package org.keycloak.testsuite.util;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.security.Key;
import java.security.KeyManagementException;
import java.security.PrivateKey;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.List;
import java.util.UUID;
import java.util.concurrent.TimeUnit;
import javax.ws.rs.core.MultivaluedHashMap;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPEnvelope;
import javax.xml.soap.SOAPException;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpUriRequest;
import org.apache.http.client.protocol.HttpClientContext;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.entity.ByteArrayEntity;
import org.apache.http.entity.ContentType;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
import org.apache.http.impl.client.LaxRedirectStrategy;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import org.jboss.logging.Logger;
import org.jsoup.Jsoup;
import org.jsoup.select.Elements;
import org.junit.Assert;
import org.keycloak.adapters.saml.SamlDeployment;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.PemUtils;
import org.keycloak.dom.saml.v2.SAML2Object;
import org.keycloak.dom.saml.v2.protocol.ArtifactResponseType;
import org.keycloak.dom.saml.v2.protocol.AuthnRequestType;
import org.keycloak.dom.saml.v2.protocol.RequestAbstractType;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.protocol.saml.SamlProtocolUtils;
import org.keycloak.protocol.saml.profile.util.Soap;
import org.keycloak.rotation.KeyLocator;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SAMLRequestParser;
import org.keycloak.saml.SignatureAlgorithm;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.common.exceptions.ParsingException;
import org.keycloak.saml.common.exceptions.ProcessingException;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.saml.v2.common.SAMLDocumentHolder;
import org.keycloak.saml.processing.core.util.JAXPValidationUtil;
import org.keycloak.saml.processing.web.util.RedirectBindingUtil;
import org.keycloak.testsuite.adapter.page.EcpSP;
import org.keycloak.testsuite.util.saml.StepWithCheckers;
import org.w3c.dom.Document;
import org.w3c.dom.Node;

/* loaded from: input_file:org/keycloak/testsuite/util/SamlClient.class */
public class SamlClient {
    private static final Logger LOG = Logger.getLogger(SamlClient.class);
    private final HttpClientContext context = HttpClientContext.create();
    private final RedirectStrategyWithSwitchableFollowRedirect strategy = new RedirectStrategyWithSwitchableFollowRedirect();

    /* loaded from: input_file:org/keycloak/testsuite/util/SamlClient$Binding.class */
    public enum Binding {
        POST { // from class: org.keycloak.testsuite.util.SamlClient.Binding.1
            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse, String str) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.OK));
                String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                closeableHttpResponse.close();
                return SamlClient.extractSamlResponseFromForm(entityUtils);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpPost createSamlUnsignedRequest(URI uri, String str, Document document) {
                return createSamlPostMessage(uri, str, document, "SAMLRequest", null, null, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpPost createSamlUnsignedResponse(URI uri, String str, Document document) {
                return createSamlPostMessage(uri, str, document, "SAMLResponse", null, null, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3) {
                return createSamlSignedResponse(uri, str, document, str2, str3, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3, String str4) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public String extractRelayState(CloseableHttpResponse closeableHttpResponse) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.OK));
                String entityUtils = EntityUtils.toString(closeableHttpResponse.getEntity(), "UTF-8");
                closeableHttpResponse.close();
                return SamlClient.extractSamlRelayStateFromForm(entityUtils);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpPost createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3) {
                return createSamlSignedRequest(uri, str, document, str2, str3, (String) null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpPost createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3, String str4) {
                return createSamlPostMessage(uri, str, document, "SAMLRequest", str2, str3, str4);
            }

            private HttpPost createSamlPostMessage(URI uri, String str, Document document, String str2, String str3, String str4, String str5) {
                HttpPost httpPost = new HttpPost(uri);
                LinkedList linkedList = new LinkedList();
                try {
                    BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
                    if (str3 != null && str4 != null) {
                        PrivateKey privateKeyFromString = KeyUtils.privateKeyFromString(str3);
                        baseSAML2BindingBuilder.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(org.keycloak.common.util.KeyUtils.createKeyId(privateKeyFromString), privateKeyFromString, KeyUtils.publicKeyFromString(str4), PemUtils.decodeCertificate(str5)).signDocument();
                    }
                    linkedList.add(new BasicNameValuePair(str2, baseSAML2BindingBuilder.postBinding(document).encoded()));
                    if (str != null) {
                        linkedList.add(new BasicNameValuePair("RelayState", str));
                    }
                    try {
                        httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                        return httpPost;
                    } catch (UnsupportedEncodingException e) {
                        throw new RuntimeException(e);
                    }
                } catch (IOException | ConfigurationException | ProcessingException e2) {
                    throw new RuntimeException(e2);
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public URI getBindingUri() {
                return JBossSAMLURIConstants.SAML_HTTP_POST_BINDING.getUri();
            }
        },
        REDIRECT { // from class: org.keycloak.testsuite.util.SamlClient.Binding.2
            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse, String str) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.FOUND));
                String value = closeableHttpResponse.getFirstHeader("Location").getValue();
                closeableHttpResponse.close();
                return SamlClient.extractSamlResponseFromRedirect(value, str);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpGet createSamlUnsignedRequest(URI uri, String str, Document document) {
                try {
                    return new HttpGet(new BaseSAML2BindingBuilder().relayState(str).redirectBinding(document).requestURI(uri.toString()));
                } catch (ProcessingException | ConfigurationException | IOException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public URI getBindingUri() {
                return JBossSAMLURIConstants.SAML_HTTP_REDIRECT_BINDING.getUri();
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlUnsignedResponse(URI uri, String str, Document document) {
                try {
                    return new HttpGet(new BaseSAML2BindingBuilder().relayState(str).redirectBinding(document).responseURI(uri.toString()));
                } catch (ProcessingException | ConfigurationException | IOException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3) {
                return createSamlSignedResponse(uri, str, document, str2, str3, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3, String str4) {
                try {
                    BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
                    if (str2 != null && str3 != null) {
                        PrivateKey privateKeyFromString = KeyUtils.privateKeyFromString(str2);
                        baseSAML2BindingBuilder.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(org.keycloak.common.util.KeyUtils.createKeyId(privateKeyFromString), privateKeyFromString, KeyUtils.publicKeyFromString(str3), PemUtils.decodeCertificate(str4)).signDocument();
                    }
                    baseSAML2BindingBuilder.relayState(str);
                    return new HttpGet(baseSAML2BindingBuilder.redirectBinding(document).responseURI(uri.toString()));
                } catch (IOException | ConfigurationException | ProcessingException e) {
                    throw new RuntimeException(e);
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public String extractRelayState(CloseableHttpResponse closeableHttpResponse) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.FOUND));
                String value = closeableHttpResponse.getFirstHeader("Location").getValue();
                closeableHttpResponse.close();
                return SamlClient.extractRelayStateFromRedirect(value);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3) {
                return createSamlSignedRequest(uri, str, document, str2, str3, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3, String str4) {
                try {
                    BaseSAML2BindingBuilder relayState = new BaseSAML2BindingBuilder().relayState(str);
                    if (str2 != null && str3 != null) {
                        PrivateKey privateKeyFromString = KeyUtils.privateKeyFromString(str2);
                        relayState.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(org.keycloak.common.util.KeyUtils.createKeyId(privateKeyFromString), privateKeyFromString, KeyUtils.publicKeyFromString(str3), PemUtils.decodeCertificate(str4)).signDocument();
                    }
                    return new HttpGet(relayState.redirectBinding(document).requestURI(uri.toString()));
                } catch (IOException | ConfigurationException | ProcessingException e) {
                    throw new RuntimeException(e);
                }
            }
        },
        SOAP { // from class: org.keycloak.testsuite.util.SamlClient.Binding.3
            private static final String NS_PREFIX_PROFILE_ECP = "ecp";
            private static final String NS_PREFIX_SAML_PROTOCOL = "samlp";
            private static final String NS_PREFIX_SAML_ASSERTION = "saml";
            private static final String NS_PREFIX_PAOS_BINDING = "paos";

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse, String str) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(200));
                try {
                    Node firstChild = MessageFactory.newInstance().createMessage((MimeHeaders) null, closeableHttpResponse.getEntity().getContent()).getSOAPBody().getFirstChild();
                    Document createDocument = DocumentUtil.createDocument();
                    createDocument.appendChild(createDocument.importNode(firstChild, true));
                    SAMLParser sAMLParser = SAMLParser.getInstance();
                    JAXPValidationUtil.checkSchemaValidation(createDocument);
                    return new SAMLDocumentHolder((SAML2Object) sAMLParser.parse(createDocument), createDocument);
                } catch (SOAPException | ConfigurationException | ProcessingException | ParsingException e) {
                    throw new RuntimeException((Throwable) e);
                }
            }

            private void createEcpRequestHeader(SOAPEnvelope sOAPEnvelope, SamlDeployment samlDeployment) throws SOAPException {
                SOAPHeaderElement addHeaderElement = sOAPEnvelope.getHeader().addHeaderElement(sOAPEnvelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PROFILE_ECP));
                addHeaderElement.setMustUnderstand(true);
                addHeaderElement.setActor("http://schemas.xmlsoap.org/soap/actor/next");
                addHeaderElement.addAttribute(sOAPEnvelope.createName("ProviderName"), samlDeployment.getEntityID());
                addHeaderElement.addAttribute(sOAPEnvelope.createName("IsPassive"), "0");
                addHeaderElement.addChildElement(sOAPEnvelope.createQName("Issuer", "saml")).setValue(samlDeployment.getEntityID());
                addHeaderElement.addChildElement(sOAPEnvelope.createQName("IDPList", NS_PREFIX_SAML_PROTOCOL)).addChildElement(sOAPEnvelope.createQName("IDPEntry", NS_PREFIX_SAML_PROTOCOL)).addAttribute(sOAPEnvelope.createName("ProviderID"), samlDeployment.getIDP().getEntityID()).addAttribute(sOAPEnvelope.createName("Name"), samlDeployment.getIDP().getEntityID()).addAttribute(sOAPEnvelope.createName("Loc"), samlDeployment.getIDP().getSingleSignOnService().getRequestBindingUrl());
            }

            private void createPaosRequestHeader(SOAPEnvelope sOAPEnvelope, SamlDeployment samlDeployment) throws SOAPException {
                SOAPHeaderElement addHeaderElement = sOAPEnvelope.getHeader().addHeaderElement(sOAPEnvelope.createQName(JBossSAMLConstants.REQUEST.get(), NS_PREFIX_PAOS_BINDING));
                addHeaderElement.setMustUnderstand(true);
                addHeaderElement.setActor("http://schemas.xmlsoap.org/soap/actor/next");
                addHeaderElement.addAttribute(sOAPEnvelope.createName("service"), JBossSAMLURIConstants.ECP_PROFILE.get());
                addHeaderElement.addAttribute(sOAPEnvelope.createName("responseConsumerURL"), getResponseConsumerUrl(samlDeployment));
            }

            private String getResponseConsumerUrl(SamlDeployment samlDeployment) {
                if (samlDeployment.getIDP() == null || samlDeployment.getIDP().getSingleSignOnService() == null || samlDeployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl() == null) {
                    return null;
                }
                return samlDeployment.getIDP().getSingleSignOnService().getAssertionConsumerServiceUrl().toString();
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlUnsignedRequest(URI uri, String str, Document document) {
                return createSamlSignedRequest(uri, str, document, null, null, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3) {
                return createSamlSignedRequest(uri, str, document, str2, str3, null);
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3, String str4) {
                BaseSAML2BindingBuilder baseSAML2BindingBuilder = new BaseSAML2BindingBuilder();
                if (str2 != null && str3 != null) {
                    PrivateKey privateKeyFromString = KeyUtils.privateKeyFromString(str2);
                    baseSAML2BindingBuilder.signatureAlgorithm(SignatureAlgorithm.RSA_SHA256).signWith(org.keycloak.common.util.KeyUtils.createKeyId(privateKeyFromString), privateKeyFromString, KeyUtils.publicKeyFromString(str3), PemUtils.decodeCertificate(str4)).signDocument();
                    try {
                        document = baseSAML2BindingBuilder.postBinding(document).getDocument();
                    } catch (ProcessingException e) {
                        throw new RuntimeException((Throwable) e);
                    }
                }
                try {
                    SOAPMessage createMessage = MessageFactory.newInstance().createMessage();
                    SOAPEnvelope envelope = createMessage.getSOAPPart().getEnvelope();
                    envelope.addNamespaceDeclaration("saml", JBossSAMLURIConstants.ASSERTION_NSURI.get());
                    envelope.addNamespaceDeclaration(NS_PREFIX_SAML_PROTOCOL, JBossSAMLURIConstants.PROTOCOL_NSURI.get());
                    envelope.addNamespaceDeclaration(NS_PREFIX_PAOS_BINDING, JBossSAMLURIConstants.PAOS_BINDING.get());
                    envelope.addNamespaceDeclaration(NS_PREFIX_PROFILE_ECP, JBossSAMLURIConstants.ECP_PROFILE.get());
                    SamlDeployment samlDeploymentForClient = SamlUtils.getSamlDeploymentForClient(EcpSP.DEPLOYMENT_NAME);
                    createPaosRequestHeader(envelope, samlDeploymentForClient);
                    createEcpRequestHeader(envelope, samlDeploymentForClient);
                    envelope.getBody().addDocument(document);
                    ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    createMessage.writeTo(byteArrayOutputStream);
                    HttpPost httpPost = new HttpPost(uri);
                    httpPost.setEntity(new ByteArrayEntity(byteArrayOutputStream.toByteArray(), ContentType.TEXT_XML));
                    return httpPost;
                } catch (SOAPException | IOException | ParsingException e2) {
                    throw new RuntimeException((Throwable) e2);
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public URI getBindingUri() {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlUnsignedResponse(URI uri, String str, Document document) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3, String str4) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public String extractRelayState(CloseableHttpResponse closeableHttpResponse) throws IOException {
                return null;
            }
        },
        ARTIFACT_RESPONSE { // from class: org.keycloak.testsuite.util.SamlClient.Binding.4
            private Document extractSoapMessage(CloseableHttpResponse closeableHttpResponse) throws IOException {
                Document extractSoapMessage = Soap.extractSoapMessage(new ByteArrayInputStream(EntityUtils.toByteArray(closeableHttpResponse.getEntity())));
                closeableHttpResponse.close();
                return extractSoapMessage;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse, String str) throws IOException {
                Assert.assertThat(closeableHttpResponse, Matchers.statusCodeIsHC(Response.Status.OK));
                Document extractSoapMessage = extractSoapMessage(closeableHttpResponse);
                try {
                    SAMLDocumentHolder sAML2ObjectFromDocument = SAML2Request.getSAML2ObjectFromDocument(extractSoapMessage);
                    if (!(sAML2ObjectFromDocument.getSamlObject() instanceof ArtifactResponseType)) {
                        throw new RuntimeException("Message received from ArtifactResolveService is not an ArtifactResponseMessage");
                    }
                    ArtifactResponseType samlObject = sAML2ObjectFromDocument.getSamlObject();
                    try {
                        Object any = samlObject.getAny();
                        if (any instanceof ResponseType) {
                            return new SAMLDocumentHolder((ResponseType) any, SAML2Request.convert((ResponseType) any));
                        }
                        if (!(any instanceof RequestAbstractType)) {
                            throw new RuntimeException("Can not recognise message contained in ArtifactResponse");
                        }
                        return new SAMLDocumentHolder((RequestAbstractType) any, SAML2Request.convert((RequestAbstractType) samlObject.getAny()));
                    } catch (ParsingException | ConfigurationException | ProcessingException e) {
                        throw new RuntimeException("Can not obtain document from artifact response: " + DocumentUtil.asString(extractSoapMessage));
                    }
                } catch (ProcessingException | ParsingException e2) {
                    throw new RuntimeException("Unable to get documentHolder from soapBodyResponse: " + DocumentUtil.asString(extractSoapMessage));
                }
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlUnsignedRequest(URI uri, String str, Document document) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3, String str4) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public URI getBindingUri() {
                return JBossSAMLURIConstants.SAML_HTTP_ARTIFACT_BINDING.getUri();
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlUnsignedResponse(URI uri, String str, Document document) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3, String str4) {
                return null;
            }

            @Override // org.keycloak.testsuite.util.SamlClient.Binding
            public String extractRelayState(CloseableHttpResponse closeableHttpResponse) throws IOException {
                return null;
            }
        };

        public abstract SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse, String str) throws IOException;

        public SAMLDocumentHolder extractResponse(CloseableHttpResponse closeableHttpResponse) throws IOException {
            return extractResponse(closeableHttpResponse, null);
        }

        public abstract HttpUriRequest createSamlUnsignedRequest(URI uri, String str, Document document);

        public abstract HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3);

        public abstract HttpUriRequest createSamlSignedRequest(URI uri, String str, Document document, String str2, String str3, String str4);

        public abstract URI getBindingUri();

        public abstract HttpUriRequest createSamlUnsignedResponse(URI uri, String str, Document document);

        public abstract HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3);

        public abstract HttpUriRequest createSamlSignedResponse(URI uri, String str, Document document, String str2, String str3, String str4);

        public abstract String extractRelayState(CloseableHttpResponse closeableHttpResponse) throws IOException;
    }

    /* loaded from: input_file:org/keycloak/testsuite/util/SamlClient$DoNotFollowRedirectStep.class */
    public static final class DoNotFollowRedirectStep implements Step {
        @Override // org.keycloak.testsuite.util.SamlClient.Step
        public HttpUriRequest perform(CloseableHttpClient closeableHttpClient, URI uri, CloseableHttpResponse closeableHttpResponse, HttpClientContext httpClientContext) throws Exception {
            return null;
        }
    }

    /* loaded from: input_file:org/keycloak/testsuite/util/SamlClient$RedirectStrategyWithSwitchableFollowRedirect.class */
    public static class RedirectStrategyWithSwitchableFollowRedirect extends LaxRedirectStrategy {
        public boolean redirectable = true;

        protected boolean isRedirectable(String str) {
            return this.redirectable && super.isRedirectable(str);
        }

        public void setRedirectable(boolean z) {
            this.redirectable = z;
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:org/keycloak/testsuite/util/SamlClient$ResultExtractor.class */
    public interface ResultExtractor<T> {
        T extract(CloseableHttpResponse closeableHttpResponse) throws Exception;
    }

    @FunctionalInterface
    /* loaded from: input_file:org/keycloak/testsuite/util/SamlClient$Step.class */
    public interface Step {
        HttpUriRequest perform(CloseableHttpClient closeableHttpClient, URI uri, CloseableHttpResponse closeableHttpResponse, HttpClientContext httpClientContext) throws Exception;
    }

    public static SAMLDocumentHolder extractSamlResponseFromForm(String str) {
        org.jsoup.nodes.Document parse = Jsoup.parse(str);
        Elements select = parse.select("input[name=SAMLResponse]");
        Elements select2 = parse.select("input[name=SAMLRequest]");
        Assert.assertThat("Checking uniqueness of SAMLResponse/SAMLRequest input field in the page", Integer.valueOf(select.size() + select2.size()), org.hamcrest.Matchers.is(1));
        return SAMLRequestParser.parseResponsePostBinding((select.isEmpty() ? select2.first() : select.first()).val());
    }

    public static String extractSamlRelayStateFromForm(String str) {
        Assert.assertThat(str, org.hamcrest.Matchers.containsString("form name=\"saml-post-binding\""));
        Elements select = Jsoup.parse(str).select("input[name=RelayState]");
        if (select.isEmpty()) {
            return null;
        }
        return select.first().val();
    }

    public static String extractRelayStateFromRedirect(String str) {
        return (String) URLEncodedUtils.parse(URI.create(str), "UTF-8").stream().filter(nameValuePair -> {
            return nameValuePair.getName().equals("RelayState");
        }).findFirst().map((v0) -> {
            return v0.getValue();
        }).orElse(null);
    }

    public static MultivaluedMap<String, String> parseEncodedQueryParameters(String str) throws IOException {
        MultivaluedHashMap multivaluedHashMap = new MultivaluedHashMap();
        if (str != null) {
            for (String str2 : str.split("&")) {
                if (str2.indexOf(61) >= 0) {
                    String[] split = str2.split("=", 2);
                    multivaluedHashMap.add(RedirectBindingUtil.urlDecode(split[0]), split.length > 1 ? split[1] : "");
                } else {
                    multivaluedHashMap.add(RedirectBindingUtil.urlDecode(str2), "");
                }
            }
        }
        return multivaluedHashMap;
    }

    public static SAMLDocumentHolder extractSamlResponseFromRedirect(String str, final String str2) throws IOException {
        MultivaluedMap<String, String> parseEncodedQueryParameters = parseEncodedQueryParameters(URI.create(str).getRawQuery());
        String str3 = (String) parseEncodedQueryParameters.getFirst("SAMLResponse");
        String str4 = (String) parseEncodedQueryParameters.getFirst("SAMLRequest");
        Assert.assertTrue("Only one SAMLRequest/SAMLResponse check", (str3 != null && str4 == null) || (str3 == null && str4 != null));
        SAMLDocumentHolder parseResponseRedirectBinding = SAMLRequestParser.parseResponseRedirectBinding(RedirectBindingUtil.urlDecode(str3 != null ? str3 : str4));
        if (str2 != null) {
            try {
                SamlProtocolUtils.verifyRedirectSignature(parseResponseRedirectBinding, new KeyLocator() { // from class: org.keycloak.testsuite.util.SamlClient.1
                    public Key getKey(String str5) throws KeyManagementException {
                        return KeyUtils.publicKeyFromString(str2);
                    }

                    public void refreshKeyCache() {
                    }
                }, parseEncodedQueryParameters, str3 != null ? "SAMLResponse" : "SAMLRequest");
            } catch (VerificationException e) {
                throw new IOException((Throwable) e);
            }
        }
        return parseResponseRedirectBinding;
    }

    public static AuthnRequestType createLoginRequestDocument(String str, String str2, URI uri) {
        try {
            return new SAML2Request().createAuthnRequestType(UUID.randomUUID().toString(), str2, uri == null ? null : uri.toString(), str);
        } catch (ConfigurationException e) {
            throw new RuntimeException((Throwable) e);
        }
    }

    public void execute(Step... stepArr) {
        executeAndTransform(closeableHttpResponse -> {
            return null;
        }, Arrays.asList(stepArr));
    }

    public void execute(List<Step> list) {
        executeAndTransform(closeableHttpResponse -> {
            return null;
        }, list);
    }

    public <T> T executeAndTransform(ResultExtractor<T> resultExtractor, Step... stepArr) {
        return (T) executeAndTransform(resultExtractor, Arrays.asList(stepArr));
    }

    public <T> T executeAndTransform(ResultExtractor<T> resultExtractor, List<Step> list) {
        Runnable afterStepChecker;
        Runnable beforeStepChecker;
        CloseableHttpResponse closeableHttpResponse = null;
        URI create = URI.create("about:blank");
        this.strategy.setRedirectable(true);
        try {
            CloseableHttpClient build = createHttpClientBuilderInstance().setRedirectStrategy(this.strategy).build();
            Throwable th = null;
            int i = 0;
            while (i < list.size()) {
                try {
                    try {
                        Step step = list.get(i);
                        LOG.infof("Running step %d: %s", Integer.valueOf(i), step.getClass());
                        CloseableHttpResponse closeableHttpResponse2 = closeableHttpResponse;
                        HttpUriRequest perform = step.perform(build, create, closeableHttpResponse2, this.context);
                        if (perform == null) {
                            LOG.info("Last step returned no request, continuing with next step.");
                        } else {
                            if (i >= list.size() - 1 || !(list.get(i + 1) instanceof DoNotFollowRedirectStep)) {
                                this.strategy.setRedirectable(true);
                            } else {
                                LOG.debugf("Disabling following redirects", new Object[0]);
                                this.strategy.setRedirectable(false);
                                i++;
                            }
                            LOG.infof("Executing HTTP request to %s", perform.getURI());
                            if ((step instanceof StepWithCheckers) && (beforeStepChecker = ((StepWithCheckers) step).getBeforeStepChecker()) != null) {
                                beforeStepChecker.run();
                            }
                            closeableHttpResponse = build.execute(perform, this.context);
                            if ((step instanceof StepWithCheckers) && (afterStepChecker = ((StepWithCheckers) step).getAfterStepChecker()) != null) {
                                afterStepChecker.run();
                            }
                            create = perform.getURI();
                            List redirectLocations = this.context.getRedirectLocations();
                            if (redirectLocations != null && !redirectLocations.isEmpty()) {
                                create = (URI) redirectLocations.get(redirectLocations.size() - 1);
                            }
                            LOG.infof("Landed to %s", create);
                            if (closeableHttpResponse != closeableHttpResponse2 && closeableHttpResponse2 != null) {
                                closeableHttpResponse2.close();
                            }
                        }
                        i++;
                    } finally {
                    }
                } finally {
                }
            }
            LOG.info("Going to extract response");
            T extract = resultExtractor.extract(closeableHttpResponse);
            if (build != null) {
                if (0 != 0) {
                    try {
                        build.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    build.close();
                }
            }
            return extract;
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    public HttpClientContext getContext() {
        return this.context;
    }

    protected HttpClientBuilder createHttpClientBuilderInstance() {
        return HttpClientBuilder.create().evictIdleConnections(100L, TimeUnit.MILLISECONDS);
    }
}
