package org.keycloak.testsuite.oidc;

import java.util.List;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.common.util.Time;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;

/* loaded from: input_file:org/keycloak/testsuite/oidc/OIDCAdvancedRequestParamsTest.class */
public class OIDCAdvancedRequestParamsTest extends TestRealmKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Page
    protected AppPage appPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected OAuthGrantPage grantPage;

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
        this.oauth.maxAge((String) null);
    }

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Test
    public void testMaxAge1() {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        int authTime = sendTokenRequestAndGetIDToken(this.events.expectLogin().assertEvent()).getAuthTime();
        int currentTime = Time.currentTime();
        Assert.assertTrue(authTime <= currentTime && authTime + 3 >= currentTime);
        setTimeOffset(10);
        this.oauth.maxAge("1");
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertTrue(authTime + 10 <= sendTokenRequestAndGetIDToken(this.events.expectLogin().assertEvent()).getAuthTime());
    }

    @Test
    public void testMaxAge10000() {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        int authTime = sendTokenRequestAndGetIDToken(this.events.expectLogin().assertEvent()).getAuthTime();
        int currentTime = Time.currentTime();
        Assert.assertTrue(authTime <= currentTime && authTime + 3 >= currentTime);
        setTimeOffset(10);
        this.oauth.maxAge("10000");
        this.oauth.openLoginForm();
        Assert.assertEquals(authTime, sendTokenRequestAndGetIDToken(this.events.expectLogin().assertEvent()).getAuthTime());
    }

    @Test
    public void promptNoneNotLogged() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&prompt=none");
        org.junit.Assert.assertFalse(this.loginPage.isCurrent());
        org.junit.Assert.assertTrue(this.appPage.isCurrent());
        this.events.assertEmpty();
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertNull(authorizationEndpointResponse.getCode());
        Assert.assertEquals("login_required", authorizationEndpointResponse.getError());
    }

    @Test
    public void promptNoneSuccess() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        int authTime = sendTokenRequestAndGetIDToken(this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent()).getAuthTime();
        setTimeOffset(10);
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&prompt=none");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertEquals(authTime, sendTokenRequestAndGetIDToken(this.events.expectLogin().removeDetail("username").assertEvent()).getAuthTime());
    }

    @Test
    public void promptNoneConsentRequired() throws Exception {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).consentRequired(true);
        try {
            this.profilePage.open();
            org.junit.Assert.assertTrue(this.loginPage.isCurrent());
            this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
            this.profilePage.assertCurrent();
            this.events.expectLogin().client("account").removeDetail("redirect_uri").detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
            this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&prompt=none");
            org.junit.Assert.assertTrue(this.appPage.isCurrent());
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
            Assert.assertNull(authorizationEndpointResponse.getCode());
            Assert.assertEquals("interaction_required", authorizationEndpointResponse.getError());
            this.driver.navigate().to(this.oauth.getLoginFormUrl());
            this.grantPage.assertCurrent();
            this.grantPage.accept();
            this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).detail("consent", "consent_granted").assertEvent();
            this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&prompt=none");
            Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
            OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse2 = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
            Assert.assertNotNull(authorizationEndpointResponse2.getCode());
            Assert.assertNull(authorizationEndpointResponse2.getError());
            this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).detail("consent", "persistent_consent").assertEvent();
        } finally {
            ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).consentRequired(false);
        }
    }

    @Test
    public void promptLogin() {
        this.loginPage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        int authTime = sendTokenRequestAndGetIDToken(this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent()).getAuthTime();
        setTimeOffset(10);
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&prompt=login");
        this.loginPage.assertCurrent();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertTrue(authTime + 10 <= sendTokenRequestAndGetIDToken(this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent()).getAuthTime());
    }

    @Test
    public void nonSupportedParams() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&display=popup&foo=foobar&claims_locales=fr");
        this.loginPage.assertCurrent();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        Assert.assertNotNull(sendTokenRequestAndGetIDToken(this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent()));
    }

    @Test
    public void requestParam() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&request=abc");
        org.junit.Assert.assertFalse(this.loginPage.isCurrent());
        org.junit.Assert.assertTrue(this.appPage.isCurrent());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertNull(authorizationEndpointResponse.getCode());
        Assert.assertEquals("request_not_supported", authorizationEndpointResponse.getError());
    }

    @Test
    public void requestUriParam() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&request_uri=https%3A%2F%2Flocalhost%3A60784%2Fexport%2FqzHTG11W48.jwt");
        org.junit.Assert.assertFalse(this.loginPage.isCurrent());
        org.junit.Assert.assertTrue(this.appPage.isCurrent());
        OAuthClient.AuthorizationEndpointResponse authorizationEndpointResponse = new OAuthClient.AuthorizationEndpointResponse(this.oauth);
        Assert.assertNull(authorizationEndpointResponse.getCode());
        Assert.assertEquals("request_uri_not_supported", authorizationEndpointResponse.getError());
    }

    @Test
    public void loginHint() {
        this.driver.navigate().to(this.oauth.getLoginFormUrl() + "&login_hint=test-user%40localhost");
        this.loginPage.assertCurrent();
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, this.loginPage.getUsername());
        this.loginPage.login("password");
        Assert.assertEquals(AppPage.RequestType.AUTH_RESPONSE, this.appPage.getRequestType());
        this.events.expectLogin().detail("username", AssertEvents.DEFAULT_USERNAME).assertEvent();
    }
}
