package org.keycloak.testsuite.jaxrs;

import java.util.TreeMap;
import java.util.UUID;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.http.impl.client.DefaultHttpClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.jboss.resteasy.client.jaxrs.ResteasyClientBuilder;
import org.jboss.resteasy.client.jaxrs.engines.ApacheHttpClient4Engine;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExternalResource;
import org.keycloak.TokenIdGenerator;
import org.keycloak.adapters.HttpClientBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.models.ClientModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.Constants;
import org.keycloak.testsuite.OAuthClient;
import org.keycloak.testsuite.jaxrs.JaxrsTestResource;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/jaxrs/JaxrsFilterTest.class */
public class JaxrsFilterTest {
    public static final String CONFIG_FILE_INIT_PARAM = "config-file";
    private static ResteasyClient client;

    @Rule
    public WebRule webRule = new WebRule(this);

    @WebResource
    protected WebDriver driver;
    protected static RealmModel appRealm;
    private static final String JAXRS_APP_URL = Constants.SERVER_ROOT + "/jaxrs-simple/res";
    private static final String JAXRS_APP_PUSN_NOT_BEFORE_URL = Constants.SERVER_ROOT + "/jaxrs-simple/k_push_not_before";

    @ClassRule
    public static KeycloakRule keycloakRule = new KeycloakRule(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.1
        @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
        public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
            ClientModel addClient = realmModel2.addClient("jaxrs-app");
            addClient.setEnabled(true);
            realmManager.getSession().users().getUserByUsername("test-user@localhost", realmModel2).grantRole(addClient.addRole("jaxrs-app-user"));
            JaxrsFilterTest.appRealm = realmModel2;
        }
    });

    @ClassRule
    public static ExternalResource clientRule = new ExternalResource() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.2
        protected void before() throws Throwable {
            ResteasyClient unused = JaxrsFilterTest.client = new ResteasyClientBuilder().httpEngine(new ApacheHttpClient4Engine((DefaultHttpClient) new HttpClientBuilder().build())).build();
        }

        protected void after() {
            JaxrsFilterTest.client.close();
        }
    };

    @Test
    public void testBasic() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.3
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        Response response = client.target(JAXRS_APP_URL).request().get();
        Assert.assertEquals(response.getStatus(), 401L);
        response.close();
        Response post = client.target(JAXRS_APP_URL).request().post(Entity.form(new Form()));
        Assert.assertEquals(post.getStatus(), 401L);
        post.close();
        String str = "Bearer " + retrieveAccessToken().getAccessToken();
        JaxrsTestResource.SimpleRepresentation simpleRepresentation = (JaxrsTestResource.SimpleRepresentation) client.target(JAXRS_APP_URL).request().header("Authorization", str).get(JaxrsTestResource.SimpleRepresentation.class);
        Assert.assertEquals("get", simpleRepresentation.getMethod());
        Assert.assertTrue(simpleRepresentation.getHasUserRole().booleanValue());
        Assert.assertFalse(simpleRepresentation.getHasAdminRole().booleanValue());
        Assert.assertFalse(simpleRepresentation.getHasJaxrsAppRole().booleanValue());
        UUID.fromString(simpleRepresentation.getPrincipal());
        JaxrsTestResource.SimpleRepresentation simpleRepresentation2 = (JaxrsTestResource.SimpleRepresentation) client.target(JAXRS_APP_URL).request().header("Authorization", str).post(Entity.form(new Form()), JaxrsTestResource.SimpleRepresentation.class);
        Assert.assertEquals("post", simpleRepresentation2.getMethod());
        Assert.assertEquals(simpleRepresentation.getPrincipal(), simpleRepresentation2.getPrincipal());
    }

    @Test
    public void testRelativeUriAndPublicKey() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.4
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak-relative.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        Response response = client.target(JAXRS_APP_URL).request().get();
        Assert.assertEquals(response.getStatus(), 401L);
        response.close();
        JaxrsTestResource.SimpleRepresentation simpleRepresentation = (JaxrsTestResource.SimpleRepresentation) client.target(JAXRS_APP_URL).request().header("Authorization", "Bearer " + retrieveAccessToken().getAccessToken()).get(JaxrsTestResource.SimpleRepresentation.class);
        Assert.assertEquals("get", simpleRepresentation.getMethod());
        Assert.assertTrue(simpleRepresentation.getHasUserRole().booleanValue());
        Assert.assertFalse(simpleRepresentation.getHasAdminRole().booleanValue());
        Assert.assertFalse(simpleRepresentation.getHasJaxrsAppRole().booleanValue());
        UUID.fromString(simpleRepresentation.getPrincipal());
    }

    @Test
    public void testSslRequired() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.5
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak-ssl.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        Response response = client.target(JAXRS_APP_URL).request().header("Authorization", "Bearer " + retrieveAccessToken().getAccessToken()).get();
        Assert.assertEquals(response.getStatus(), 403L);
        response.close();
    }

    @Test
    public void testResourceRoleMappings() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.6
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak-resource-mappings.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        JaxrsTestResource.SimpleRepresentation simpleRepresentation = (JaxrsTestResource.SimpleRepresentation) client.target(JAXRS_APP_URL).request().header("Authorization", "Bearer " + retrieveAccessToken().getAccessToken()).get(JaxrsTestResource.SimpleRepresentation.class);
        Assert.assertEquals("get", simpleRepresentation.getMethod());
        Assert.assertEquals("test-user@localhost", simpleRepresentation.getPrincipal());
        Assert.assertFalse(simpleRepresentation.getHasUserRole().booleanValue());
        Assert.assertFalse(simpleRepresentation.getHasAdminRole().booleanValue());
        Assert.assertTrue(simpleRepresentation.getHasJaxrsAppRole().booleanValue());
    }

    @Test
    public void testCors() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.7
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        Response options = client.target(JAXRS_APP_URL).request().header("Origin", "http://localhost:8081").options();
        Assert.assertEquals("true", options.getHeaderString("Access-Control-Allow-Credentials"));
        Assert.assertEquals("http://localhost:8081", options.getHeaderString("Access-Control-Allow-Origin"));
        options.close();
        String str = "Bearer " + retrieveAccessToken().getAccessToken();
        Response response = client.target(JAXRS_APP_URL).request().header("Authorization", str).header("Origin", "http://evil.org").get();
        Assert.assertEquals(403L, response.getStatus());
        response.close();
        Response response2 = client.target(JAXRS_APP_URL).request().header("Authorization", str).header("Origin", "http://localhost:8081").get();
        Assert.assertEquals(200L, response2.getStatus());
        Assert.assertEquals("true", options.getHeaderString("Access-Control-Allow-Credentials"));
        Assert.assertEquals("http://localhost:8081", options.getHeaderString("Access-Control-Allow-Origin"));
        Assert.assertEquals("get", ((JaxrsTestResource.SimpleRepresentation) response2.readEntity(JaxrsTestResource.SimpleRepresentation.class)).getMethod());
        response2.close();
    }

    @Test
    public void testPushNotBefore() {
        keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.jaxrs.JaxrsFilterTest.8
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                TreeMap treeMap = new TreeMap();
                treeMap.put("config-file", "classpath:jaxrs-test/jaxrs-keycloak.json");
                JaxrsFilterTest.keycloakRule.deployJaxrsApplication("JaxrsSimpleApp", "/jaxrs-simple", JaxrsTestApplication.class, treeMap);
            }
        });
        String str = "Bearer " + retrieveAccessToken().getAccessToken();
        JaxrsTestResource.SimpleRepresentation simpleRepresentation = (JaxrsTestResource.SimpleRepresentation) client.target(JAXRS_APP_URL).request().header("Authorization", str).get(JaxrsTestResource.SimpleRepresentation.class);
        Assert.assertEquals("get", simpleRepresentation.getMethod());
        Assert.assertTrue(simpleRepresentation.getHasUserRole().booleanValue());
        int currentTime = Time.currentTime();
        Response post = client.target(JAXRS_APP_PUSN_NOT_BEFORE_URL).request().post(Entity.text(new TokenManager().encodeToken(appRealm, new PushNotBeforeAction(TokenIdGenerator.generateId(), currentTime + 30, "jaxrs-app", currentTime + 1))));
        Assert.assertEquals(204L, post.getStatus());
        post.close();
        Response response = client.target(JAXRS_APP_URL).request().header("Authorization", str).get();
        Assert.assertEquals(401L, response.getStatus());
        response.close();
    }

    public void testCxfExample() {
        Response response = client.target("http://localhost:8080/jax_rs_basic_servlet/services/service1/customerservice/customers/123").request().get();
        Assert.assertEquals(response.getStatus(), 401L);
        response.close();
        System.out.println((String) client.target("http://localhost:8080/jax_rs_basic_servlet/services/service1/customerservice/customers/123").request().header("Authorization", "Bearer " + retrieveAccessToken().getAccessToken()).get(String.class));
    }

    private OAuthClient.AccessTokenResponse retrieveAccessToken() {
        OAuthClient oAuthClient = new OAuthClient(this.driver);
        oAuthClient.doLogin("test-user@localhost", "password");
        OAuthClient.AccessTokenResponse doAccessTokenRequest = oAuthClient.doAccessTokenRequest(oAuthClient.getCurrentQuery().get("code"), "password");
        Assert.assertEquals(200L, doAccessTokenRequest.getStatusCode());
        return doAccessTokenRequest;
    }
}
