package org.keycloak.testsuite.saml;

import java.net.URI;
import java.util.HashMap;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.util.EntityUtils;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.saml.SAML2LogoutRequestBuilder;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ReverseProxy;
import org.keycloak.testsuite.util.SamlClient;
import org.w3c.dom.Document;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/saml/SamlReverseProxyTest.class */
public class SamlReverseProxyTest extends AbstractSamlTest {

    @ClassRule
    public static ReverseProxy proxy = new ReverseProxy();

    @Test
    public void testAuthnRequestWithReverseProxy() throws Exception {
        Document convert = SAML2Request.convert(SamlClient.createLoginRequestDocument(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST, SAML_ASSERTION_CONSUMER_URL_SALES_POST, buildSamlProtocolUrl(proxy.getUrl())));
        testSendSamlRequest(convert, Response.Status.BAD_REQUEST, Matchers.containsString("Invalid Request"));
        RealmRepresentation representation = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation();
        try {
            if (representation.getAttributes() == null) {
                representation.setAttributes(new HashMap());
            }
            representation.getAttributes().put("frontendUrl", proxy.getUrl());
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
            testSendSamlRequest(convert, Response.Status.OK, Matchers.containsString("login"));
        } finally {
            representation.getAttributes().remove("frontendUrl");
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        }
    }

    @Test
    public void testLogoutRequestWithReverseProxy() throws Exception {
        Document buildDocument = new SAML2LogoutRequestBuilder().destination(buildSamlProtocolUrl(proxy.getUrl()).toString()).issuer(AbstractSamlTest.SAML_CLIENT_ID_SALES_POST).buildDocument();
        testSendSamlRequest(buildDocument, Response.Status.BAD_REQUEST, Matchers.containsString("Invalid Request"));
        RealmRepresentation representation = this.adminClient.realm(AbstractSamlTest.REALM_NAME).toRepresentation();
        try {
            if (representation.getAttributes() == null) {
                representation.setAttributes(new HashMap());
            }
            representation.getAttributes().put("frontendUrl", proxy.getUrl());
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
            testSendSamlRequest(buildDocument, Response.Status.OK, Matchers.containsString("login"));
        } finally {
            representation.getAttributes().remove("frontendUrl");
            this.adminClient.realm(AbstractSamlTest.REALM_NAME).update(representation);
        }
    }

    private void testSendSamlRequest(Document document, Response.Status status, Matcher<String> matcher) throws Exception {
        HttpUriRequest createSamlUnsignedRequest = SamlClient.Binding.POST.createSamlUnsignedRequest(buildSamlProtocolUrl(proxy.getUrl()), (String) null, document);
        CloseableHttpClient build = HttpClientBuilder.create().setSSLHostnameVerifier((str, sSLSession) -> {
            return true;
        }).setRedirectStrategy(new SamlClient.RedirectStrategyWithSwitchableFollowRedirect()).build();
        Throwable th = null;
        try {
            CloseableHttpResponse execute = build.execute(createSamlUnsignedRequest);
            Throwable th2 = null;
            try {
                try {
                    Assert.assertThat(execute, org.keycloak.testsuite.util.Matchers.statusCodeIsHC(status));
                    Assert.assertThat(EntityUtils.toString(execute.getEntity(), "UTF-8"), matcher);
                    if (execute != null) {
                        if (0 != 0) {
                            try {
                                execute.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            execute.close();
                        }
                    }
                    if (build != null) {
                        if (0 == 0) {
                            build.close();
                            return;
                        }
                        try {
                            build.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (execute != null) {
                    if (th2 != null) {
                        try {
                            execute.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        execute.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    build.close();
                }
            }
            throw th8;
        }
    }

    private URI buildSamlProtocolUrl(String str) {
        return RealmsResource.protocolUrl(UriBuilder.fromUri(str)).build(new Object[]{AbstractSamlTest.REALM_NAME, "saml"});
    }
}
