package org.keycloak.testsuite.saml;

import java.io.IOException;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.IdentityProviderCreator;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.IdentityProviderBuilder;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/saml/IdpInitiatedLoginTest.class */
public class IdpInitiatedLoginTest extends AbstractSamlTest {
    @Test
    public void testIdpInitiatedLoginPost() {
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
            Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            Assert.assertThat(((ResponseType) sAML2Object).getDestination(), org.hamcrest.Matchers.is(SAML_ASSERTION_CONSUMER_URL_SALES_POST));
            return null;
        }).build().execute();
    }

    @Test
    public void testIdpInitiatedLoginPostAdminUrl() throws IOException {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAdminUrl((String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml_assertion_consumer_url_post")).setAttribute("saml_assertion_consumer_url_post", (String) null).setAttribute("saml_assertion_consumer_url_redirect", (String) null).update();
        Throwable th = null;
        try {
            try {
                new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
                    Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
                    Assert.assertThat(((ResponseType) sAML2Object).getDestination(), org.hamcrest.Matchers.is(SAML_ASSERTION_CONSUMER_URL_SALES_POST));
                    return null;
                }).build().execute();
                if (update != null) {
                    if (0 == 0) {
                        update.close();
                        return;
                    }
                    try {
                        update.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (update != null) {
                if (th != null) {
                    try {
                        update.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    update.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testIdpInitiatedLoginRedirect() throws IOException {
        ServerResourceUpdater update = ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).setAttribute("saml_assertion_consumer_url_post", (String) null).setAttribute("saml_assertion_consumer_url_redirect", (String) ((ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0)).getAttributes().get("saml_assertion_consumer_url_post")).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.REDIRECT).transformObject(sAML2Object -> {
                Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
                Assert.assertThat(((ResponseType) sAML2Object).getDestination(), org.hamcrest.Matchers.is(SAML_ASSERTION_CONSUMER_URL_SALES_POST));
                return null;
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testTwoConsequentIdpInitiatedLogins() {
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object -> {
            Assert.assertThat(sAML2Object, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            Assert.assertThat(((ResponseType) sAML2Object).getDestination(), org.hamcrest.Matchers.is(SAML_ASSERTION_CONSUMER_URL_SALES_POST));
            return null;
        }).build().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post2").build().login().sso(true).build().processSamlResponse(SamlClient.Binding.POST).transformObject(sAML2Object2 -> {
            Assert.assertThat(sAML2Object2, Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
            Assert.assertThat(((ResponseType) sAML2Object2).getDestination(), org.hamcrest.Matchers.is(SAML_ASSERTION_CONSUMER_URL_SALES_POST2));
            return null;
        }).build().execute();
        UsersResource users = this.adminClient.realm(AbstractSamlTest.REALM_NAME).users();
        ClientsResource clients = this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients();
        List userSessions = users.get(((UserRepresentation) users.search(this.bburkeUser.getUsername()).stream().findFirst().get()).getId()).getUserSessions();
        Assert.assertThat(userSessions, org.hamcrest.Matchers.hasSize(1));
        Assert.assertThat((Set) ((UserSessionRepresentation) userSessions.get(0)).getClients().values().stream().flatMap(str -> {
            return clients.findByClientId(str).stream();
        }).map((v0) -> {
            return v0.getClientId();
        }).collect(Collectors.toSet()), org.hamcrest.Matchers.containsInAnyOrder(new String[]{AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, AbstractSamlTest.SAML_CLIENT_ID_SALES_POST2}));
    }

    @Test
    public void testIdpInitiatedLoginWithOIDCClient() {
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().findByClientId(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).get(0);
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().get(clientRepresentation.getId()).update(ClientBuilder.edit(clientRepresentation).protocol("openid-connect").build());
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().execute(closeableHttpResponse -> {
            Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.BAD_REQUEST));
            Assert.assertThat(closeableHttpResponse, Matchers.bodyHC(org.hamcrest.Matchers.containsString("Wrong client protocol.")));
        });
        this.adminClient.realm(AbstractSamlTest.REALM_NAME).clients().get(clientRepresentation.getId()).update(ClientBuilder.edit(clientRepresentation).protocol("saml").build());
    }

    @Test
    public void testSamlPostBindingPageLogin() {
        new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().user(this.bburkeUser).build().execute(closeableHttpResponse -> {
            Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.OK));
            Assert.assertThat(closeableHttpResponse, Matchers.bodyHC(org.hamcrest.Matchers.allOf(org.hamcrest.Matchers.containsString("Redirecting, please wait."), org.hamcrest.Matchers.containsString("<input type=\"hidden\" name=\"SAMLResponse\""), org.hamcrest.Matchers.containsString("<h1 id=\"kc-page-title\">"))));
        });
    }

    @Test
    public void testSamlPostBindingPageIdP() throws Exception {
        IdentityProviderCreator identityProviderCreator = new IdentityProviderCreator(this.adminClient.realm(AbstractSamlTest.REALM_NAME), IdentityProviderBuilder.create().alias("saml-idp").providerId("saml").setAttribute("singleSignOnServiceUrl", "https://saml-idp-sso-service/").setAttribute("postBindingAuthnRequest", "true").build());
        Throwable th = null;
        try {
            new SamlClientBuilder().idpInitiatedLogin(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), "sales-post").build().login().idp("saml-idp").build().execute(closeableHttpResponse -> {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.OK));
                Assert.assertThat(closeableHttpResponse, Matchers.bodyHC(org.hamcrest.Matchers.allOf(org.hamcrest.Matchers.containsString("Redirecting, please wait."), org.hamcrest.Matchers.containsString("<input type=\"hidden\" name=\"SAMLRequest\""), org.hamcrest.Matchers.containsString("<h1 id=\"kc-page-title\">"))));
            });
            if (identityProviderCreator != null) {
                if (0 == 0) {
                    identityProviderCreator.close();
                    return;
                }
                try {
                    identityProviderCreator.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (identityProviderCreator != null) {
                if (0 != 0) {
                    try {
                        identityProviderCreator.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    identityProviderCreator.close();
                }
            }
            throw th3;
        }
    }
}
