicClientCookie.setExpiryDate(calendar.getTime());
        basicClientCookie.setDomain(ServerURLs.AUTH_SERVER_HOST);
        basicClientCookie.setPath(str3);
        return basicClientCookie;
    }

    private void login(String str, CookieStore cookieStore) throws IOException {
        Throwable th;
        HttpCoreContext httpCoreContext = new HttpCoreContext();
        CloseableHttpResponse sendRequest = sendRequest(new HttpGet(str), cookieStore, httpCoreContext);
        Throwable th2 = null;
        try {
            try {
                String iOUtils = IOUtils.toString(sendRequest.getEntity().getContent(), "UTF-8");
                if (sendRequest != null) {
                    if (0 != 0) {
                        try {
                            sendRequest.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        sendRequest.close();
                    }
                }
                HttpPost httpPost = new HttpPost(ActionURIUtils.getActionURIFromPageSource(iOUtils));
                LinkedList linkedList = new LinkedList();
                linkedList.add(new BasicNameValuePair("username", "foo"));
                linkedList.add(new BasicNameValuePair("password", "password"));
                httpPost.setHeader("Content-Type", "application/x-www-form-urlencoded");
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList));
                sendRequest = sendRequest(httpPost, cookieStore, httpCoreContext);
                th = null;
            } catch (Throwable th4) {
                th2 = th4;
                throw th4;
            }
            try {
                try {
                    Assert.assertThat("Expected successful login.", Integer.valueOf(sendRequest.getStatusLine().getStatusCode()), Matchers.is(Matchers.equalTo(200)));
                    if (sendRequest != null) {
                        if (0 == 0) {
                            sendRequest.close();
                            return;
                        }
                        try {
                            sendRequest.close();
                        } catch (Throwable th5) {
                            th.addSuppressed(th5);
                        }
                    }
                } catch (Throwable th6) {
                    th = th6;
                    throw th6;
                }
            } finally {
            }
        } finally {
        }
    }
}
