package org.keycloak.testsuite.oidc;

import java.util.List;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.events.EventType;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserInfoClientUtil;
import org.keycloak.util.BasicAuthHelper;

/* loaded from: input_file:org/keycloak/testsuite/oidc/UserInfoTest.class */
public class UserInfoTest extends AbstractKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(RealmBuilder.edit((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class)).testEventListener().build());
    }

    @Test
    public void testSuccess_getMethod_header() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            testSuccessfulUserInfoResponse(UserInfoClientUtil.executeUserInfoRequest_getMethod(newClient, executeGrantAccessTokenRequest(newClient).getToken()));
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    @Test
    public void testSuccess_postMethod_header() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            testSuccessfulUserInfoResponse(UserInfoClientUtil.getUserInfoWebTarget(newClient).request().header("Authorization", "bearer " + executeGrantAccessTokenRequest(newClient).getToken()).post(Entity.form(new Form())));
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    @Test
    public void testSuccess_postMethod_body() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            AccessTokenResponse executeGrantAccessTokenRequest = executeGrantAccessTokenRequest(newClient);
            Form form = new Form();
            form.param("access_token", executeGrantAccessTokenRequest.getToken());
            testSuccessfulUserInfoResponse(UserInfoClientUtil.getUserInfoWebTarget(newClient).request().post(Entity.form(form)));
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    @Test
    public void testSuccess_postMethod_header_textEntity() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            testSuccessfulUserInfoResponse(UserInfoClientUtil.getUserInfoWebTarget(newClient).request().header("Authorization", "bearer " + executeGrantAccessTokenRequest(newClient).getToken()).post(Entity.text("")));
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    @Test
    public void testSessionExpired() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            AccessTokenResponse executeGrantAccessTokenRequest = executeGrantAccessTokenRequest(newClient);
            this.testingClient.testing().removeUserSessions("test");
            Response executeUserInfoRequest_getMethod = UserInfoClientUtil.executeUserInfoRequest_getMethod(newClient, executeGrantAccessTokenRequest.getToken());
            Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), executeUserInfoRequest_getMethod.getStatus());
            executeUserInfoRequest_getMethod.close();
            this.events.expect(EventType.USER_INFO_REQUEST_ERROR).error("user_session_not_found").client((String) null).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail("auth_method", "validate_access_token").assertEvent();
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    @Test
    public void testUnsuccessfulUserInfoRequest() throws Exception {
        Client newClient = ClientBuilder.newClient();
        try {
            UserInfoClientUtil.executeUserInfoRequest_getMethod(newClient, "bad").close();
            Assert.assertEquals(Response.Status.UNAUTHORIZED.getStatusCode(), r0.getStatus());
            this.events.expect(EventType.USER_INFO_REQUEST_ERROR).error("invalid_token").client((String) null).user(Matchers.nullValue(String.class)).session(Matchers.nullValue(String.class)).detail("auth_method", "validate_access_token").assertEvent();
        } finally {
            newClient.close();
        }
    }

    private AccessTokenResponse executeGrantAccessTokenRequest(Client client) {
        WebTarget target = client.target(OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{"test"}));
        String createHeader = BasicAuthHelper.createHeader(AssertEvents.DEFAULT_CLIENT_ID, "password");
        Form form = new Form();
        form.param("grant_type", "password").param("username", AssertEvents.DEFAULT_USERNAME).param("password", "password");
        Response post = target.request().header("Authorization", createHeader).post(Entity.form(form));
        Assert.assertEquals(200L, post.getStatus());
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) post.readEntity(AccessTokenResponse.class);
        post.close();
        this.events.clear();
        return accessTokenResponse;
    }

    private void testSuccessfulUserInfoResponse(Response response) {
        this.events.expect(EventType.USER_INFO_REQUEST).session(Matchers.notNullValue(String.class)).detail("auth_method", "validate_access_token").detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
        UserInfoClientUtil.testSuccessfulUserInfoResponse(response, AssertEvents.DEFAULT_USERNAME, AssertEvents.DEFAULT_USERNAME);
    }
}
