package org.keycloak.testsuite.oauth;

import java.io.IOException;
import java.net.URI;
import java.util.HashMap;
import java.util.List;
import javax.ws.rs.core.UriBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.pages.PageUtils;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.openqa.selenium.By;

/* loaded from: input_file:org/keycloak/testsuite/oauth/AuthorizationCodeTest.class */
public class AuthorizationCodeTest extends AbstractKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    private ErrorPage errorPage;

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Before
    public void clientConfiguration() {
        this.oauth.responseType("code");
        this.oauth.responseMode((String) null);
        this.oauth.stateParamRandom();
    }

    @Test
    public void authorizationRequest() throws IOException {
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", doLogin.getState());
        Assert.assertNull(doLogin.getError());
    }

    @Test
    public void authorizationRequestInstalledApp() throws IOException {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addRedirectUris("urn:ietf:wg:oauth:2.0:oob");
        this.oauth.redirectUri("urn:ietf:wg:oauth:2.0:oob");
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals("Success code", PageUtils.getPageTitle(this.driver));
        this.driver.findElement(By.id("code")).getAttribute("value");
        AssertEvents.ExpectedEvent expectLogin = this.events.expectLogin();
        StringBuilder sb = new StringBuilder();
        OAuthClient oAuthClient = this.oauth;
        expectLogin.detail("redirect_uri", sb.append(OAuthClient.AUTH_SERVER_ROOT).append("/realms/test/protocol/openid-connect/oauth/oob").toString()).assertEvent().getDetails().get("code_id");
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).removeRedirectUris("urn:ietf:wg:oauth:2.0:oob");
    }

    @Test
    public void authorizationValidRedirectUri() throws IOException {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addRedirectUris(this.oauth.getRedirectUri());
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
    }

    @Test
    public void testInvalidRedirectUri() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addRedirectUris(this.oauth.getRedirectUri());
        this.oauth.redirectUri(this.oauth.getRedirectUri() + "%20test");
        this.oauth.openLoginForm();
        Assert.assertTrue(this.errorPage.isCurrent());
        Assert.assertEquals("Invalid parameter: redirect_uri", this.errorPage.getError());
        this.oauth.redirectUri("ZAP%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%25n%25s%0A");
        this.oauth.openLoginForm();
        Assert.assertTrue(this.errorPage.isCurrent());
        Assert.assertEquals("Invalid parameter: redirect_uri", this.errorPage.getError());
    }

    @Test
    public void authorizationRequestNoState() throws IOException {
        this.oauth.stateParamHardcoded((String) null);
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
        Assert.assertNull(doLogin.getState());
        Assert.assertNull(doLogin.getError());
    }

    @Test
    public void authorizationRequestInvalidResponseType() throws IOException {
        this.oauth.responseType("tokenn");
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertTrue(authorizationEndpointResponse.isRedirected());
        Assert.assertEquals(authorizationEndpointResponse.getError(), "unsupported_response_type");
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).clearDetails().detail("response_type", "tokenn").assertEvent();
    }

    @Test
    public void authorizationRequestFormPostResponseMode() throws IOException {
        this.oauth.responseMode(OIDCResponseMode.FORM_POST.value());
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        System.out.println(this.driver.getPageSource());
        this.driver.findElement(By.id("code")).getText();
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", this.driver.findElement(By.id("state")).getText());
    }

    @Test
    public void authorizationRequestFormPostResponseModeWithCustomState() throws IOException {
        this.oauth.responseMode(OIDCResponseMode.FORM_POST.value());
        this.oauth.stateParamHardcoded("\"><foo>bar_baz(2)far</foo>");
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        System.out.println(this.driver.getPageSource());
        this.driver.findElement(By.id("code")).getText();
        Assert.assertEquals("\"><foo>bar_baz(2)far</foo>", this.driver.findElement(By.id("state")).getText());
    }

    @Test
    public void authorizationRequestFragmentResponseModeNotKept() throws Exception {
        this.oauth.responseMode(OIDCResponseMode.FRAGMENT.value());
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertNotNull(doLogin.getCode());
        Assert.assertNotNull(doLogin.getState());
        URI uri = new URI(this.driver.getCurrentUrl());
        Assert.assertNull(uri.getRawQuery());
        Assert.assertNotNull(uri.getRawFragment());
        this.oauth.responseMode((String) null);
        this.oauth.openLoginForm();
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertNotNull(authorizationEndpointResponse.getCode());
        Assert.assertNotNull(authorizationEndpointResponse.getState());
        URI uri2 = new URI(this.driver.getCurrentUrl());
        Assert.assertNotNull(uri2.getRawQuery());
        Assert.assertNull(uri2.getRawFragment());
    }

    @Test
    public void authorizationRequestParamsMoreThanOnce() throws IOException {
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        new HashMap();
        this.oauth.addCustomParameter("scope", "read_write").addCustomParameter("state", "abcdefg").addCustomParameter("scope", "pop push");
        this.oauth.openLoginForm();
        Assert.assertEquals("invalid_request", this.oauth.getCurrentQuery().get("error"));
        Assert.assertEquals("duplicated parameter", this.oauth.getCurrentQuery().get("error_description"));
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).clearDetails().assertEvent();
    }

    @Test
    public void authorizationRequestClientParamsMoreThanOnce() throws IOException {
        this.oauth.stateParamHardcoded("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.addCustomParameter("scope", "read_write").addCustomParameter("client_id", "client2client").addCustomParameter("redirect_uri", "https://www.example.com").addCustomParameter("state", "abcdefg").addCustomParameter("scope", "pop push");
        this.oauth.openLoginForm();
        Assert.assertTrue(this.errorPage.isCurrent());
        Assert.assertEquals("Invalid Request", this.errorPage.getError());
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).client((String) null).clearDetails().assertEvent();
    }
}
