package org.keycloak.testsuite.saml;

import java.io.ByteArrayInputStream;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.OutputStream;
import java.io.OutputStreamWriter;
import java.util.Iterator;
import java.util.Map;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.NewCookie;
import javax.ws.rs.core.Response;
import javax.xml.namespace.QName;
import javax.xml.soap.MessageFactory;
import javax.xml.soap.MimeHeaders;
import javax.xml.soap.SOAPHeaderElement;
import javax.xml.soap.SOAPMessage;
import javax.xml.transform.Source;
import javax.xml.transform.Transformer;
import javax.xml.transform.TransformerException;
import javax.xml.transform.TransformerFactory;
import javax.xml.transform.stream.StreamResult;
import org.jboss.resteasy.util.Base64;
import org.junit.Assert;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.dom.saml.v2.protocol.ResponseType;
import org.keycloak.dom.saml.v2.protocol.StatusResponseType;
import org.keycloak.saml.common.constants.JBossSAMLConstants;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.testsuite.samlfilter.SamlAdapterTest;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

/* loaded from: input_file:org/keycloak/testsuite/saml/SamlEcpProfileTest.class */
public class SamlEcpProfileTest {
    protected String APP_SERVER_BASE_URL = "http://localhost:8081";

    @ClassRule
    public static org.keycloak.testsuite.samlfilter.SamlKeycloakRule keycloakRule = new org.keycloak.testsuite.samlfilter.SamlKeycloakRule() { // from class: org.keycloak.testsuite.saml.SamlEcpProfileTest.1
        @Override // org.keycloak.testsuite.samlfilter.SamlKeycloakRule
        public void initWars() {
            initializeSamlSecuredWar("/keycloak-saml/ecp/ecp-sp", "/ecp-sp", "ecp-sp.war", SamlAdapterTest.class.getClassLoader());
        }

        @Override // org.keycloak.testsuite.samlfilter.SamlKeycloakRule
        public String getRealmJson() {
            return "/keycloak-saml/ecp/testsamlecp.json";
        }
    };

    @Test
    public void testSuccessfulEcpFlow() throws Exception {
        SOAPMessage createMessage = MessageFactory.newInstance().createMessage((MimeHeaders) null, new ByteArrayInputStream((byte[]) ClientBuilder.newClient().target(this.APP_SERVER_BASE_URL + "/ecp-sp/").request().header("Accept", "text/html; application/vnd.paos+xml").header("PAOS", "ver='urn:liberty:paos:2003-08' ;'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'").get().readEntity(byte[].class)));
        printDocument(createMessage.getSOAPPart().getContent(), System.out);
        NodeList elementsByTagNameNS = ((SOAPHeaderElement) createMessage.getSOAPHeader().getChildElements(new QName("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp", "Request")).next()).getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "IDPList");
        Assert.assertEquals("No IDPList returned from Service Provider", 1L, elementsByTagNameNS.getLength());
        NodeList childNodes = elementsByTagNameNS.item(0).getChildNodes();
        Assert.assertEquals("No IDPEntry returned from Service Provider", 1L, childNodes.getLength());
        String str = null;
        for (int i = 0; i < childNodes.getLength(); i++) {
            str = childNodes.item(i).getAttributes().getNamedItem("Loc").getNodeValue();
        }
        Assert.assertNotNull("Could not obtain SSO Service URL", str);
        Response post = ClientBuilder.newClient().target(str).request().header("Authorization", "Basic " + new String(Base64.encodeBytes(("pedroigor:password").getBytes()))).post(Entity.entity(DocumentUtil.asString(createMessage.getSOAPBody().getFirstChild().getOwnerDocument()), "text/xml"));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        SOAPMessage createMessage2 = MessageFactory.newInstance().createMessage((MimeHeaders) null, new ByteArrayInputStream((byte[]) post.readEntity(byte[].class)));
        printDocument(createMessage2.getSOAPPart().getContent(), System.out);
        Assert.assertEquals("No ECP Response", 1L, createMessage2.getSOAPHeader().getElementsByTagNameNS(JBossSAMLURIConstants.ECP_PROFILE.get(), JBossSAMLConstants.RESPONSE.get()).getLength());
        Node firstChild = createMessage2.getSOAPBody().getFirstChild();
        Assert.assertNotNull(firstChild);
        ResponseType responseType = (ResponseType) new SAMLParser().parse(DocumentUtil.getNodeAsStream(firstChild));
        Assert.assertEquals(responseType.getStatus().getStatusCode().getValue().toString(), JBossSAMLURIConstants.STATUS_SUCCESS.get());
        Assert.assertEquals("http://localhost:8081/ecp-sp/", responseType.getDestination());
        Assert.assertNotNull(responseType.getSignature());
        Assert.assertEquals(1L, responseType.getAssertions().size());
        SOAPMessage createMessage3 = MessageFactory.newInstance().createMessage();
        createMessage3.getSOAPBody().addDocument(createMessage2.getSOAPBody().extractContentAsDocument());
        ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream();
        createMessage3.writeTo(byteArrayOutputStream);
        Map cookies = ClientBuilder.newClient().target(responseType.getDestination()).request().post(Entity.entity(byteArrayOutputStream.toByteArray(), "application/vnd.paos+xml")).getCookies();
        Invocation.Builder request = ClientBuilder.newClient().target(responseType.getDestination() + "/index.html").request();
        Iterator it = cookies.values().iterator();
        while (it.hasNext()) {
            request.cookie((NewCookie) it.next());
        }
        Assert.assertTrue(((String) request.get().readEntity(String.class)).contains("pedroigor"));
    }

    @Test
    public void testInvalidCredentials() throws Exception {
        SOAPMessage createMessage = MessageFactory.newInstance().createMessage((MimeHeaders) null, new ByteArrayInputStream((byte[]) ClientBuilder.newClient().target(this.APP_SERVER_BASE_URL + "/ecp-sp/").request().header("Accept", "text/html; application/vnd.paos+xml").header("PAOS", "ver='urn:liberty:paos:2003-08' ;'urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp'").get().readEntity(byte[].class)));
        createMessage.getSOAPHeader().getChildElements(new QName("urn:liberty:paos:2003-08", "Request")).next();
        NodeList elementsByTagNameNS = ((SOAPHeaderElement) createMessage.getSOAPHeader().getChildElements(new QName("urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp", "Request")).next()).getElementsByTagNameNS("urn:oasis:names:tc:SAML:2.0:protocol", "IDPList");
        Assert.assertEquals("No IDPList returned from Service Provider", 1L, elementsByTagNameNS.getLength());
        NodeList childNodes = elementsByTagNameNS.item(0).getChildNodes();
        Assert.assertEquals("No IDPEntry returned from Service Provider", 1L, childNodes.getLength());
        String str = null;
        for (int i = 0; i < childNodes.getLength(); i++) {
            str = childNodes.item(i).getAttributes().getNamedItem("Loc").getNodeValue();
        }
        Assert.assertNotNull("Could not obtain SSO Service URL", str);
        Response post = ClientBuilder.newClient().target(str).request().header("Authorization", "Basic " + new String(Base64.encodeBytes(("pedroigor:baspassword").getBytes()))).post(Entity.entity(DocumentUtil.asString(createMessage.getSOAPBody().getFirstChild().getOwnerDocument()), "application/soap+xml"));
        Assert.assertEquals(Response.Status.OK.getStatusCode(), post.getStatus());
        Node firstChild = MessageFactory.newInstance().createMessage((MimeHeaders) null, new ByteArrayInputStream((byte[]) post.readEntity(byte[].class))).getSOAPBody().getFirstChild();
        Assert.assertNotNull(firstChild);
        Assert.assertNotEquals(((StatusResponseType) new SAMLParser().parse(DocumentUtil.getNodeAsStream(firstChild))).getStatus().getStatusCode().getStatusCode().getValue().toString(), JBossSAMLURIConstants.STATUS_SUCCESS.get());
    }

    public static void printDocument(Source source, OutputStream outputStream) throws IOException, TransformerException {
        Transformer newTransformer = TransformerFactory.newInstance().newTransformer();
        newTransformer.setOutputProperty("omit-xml-declaration", "no");
        newTransformer.setOutputProperty("method", "xml");
        newTransformer.setOutputProperty("indent", "yes");
        newTransformer.setOutputProperty("encoding", "UTF-8");
        newTransformer.setOutputProperty("{http://xml.apache.org/xslt}indent-amount", "4");
        newTransformer.transform(source, new StreamResult(new OutputStreamWriter(outputStream, "UTF-8")));
    }
}
