package org.keycloak.testsuite.broker;

import java.io.Closeable;
import java.net.URI;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.dom.saml.v2.protocol.AuthnContextComparisonType;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.testsuite.updaters.IdentityProviderAttributeUpdater;
import org.keycloak.testsuite.util.SamlClient;
import org.keycloak.testsuite.util.SamlClientBuilder;
import org.w3c.dom.Element;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcSamlRequestedAuthnContextBrokerTest.class */
public final class KcSamlRequestedAuthnContextBrokerTest extends AbstractBrokerTest {
    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return KcSamlBrokerConfiguration.INSTANCE;
    }

    @Test
    public void testNoComparisonTypeNoClassRefsAndNoDeclRefs() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument("http://localhost:8280/sales-post/.dot/ted", BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().transformDocument(document -> {
                try {
                    this.log.infof("Document: %s", DocumentUtil.asString(document));
                    Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", DocumentUtil.getDirectChildElement(document.getDocumentElement(), JBossSAMLURIConstants.PROTOCOL_NSURI.get(), "RequestedAuthnContext"), Matchers.nullValue());
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testComparisonTypeSetNoClassRefsAndNoDeclRefs() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("authnContextComparisonType", AuthnContextComparisonType.MINIMUM.value()).update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument("http://localhost:8280/sales-post/.dot/ted", BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().transformDocument(document -> {
                try {
                    this.log.infof("Document: %s", DocumentUtil.asString(document));
                    Assert.assertThat("RequestedAuthnContext element found in request document, but was not necessary as ClassRef/DeclRefs were not specified", DocumentUtil.getDirectChildElement(document.getDocumentElement(), JBossSAMLURIConstants.PROTOCOL_NSURI.get(), "RequestedAuthnContext"), Matchers.nullValue());
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testComparisonTypeSetClassRefsSetNoDeclRefs() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("authnContextComparisonType", AuthnContextComparisonType.EXACT.value()).setAttribute("authnContextClassRefs", "[\"" + JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument("http://localhost:8280/sales-post/.dot/ted", BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().transformDocument(document -> {
                try {
                    this.log.infof("Document: %s", DocumentUtil.asString(document));
                    Element directChildElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), JBossSAMLURIConstants.PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
                    Element directChildElement2 = DocumentUtil.getDirectChildElement(directChildElement, JBossSAMLURIConstants.ASSERTION_NSURI.get(), "AuthnContextClassRef");
                    Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", directChildElement2, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", directChildElement2.getTextContent(), Matchers.is(JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get()));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testComparisonTypeSetNoClassRefsDeclRefsSet() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("authnContextComparisonType", AuthnContextComparisonType.MINIMUM.value()).setAttribute("authnContextDeclRefs", "[\"secure/name/password/icmaolr/uri\"]").update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument("http://localhost:8280/sales-post/.dot/ted", BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().transformDocument(document -> {
                try {
                    this.log.infof("Document: %s", DocumentUtil.asString(document));
                    Element directChildElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), JBossSAMLURIConstants.PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.MINIMUM.value()));
                    Element directChildElement2 = DocumentUtil.getDirectChildElement(directChildElement, JBossSAMLURIConstants.ASSERTION_NSURI.get(), "AuthnContextDeclRef");
                    Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element not found in request document", directChildElement2, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext/AuthnContextDeclRef element does not have the expected value", directChildElement2.getTextContent(), Matchers.is("secure/name/password/icmaolr/uri"));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testNoComparisonTypeClassRefsSetNoDeclRefs() throws Exception {
        Closeable update = new IdentityProviderAttributeUpdater(this.identityProviderResource).setAttribute("authnContextClassRefs", "[\"" + JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get() + "\"]").update();
        Throwable th = null;
        try {
            new SamlClientBuilder().authnRequest(getConsumerSamlEndpoint(this.bc.consumerRealmName()), SAML2Request.convert(SamlClient.createLoginRequestDocument("http://localhost:8280/sales-post/.dot/ted", BrokerTestTools.getConsumerRoot() + "/sales-post/saml", (URI) null)), SamlClient.Binding.POST).build().login().idp(this.bc.getIDPAlias()).build().processSamlResponse(SamlClient.Binding.POST).targetAttributeSamlRequest().transformDocument(document -> {
                try {
                    this.log.infof("Document: %s", DocumentUtil.asString(document));
                    Element directChildElement = DocumentUtil.getDirectChildElement(document.getDocumentElement(), JBossSAMLURIConstants.PROTOCOL_NSURI.get(), "RequestedAuthnContext");
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext element not found in request document", directChildElement.getAttribute("Comparison"), Matchers.is(AuthnContextComparisonType.EXACT.value()));
                    Element directChildElement2 = DocumentUtil.getDirectChildElement(directChildElement, JBossSAMLURIConstants.ASSERTION_NSURI.get(), "AuthnContextClassRef");
                    Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element not found in request document", directChildElement2, Matchers.notNullValue());
                    Assert.assertThat("RequestedAuthnContext/AuthnContextClassRef element does not have the expected value", directChildElement2.getTextContent(), Matchers.is(JBossSAMLURIConstants.AC_PASSWORD_PROTECTED_TRANSPORT.get()));
                } catch (Exception e) {
                    throw new RuntimeException(e);
                }
            }).build().execute();
            if (update != null) {
                if (0 == 0) {
                    update.close();
                    return;
                }
                try {
                    update.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (update != null) {
                if (0 != 0) {
                    try {
                        update.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    update.close();
                }
            }
            throw th3;
        }
    }
}
