package org.keycloak.testsuite.oidc;

import java.util.List;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.core.UriBuilder;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.protocol.oidc.representations.OIDCConfigurationRepresentation;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.resources.RealmsResource;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;

/* loaded from: input_file:org/keycloak/testsuite/oidc/OIDCWellKnownProviderTest.class */
public class OIDCWellKnownProviderTest extends AbstractKeycloakTest {
    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
    }

    @Test
    public void testDiscovery() {
        Client newClient = ClientBuilder.newClient();
        try {
            OIDCConfigurationRepresentation oIDCDiscoveryConfiguration = getOIDCDiscoveryConfiguration(newClient);
            Assert.assertEquals(oIDCDiscoveryConfiguration.getAuthorizationEndpoint(), OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{"test"}).toString());
            Assert.assertEquals(oIDCDiscoveryConfiguration.getTokenEndpoint(), this.oauth.getAccessTokenUrl());
            Assert.assertEquals(oIDCDiscoveryConfiguration.getUserinfoEndpoint(), OIDCLoginProtocolService.userInfoUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{"test"}).toString());
            Assert.assertEquals(oIDCDiscoveryConfiguration.getJwksUri(), this.oauth.getCertsUrl("test"));
            assertContains(oIDCDiscoveryConfiguration.getResponseTypesSupported(), "code", "id_token", "id_token token", "code id_token", "code token", "code id_token token");
            assertContains(oIDCDiscoveryConfiguration.getGrantTypesSupported(), "authorization_code", "implicit");
            assertContains(oIDCDiscoveryConfiguration.getResponseModesSupported(), "query", "fragment");
            Assert.assertNames(oIDCDiscoveryConfiguration.getSubjectTypesSupported(), "public");
            Assert.assertNames(oIDCDiscoveryConfiguration.getIdTokenSigningAlgValuesSupported(), Algorithm.RS256.toString());
            Assert.assertNames(oIDCDiscoveryConfiguration.getTokenEndpointAuthMethodsSupported(), "client_secret_basic", "client_secret_post", "private_key_jwt");
            Assert.assertNames(oIDCDiscoveryConfiguration.getTokenEndpointAuthSigningAlgValuesSupported(), Algorithm.RS256.toString());
            assertContains(oIDCDiscoveryConfiguration.getClaimsSupported(), "name", "email", "preferred_username", "family_name");
            Assert.assertNames(oIDCDiscoveryConfiguration.getClaimTypesSupported(), "normal");
            Assert.assertFalse(oIDCDiscoveryConfiguration.getClaimsParameterSupported().booleanValue());
            Assert.assertNames(oIDCDiscoveryConfiguration.getScopesSupported(), "openid", "offline_access");
            Assert.assertFalse(oIDCDiscoveryConfiguration.getRequestParameterSupported().booleanValue());
            Assert.assertFalse(oIDCDiscoveryConfiguration.getRequestUriParameterSupported().booleanValue());
        } finally {
            newClient.close();
        }
    }

    @Test
    public void testIssuerMatches() throws Exception {
        OAuthClient.AccessTokenResponse doGrantAccessTokenRequest = this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password");
        Assert.assertEquals(200L, doGrantAccessTokenRequest.getStatusCode());
        IDToken verifyIDToken = this.oauth.verifyIDToken(doGrantAccessTokenRequest.getIdToken());
        Client newClient = ClientBuilder.newClient();
        try {
            Assert.assertEquals(verifyIDToken.getIssuer(), getOIDCDiscoveryConfiguration(newClient).getIssuer());
            newClient.close();
        } catch (Throwable th) {
            newClient.close();
            throw th;
        }
    }

    private OIDCConfigurationRepresentation getOIDCDiscoveryConfiguration(Client client) {
        return (OIDCConfigurationRepresentation) client.target(RealmsResource.wellKnownProviderUrl(UriBuilder.fromUri(OAuthClient.AUTH_SERVER_ROOT)).build(new Object[]{"test", "openid-configuration"})).request().get().readEntity(OIDCConfigurationRepresentation.class);
    }

    private void assertContains(List<String> list, String... strArr) {
        for (String str : strArr) {
            Assert.assertTrue(list.contains(str));
        }
    }
}
