package org.keycloak.testsuite.oauth;

import java.io.IOException;
import java.util.List;
import javax.ws.rs.core.UriBuilder;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.pages.ErrorPage;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.openqa.selenium.By;

/* loaded from: input_file:org/keycloak/testsuite/oauth/AuthorizationCodeTest.class */
public class AuthorizationCodeTest extends AbstractKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected ErrorPage errorPage;

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Before
    public void clientConfiguration() {
        this.oauth.responseType("code");
        this.oauth.responseMode((String) null);
    }

    @Test
    public void authorizationRequest() throws IOException {
        this.oauth.state("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", doLogin.getState());
        Assert.assertNull(doLogin.getError());
        this.testingClient.testing().verifyCode("test", doLogin.getCode());
        assertCode((String) this.events.expectLogin().assertEvent().getDetails().get("code_id"), doLogin.getCode());
    }

    @Test
    public void authorizationRequestInstalledApp() throws IOException {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addRedirectUris("urn:ietf:wg:oauth:2.0:oob");
        this.oauth.redirectUri("urn:ietf:wg:oauth:2.0:oob");
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals("Success code", this.driver.getTitle());
        String attribute = this.driver.findElement(By.id("code")).getAttribute("value");
        this.testingClient.testing().verifyCode("test", attribute);
        assertCode((String) this.events.expectLogin().detail("redirect_uri", "http://localhost:8180/auth/realms/test/protocol/openid-connect/oauth/oob").assertEvent().getDetails().get("code_id"), attribute);
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).removeRedirectUris("urn:ietf:wg:oauth:2.0:oob");
    }

    @Test
    public void authorizationValidRedirectUri() throws IOException {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).addRedirectUris(this.oauth.getRedirectUri());
        this.oauth.state("mystate");
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
        this.testingClient.testing().verifyCode("test", doLogin.getCode());
        assertCode((String) this.events.expectLogin().assertEvent().getDetails().get("code_id"), doLogin.getCode());
    }

    @Test
    public void authorizationRequestNoState() throws IOException {
        this.oauth.state((String) null);
        OAuthClient.AuthorizationEndpointResponse doLogin = this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(doLogin.isRedirected());
        Assert.assertNotNull(doLogin.getCode());
        Assert.assertNull(doLogin.getState());
        Assert.assertNull(doLogin.getError());
        this.testingClient.testing().verifyCode("test", doLogin.getCode());
        assertCode((String) this.events.expectLogin().assertEvent().getDetails().get("code_id"), doLogin.getCode());
    }

    @Test
    public void authorizationRequestImplicitFlowDisabled() throws IOException {
        this.oauth.responseType("token id_token");
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth, true);
        Assert.assertTrue(authorizationEndpointResponse.isRedirected());
        Assert.assertEquals(authorizationEndpointResponse.getError(), "unsupported_response_type");
        Assert.assertEquals(authorizationEndpointResponse.getErrorDescription(), "Client is not allowed to initiate browser login with given response_type. Implicit flow is disabled for the client.");
        this.events.expectLogin().error("not_allowed").user((String) null).session((String) null).clearDetails().detail("response_type", "token id_token").assertEvent();
    }

    @Test
    public void authorizationRequestMissingResponseType() throws IOException {
        this.oauth.responseType((String) null);
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertTrue(authorizationEndpointResponse.isRedirected());
        Assert.assertEquals(authorizationEndpointResponse.getError(), "invalid_request");
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).clearDetails().assertEvent();
    }

    @Test
    public void authorizationRequestInvalidResponseType() throws IOException {
        this.oauth.responseType("tokenn");
        this.driver.navigate().to(UriBuilder.fromUri(this.oauth.getLoginFormUrl()).build(new Object[0]).toURL());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertTrue(authorizationEndpointResponse.isRedirected());
        Assert.assertEquals(authorizationEndpointResponse.getError(), "unsupported_response_type");
        this.events.expectLogin().error("invalid_request").user((String) null).session((String) null).clearDetails().detail("response_type", "tokenn").assertEvent();
    }

    @Test
    public void authorizationRequestFormPostResponseMode() throws IOException {
        this.oauth.responseMode(OIDCResponseMode.FORM_POST.toString().toLowerCase());
        this.oauth.state("OpenIdConnect.AuthenticationProperties=2302984sdlk");
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        System.out.println(this.driver.getPageSource());
        String text = this.driver.findElement(By.id("code")).getText();
        Assert.assertEquals("OpenIdConnect.AuthenticationProperties=2302984sdlk", this.driver.findElement(By.id("state")).getText());
        this.testingClient.testing().verifyCode("test", text);
        assertCode((String) this.events.expectLogin().assertEvent().getDetails().get("code_id"), text);
    }

    private void assertCode(String str, String str2) {
        Assert.assertEquals(str, this.testingClient.testing().verifyCode("test", str2));
    }
}
