package org.keycloak.testsuite.saml;

import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.util.concurrent.atomic.AtomicReference;
import javax.ws.rs.core.Response;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.dom.saml.v2.assertion.AuthnStatementType;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.keycloak.testsuite.util.saml.CreateLogoutRequestStepBuilder;

/* loaded from: input_file:org/keycloak/testsuite/saml/SOAPBindingTest.class */
public class SOAPBindingTest extends AbstractSamlTest {
    @Test
    public void soapBindingAuthnWithSignatureTest() {
        SamlClientBuilder build = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(this.bburkeUser).build();
        SamlClient.Binding binding = SamlClient.Binding.SOAP;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
    }

    @Test
    public void soapBindingAuthnWithSignatureMissingDestinationTest() {
        SamlClientBuilder build = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).transformObject(authnRequestType -> {
            authnRequestType.setDestination((URI) null);
            return authnRequestType;
        }).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).basicAuthentication(this.bburkeUser).build();
        SamlClient.Binding binding = SamlClient.Binding.SOAP;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
    }

    @Test
    public void soapBindingAuthnWithoutSignatureTest() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        SamlClientBuilder build = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).basicAuthentication(this.bburkeUser).build();
        SamlClient.Binding binding = SamlClient.Binding.SOAP;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
    }

    @Test
    public void soapBindingAuthnWithoutSignatureMissingDestinationTest() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        SamlClientBuilder build = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).transformObject(authnRequestType -> {
            authnRequestType.setDestination((URI) null);
            return authnRequestType;
        }).basicAuthentication(this.bburkeUser).build();
        SamlClient.Binding binding = SamlClient.Binding.SOAP;
        binding.getClass();
        SAMLDocumentHolder sAMLDocumentHolder = (SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse);
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject(), Matchers.instanceOf(ResponseType.class));
        MatcherAssert.assertThat(sAMLDocumentHolder.getSamlObject().getAssertions(), Matchers.not(Matchers.empty()));
    }

    @Test
    public void soapBindingLogoutWithSignature() {
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.POST).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SamlClient.Binding.SOAP);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SamlClientBuilder build = nameId.sessionIndex(atomicReference2::get).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build();
        SamlClient.Binding binding = SamlClient.Binding.POST;
        binding.getClass();
        MatcherAssert.assertThat(((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void soapBindingLogoutWithoutSignature() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SamlClient.Binding.SOAP);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SamlClientBuilder build = nameId.sessionIndex(atomicReference2::get).build();
        SamlClient.Binding binding = SamlClient.Binding.POST;
        binding.getClass();
        MatcherAssert.assertThat(((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void soapBindingLogoutWithSignatureMissingDestinationTest() {
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.POST).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SamlClient.Binding.SOAP);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SamlClientBuilder build = nameId.sessionIndex(atomicReference2::get).signWith(AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PRIVATE_KEY, AbstractSamlTest.SAML_CLIENT_SALES_POST_SIG_PUBLIC_KEY).transformObject(logoutRequestType -> {
            logoutRequestType.setDestination((URI) null);
            return logoutRequestType;
        }).build();
        SamlClient.Binding binding = SamlClient.Binding.POST;
        binding.getClass();
        MatcherAssert.assertThat(((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void soapBindingLogoutWithoutSignatureMissingDestinationTest() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        CreateLogoutRequestStepBuilder logoutRequest = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.POST).build().login().user(this.bburkeUser).build().processSamlResponse(SamlClient.Binding.POST).transformObject(this::extractNameIdAndSessionIndexAndTerminate).build().logoutRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SamlClient.Binding.SOAP);
        AtomicReference<NameIDType> atomicReference = this.nameIdRef;
        atomicReference.getClass();
        CreateLogoutRequestStepBuilder nameId = logoutRequest.nameId(atomicReference::get);
        AtomicReference<String> atomicReference2 = this.sessionIndexRef;
        atomicReference2.getClass();
        SamlClientBuilder build = nameId.sessionIndex(atomicReference2::get).transformObject(logoutRequestType -> {
            logoutRequestType.setDestination((URI) null);
            return logoutRequestType;
        }).build();
        SamlClient.Binding binding = SamlClient.Binding.POST;
        binding.getClass();
        MatcherAssert.assertThat(((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject(), Matchers.instanceOf(StatusResponseType.class));
    }

    @Test
    public void soapBindingIsNotPossibleForClientsWithSamlEcpFlowAttributeFalse() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.allow.ecp.flow", "false").setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).basicAuthentication(this.bburkeUser).build().execute(closeableHttpResponse -> {
            MatcherAssert.assertThat(closeableHttpResponse, org.keycloak.testsuite.util.Matchers.statusCodeIsHC(Response.Status.INTERNAL_SERVER_ERROR));
            try {
                MatcherAssert.assertThat(MessageFactory.newInstance().createMessage((MimeHeaders) null, closeableHttpResponse.getEntity().getContent()).getSOAPBody().getFault().getDetail().getValue(), Matchers.is(Matchers.equalTo("Client is not allowed to use ECP profile.")));
            } catch (Exception e) {
                throw new RuntimeException(e);
            }
        });
    }

    @Test
    public void ecpFlowCreatesTransientSessions() {
        getCleanup().addCleanup(ClientAttributeUpdater.forClient(this.adminClient, AbstractSamlTest.REALM_NAME, AbstractSamlTest.SAML_CLIENT_ID_ECP_SP).setAttribute("saml.server.signature", "false").setAttribute("saml.client.signature", "false").update());
        SamlClientBuilder build = new SamlClientBuilder().authnRequest(getAuthServerSamlEndpoint(AbstractSamlTest.REALM_NAME), AbstractSamlTest.SAML_CLIENT_ID_ECP_SP, SAML_ASSERTION_CONSUMER_URL_ECP_SP, SamlClient.Binding.SOAP).basicAuthentication(this.bburkeUser).build();
        SamlClient.Binding binding = SamlClient.Binding.SOAP;
        binding.getClass();
        ResponseType samlObject = ((SAMLDocumentHolder) build.executeAndTransform(binding::extractResponse)).getSamlObject();
        MatcherAssert.assertThat(samlObject, org.keycloak.testsuite.util.Matchers.isSamlResponse(JBossSAMLURIConstants.STATUS_SUCCESS));
        String str = ((AuthnStatementType) ((ResponseType.RTChoiceType) samlObject.getAssertions().get(0)).getAssertion().getStatements().iterator().next()).getSessionIndex().split("::")[0];
        this.testingClient.server().run(keycloakSession -> {
            MatcherAssert.assertThat(keycloakSession.sessions().getUserSession(keycloakSession.realms().getRealmByName(AbstractSamlTest.REALM_NAME), str), Matchers.nullValue());
        });
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1295278523:
                if (implMethodName.equals("lambda$ecpFlowCreatesTransientSessions$f456ecb2$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/saml/SOAPBindingTest") && serializedLambda.getImplMethodSignature().equals("(Ljava/lang/String;Lorg/keycloak/models/KeycloakSession;)V")) {
                    String str = (String) serializedLambda.getCapturedArg(0);
                    return keycloakSession -> {
                        MatcherAssert.assertThat(keycloakSession.sessions().getUserSession(keycloakSession.realms().getRealmByName(AbstractSamlTest.REALM_NAME), str), Matchers.nullValue());
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
