package org.keycloak.testsuite.admin;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.nio.charset.Charset;
import java.nio.file.Files;
import java.nio.file.Paths;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.UUID;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.hamcrest.Matchers;
import org.jboss.resteasy.plugins.providers.multipart.MultipartFormDataOutput;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.common.enums.SslRequired;
import org.keycloak.dom.saml.v2.metadata.EndpointType;
import org.keycloak.dom.saml.v2.metadata.EntityDescriptorType;
import org.keycloak.dom.saml.v2.metadata.IndexedEndpointType;
import org.keycloak.dom.saml.v2.metadata.KeyDescriptorType;
import org.keycloak.dom.saml.v2.metadata.KeyTypes;
import org.keycloak.dom.saml.v2.metadata.SPSSODescriptorType;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.models.utils.StripSecretsUtils;
import org.keycloak.representations.idm.AdminEventRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderMapperTypeRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.broker.OIDCIdentityProviderConfigRep;
import org.keycloak.testsuite.broker.OidcBackchannelLogoutBrokerConfiguration;
import org.keycloak.testsuite.updaters.RealmAttributeUpdater;
import org.keycloak.testsuite.updaters.ServerResourceUpdater;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.OAuthClient;

/* loaded from: input_file:org/keycloak/testsuite/admin/IdentityProviderTest.class */
public class IdentityProviderTest extends AbstractAdminTest {
    private static final String SIGNING_CERT_1 = "MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc=";
    private static final String SIGNING_CERT_2 = "MIIBnDCCAQUCBgFYKXKsPTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlzYW1sLWRlbW8wHhcNMTYxMTAzMDkwNzEwWhcNMjYxMTAzMDkwODUwWjAUMRIwEAYDVQQDDAlzYW1sLWRlbW8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtWsK5O0CtuBpnMvWG+HTG0vmZzujQ2o9WdheQu+BzCILcGMsbDW0YQaglpcO5JpGWWhubnckGGPHfdQ2/7nP9QwbiTK0FbGF41UqcvoaCqU1psxoV88s8IXyQCAqeyLv00yj6foqdJjxh5SZ5z+na+M7Y2OxIBVxYRAxWEnfUvAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAhetvOU8TyqfZF5jpv0IcrviLl/DoFrbjByeHR+pu/vClcAOjL/u7oQELuuTfNsBI4tpexUj5G8q/YbEz0gk7idfLXrAUVcsR73oTngrhRfwUSmPrjjK0kjcRb6HL9V/+wh3R/6mEd59U08ExT8N38rhmn0CI3ehMdebReprP7U8=";

    @Test
    public void testFindAll() {
        create(createRep("google", "google"));
        create(createRep("facebook", "facebook"));
        Assert.assertNames(this.realm.identityProviders().findAll(), "google", "facebook");
    }

    @Test
    public void testCreateWithReservedCharacterForAlias() {
        IdentityProviderRepresentation createRep = createRep("ne$&w-identity-provider", "oidc");
        createRep.getConfig().put("clientId", "clientId");
        createRep.getConfig().put("clientSecret", "some secret value");
        Assert.assertEquals(400L, this.realm.identityProviders().create(createRep).getStatus());
    }

    @Test
    public void testCreate() {
        IdentityProviderRepresentation createRep = createRep("new-identity-provider", "oidc");
        createRep.getConfig().put("syncMode", "IMPORT");
        createRep.getConfig().put("clientId", "clientId");
        createRep.getConfig().put("clientSecret", "some secret value");
        create(createRep);
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("new-identity-provider");
        org.junit.Assert.assertNotNull(identityProviderResource);
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        org.junit.Assert.assertNotNull(representation);
        org.junit.Assert.assertNotNull(representation.getInternalId());
        org.junit.Assert.assertEquals("new-identity-provider", representation.getAlias());
        org.junit.Assert.assertEquals("oidc", representation.getProviderId());
        org.junit.Assert.assertEquals("IMPORT", representation.getConfig().get("syncMode"));
        org.junit.Assert.assertEquals("clientId", representation.getConfig().get("clientId"));
        org.junit.Assert.assertEquals("**********", representation.getConfig().get("clientSecret"));
        org.junit.Assert.assertTrue(representation.isEnabled());
        org.junit.Assert.assertFalse(representation.isStoreToken());
        org.junit.Assert.assertFalse(representation.isTrustEmail());
        org.junit.Assert.assertEquals("some secret value", this.testingClient.testing("admin-client-test").getIdentityProviderConfig("new-identity-provider").get("clientSecret"));
        org.junit.Assert.assertEquals("**********", ((IdentityProviderRepresentation) this.realm.identityProviders().findAll().stream().filter(identityProviderRepresentation -> {
            return identityProviderRepresentation.getAlias().equals("new-identity-provider");
        }).findFirst().get()).getConfig().get("clientSecret"));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void failCreateInvalidUrl() throws Exception {
        Response create;
        Throwable th;
        Throwable th2;
        ServerResourceUpdater update = new RealmAttributeUpdater(realmsResouce().realm("test")).updateWith(realmRepresentation -> {
            realmRepresentation.setSslRequired(SslRequired.ALL.name());
        }).update();
        Throwable th3 = null;
        try {
            IdentityProviderRepresentation createRep = createRep("new-identity-provider", "oidc");
            createRep.getConfig().put("clientId", "clientId");
            createRep.getConfig().put("clientSecret", "some secret value");
            OIDCIdentityProviderConfigRep oIDCIdentityProviderConfigRep = new OIDCIdentityProviderConfigRep(createRep);
            oIDCIdentityProviderConfigRep.setAuthorizationUrl("invalid://test");
            Response create2 = this.realm.identityProviders().create(createRep);
            Throwable th4 = null;
            try {
                org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), create2.getStatus());
                org.junit.Assert.assertEquals("The url [authorization_url] is malformed", ((ErrorRepresentation) create2.readEntity(ErrorRepresentation.class)).getErrorMessage());
                if (create2 != null) {
                    if (0 != 0) {
                        try {
                            create2.close();
                        } catch (Throwable th5) {
                            th4.addSuppressed(th5);
                        }
                    } else {
                        create2.close();
                    }
                }
                oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                oIDCIdentityProviderConfigRep.setTokenUrl("http://test");
                Response create3 = this.realm.identityProviders().create(createRep);
                Throwable th6 = null;
                try {
                    org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), create3.getStatus());
                    org.junit.Assert.assertEquals("The url [token_url] requires secure connections", ((ErrorRepresentation) create3.readEntity(ErrorRepresentation.class)).getErrorMessage());
                    if (create3 != null) {
                        if (0 != 0) {
                            try {
                                create3.close();
                            } catch (Throwable th7) {
                                th6.addSuppressed(th7);
                            }
                        } else {
                            create3.close();
                        }
                    }
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                    oIDCIdentityProviderConfigRep.setTokenUrl(null);
                    oIDCIdentityProviderConfigRep.setJwksUrl("http://test");
                    Response create4 = this.realm.identityProviders().create(createRep);
                    Throwable th8 = null;
                    try {
                        try {
                            org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), create4.getStatus());
                            org.junit.Assert.assertEquals("The url [jwks_url] requires secure connections", ((ErrorRepresentation) create4.readEntity(ErrorRepresentation.class)).getErrorMessage());
                            if (create4 != null) {
                                if (0 != 0) {
                                    try {
                                        create4.close();
                                    } catch (Throwable th9) {
                                        th8.addSuppressed(th9);
                                    }
                                } else {
                                    create4.close();
                                }
                            }
                            oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                            oIDCIdentityProviderConfigRep.setTokenUrl(null);
                            oIDCIdentityProviderConfigRep.setJwksUrl(null);
                            oIDCIdentityProviderConfigRep.setLogoutUrl("http://test");
                            create = this.realm.identityProviders().create(createRep);
                            th = null;
                        } catch (Throwable th10) {
                            th8 = th10;
                            throw th10;
                        }
                        try {
                            try {
                                org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), create.getStatus());
                                org.junit.Assert.assertEquals("The url [logout_url] requires secure connections", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
                                if (create != null) {
                                    if (0 != 0) {
                                        try {
                                            create.close();
                                        } catch (Throwable th11) {
                                            th.addSuppressed(th11);
                                        }
                                    } else {
                                        create.close();
                                    }
                                }
                                oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                                oIDCIdentityProviderConfigRep.setTokenUrl(null);
                                oIDCIdentityProviderConfigRep.setJwksUrl(null);
                                oIDCIdentityProviderConfigRep.setLogoutUrl(null);
                                oIDCIdentityProviderConfigRep.setUserInfoUrl("http://test");
                                create = this.realm.identityProviders().create(createRep);
                                th2 = null;
                            } catch (Throwable th12) {
                                th = th12;
                                throw th12;
                            }
                            try {
                                try {
                                    org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), create.getStatus());
                                    org.junit.Assert.assertEquals("The url [userinfo_url] requires secure connections", ((ErrorRepresentation) create.readEntity(ErrorRepresentation.class)).getErrorMessage());
                                    if (create != null) {
                                        if (0 != 0) {
                                            try {
                                                create.close();
                                            } catch (Throwable th13) {
                                                th2.addSuppressed(th13);
                                            }
                                        } else {
                                            create.close();
                                        }
                                    }
                                    if (update != null) {
                                        if (0 == 0) {
                                            update.close();
                                            return;
                                        }
                                        try {
                                            update.close();
                                        } catch (Throwable th14) {
                                            th3.addSuppressed(th14);
                                        }
                                    }
                                } catch (Throwable th15) {
                                    th2 = th15;
                                    throw th15;
                                }
                            } finally {
                            }
                        } finally {
                        }
                    } finally {
                        if (create4 != null) {
                            if (th8 != null) {
                                try {
                                    create4.close();
                                } catch (Throwable th16) {
                                    th8.addSuppressed(th16);
                                }
                            } else {
                                create4.close();
                            }
                        }
                    }
                } catch (Throwable th17) {
                    if (create3 != null) {
                        if (0 != 0) {
                            try {
                                create3.close();
                            } catch (Throwable th18) {
                                th6.addSuppressed(th18);
                            }
                        } else {
                            create3.close();
                        }
                    }
                    throw th17;
                }
            } catch (Throwable th19) {
                if (create2 != null) {
                    if (0 != 0) {
                        try {
                            create2.close();
                        } catch (Throwable th20) {
                            th4.addSuppressed(th20);
                        }
                    } else {
                        create2.close();
                    }
                }
                throw th19;
            }
        } catch (Throwable th21) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th22) {
                        th3.addSuppressed(th22);
                    }
                } else {
                    update.close();
                }
            }
            throw th21;
        }
    }

    @Test
    public void testCreateWithBasicAuth() {
        IdentityProviderRepresentation createRep = createRep("new-identity-provider", "oidc");
        createRep.getConfig().put("syncMode", "IMPORT");
        createRep.getConfig().put("clientId", "clientId");
        createRep.getConfig().put("clientSecret", "some secret value");
        createRep.getConfig().put("clientAuthMethod", "client_secret_basic");
        create(createRep);
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("new-identity-provider");
        org.junit.Assert.assertNotNull(identityProviderResource);
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        org.junit.Assert.assertNotNull(representation);
        org.junit.Assert.assertNotNull(representation.getInternalId());
        org.junit.Assert.assertEquals("new-identity-provider", representation.getAlias());
        org.junit.Assert.assertEquals("oidc", representation.getProviderId());
        org.junit.Assert.assertEquals("IMPORT", representation.getConfig().get("syncMode"));
        org.junit.Assert.assertEquals("clientId", representation.getConfig().get("clientId"));
        org.junit.Assert.assertEquals("**********", representation.getConfig().get("clientSecret"));
        org.junit.Assert.assertEquals("client_secret_basic", representation.getConfig().get("clientAuthMethod"));
        org.junit.Assert.assertTrue(representation.isEnabled());
        org.junit.Assert.assertFalse(representation.isStoreToken());
        org.junit.Assert.assertFalse(representation.isTrustEmail());
        org.junit.Assert.assertEquals("some secret value", this.testingClient.testing("admin-client-test").getIdentityProviderConfig("new-identity-provider").get("clientSecret"));
        org.junit.Assert.assertEquals("**********", ((IdentityProviderRepresentation) this.realm.identityProviders().findAll().stream().filter(identityProviderRepresentation -> {
            return identityProviderRepresentation.getAlias().equals("new-identity-provider");
        }).findFirst().get()).getConfig().get("clientSecret"));
    }

    @Test
    public void testCreateWithJWT() {
        IdentityProviderRepresentation createRep = createRep("new-identity-provider", "oidc");
        createRep.getConfig().put("syncMode", "IMPORT");
        createRep.getConfig().put("clientId", "clientId");
        createRep.getConfig().put("clientAuthMethod", "private_key_jwt");
        create(createRep);
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("new-identity-provider");
        org.junit.Assert.assertNotNull(identityProviderResource);
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        org.junit.Assert.assertNotNull(representation);
        org.junit.Assert.assertNotNull(representation.getInternalId());
        org.junit.Assert.assertEquals("new-identity-provider", representation.getAlias());
        org.junit.Assert.assertEquals("oidc", representation.getProviderId());
        org.junit.Assert.assertEquals("IMPORT", representation.getConfig().get("syncMode"));
        org.junit.Assert.assertEquals("clientId", representation.getConfig().get("clientId"));
        org.junit.Assert.assertNull(representation.getConfig().get("clientSecret"));
        org.junit.Assert.assertEquals("private_key_jwt", representation.getConfig().get("clientAuthMethod"));
        org.junit.Assert.assertTrue(representation.isEnabled());
        org.junit.Assert.assertFalse(representation.isStoreToken());
        org.junit.Assert.assertFalse(representation.isTrustEmail());
    }

    @Test
    public void testUpdate() {
        IdentityProviderRepresentation createRep = createRep("update-identity-provider", "oidc");
        createRep.getConfig().put("syncMode", "IMPORT");
        createRep.getConfig().put("clientId", "clientId");
        createRep.getConfig().put("clientSecret", "some secret value");
        create(createRep);
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("update-identity-provider");
        org.junit.Assert.assertNotNull(identityProviderResource);
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        org.junit.Assert.assertNotNull(representation);
        org.junit.Assert.assertEquals("update-identity-provider", representation.getAlias());
        representation.setAlias("changed-alias");
        representation.setEnabled(false);
        representation.setStoreToken(true);
        representation.getConfig().put("clientId", "changedClientId");
        identityProviderResource.update(representation);
        AdminEventRepresentation assertEvent = this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath("update-identity-provider"), representation, ResourceType.IDENTITY_PROVIDER);
        org.junit.Assert.assertFalse(assertEvent.getRepresentation().contains("some secret value"));
        org.junit.Assert.assertTrue(assertEvent.getRepresentation().contains("**********"));
        IdentityProviderResource identityProviderResource2 = this.realm.identityProviders().get(representation.getInternalId());
        org.junit.Assert.assertNotNull(identityProviderResource2);
        IdentityProviderRepresentation representation2 = identityProviderResource2.toRepresentation();
        org.junit.Assert.assertFalse(representation2.isEnabled());
        org.junit.Assert.assertTrue(representation2.isStoreToken());
        org.junit.Assert.assertEquals("changedClientId", representation2.getConfig().get("clientId"));
        org.junit.Assert.assertEquals("some secret value", this.testingClient.testing("admin-client-test").getIdentityProviderConfig("changed-alias").get("clientSecret"));
        representation2.getConfig().put("clientSecret", "${vault.key}");
        identityProviderResource2.update(representation2);
        AdminEventRepresentation assertEvent2 = this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.identityProviderPath(representation2.getInternalId()), representation2, ResourceType.IDENTITY_PROVIDER);
        org.junit.Assert.assertThat(assertEvent2.getRepresentation(), Matchers.containsString("${vault.key}"));
        org.junit.Assert.assertThat(assertEvent2.getRepresentation(), Matchers.not(Matchers.containsString("**********")));
        org.junit.Assert.assertThat(identityProviderResource2.toRepresentation().getConfig(), Matchers.hasEntry("clientSecret", "${vault.key}"));
        org.junit.Assert.assertEquals("${vault.key}", this.testingClient.testing("admin-client-test").getIdentityProviderConfig("changed-alias").get("clientSecret"));
    }

    @Test
    public void failUpdateInvalidUrl() throws Exception {
        RealmAttributeUpdater update = new RealmAttributeUpdater(this.realm).updateWith(realmRepresentation -> {
            realmRepresentation.setSslRequired(SslRequired.ALL.name());
        }).update();
        Throwable th = null;
        try {
            IdentityProviderRepresentation createRep = createRep(UUID.randomUUID().toString(), "oidc");
            createRep.getConfig().put("clientId", "clientId");
            createRep.getConfig().put("clientSecret", "some secret value");
            Response create = this.realm.identityProviders().create(createRep);
            Throwable th2 = null;
            try {
                try {
                    org.junit.Assert.assertEquals(Response.Status.CREATED.getStatusCode(), create.getStatus());
                    if (create != null) {
                        if (0 != 0) {
                            try {
                                create.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            create.close();
                        }
                    }
                    IdentityProviderResource identityProviderResource = this.realm.identityProviders().get(createRep.getAlias());
                    IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
                    OIDCIdentityProviderConfigRep oIDCIdentityProviderConfigRep = new OIDCIdentityProviderConfigRep(representation);
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl("invalid://test");
                    try {
                        identityProviderResource.update(representation);
                        org.junit.Assert.fail("Invalid URL");
                    } catch (Exception e) {
                        org.junit.Assert.assertTrue(e instanceof ClientErrorException);
                        org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), ((ClientErrorException) ClientErrorException.class.cast(e)).getResponse().getStatus());
                        org.junit.Assert.assertEquals("The url [authorization_url] is malformed", ((ErrorRepresentation) e.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
                    }
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                    oIDCIdentityProviderConfigRep.setTokenUrl("http://test");
                    try {
                        identityProviderResource.update(representation);
                        org.junit.Assert.fail("Invalid URL");
                    } catch (Exception e2) {
                        org.junit.Assert.assertTrue(e2 instanceof ClientErrorException);
                        org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), ((ClientErrorException) ClientErrorException.class.cast(e2)).getResponse().getStatus());
                        org.junit.Assert.assertEquals("The url [token_url] requires secure connections", ((ErrorRepresentation) e2.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
                    }
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                    oIDCIdentityProviderConfigRep.setTokenUrl(null);
                    oIDCIdentityProviderConfigRep.setJwksUrl("http://test");
                    try {
                        identityProviderResource.update(representation);
                        org.junit.Assert.fail("Invalid URL");
                    } catch (Exception e3) {
                        org.junit.Assert.assertTrue(e3 instanceof ClientErrorException);
                        org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), ((ClientErrorException) ClientErrorException.class.cast(e3)).getResponse().getStatus());
                        org.junit.Assert.assertEquals("The url [jwks_url] requires secure connections", ((ErrorRepresentation) e3.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
                    }
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                    oIDCIdentityProviderConfigRep.setTokenUrl(null);
                    oIDCIdentityProviderConfigRep.setJwksUrl(null);
                    oIDCIdentityProviderConfigRep.setLogoutUrl("http://test");
                    try {
                        identityProviderResource.update(representation);
                        org.junit.Assert.fail("Invalid URL");
                    } catch (Exception e4) {
                        org.junit.Assert.assertTrue(e4 instanceof ClientErrorException);
                        org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), ((ClientErrorException) ClientErrorException.class.cast(e4)).getResponse().getStatus());
                        org.junit.Assert.assertEquals("The url [logout_url] requires secure connections", ((ErrorRepresentation) e4.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
                    }
                    oIDCIdentityProviderConfigRep.setAuthorizationUrl(null);
                    oIDCIdentityProviderConfigRep.setTokenUrl(null);
                    oIDCIdentityProviderConfigRep.setJwksUrl(null);
                    oIDCIdentityProviderConfigRep.setLogoutUrl(null);
                    oIDCIdentityProviderConfigRep.setUserInfoUrl("http://localhost");
                    try {
                        identityProviderResource.update(representation);
                        org.junit.Assert.fail("Invalid URL");
                    } catch (Exception e5) {
                        org.junit.Assert.assertTrue(e5 instanceof ClientErrorException);
                        org.junit.Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), ((ClientErrorException) ClientErrorException.class.cast(e5)).getResponse().getStatus());
                        org.junit.Assert.assertEquals("The url [userinfo_url] requires secure connections", ((ErrorRepresentation) e5.getResponse().readEntity(ErrorRepresentation.class)).getErrorMessage());
                    }
                    update.updateWith(realmRepresentation2 -> {
                        realmRepresentation2.setSslRequired(SslRequired.EXTERNAL.name());
                    }).update();
                    identityProviderResource.update(representation);
                    if (update != null) {
                        if (0 == 0) {
                            update.close();
                            return;
                        }
                        try {
                            update.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (create != null) {
                    if (th2 != null) {
                        try {
                            create.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        create.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    update.close();
                }
            }
            throw th8;
        }
    }

    @Test
    public void testRemove() {
        create(createRep("remove-identity-provider", "saml"));
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("remove-identity-provider");
        org.junit.Assert.assertNotNull(identityProviderResource);
        org.junit.Assert.assertNotNull(identityProviderResource.toRepresentation());
        identityProviderResource.remove();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("remove-identity-provider"), ResourceType.IDENTITY_PROVIDER);
        try {
            this.realm.identityProviders().get("remove-identity-provider").toRepresentation();
            Assert.fail("Not expected to found");
        } catch (NotFoundException e) {
        }
    }

    private void create(IdentityProviderRepresentation identityProviderRepresentation) {
        Response create = this.realm.identityProviders().create(identityProviderRepresentation);
        Assert.assertNotNull(ApiUtil.getCreatedId(create));
        create.close();
        getCleanup().addIdentityProviderAlias(identityProviderRepresentation.getAlias());
        String str = identityProviderRepresentation.getConfig() != null ? (String) identityProviderRepresentation.getConfig().get("clientSecret") : null;
        IdentityProviderRepresentation strip = StripSecretsUtils.strip(identityProviderRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.identityProviderPath(strip.getAlias()), strip, ResourceType.IDENTITY_PROVIDER);
        if (str != null) {
            strip.getConfig().put("clientSecret", str);
        }
    }

    private IdentityProviderRepresentation createRep(String str, String str2) {
        return createRep(str, str2, true, null);
    }

    private IdentityProviderRepresentation createRep(String str, String str2, boolean z, Map<String, String> map) {
        IdentityProviderRepresentation identityProviderRepresentation = new IdentityProviderRepresentation();
        identityProviderRepresentation.setAlias(str);
        identityProviderRepresentation.setDisplayName(str);
        identityProviderRepresentation.setProviderId(str2);
        identityProviderRepresentation.setEnabled(z);
        if (map != null) {
            identityProviderRepresentation.setConfig(map);
        }
        return identityProviderRepresentation;
    }

    @Test
    public void testMapperTypes() {
        create(createRep("google", "google"));
        assertMapperTypes(this.realm.identityProviders().get("google").getMapperTypes(), "google-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep("facebook", "facebook"));
        assertMapperTypes(this.realm.identityProviders().get("facebook").getMapperTypes(), "facebook-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep("github", "github"));
        assertMapperTypes(this.realm.identityProviders().get("github").getMapperTypes(), "github-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep("twitter", "twitter"));
        assertMapperTypes(this.realm.identityProviders().get("twitter").getMapperTypes(), "oidc-username-idp-mapper");
        create(createRep("linkedin", "linkedin"));
        assertMapperTypes(this.realm.identityProviders().get("linkedin").getMapperTypes(), "linkedin-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep("microsoft", "microsoft"));
        assertMapperTypes(this.realm.identityProviders().get("microsoft").getMapperTypes(), "microsoft-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep("stackoverflow", "stackoverflow"));
        assertMapperTypes(this.realm.identityProviders().get("stackoverflow").getMapperTypes(), "stackoverflow-user-attribute-mapper", "oidc-username-idp-mapper");
        create(createRep(OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID, OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID));
        assertMapperTypes(this.realm.identityProviders().get(OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID).getMapperTypes(), "keycloak-oidc-role-to-role-idp-mapper", "oidc-user-attribute-idp-mapper", "oidc-role-idp-mapper", "oidc-username-idp-mapper", "oidc-advanced-role-idp-mapper");
        create(createRep("oidc", "oidc"));
        assertMapperTypes(this.realm.identityProviders().get("oidc").getMapperTypes(), "oidc-user-attribute-idp-mapper", "oidc-role-idp-mapper", "oidc-username-idp-mapper", "oidc-advanced-role-idp-mapper");
        create(createRep("saml", "saml"));
        assertMapperTypes(this.realm.identityProviders().get("saml").getMapperTypes(), "saml-user-attribute-idp-mapper", "saml-role-idp-mapper", "saml-username-idp-mapper", "saml-advanced-role-idp-mapper");
    }

    private void assertMapperTypes(Map<String, IdentityProviderMapperTypeRepresentation> map, String... strArr) {
        HashSet hashSet = new HashSet();
        hashSet.add("hardcoded-user-session-attribute-idp-mapper");
        hashSet.add("oidc-hardcoded-role-idp-mapper");
        hashSet.add("hardcoded-attribute-idp-mapper");
        hashSet.add("multi-valued-test-idp-mapper");
        hashSet.addAll(Arrays.asList(strArr));
        Assert.assertEquals("mapperTypes", hashSet, map.keySet());
    }

    @Test
    public void testNoExport() {
        create(createRep(OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID, OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID));
        Response export = this.realm.identityProviders().get(OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID).export("json");
        Assert.assertEquals("status", 204L, export.getStatus());
        Assert.assertNull("body", (String) export.readEntity(String.class));
        export.close();
    }

    @Test
    public void testSamlImportAndExport() throws URISyntaxException, IOException, ParsingException {
        MultipartFormDataOutput multipartFormDataOutput = new MultipartFormDataOutput();
        multipartFormDataOutput.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
        multipartFormDataOutput.addFormData("file", new String(Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml").toURI())), Charset.forName("utf-8")), MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
        Map<String, String> importFrom = this.realm.identityProviders().importFrom(multipartFormDataOutput);
        assertSamlImport(importFrom, SIGNING_CERT_1, true);
        create(createRep("saml", "saml", true, importFrom));
        IdentityProviderRepresentation representation = this.realm.identityProviders().get("saml").toRepresentation();
        assertCreatedSamlIdp(representation, true);
        List findAll = this.realm.identityProviders().findAll();
        Assert.assertNotNull("identityProviders not null", findAll);
        Assert.assertEquals("identityProviders instance count", 1L, findAll.size());
        assertEqual(representation, (IdentityProviderRepresentation) findAll.get(0));
        Response export = this.realm.identityProviders().get("saml").export("xml");
        Assert.assertEquals(200L, export.getStatus());
        String str = (String) export.readEntity(String.class);
        export.close();
        assertSamlExport(str);
    }

    @Test
    public void testSamlImportAndExportDisabled() throws URISyntaxException, IOException, ParsingException {
        MultipartFormDataOutput multipartFormDataOutput = new MultipartFormDataOutput();
        multipartFormDataOutput.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
        multipartFormDataOutput.addFormData("file", new String(Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("admin-test/saml-idp-metadata-disabled.xml").toURI())), Charset.forName("utf-8")), MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata-disabled.xml");
        Map<String, String> importFrom = this.realm.identityProviders().importFrom(multipartFormDataOutput);
        assertSamlImport(importFrom, SIGNING_CERT_1, false);
        create(createRep("saml", "saml", false, importFrom));
        assertCreatedSamlIdp(this.realm.identityProviders().get("saml").toRepresentation(), false);
    }

    @Test
    public void testSamlImportAndExportMultipleSigningKeys() throws URISyntaxException, IOException, ParsingException {
        MultipartFormDataOutput multipartFormDataOutput = new MultipartFormDataOutput();
        multipartFormDataOutput.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
        multipartFormDataOutput.addFormData("file", new String(Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("admin-test/saml-idp-metadata-two-signing-certs.xml").toURI())), Charset.forName("utf-8")), MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata-two-signing-certs");
        Map<String, String> importFrom = this.realm.identityProviders().importFrom(multipartFormDataOutput);
        assertSamlImport(importFrom, "MIICmzCCAYMCBgFUYnC0OjANBgkqhkiG9w0BAQsFADARMQ8wDQYDVQQDDAZtYXN0ZXIwHhcNMTYwNDI5MTQzMjEzWhcNMjYwNDI5MTQzMzUzWjARMQ8wDQYDVQQDDAZtYXN0ZXIwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCN25AW1poMEZRbuMAHG58AThZmCwMV6/Gcui4mjGacRFyudgqzLjQ2rxpoW41JAtLjbjeAhuWvirUcFVcOeS3gM/ZC27qCpYighAcylZz6MYocnEe1+e8rPPk4JlID6Wv62dgu+pL/vYsQpRhvD3Y2c/ytgr5D32xF+KnzDehUy5BSyzypvu12Wq9mS5vK5tzkN37EjkhpY2ZxaXPubjDIITCAL4Q8M/m5IlacBaUZbzI4AQrHnMP1O1IH2dHSWuMiBe+xSDTco72PmuYPJKTV4wQdeBUIkYbfLc4RxVmXEvgkQgyW86EoMPxlWJpj7+mTIR+l+2thZPr/VgwTs82rAgMBAAEwDQYJKoZIhvcNAQELBQADggEBAA/Ip/Hi8RoVu5ouaFFlc5whT7ltuK8slfLGW4tM4vJXhInYwsqIRQKBNDYW/64xle3eII4u1yAH1OYRRwEs7Em1pr4QuFuTY1at+aE0sE46XDlyESI0txJjWxYoT133vM0We2pj1b2nxgU30rwjKA3whnKEfTEYT/n3JBSqNggy6l8ZGw/oPSgvPaR4+xeB1tfQFC4VrLoYKoqH6hAL530nKxL+qV8AIfL64NDEE8ankIAEDAAFe8x3CPUfXR/p4KOANKkpz8ieQaHDb1eITkAwUwjESj6UF9D1aePlhWls/HX0gujFXtWfWfrJ8CU/ogwlH8y1jgRuLjFQYZk6llc=,MIIBnDCCAQUCBgFYKXKsPTANBgkqhkiG9w0BAQsFADAUMRIwEAYDVQQDDAlzYW1sLWRlbW8wHhcNMTYxMTAzMDkwNzEwWhcNMjYxMTAzMDkwODUwWjAUMRIwEAYDVQQDDAlzYW1sLWRlbW8wgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoGBAKtWsK5O0CtuBpnMvWG+HTG0vmZzujQ2o9WdheQu+BzCILcGMsbDW0YQaglpcO5JpGWWhubnckGGPHfdQ2/7nP9QwbiTK0FbGF41UqcvoaCqU1psxoV88s8IXyQCAqeyLv00yj6foqdJjxh5SZ5z+na+M7Y2OxIBVxYRAxWEnfUvAgMBAAEwDQYJKoZIhvcNAQELBQADgYEAhetvOU8TyqfZF5jpv0IcrviLl/DoFrbjByeHR+pu/vClcAOjL/u7oQELuuTfNsBI4tpexUj5G8q/YbEz0gk7idfLXrAUVcsR73oTngrhRfwUSmPrjjK0kjcRb6HL9V/+wh3R/6mEd59U08ExT8N38rhmn0CI3ehMdebReprP7U8=", true);
        create(createRep("saml", "saml", true, importFrom));
        IdentityProviderRepresentation representation = this.realm.identityProviders().get("saml").toRepresentation();
        assertCreatedSamlIdp(representation, true);
        List findAll = this.realm.identityProviders().findAll();
        Assert.assertNotNull("identityProviders not null", findAll);
        Assert.assertEquals("identityProviders instance count", 1L, findAll.size());
        assertEqual(representation, (IdentityProviderRepresentation) findAll.get(0));
        Response export = this.realm.identityProviders().get("saml").export("xml");
        Assert.assertEquals(200L, export.getStatus());
        String str = (String) export.readEntity(String.class);
        export.close();
        assertSamlExport(str);
    }

    @Test
    public void testMappers() {
        create(createRep("google", "google"));
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("google");
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setIdentityProviderAlias("google");
        identityProviderMapperRepresentation.setName("my_mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-hardcoded-role-idp-mapper");
        HashMap hashMap = new HashMap();
        hashMap.put("role", "offline_access");
        hashMap.put("syncMode", IdentityProviderMapperSyncMode.INHERIT.toString());
        identityProviderMapperRepresentation.setConfig(hashMap);
        Response addMapper = identityProviderResource.addMapper(identityProviderMapperRepresentation);
        String createdId = ApiUtil.getCreatedId(addMapper);
        Assert.assertNotNull(createdId);
        addMapper.close();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.identityProviderMapperPath("google", createdId), identityProviderMapperRepresentation, ResourceType.IDENTITY_PROVIDER_MAPPER);
        List mappers = identityProviderResource.getMappers();
        Assert.assertEquals("mappers count", 1L, mappers.size());
        Assert.assertEquals("newly created mapper id", createdId, ((IdentityProviderMapperRepresentation) mappers.get(0)).getId());
        IdentityProviderMapperRepresentation mapperById = identityProviderResource.getMapperById(createdId);
        Assert.assertEquals("INHERIT", ((IdentityProviderMapperRepresentation) mappers.get(0)).getConfig().get("syncMode"));
        Assert.assertNotNull("mapperById not null", mapperById);
        Assert.assertEquals("mapper id", createdId, mapperById.getId());
        Assert.assertNotNull("mapper.config exists", mapperById.getConfig());
        Assert.assertEquals("config retained", "offline_access", mapperById.getConfig().get("role"));
        Response addMapper2 = identityProviderResource.addMapper(mapperById);
        Assert.assertEquals("mapper unique name", 400L, addMapper2.getStatus());
        addMapper2.close();
        mapperById.getConfig().put("role", "master-realm.manage-realm");
        identityProviderResource.update(createdId, mapperById);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.identityProviderMapperPath("google", createdId), mapperById, ResourceType.IDENTITY_PROVIDER_MAPPER);
        IdentityProviderMapperRepresentation mapperById2 = identityProviderResource.getMapperById(createdId);
        Assert.assertNotNull("mapperById not null", mapperById2);
        Assert.assertEquals("config changed", "master-realm.manage-realm", mapperById2.getConfig().get("role"));
        identityProviderResource.delete(createdId);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.identityProviderMapperPath("google", createdId), ResourceType.IDENTITY_PROVIDER_MAPPER);
        try {
            identityProviderResource.getMapperById(createdId);
            Assert.fail("Should fail with NotFoundException");
        } catch (NotFoundException e) {
        }
    }

    @Test
    public void testUpdateProtocolMappers() {
        create(createRep("google2", "google"));
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("google2");
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setIdentityProviderAlias("google2");
        identityProviderMapperRepresentation.setName("my_mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-hardcoded-role-idp-mapper");
        HashMap hashMap = new HashMap();
        hashMap.put("syncMode", IdentityProviderMapperSyncMode.INHERIT.toString());
        hashMap.put("role", "");
        identityProviderMapperRepresentation.setConfig(hashMap);
        String createdId = ApiUtil.getCreatedId(identityProviderResource.addMapper(identityProviderMapperRepresentation));
        List mappers = identityProviderResource.getMappers();
        org.junit.Assert.assertEquals(1L, mappers.size());
        org.junit.Assert.assertEquals(1L, ((IdentityProviderMapperRepresentation) mappers.get(0)).getConfig().size());
        IdentityProviderMapperRepresentation mapperById = identityProviderResource.getMapperById(createdId);
        mapperById.getConfig().put("role", "offline_access");
        identityProviderResource.update(createdId, mapperById);
        List mappers2 = identityProviderResource.getMappers();
        org.junit.Assert.assertEquals("INHERIT", ((IdentityProviderMapperRepresentation) mappers2.get(0)).getConfig().get("syncMode"));
        org.junit.Assert.assertEquals(1L, mappers2.size());
        org.junit.Assert.assertEquals(2L, ((IdentityProviderMapperRepresentation) mappers2.get(0)).getConfig().size());
        org.junit.Assert.assertEquals("offline_access", ((IdentityProviderMapperRepresentation) mappers2.get(0)).getConfig().get("role"));
    }

    @Test
    public void testDeleteProtocolMappersAfterDeleteIdentityProvider() {
        create(createRep("google3", "google"));
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get("google3");
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setIdentityProviderAlias("google3");
        identityProviderMapperRepresentation.setName("my_mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-hardcoded-role-idp-mapper");
        HashMap hashMap = new HashMap();
        hashMap.put("syncMode", IdentityProviderMapperSyncMode.INHERIT.toString());
        hashMap.put("role", "offline_access");
        identityProviderMapperRepresentation.setConfig(hashMap);
        identityProviderResource.addMapper(identityProviderMapperRepresentation);
        org.junit.Assert.assertThat(identityProviderResource.getMappers(), Matchers.hasSize(1));
        this.assertAdminEvents.clear();
        identityProviderResource.remove();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.identityProviderPath("google3"), ResourceType.IDENTITY_PROVIDER);
        create(createRep("google3", "google"));
        org.junit.Assert.assertThat(this.realm.identityProviders().get("google3").getMappers(), Matchers.empty());
    }

    @Test
    public void testInstalledIdentityProviders() {
        Response identityProviders = this.realm.identityProviders().getIdentityProviders("oidc");
        Assert.assertEquals("Status", 200L, identityProviders.getStatus());
        assertProviderInfo((Map) identityProviders.readEntity(Map.class), "oidc", "OpenID Connect v1.0");
        Response identityProviders2 = this.realm.identityProviders().getIdentityProviders(OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID);
        Assert.assertEquals("Status", 200L, identityProviders2.getStatus());
        assertProviderInfo((Map) identityProviders2.readEntity(Map.class), OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID, "Keycloak OpenID Connect");
        Response identityProviders3 = this.realm.identityProviders().getIdentityProviders("saml");
        Assert.assertEquals("Status", 200L, identityProviders3.getStatus());
        assertProviderInfo((Map) identityProviders3.readEntity(Map.class), "saml", "SAML v2.0");
        Response identityProviders4 = this.realm.identityProviders().getIdentityProviders("google");
        Assert.assertEquals("Status", 200L, identityProviders4.getStatus());
        assertProviderInfo((Map) identityProviders4.readEntity(Map.class), "google", "Google");
        Response identityProviders5 = this.realm.identityProviders().getIdentityProviders("facebook");
        Assert.assertEquals("Status", 200L, identityProviders5.getStatus());
        assertProviderInfo((Map) identityProviders5.readEntity(Map.class), "facebook", "Facebook");
        Response identityProviders6 = this.realm.identityProviders().getIdentityProviders("github");
        Assert.assertEquals("Status", 200L, identityProviders6.getStatus());
        assertProviderInfo((Map) identityProviders6.readEntity(Map.class), "github", "GitHub");
        Response identityProviders7 = this.realm.identityProviders().getIdentityProviders("twitter");
        Assert.assertEquals("Status", 200L, identityProviders7.getStatus());
        assertProviderInfo((Map) identityProviders7.readEntity(Map.class), "twitter", "Twitter");
        Response identityProviders8 = this.realm.identityProviders().getIdentityProviders("linkedin");
        Assert.assertEquals("Status", 200L, identityProviders8.getStatus());
        assertProviderInfo((Map) identityProviders8.readEntity(Map.class), "linkedin", "LinkedIn");
        Response identityProviders9 = this.realm.identityProviders().getIdentityProviders("microsoft");
        Assert.assertEquals("Status", 200L, identityProviders9.getStatus());
        assertProviderInfo((Map) identityProviders9.readEntity(Map.class), "microsoft", "Microsoft");
        Response identityProviders10 = this.realm.identityProviders().getIdentityProviders("stackoverflow");
        Assert.assertEquals("Status", 200L, identityProviders10.getStatus());
        assertProviderInfo((Map) identityProviders10.readEntity(Map.class), "stackoverflow", "StackOverflow");
        Assert.assertEquals("Status", 400L, this.realm.identityProviders().getIdentityProviders("nonexistent").getStatus());
    }

    private void assertEqual(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderRepresentation identityProviderRepresentation2) {
        Assert.assertNotNull("expected IdentityProviderRepresentation not null", identityProviderRepresentation);
        Assert.assertNotNull("actual IdentityProviderRepresentation not null", identityProviderRepresentation2);
        Assert.assertEquals("internalId", identityProviderRepresentation.getInternalId(), identityProviderRepresentation2.getInternalId());
        Assert.assertEquals("alias", identityProviderRepresentation.getAlias(), identityProviderRepresentation2.getAlias());
        Assert.assertEquals("providerId", identityProviderRepresentation.getProviderId(), identityProviderRepresentation2.getProviderId());
        Assert.assertEquals("enabled", Boolean.valueOf(identityProviderRepresentation.isEnabled()), Boolean.valueOf(identityProviderRepresentation2.isEnabled()));
        Assert.assertEquals("firstBrokerLoginFlowAlias", identityProviderRepresentation.getFirstBrokerLoginFlowAlias(), identityProviderRepresentation2.getFirstBrokerLoginFlowAlias());
        Assert.assertEquals("config", identityProviderRepresentation.getConfig(), identityProviderRepresentation2.getConfig());
    }

    private void assertCreatedSamlIdp(IdentityProviderRepresentation identityProviderRepresentation, boolean z) {
        Assert.assertNotNull("IdentityProviderRepresentation not null", identityProviderRepresentation);
        Assert.assertNotNull("internalId", identityProviderRepresentation.getInternalId());
        Assert.assertEquals("alias", "saml", identityProviderRepresentation.getAlias());
        Assert.assertEquals("providerId", "saml", identityProviderRepresentation.getProviderId());
        Assert.assertEquals("enabled", Boolean.valueOf(z), Boolean.valueOf(identityProviderRepresentation.isEnabled()));
        Assert.assertEquals("firstBrokerLoginFlowAlias", "first broker login", identityProviderRepresentation.getFirstBrokerLoginFlowAlias());
        assertSamlConfig(identityProviderRepresentation.getConfig());
    }

    private void assertSamlConfig(Map<String, String> map) {
        org.junit.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"validateSignature", "singleLogoutServiceUrl", "postBindingLogout", "postBindingResponse", "postBindingAuthnRequest", "singleSignOnServiceUrl", "wantAuthnRequestsSigned", "nameIDPolicyFormat", "signingCertificate", "addExtensionsElementWithKeyInfo", "loginHint", "hideOnLoginPage"}));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("validateSignature", "true"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("singleLogoutServiceUrl", "http://localhost:8080/auth/realms/master/protocol/saml"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("postBindingResponse", "true"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("postBindingAuthnRequest", "true"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("singleSignOnServiceUrl", "http://localhost:8080/auth/realms/master/protocol/saml"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("wantAuthnRequestsSigned", "true"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("addExtensionsElementWithKeyInfo", "false"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("nameIDPolicyFormat", "urn:oasis:names:tc:SAML:2.0:nameid-format:persistent"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry("hideOnLoginPage", "true"));
        org.junit.Assert.assertThat(map, Matchers.hasEntry(Matchers.is("signingCertificate"), Matchers.notNullValue()));
    }

    private void assertSamlImport(Map<String, String> map, String str, boolean z) {
        boolean booleanValue = Boolean.valueOf(map.get("enabledFromMetadata")).booleanValue();
        map.remove("enabledFromMetadata");
        Assert.assertEquals(Boolean.valueOf(booleanValue), Boolean.valueOf(z));
        assertSamlConfig(map);
        org.junit.Assert.assertThat(map, Matchers.hasEntry("signingCertificate", str));
    }

    private void assertSamlExport(String str) throws ParsingException, URISyntaxException {
        Object parse = SAMLParser.getInstance().parse(new ByteArrayInputStream(str.getBytes(Charset.forName("utf-8"))));
        Assert.assertEquals("Parsed export type", EntityDescriptorType.class, parse.getClass());
        EntityDescriptorType entityDescriptorType = (EntityDescriptorType) parse;
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        Assert.assertEquals("EntityID", sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/admin-client-test").toString(), entityDescriptorType.getEntityID());
        Assert.assertNotNull("ChoiceType not null", entityDescriptorType.getChoiceType());
        Assert.assertEquals("ChoiceType.size", 1L, entityDescriptorType.getChoiceType().size());
        List descriptors = ((EntityDescriptorType.EDTChoiceType) entityDescriptorType.getChoiceType().get(0)).getDescriptors();
        Assert.assertNotNull("Descriptors not null", descriptors);
        Assert.assertEquals("Descriptors.size", 1L, descriptors.size());
        SPSSODescriptorType spDescriptor = ((EntityDescriptorType.EDTDescriptorChoiceType) descriptors.get(0)).getSpDescriptor();
        Assert.assertNotNull("SPSSODescriptor not null", spDescriptor);
        Assert.assertTrue("AuthnRequestsSigned", spDescriptor.isAuthnRequestsSigned().booleanValue());
        Assert.assertEquals("ProtocolSupportEnumeration", new HashSet(Arrays.asList("urn:oasis:names:tc:SAML:2.0:protocol")), new HashSet(spDescriptor.getProtocolSupportEnumeration()));
        Assert.assertNotNull("AssertionConsumerService not null", spDescriptor.getAssertionConsumerService());
        Assert.assertEquals("AssertionConsumerService.size", 1L, spDescriptor.getAssertionConsumerService().size());
        IndexedEndpointType indexedEndpointType = (IndexedEndpointType) spDescriptor.getAssertionConsumerService().get(0);
        StringBuilder sb2 = new StringBuilder();
        OAuthClient oAuthClient2 = this.oauth;
        Assert.assertEquals("AssertionConsumerService.Location", new URI(sb2.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/admin-client-test/broker/saml/endpoint").toString()), indexedEndpointType.getLocation());
        Assert.assertEquals("AssertionConsumerService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), indexedEndpointType.getBinding());
        Assert.assertTrue("AssertionConsumerService.isDefault", indexedEndpointType.isIsDefault().booleanValue());
        Assert.assertNotNull("SingleLogoutService not null", spDescriptor.getSingleLogoutService());
        Assert.assertEquals("SingleLogoutService.size", 1L, spDescriptor.getSingleLogoutService().size());
        EndpointType endpointType = (EndpointType) spDescriptor.getSingleLogoutService().get(0);
        StringBuilder sb3 = new StringBuilder();
        OAuthClient oAuthClient3 = this.oauth;
        Assert.assertEquals("SingleLogoutService.Location", new URI(sb3.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/admin-client-test/broker/saml/endpoint").toString()), endpointType.getLocation());
        Assert.assertEquals("SingleLogoutService.Binding", new URI("urn:oasis:names:tc:SAML:2.0:bindings:HTTP-POST"), endpointType.getBinding());
        Assert.assertNotNull("KeyDescriptor not null", spDescriptor.getKeyDescriptor());
        Assert.assertEquals("KeyDescriptor.size", 1L, spDescriptor.getKeyDescriptor().size());
        KeyDescriptorType keyDescriptorType = (KeyDescriptorType) spDescriptor.getKeyDescriptor().get(0);
        org.junit.Assert.assertThat(keyDescriptorType, Matchers.notNullValue());
        org.junit.Assert.assertThat(keyDescriptorType.getUse(), Matchers.equalTo(KeyTypes.SIGNING));
        org.junit.Assert.assertThat("KeyDescriptor.Signing.Cert existence", Integer.valueOf(keyDescriptorType.getKeyInfo().getElementsByTagNameNS("http://www.w3.org/2000/09/xmldsig#", "X509Certificate").getLength()), Matchers.is(1));
    }

    private void assertProviderInfo(Map<String, String> map, String str, String str2) {
        System.out.println(map);
        Assert.assertEquals("id", str, map.get("id"));
        Assert.assertEquals("name", str2, map.get("name"));
    }

    @Test
    public void testSamlExportSignatureOff() throws URISyntaxException, IOException, ConfigurationException, ParsingException, ProcessingException {
        MultipartFormDataOutput multipartFormDataOutput = new MultipartFormDataOutput();
        multipartFormDataOutput.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
        multipartFormDataOutput.addFormData("file", new String(Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml").toURI())), Charset.forName("utf-8")), MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
        Map<String, String> importFrom = this.realm.identityProviders().importFrom(multipartFormDataOutput);
        importFrom.put("signSpMetadata", "false");
        create(createRep("saml", "saml", true, importFrom));
        Response export = this.realm.identityProviders().get("saml").export("xml");
        Assert.assertEquals(200L, export.getStatus());
        String str = (String) export.readEntity(String.class);
        export.close();
        Assert.assertNull(DocumentUtil.getDirectChildElement(DocumentUtil.getDocument(str).getDocumentElement(), JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "Signature"));
    }

    @Test
    public void testSamlExportSignatureOn() throws URISyntaxException, IOException, ConfigurationException, ParsingException, ProcessingException {
        MultipartFormDataOutput multipartFormDataOutput = new MultipartFormDataOutput();
        multipartFormDataOutput.addFormData("providerId", "saml", MediaType.TEXT_PLAIN_TYPE);
        multipartFormDataOutput.addFormData("file", new String(Files.readAllBytes(Paths.get(getClass().getClassLoader().getResource("admin-test/saml-idp-metadata.xml").toURI())), Charset.forName("utf-8")), MediaType.APPLICATION_XML_TYPE, "saml-idp-metadata.xml");
        Map<String, String> importFrom = this.realm.identityProviders().importFrom(multipartFormDataOutput);
        importFrom.put("signSpMetadata", "true");
        create(createRep("saml", "saml", true, importFrom));
        Response export = this.realm.identityProviders().get("saml").export("xml");
        Assert.assertEquals(200L, export.getStatus());
        String str = (String) export.readEntity(String.class);
        export.close();
        Assert.assertNotNull(DocumentUtil.getDirectChildElement(DocumentUtil.getDocument(str).getDocumentElement(), JBossSAMLURIConstants.XMLDSIG_NSURI.get(), "Signature"));
    }
}
