package org.keycloak.testsuite.account;

import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.http.HttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.impl.client.DefaultHttpClient;
import org.jboss.arquillian.graphene.page.Page;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.TestRealmKeycloakTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.oauth.OAuthGrantTest;
import org.keycloak.testsuite.pages.AccountApplicationsPage;
import org.keycloak.testsuite.pages.AccountUpdateProfilePage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.OAuthGrantPage;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RealmRepUtil;
import org.keycloak.testsuite.util.UserBuilder;
import twitter4j.JSONArray;
import twitter4j.JSONObject;

/* loaded from: input_file:org/keycloak/testsuite/account/ProfileTest.class */
public class ProfileTest extends TestRealmKeycloakTest {

    @Page
    protected AccountUpdateProfilePage profilePage;

    @Page
    protected AccountApplicationsPage accountApplicationsPage;

    @Page
    protected LoginPage loginPage;

    @Page
    protected OAuthGrantPage grantPage;

    @Override // org.keycloak.testsuite.TestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        UserRepresentation findUser = RealmRepUtil.findUser(realmRepresentation, AssertEvents.DEFAULT_USERNAME);
        findUser.setFirstName("First");
        findUser.setLastName("Last");
        Map attributes = findUser.getAttributes();
        if (attributes == null) {
            attributes = new HashMap();
            findUser.setAttributes(attributes);
        }
        attributes.put("key1", "value1");
        attributes.put("key2", "value2");
        RealmBuilder.edit(realmRepresentation).user(UserBuilder.create().enabled(true).username("test-user-no-access@localhost").password("password").build());
        ClientBuilder.edit(RealmRepUtil.findClientByClientId(realmRepresentation, AssertEvents.DEFAULT_CLIENT_ID)).addWebOrigin("http://localtest.me:8180");
    }

    private RoleRepresentation findViewProfileRole(ClientResource clientResource) {
        for (RoleRepresentation roleRepresentation : clientResource.getScopeMappings().clientLevel(clientResource.toRepresentation().getId()).listEffective()) {
            if (roleRepresentation.getName().equals("view-profile")) {
                return roleRepresentation;
            }
        }
        return null;
    }

    @Before
    public void addScopeMappings() {
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(testRealm(), "account");
        RoleRepresentation findViewProfileRole = findViewProfileRole(findClientByClientId);
        String id = findClientByClientId.toRepresentation().getId();
        ApiUtil.findClientByClientId(testRealm(), AssertEvents.DEFAULT_CLIENT_ID).getScopeMappings().clientLevel(id).add(Collections.singletonList(findViewProfileRole));
        ApiUtil.findClientByClientId(testRealm(), OAuthGrantTest.THIRD_PARTY_APP).getScopeMappings().clientLevel(id).add(Collections.singletonList(findViewProfileRole));
    }

    @Test
    public void getProfile() throws Exception {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        HttpResponse doGetProfile = doGetProfile(this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken(), null);
        Assert.assertEquals(200L, doGetProfile.getStatusLine().getStatusCode());
        JSONObject jSONObject = new JSONObject(IOUtils.toString(doGetProfile.getEntity().getContent()));
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, jSONObject.getString("username"));
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, jSONObject.getString("email"));
        Assert.assertEquals("First", jSONObject.getString("firstName"));
        Assert.assertEquals("Last", jSONObject.getString("lastName"));
        JSONObject jSONObject2 = jSONObject.getJSONObject("attributes");
        JSONArray jSONArray = jSONObject2.getJSONArray("key1");
        Assert.assertEquals(1L, jSONArray.length());
        Assert.assertEquals("value1", jSONArray.get(0));
        JSONArray jSONArray2 = jSONObject2.getJSONArray("key2");
        Assert.assertEquals(1L, jSONArray2.length());
        Assert.assertEquals("value2", jSONArray2.get(0));
    }

    @Test
    public void getProfileCors() throws Exception {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        String accessToken = this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken();
        this.driver.navigate().to("http://localtest.me:8180/app");
        Assert.assertEquals("200", doGetProfileJs(accessToken)[0]);
    }

    @Test
    public void getProfileCorsInvalidOrigin() throws Exception {
        this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password");
        String accessToken = this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken();
        this.driver.navigate().to("http://invalid.localtest.me:8180");
        try {
            doGetProfileJs(accessToken);
            Assert.fail("Expected failure");
        } catch (Throwable th) {
        }
    }

    @Test
    public void getProfileCookieAuth() throws Exception {
        this.profilePage.open();
        this.loginPage.login(AssertEvents.DEFAULT_USERNAME, "password");
        String[] doGetProfileJs = doGetProfileJs(null);
        Assert.assertEquals("200", doGetProfileJs[0]);
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, new JSONObject(doGetProfileJs[1]).getString("username"));
    }

    @Test
    public void getProfileNoAuth() throws Exception {
        Assert.assertEquals(403L, doGetProfile(null, null).getStatusLine().getStatusCode());
    }

    @Test
    public void getProfileNoAccess() throws Exception {
        this.oauth.doLogin("test-user-no-access@localhost", "password");
        Assert.assertEquals(403L, doGetProfile(this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken(), null).getStatusLine().getStatusCode());
    }

    @Test
    public void getProfileOAuthClient() throws Exception {
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        this.grantPage.accept();
        HttpResponse doGetProfile = doGetProfile(this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken(), null);
        Assert.assertEquals(200L, doGetProfile.getStatusLine().getStatusCode());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, new JSONObject(IOUtils.toString(doGetProfile.getEntity().getContent())).getString("username"));
        this.accountApplicationsPage.open();
        this.accountApplicationsPage.revokeGrant(OAuthGrantTest.THIRD_PARTY_APP);
    }

    @Test
    public void getProfileOAuthClientNoScope() throws Exception {
        this.oauth.clientId(OAuthGrantTest.THIRD_PARTY_APP);
        this.oauth.doLoginGrant(AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(403L, doGetProfile(this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "password").getAccessToken(), null).getStatusLine().getStatusCode());
    }

    private URI getAccountURI() {
        OAuthClient oAuthClient = this.oauth;
        return RealmsResource.accountUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{this.oauth.getRealm()});
    }

    private HttpResponse doGetProfile(String str, String str2) throws IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        HttpGet httpGet = new HttpGet(UriBuilder.fromUri(getAccountURI()).build(new Object[0]));
        if (str != null) {
            httpGet.setHeader("Authorization", "bearer " + str);
        }
        if (str2 != null) {
            httpGet.setHeader("Origin", str2);
        }
        httpGet.setHeader("Accept", "application/json");
        return defaultHttpClient.execute(httpGet);
    }

    private String[] doGetProfileJs(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append("var req = new XMLHttpRequest();\n");
        sb.append("req.open('GET', '" + getAccountURI().toString() + "', false);\n");
        if (str != null) {
            sb.append("req.setRequestHeader('Authorization', 'Bearer " + str + "');\n");
        }
        sb.append("req.setRequestHeader('Accept', 'application/json');\n");
        sb.append("req.send(null);\n");
        sb.append("return req.status + '///' + req.responseText;\n");
        return ((String) this.driver.executeScript(sb.toString(), new Object[0])).split("///");
    }
}
