package org.keycloak.testsuite.adapter.servlet;

import java.util.List;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.arquillian.graphene.wait.StringMatcher;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.adapter.AbstractServletsAdapterTest;
import org.keycloak.testsuite.adapter.page.BadClientSalesPostSigServlet;
import org.keycloak.testsuite.adapter.page.BadRealmSalesPostSigServlet;
import org.keycloak.testsuite.adapter.page.Employee2Servlet;
import org.keycloak.testsuite.adapter.page.EmployeeSigFrontServlet;
import org.keycloak.testsuite.adapter.page.EmployeeSigServlet;
import org.keycloak.testsuite.adapter.page.SAMLServlet;
import org.keycloak.testsuite.adapter.page.SalesMetadataServlet;
import org.keycloak.testsuite.adapter.page.SalesPostEncServlet;
import org.keycloak.testsuite.adapter.page.SalesPostPassiveServlet;
import org.keycloak.testsuite.adapter.page.SalesPostServlet;
import org.keycloak.testsuite.adapter.page.SalesPostSigEmailServlet;
import org.keycloak.testsuite.adapter.page.SalesPostSigPersistentServlet;
import org.keycloak.testsuite.adapter.page.SalesPostSigServlet;
import org.keycloak.testsuite.adapter.page.SalesPostSigTransientServlet;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.auth.page.login.Login;
import org.keycloak.testsuite.auth.page.login.SAMLIDPInitiatedLogin;
import org.keycloak.testsuite.page.AbstractPage;
import org.keycloak.testsuite.util.IOUtil;
import org.keycloak.testsuite.util.URLAssert;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;
import org.w3c.dom.Document;

/* loaded from: input_file:org/keycloak/testsuite/adapter/servlet/AbstractSAMLServletsAdapterTest.class */
public abstract class AbstractSAMLServletsAdapterTest extends AbstractServletsAdapterTest {

    @Page
    protected BadClientSalesPostSigServlet badClientSalesPostSigServletPage;

    @Page
    protected BadRealmSalesPostSigServlet badRealmSalesPostSigServletPage;

    @Page
    protected Employee2Servlet employee2ServletPage;

    @Page
    protected EmployeeSigServlet employeeSigServletPage;

    @Page
    protected EmployeeSigFrontServlet employeeSigFrontServletPage;

    @Page
    protected SalesMetadataServlet salesMetadataServletPage;

    @Page
    protected SalesPostServlet salesPostServletPage;

    @Page
    protected SalesPostEncServlet salesPostEncServletPage;

    @Page
    protected SalesPostPassiveServlet salesPostPassiveServletPage;

    @Page
    protected SalesPostSigServlet salesPostSigServletPage;

    @Page
    protected SalesPostSigEmailServlet salesPostSigEmailServletPage;

    @Page
    protected SalesPostSigPersistentServlet salesPostSigPersistentServletPage;

    @Page
    protected SalesPostSigTransientServlet salesPostSigTransientServletPage;

    @Page
    protected SAMLIDPInitiatedLogin samlidpInitiatedLogin;
    protected boolean forbiddenIfNotAuthenticated = true;

    @Deployment(name = "bad-client-sales-post-sig")
    protected static WebArchive badClientSalesPostSig() {
        return samlServletDeployment("bad-client-sales-post-sig", SendUsernameServlet.class);
    }

    @Deployment(name = "bad-realm-sales-post-sig")
    protected static WebArchive badRealmSalesPostSig() {
        return samlServletDeployment("bad-realm-sales-post-sig", SendUsernameServlet.class);
    }

    @Deployment(name = "employee2")
    protected static WebArchive employee2() {
        return samlServletDeployment("employee2", SendUsernameServlet.class);
    }

    @Deployment(name = "employee-sig")
    protected static WebArchive employeeSig() {
        return samlServletDeployment("employee-sig", SendUsernameServlet.class);
    }

    @Deployment(name = "employee-sig-front")
    protected static WebArchive employeeSigFront() {
        return samlServletDeployment("employee-sig-front", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-metadata")
    protected static WebArchive salesMetadata() {
        return samlServletDeployment("sales-metadata", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post")
    protected static WebArchive salesPost() {
        return samlServletDeployment("sales-post", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-enc")
    protected static WebArchive salesPostEnc() {
        return samlServletDeployment("sales-post-enc", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-passive")
    protected static WebArchive salesPostPassive() {
        return samlServletDeployment("sales-post-passive", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-sig")
    protected static WebArchive salesPostSig() {
        return samlServletDeployment("sales-post-sig", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-sig-email")
    protected static WebArchive salesPostSigEmail() {
        return samlServletDeployment("sales-post-sig-email", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-sig-persistent")
    protected static WebArchive salesPostSigPersistent() {
        return samlServletDeployment("sales-post-sig-persistent", SendUsernameServlet.class);
    }

    @Deployment(name = "sales-post-sig-transient")
    protected static WebArchive salesPostSigTransient() {
        return samlServletDeployment("sales-post-sig-transient", SendUsernameServlet.class);
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.adapter.AbstractAdapterTest
    public void addAdapterTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm("/adapter-test/keycloak-saml/testsaml.json"));
    }

    @Override // org.keycloak.testsuite.adapter.AbstractServletsAdapterTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void setDefaultPageUriParameters() {
        super.setDefaultPageUriParameters();
        this.testRealmPage.setAuthRealm("demo");
        this.testRealmSAMLRedirectLoginPage.setAuthRealm("demo");
        this.testRealmSAMLPostLoginPage.setAuthRealm("demo");
    }

    private void assertForbidden(AbstractPage abstractPage) {
        abstractPage.navigateTo();
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
        Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("Status 403"));
    }

    private void assertSuccessfullyLoggedIn(AbstractPage abstractPage) {
        abstractPage.navigateTo();
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
    }

    private void assertForbiddenLogin(AbstractPage abstractPage, String str, String str2, Login login) {
        abstractPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWith(login);
        login.form().login(str, str2);
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
        Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("Status 403"));
    }

    private void assertSuccessfulLogin(AbstractPage abstractPage, UserRepresentation userRepresentation, Login login) {
        abstractPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWith(login);
        login.form().login(userRepresentation);
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
    }

    private void testSuccessfulAndUnauthorizedLogin(SAMLServlet sAMLServlet, Login login) {
        assertSuccessfulLogin(sAMLServlet, this.bburkeUser, login);
        sAMLServlet.logout();
        assertForbiddenLogin(sAMLServlet, "unauthorized", "password", login);
        sAMLServlet.logout();
    }

    @Test
    public void disabledClientTest() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(testRealmResource(), "http://localhost:8081/sales-post-sig/");
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        representation.setEnabled(false);
        findClientResourceByClientId.update(representation);
        this.salesPostSigServletPage.navigateTo();
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("Login requester not enabled");
        representation.setEnabled(true);
        findClientResourceByClientId.update(representation);
    }

    @Test
    public void unauthorizedSSOTest() {
        assertForbiddenLogin(this.salesPostServletPage, "unauthorized", "password", this.testRealmSAMLPostLoginPage);
        assertForbidden(this.employee2ServletPage);
        assertForbidden(this.employeeSigFrontServletPage);
        assertForbidden(this.salesPostSigPersistentServletPage);
        this.salesPostServletPage.logout();
    }

    @Test
    public void singleLoginAndLogoutSAMLTest() {
        assertSuccessfulLogin(this.salesPostServletPage, this.bburkeUser, this.testRealmSAMLPostLoginPage);
        assertSuccessfullyLoggedIn(this.salesPostSigServletPage);
        assertSuccessfullyLoggedIn(this.employee2ServletPage);
        assertSuccessfullyLoggedIn(this.salesPostEncServletPage);
        this.employeeSigFrontServletPage.logout();
        this.employeeSigFrontServletPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWith(this.testRealmSAMLRedirectLoginPage);
        this.employeeSigServletPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWith(this.testRealmSAMLRedirectLoginPage);
        this.salesPostPassiveServletPage.navigateTo();
        if (this.forbiddenIfNotAuthenticated) {
            ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
            Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("<body></body>") || this.driver.getPageSource().equals(""));
        } else {
            WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=null");
        }
        this.salesPostSigEmailServletPage.navigateTo();
        URLAssert.assertCurrentUrlStartsWith(this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void badClientSalesPostSigTest() {
        this.badClientSalesPostSigServletPage.navigateTo();
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("Invalid requester");
    }

    @Test
    public void badRealmSalesPostSigTest() {
        this.badRealmSalesPostSigServletPage.navigateTo();
        this.testRealmSAMLRedirectLoginPage.form().login(this.bburkeUser);
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
        Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("Status 403"));
    }

    @Test
    public void employee2Test() {
        testSuccessfulAndUnauthorizedLogin(this.employee2ServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void employeeSigTest() {
        testSuccessfulAndUnauthorizedLogin(this.employeeSigServletPage, this.testRealmSAMLRedirectLoginPage);
    }

    @Test
    public void employeeSigFrontTest() {
        testSuccessfulAndUnauthorizedLogin(this.employeeSigFrontServletPage, this.testRealmSAMLRedirectLoginPage);
    }

    @Test
    public void salesMetadataTest() throws Exception {
        Document loadXML = IOUtil.loadXML(AbstractSAMLServletsAdapterTest.class.getResourceAsStream("/adapter-test/keycloak-saml/sp-metadata.xml"));
        IOUtil.modifyDocElementAttribute(loadXML, "SingleLogoutService", "Location", "8080", System.getProperty("app.server.http.port", null));
        IOUtil.modifyDocElementAttribute(loadXML, "AssertionConsumerService", "Location", "8080", System.getProperty("app.server.http.port", null));
        ClientRepresentation convertClientDescription = testRealmResource().convertClientDescription(IOUtil.documentToString(loadXML));
        convertClientDescription.setAdminUrl((Boolean.parseBoolean(System.getProperty("app.server.ssl.required")) ? "https://localhost:" + System.getProperty("app.server.https.port", "8543") + "/" : "http://localhost:" + System.getProperty("app.server.http.port", "8280") + "/") + "sales-metadata/saml");
        Response create = testRealmResource().clients().create(convertClientDescription);
        Assert.assertEquals(201L, create.getStatus());
        create.close();
        testSuccessfulAndUnauthorizedLogin(this.salesMetadataServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void salesPostTest() {
        testSuccessfulAndUnauthorizedLogin(this.salesPostServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void salesPostEncTest() {
        testSuccessfulAndUnauthorizedLogin(this.salesPostEncServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void salesPostPassiveTest() {
        this.salesPostPassiveServletPage.navigateTo();
        if (this.forbiddenIfNotAuthenticated) {
            ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
            Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("<body></body>") || this.driver.getPageSource().equals(""));
        } else {
            WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=null");
        }
        assertSuccessfulLogin(this.salesPostServletPage, this.bburkeUser, this.testRealmSAMLPostLoginPage);
        assertSuccessfullyLoggedIn(this.salesPostPassiveServletPage);
        this.salesPostPassiveServletPage.logout();
        this.salesPostPassiveServletPage.navigateTo();
        if (this.forbiddenIfNotAuthenticated) {
            ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("principal=");
            Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("<body></body>") || this.driver.getPageSource().equals(""));
        } else {
            WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=null");
        }
        assertForbiddenLogin(this.salesPostServletPage, "unauthorized", "password", this.testRealmSAMLPostLoginPage);
        assertForbidden(this.salesPostPassiveServletPage);
        this.salesPostPassiveServletPage.logout();
    }

    @Test
    public void salesPostSigTest() {
        testSuccessfulAndUnauthorizedLogin(this.salesPostSigServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void salesPostSigEmailTest() {
        testSuccessfulAndUnauthorizedLogin(this.salesPostSigEmailServletPage, this.testRealmSAMLPostLoginPage);
    }

    @Test
    public void salesPostSigPersistentTest() {
        this.salesPostSigPersistentServletPage.navigateTo();
        this.testRealmSAMLPostLoginPage.form().login(this.bburkeUser);
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("bburke");
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=G-");
        this.salesPostSigPersistentServletPage.logout();
        assertForbiddenLogin(this.salesPostSigPersistentServletPage, "unauthorized", "password", this.testRealmSAMLPostLoginPage);
        this.salesPostSigPersistentServletPage.logout();
    }

    @Test
    public void salesPostSigTransientTest() {
        this.salesPostSigTransientServletPage.navigateTo();
        this.testRealmSAMLPostLoginPage.form().login(this.bburkeUser);
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("bburke");
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=G-");
        this.salesPostSigTransientServletPage.logout();
        assertForbiddenLogin(this.salesPostSigTransientServletPage, "unauthorized", "password", this.testRealmSAMLPostLoginPage);
        this.salesPostSigTransientServletPage.logout();
    }

    @Test
    public void idpInitiatedLogin() {
        this.samlidpInitiatedLogin.setAuthRealm("demo");
        this.samlidpInitiatedLogin.setUrlName("employee2");
        this.samlidpInitiatedLogin.navigateTo();
        this.samlidpInitiatedLogin.form().login(this.bburkeUser);
        WaitUtils.waitUntilElement(By.xpath("//body")).text().contains("principal=bburke");
        assertSuccessfullyLoggedIn(this.salesPostSigServletPage);
        this.employee2ServletPage.logout();
    }

    @Test
    public void idpInitiatedUnauthorizedLoginTest() {
        this.samlidpInitiatedLogin.setAuthRealm("demo");
        this.samlidpInitiatedLogin.setUrlName("employee2");
        this.samlidpInitiatedLogin.navigateTo();
        this.samlidpInitiatedLogin.form().login("unauthorized", "password");
        ((StringMatcher) WaitUtils.waitUntilElement(By.xpath("//body")).text().not()).contains("bburke");
        Assert.assertTrue(this.driver.getPageSource().contains("Forbidden") || this.driver.getPageSource().contains("Status 403"));
        assertForbidden(this.employee2ServletPage);
        this.employee2ServletPage.logout();
    }
}
