package org.keycloak.testsuite.adapter.servlet;

import java.io.IOException;
import java.io.InputStream;
import java.nio.charset.Charset;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.common.util.StreamUtil;
import org.keycloak.common.util.Time;
import org.keycloak.keys.KeyProvider;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.adapter.filter.AdapterActionsFilter;
import org.keycloak.testsuite.adapter.page.CustomerDb;
import org.keycloak.testsuite.adapter.page.SecurePortal;
import org.keycloak.testsuite.adapter.page.TokenMinTTLPage;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainer;
import org.keycloak.testsuite.arquillian.annotation.AppServerContainers;
import org.keycloak.testsuite.auth.page.login.PageWithLoginUrl;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.saml.AbstractSamlTest;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;

@AppServerContainers({@AppServerContainer("app-server-undertow"), @AppServerContainer("app-server-wildfly"), @AppServerContainer("app-server-wildfly-deprecated"), @AppServerContainer("app-server-eap"), @AppServerContainer("app-server-eap6"), @AppServerContainer("app-server-eap71")})
/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/OIDCPublicKeyRotationAdapterTest.class */
public class OIDCPublicKeyRotationAdapterTest extends AbstractServletsAdapterTest {

    @Page
    private SecurePortal securePortal;

    @Page
    private TokenMinTTLPage tokenMinTTLPage;

    @Page
    private CustomerDb customerDb;

    @Deployment(name = "secure-portal")
    protected static WebArchive securePortal() {
        return servletDeployment("secure-portal", CallAuthenticatedServlet.class);
    }

    @Deployment(name = "token-min-ttl")
    protected static WebArchive tokenMinTTLPage() {
        return servletDeployment("token-min-ttl", AdapterActionsFilter.class, AbstractShowTokensServlet.class, TokenMinTTLServlet.class, ErrorServlet.class);
    }

    @Deployment(name = "customer-db")
    protected static WebArchive customerDb() {
        return servletDeployment("customer-db", AdapterActionsFilter.class, CustomerDatabaseServlet.class);
    }

    @Before
    public void beforeRotationAdapterTest() {
        this.tokenMinTTLPage.navigateTo();
        this.driver.manage().deleteAllCookies();
    }

    @Test
    public void testRealmKeyRotationWithNewKeyDownload() throws Exception {
        loginToTokenMinTtlApp();
        String uri = OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.tokenMinTTLPage.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString();
        this.driver.navigate().to(uri);
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        generateNewRealmKey();
        this.tokenMinTTLPage.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlStartsWith(this.tokenMinTTLPage.getInjectedUrl().toString());
        Assert.assertNull(this.tokenMinTTLPage.getAccessToken());
        this.driver.navigate().to(uri);
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        setAdapterAndServerTimeOffset(300, this.tokenMinTTLPage.toString() + "/unsecured/foo");
        loginToTokenMinTtlApp();
        this.driver.navigate().to(uri);
        resetKeycloakDeploymentForAdapter(this.tokenMinTTLPage.toString() + "/unsecured/foo");
    }

    @Test
    public void testClientWithJwksUri() throws Exception {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(testRealmResource(), "secure-portal");
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(representation);
        fromClientRepresentation.setUseJwksUrl(true);
        fromClientRepresentation.setJwksUrl(this.securePortal + "/bad-jwks-url");
        findClientResourceByClientId.update(representation);
        this.securePortal.navigateTo();
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        String pageSource = this.driver.getPageSource();
        URLAssert.assertCurrentUrlStartsWith((AbstractPage) this.securePortal);
        Assert.assertFalse(pageSource.contains("Bill Burke") && pageSource.contains("Stian Thorgersen"));
        ClientRepresentation representation2 = findClientResourceByClientId.toRepresentation();
        OIDCAdvancedConfigWrapper fromClientRepresentation2 = OIDCAdvancedConfigWrapper.fromClientRepresentation(representation2);
        fromClientRepresentation2.setUseJwksUrl(true);
        fromClientRepresentation2.setJwksUrl(this.securePortal + "/k_jwks");
        findClientResourceByClientId.update(representation2);
        this.securePortal.navigateTo();
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.securePortal);
        String pageSource2 = this.driver.getPageSource();
        Assert.assertTrue(pageSource2.contains("Bill Burke") && pageSource2.contains("Stian Thorgersen"));
        this.driver.navigate().to(OIDCLoginProtocolService.logoutUrl(this.authServerPage.createUriBuilder()).queryParam("redirect_uri", new Object[]{this.securePortal.toString()}).build(new Object[]{AbstractSamlTest.REALM_NAME}).toString());
    }

    @Test
    public void testPublicKeyCacheTtl() {
        RealmRepresentation representation = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation();
        representation.setAccessTokenLifespan(1200);
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        loginToTokenMinTtlApp();
        String accessTokenString = this.tokenMinTTLPage.getAccessTokenString();
        Assert.assertEquals(200L, invokeRESTEndpoint(accessTokenString));
        String activeKeyProvider = getActiveKeyProvider();
        generateNewRealmKey();
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).components().component(activeKeyProvider).remove();
        Assert.assertEquals(200L, invokeRESTEndpoint(accessTokenString));
        setAdapterAndServerTimeOffset(900, this.customerDb.toString() + "/unsecured/foo");
        Assert.assertEquals(401L, invokeRESTEndpoint(accessTokenString));
        resetKeycloakDeploymentForAdapter(this.customerDb.toString() + "/unsecured/foo");
        resetKeycloakDeploymentForAdapter(this.tokenMinTTLPage.toString() + "/unsecured/foo");
    }

    @Test
    public void testPublicKeyCacheInvalidatedWhenPushedNotBefore() {
        this.driver.manage().timeouts().pageLoadTimeout(1000L, TimeUnit.SECONDS);
        String aSCIIString = this.customerDb.getUriBuilder().clone().path("unsecured").path("foo").build(new Object[0]).toASCIIString();
        String aSCIIString2 = this.customerDb.getUriBuilder().build(new Object[0]).toASCIIString();
        String substring = aSCIIString2.substring(0, aSCIIString2.length() - 1);
        String aSCIIString3 = this.tokenMinTTLPage.getUriBuilder().clone().path("unsecured").path("foo").build(new Object[0]).toASCIIString();
        RealmRepresentation representation = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation();
        representation.setAccessTokenLifespan(1200);
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        loginToTokenMinTtlApp();
        String accessTokenString = this.tokenMinTTLPage.getAccessTokenString();
        String activeKeyProvider = getActiveKeyProvider();
        generateNewRealmKey();
        Assert.assertEquals(200L, invokeRESTEndpoint(accessTokenString));
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).components().component(activeKeyProvider).remove();
        setAdapterAndServerTimeOffset(130, aSCIIString, aSCIIString3);
        representation.setNotBefore(Integer.valueOf(Time.currentTime() - 1));
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        Assert.assertTrue(this.adminClient.realm(AbstractSamlTest.REALM_NAME).pushRevocation().getSuccessRequests().contains(substring));
        Assert.assertEquals(401L, invokeRESTEndpoint(accessTokenString));
        resetKeycloakDeploymentForAdapter(aSCIIString);
        resetKeycloakDeploymentForAdapter(aSCIIString3);
    }

    private void loginToTokenMinTtlApp() {
        this.tokenMinTTLPage.navigateTo();
        Assert.assertTrue(this.testRealmLoginPage.form().isUsernamePresent());
        URLAssert.assertCurrentUrlStartsWithLoginUrlOf((PageWithLoginUrl) this.testRealmPage);
        this.testRealmLoginPage.form().login("bburke@redhat.com", "password");
        URLAssert.assertCurrentUrlEquals((AbstractPage) this.tokenMinTTLPage);
        Assert.assertEquals("bburke@redhat.com", this.tokenMinTTLPage.getAccessToken().getPreferredUsername());
    }

    private void generateNewRealmKey() {
        String id = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation().getId();
        ComponentRepresentation componentRepresentation = new ComponentRepresentation();
        componentRepresentation.setName("generated");
        componentRepresentation.setProviderType(KeyProvider.class.getName());
        componentRepresentation.setProviderId("rsa-generated");
        componentRepresentation.setParentId(id);
        componentRepresentation.setConfig(new MultivaluedHashMap());
        componentRepresentation.getConfig().putSingle("priority", "150");
        Response add = this.adminClient.realm(AbstractSamlTest.REALM_NAME).components().add(componentRepresentation);
        Assert.assertEquals(201L, add.getStatus());
        add.close();
    }

    private String getActiveKeyProvider() {
        KeysMetadataRepresentation keyMetadata = this.adminClient.realm(AbstractSamlTest.REALM_NAME).keys().getKeyMetadata();
        String str = (String) keyMetadata.getActive().get("RS256");
        for (KeysMetadataRepresentation.KeyMetadataRepresentation keyMetadataRepresentation : keyMetadata.getKeys()) {
            if (keyMetadataRepresentation.getKid().equals(str)) {
                return keyMetadataRepresentation.getProviderId();
            }
        }
        return null;
    }

    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r7v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.calculateFromBounds(FixTypesVisitor.java:156)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.setBestType(FixTypesVisitor.java:133)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.deduceType(FixTypesVisitor.java:238)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.tryDeduceTypes(FixTypesVisitor.java:221)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Failed to calculate best type for var: r8v0 ??
    java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.InsnArg.getType()" because "changeArg" is null
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.moveListener(TypeUpdate.java:439)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.runListeners(TypeUpdate.java:232)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.requestUpdate(TypeUpdate.java:212)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeForSsaVar(TypeUpdate.java:183)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.updateTypeChecked(TypeUpdate.java:112)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:83)
    	at jadx.core.dex.visitors.typeinference.TypeUpdate.apply(TypeUpdate.java:56)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.calculateFromBounds(TypeInferenceVisitor.java:145)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.setBestType(TypeInferenceVisitor.java:123)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.lambda$runTypePropagation$2(TypeInferenceVisitor.java:101)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.runTypePropagation(TypeInferenceVisitor.java:101)
    	at jadx.core.dex.visitors.typeinference.TypeInferenceVisitor.visit(TypeInferenceVisitor.java:75)
     */
    /* JADX WARN: Multi-variable type inference failed. Error: java.lang.NullPointerException: Cannot invoke "jadx.core.dex.instructions.args.RegisterArg.getSVar()" because the return value of "jadx.core.dex.nodes.InsnNode.getResult()" is null
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.collectRelatedVars(AbstractTypeConstraint.java:31)
    	at jadx.core.dex.visitors.typeinference.AbstractTypeConstraint.<init>(AbstractTypeConstraint.java:19)
    	at jadx.core.dex.visitors.typeinference.TypeSearch$1.<init>(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeMoveConstraint(TypeSearch.java:376)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.makeConstraint(TypeSearch.java:361)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.collectConstraints(TypeSearch.java:341)
    	at java.base/java.util.ArrayList.forEach(ArrayList.java:1596)
    	at jadx.core.dex.visitors.typeinference.TypeSearch.run(TypeSearch.java:60)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.runMultiVariableSearch(FixTypesVisitor.java:116)
    	at jadx.core.dex.visitors.typeinference.FixTypesVisitor.visit(FixTypesVisitor.java:91)
     */
    /* JADX WARN: Not initialized variable reg: 7, insn: 0x0146: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r7 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) A[TRY_LEAVE], block:B:79:0x0146 */
    /* JADX WARN: Not initialized variable reg: 8, insn: 0x014a: MOVE (r0 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]) = (r8 I:??[int, float, boolean, short, byte, char, OBJECT, ARRAY]), block:B:81:0x014a */
    /* JADX WARN: Type inference failed for: r7v0, types: [org.apache.http.impl.client.CloseableHttpClient] */
    /* JADX WARN: Type inference failed for: r8v0, types: [java.lang.Throwable] */
    private int invokeRESTEndpoint(String str) {
        try {
            try {
                CloseableHttpClient build = HttpClientBuilder.create().build();
                Throwable th = null;
                HttpGet httpGet = new HttpGet(this.customerDb.toString());
                httpGet.addHeader("Authorization", "Bearer " + str);
                try {
                    CloseableHttpResponse execute = build.execute(httpGet);
                    int statusCode = execute.getStatusLine().getStatusCode();
                    if (statusCode != 200) {
                        if (build != null) {
                            if (0 != 0) {
                                try {
                                    build.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                build.close();
                            }
                        }
                        return statusCode;
                    }
                    InputStream content = execute.getEntity().getContent();
                    Throwable th3 = null;
                    try {
                        try {
                            String readString = StreamUtil.readString(content, Charset.forName("UTF-8"));
                            Assert.assertTrue(readString.contains("Stian Thorgersen") && readString.contains("Bill Burke"));
                            if (content != null) {
                                if (0 != 0) {
                                    try {
                                        content.close();
                                    } catch (Throwable th4) {
                                        th3.addSuppressed(th4);
                                    }
                                } else {
                                    content.close();
                                }
                            }
                            if (build != null) {
                                if (0 != 0) {
                                    try {
                                        build.close();
                                    } catch (Throwable th5) {
                                        th.addSuppressed(th5);
                                    }
                                } else {
                                    build.close();
                                }
                            }
                            return statusCode;
                        } finally {
                        }
                    } catch (Throwable th6) {
                        if (content != null) {
                            if (th3 != null) {
                                try {
                                    content.close();
                                } catch (Throwable th7) {
                                    th3.addSuppressed(th7);
                                }
                            } else {
                                content.close();
                            }
                        }
                        throw th6;
                    }
                } catch (IOException e) {
                    throw new RuntimeException(e);
                }
            } catch (IOException e2) {
                throw new RuntimeException(e2);
            }
            throw new RuntimeException(e2);
        } finally {
        }
    }

    private void resetKeycloakDeploymentForAdapter(String str) {
        this.driver.navigate().to(UriBuilder.fromUri(str).queryParam("resetDeployment", new Object[]{"true"}).build(new Object[0]).toString());
        WaitUtils.waitUntilElement(By.tagName("body")).is().visible();
    }
}
