package org.keycloak.testsuite.broker;

import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.saml.processing.core.saml.v2.util.XMLTimeUtil;
import org.keycloak.testsuite.util.Matchers;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcSamlBrokerSessionNotOnOrAfterTest.class */
public class KcSamlBrokerSessionNotOnOrAfterTest extends AbstractBrokerTest {
    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcSamlBrokerConfiguration.INSTANCE;
    }

    @Test
    public void testConsumerIdpInitiatedLoginContainsSessionNotOnOrAfter() throws Exception {
        SAMLDocumentHolder samlResponse = new SamlClientBuilder().idpInitiatedLogin(getConsumerSamlEndpoint("consumer"), "sales-post").build().login().idp("kc-saml-idp").build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().build().login().user("testuser", "password").build().processSamlResponse(SamlClient.Binding.POST).build().updateProfile().username("testuser").email("user@localhost.com").firstName("Firstname").lastName("Lastname").build().followOneRedirect().getSamlResponse(SamlClient.Binding.POST);
        Assert.assertThat(samlResponse.getSamlObject(), Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        AuthnStatementType authnStatementType = (AuthnStatementType) ((ResponseType.RTChoiceType) samlResponse.getSamlObject().getAssertions().get(0)).getAssertion().getStatements().stream().filter(statementAbstractType -> {
            return statementAbstractType instanceof AuthnStatementType;
        }).map(statementAbstractType2 -> {
            return (AuthnStatementType) statementAbstractType2;
        }).findFirst().orElse(null);
        Assert.assertThat(authnStatementType, org.hamcrest.Matchers.notNullValue());
        Assert.assertThat(authnStatementType.getSessionNotOnOrAfter(), org.hamcrest.Matchers.notNullValue());
        Assert.assertThat(authnStatementType.getSessionNotOnOrAfter(), org.hamcrest.Matchers.is(XMLTimeUtil.add(authnStatementType.getAuthnInstant(), this.adminClient.realm("consumer").toRepresentation().getSsoSessionMaxLifespan().intValue() * 1000)));
    }
}
