package org.keycloak.testsuite;

import java.io.IOException;
import java.io.OutputStream;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.LinkedList;
import java.util.Map;
import javax.ws.rs.core.UriBuilder;
import org.apache.commons.io.IOUtils;
import org.apache.commons.io.output.ByteArrayOutputStream;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URLEncodedUtils;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.json.JSONObject;
import org.junit.Assert;
import org.keycloak.RSATokenVerifier;
import org.keycloak.common.VerificationException;
import org.keycloak.common.util.PemUtils;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.jose.jws.crypto.RSAProvider;
import org.keycloak.protocol.oidc.OIDCLoginProtocolService;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.util.BasicAuthHelper;
import org.keycloak.util.TokenUtil;
import org.openqa.selenium.By;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/OAuthClient.class */
public class OAuthClient {
    private WebDriver driver;
    private String scope;
    private PublicKey realmPublicKey;
    private String clientSessionState;
    private String clientSessionHost;
    private String baseUrl = Constants.AUTH_SERVER_ROOT;
    private String realm = "test";
    private String clientId = "test-app";
    private String redirectUri = "http://localhost:8081/app/auth";
    private String state = "mystate";
    private String uiLocales = null;

    /* loaded from: input_file:org/keycloak/testsuite/OAuthClient$AccessTokenResponse.class */
    public static class AccessTokenResponse {
        private int statusCode;
        private String accessToken;
        private String tokenType;
        private int expiresIn;
        private int refreshExpiresIn;
        private String refreshToken;
        private String error;
        private String errorDescription;

        public AccessTokenResponse(HttpResponse httpResponse) throws Exception {
            this.statusCode = httpResponse.getStatusLine().getStatusCode();
            if (!"application/json".equals(httpResponse.getHeaders("Content-Type")[0].getValue())) {
                Assert.fail("Invalid content type");
            }
            JSONObject jSONObject = new JSONObject(IOUtils.toString(httpResponse.getEntity().getContent()));
            if (this.statusCode != 200) {
                this.error = jSONObject.getString("error");
                this.errorDescription = jSONObject.has("error_description") ? jSONObject.getString("error_description") : null;
                return;
            }
            this.accessToken = jSONObject.getString("access_token");
            this.tokenType = jSONObject.getString("token_type");
            this.expiresIn = jSONObject.getInt("expires_in");
            this.refreshExpiresIn = jSONObject.getInt("refresh_expires_in");
            if (jSONObject.has("refresh_token")) {
                this.refreshToken = jSONObject.getString("refresh_token");
            }
        }

        public String getAccessToken() {
            return this.accessToken;
        }

        public String getError() {
            return this.error;
        }

        public String getErrorDescription() {
            return this.errorDescription;
        }

        public int getExpiresIn() {
            return this.expiresIn;
        }

        public int getRefreshExpiresIn() {
            return this.refreshExpiresIn;
        }

        public int getStatusCode() {
            return this.statusCode;
        }

        public String getRefreshToken() {
            return this.refreshToken;
        }

        public String getTokenType() {
            return this.tokenType;
        }
    }

    /* loaded from: input_file:org/keycloak/testsuite/OAuthClient$AuthorizationCodeResponse.class */
    public static class AuthorizationCodeResponse {
        private boolean isRedirected;
        private String code;
        private String state;
        private String error;

        public AuthorizationCodeResponse(OAuthClient oAuthClient) {
            this.isRedirected = oAuthClient.getCurrentRequest().equals(oAuthClient.getRedirectUri());
            this.code = oAuthClient.getCurrentQuery().get("code");
            this.state = oAuthClient.getCurrentQuery().get("state");
            this.error = oAuthClient.getCurrentQuery().get("error");
        }

        public boolean isRedirected() {
            return this.isRedirected;
        }

        public String getCode() {
            return this.code;
        }

        public String getState() {
            return this.state;
        }

        public String getError() {
            return this.error;
        }
    }

    public OAuthClient(WebDriver webDriver) {
        this.driver = webDriver;
        try {
            this.realmPublicKey = PemUtils.decodePublicKey(new JSONObject(IOUtils.toString(getClass().getResourceAsStream("/testrealm.json"))).getString("publicKey"));
        } catch (Exception e) {
            throw new RuntimeException("Failed to retrieve realm public key", e);
        }
    }

    public AuthorizationCodeResponse doLogin(String str, String str2) {
        openLoginForm();
        this.driver.getPageSource();
        this.driver.findElement(By.id("username")).sendKeys(new CharSequence[]{str});
        this.driver.findElement(By.id("password")).sendKeys(new CharSequence[]{str2});
        this.driver.findElement(By.name("login")).click();
        return new AuthorizationCodeResponse(this);
    }

    public void doLoginGrant(String str, String str2) {
        openLoginForm();
        this.driver.findElement(By.id("username")).sendKeys(new CharSequence[]{str});
        this.driver.findElement(By.id("password")).sendKeys(new CharSequence[]{str2});
        this.driver.findElement(By.name("login")).click();
    }

    public AccessTokenResponse doAccessTokenRequest(String str, String str2) {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getAccessTokenUrl());
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("grant_type", "authorization_code"));
            if (str != null) {
                linkedList.add(new BasicNameValuePair("code", str));
            }
            if (this.redirectUri != null) {
                linkedList.add(new BasicNameValuePair("redirect_uri", this.redirectUri));
            }
            if (this.clientId != null && str2 != null) {
                httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(this.clientId, str2));
            } else if (this.clientId != null) {
                linkedList.add(new BasicNameValuePair("client_id", this.clientId));
            }
            if (this.clientSessionState != null) {
                linkedList.add(new BasicNameValuePair("client_session_state", this.clientSessionState));
            }
            if (this.clientSessionHost != null) {
                linkedList.add(new BasicNameValuePair("client_session_host", this.clientSessionHost));
            }
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                try {
                    AccessTokenResponse accessTokenResponse = new AccessTokenResponse(defaultHttpClient.execute(httpPost));
                    closeClient(defaultHttpClient);
                    return accessTokenResponse;
                } catch (Exception e) {
                    throw new RuntimeException("Failed to retrieve access token", e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public String introspectAccessTokenWithClientCredential(String str, String str2, String str3) {
        return introspectTokenWithClientCredential(str, str2, "access_token", str3);
    }

    public String introspectRefreshTokenWithClientCredential(String str, String str2, String str3) {
        return introspectTokenWithClientCredential(str, str2, "refresh_token", str3);
    }

    public String introspectTokenWithClientCredential(String str, String str2, String str3, String str4) {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getTokenIntrospectionUrl());
            httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(str, str2));
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("token", str4));
            linkedList.add(new BasicNameValuePair("token_type_hint", str3));
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                try {
                    OutputStream byteArrayOutputStream = new ByteArrayOutputStream();
                    defaultHttpClient.execute(httpPost).getEntity().writeTo(byteArrayOutputStream);
                    String str5 = new String(byteArrayOutputStream.toByteArray());
                    closeClient(defaultHttpClient);
                    return str5;
                } catch (Exception e) {
                    throw new RuntimeException("Failed to retrieve access token", e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public AccessTokenResponse doGrantAccessTokenRequest(String str, String str2, String str3) throws Exception {
        return doGrantAccessTokenRequest(this.realm, str2, str3, null, this.clientId, str);
    }

    public AccessTokenResponse doGrantAccessTokenRequest(String str, String str2, String str3, String str4) throws Exception {
        return doGrantAccessTokenRequest(this.realm, str2, str3, str4, this.clientId, str);
    }

    public AccessTokenResponse doGrantAccessTokenRequest(String str, String str2, String str3, String str4, String str5, String str6) throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getResourceOwnerPasswordCredentialGrantUrl(str));
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("grant_type", "password"));
            linkedList.add(new BasicNameValuePair("username", str2));
            linkedList.add(new BasicNameValuePair("password", str3));
            if (str4 != null) {
                linkedList.add(new BasicNameValuePair("totp", str4));
            }
            if (str6 != null) {
                httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(str5, str6));
            } else {
                linkedList.add(new BasicNameValuePair("client_id", str5));
            }
            if (this.clientSessionState != null) {
                linkedList.add(new BasicNameValuePair("client_session_state", this.clientSessionState));
            }
            if (this.clientSessionHost != null) {
                linkedList.add(new BasicNameValuePair("client_session_host", this.clientSessionHost));
            }
            if (this.scope != null) {
                linkedList.add(new BasicNameValuePair("scope", this.scope));
            }
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                AccessTokenResponse accessTokenResponse = new AccessTokenResponse(defaultHttpClient.execute(httpPost));
                closeClient(defaultHttpClient);
                return accessTokenResponse;
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public AccessTokenResponse doClientCredentialsGrantAccessTokenRequest(String str) throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getServiceAccountUrl());
            httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(this.clientId, str));
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("grant_type", "client_credentials"));
            if (this.scope != null) {
                linkedList.add(new BasicNameValuePair("scope", this.scope));
            }
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                AccessTokenResponse accessTokenResponse = new AccessTokenResponse(defaultHttpClient.execute(httpPost));
                closeClient(defaultHttpClient);
                return accessTokenResponse;
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public HttpResponse doLogout(String str, String str2) throws IOException {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getLogoutUrl(null, null));
            LinkedList linkedList = new LinkedList();
            if (str != null) {
                linkedList.add(new BasicNameValuePair("refresh_token", str));
            }
            if (this.clientId != null && str2 != null) {
                httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(this.clientId, str2));
            } else if (this.clientId != null) {
                linkedList.add(new BasicNameValuePair("client_id", this.clientId));
            }
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                CloseableHttpResponse execute = defaultHttpClient.execute(httpPost);
                closeClient(defaultHttpClient);
                return execute;
            } catch (UnsupportedEncodingException e) {
                throw new RuntimeException(e);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public AccessTokenResponse doRefreshTokenRequest(String str, String str2) {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(getRefreshTokenUrl());
            LinkedList linkedList = new LinkedList();
            linkedList.add(new BasicNameValuePair("grant_type", "refresh_token"));
            if (str != null) {
                linkedList.add(new BasicNameValuePair("refresh_token", str));
            }
            if (this.clientId != null && str2 != null) {
                httpPost.setHeader("Authorization", BasicAuthHelper.createHeader(this.clientId, str2));
            } else if (this.clientId != null) {
                linkedList.add(new BasicNameValuePair("client_id", this.clientId));
            }
            if (this.clientSessionState != null) {
                linkedList.add(new BasicNameValuePair("client_session_state", this.clientSessionState));
            }
            if (this.clientSessionHost != null) {
                linkedList.add(new BasicNameValuePair("client_session_host", this.clientSessionHost));
            }
            try {
                httpPost.setEntity(new UrlEncodedFormEntity(linkedList, "UTF-8"));
                try {
                    AccessTokenResponse accessTokenResponse = new AccessTokenResponse(defaultHttpClient.execute(httpPost));
                    closeClient(defaultHttpClient);
                    return accessTokenResponse;
                } catch (Exception e) {
                    throw new RuntimeException("Failed to retrieve access token", e);
                }
            } catch (UnsupportedEncodingException e2) {
                throw new RuntimeException(e2);
            }
        } catch (Throwable th) {
            closeClient(defaultHttpClient);
            throw th;
        }
    }

    public void closeClient(CloseableHttpClient closeableHttpClient) {
        try {
            closeableHttpClient.close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }

    public AccessToken verifyToken(String str) {
        try {
            return RSATokenVerifier.verifyToken(str, this.realmPublicKey, this.baseUrl + "/realms/" + this.realm);
        } catch (VerificationException e) {
            throw new RuntimeException("Failed to verify token", e);
        }
    }

    public RefreshToken verifyRefreshToken(String str) {
        try {
            JWSInput jWSInput = new JWSInput(str);
            if (RSAProvider.verify(jWSInput, this.realmPublicKey)) {
                return (RefreshToken) jWSInput.readJsonContent(RefreshToken.class);
            }
            throw new RuntimeException("Invalid refresh token");
        } catch (Exception e) {
            throw new RuntimeException("Invalid refresh token", e);
        }
    }

    public String getClientId() {
        return this.clientId;
    }

    public String getCurrentRequest() {
        return this.driver.getCurrentUrl().substring(0, this.driver.getCurrentUrl().indexOf(63));
    }

    public URI getCurrentUri() {
        try {
            return new URI(this.driver.getCurrentUrl());
        } catch (URISyntaxException e) {
            throw new RuntimeException(e);
        }
    }

    public Map<String, String> getCurrentQuery() {
        HashMap hashMap = new HashMap();
        for (NameValuePair nameValuePair : URLEncodedUtils.parse(getCurrentUri(), "UTF-8")) {
            hashMap.put(nameValuePair.getName(), nameValuePair.getValue());
        }
        return hashMap;
    }

    public void openLoginForm() {
        this.driver.navigate().to(getLoginFormUrl());
    }

    public void openLogout() {
        UriBuilder logoutUrl = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(this.baseUrl));
        if (this.redirectUri != null) {
            logoutUrl.queryParam("redirect_uri", new Object[]{this.redirectUri});
        }
        this.driver.navigate().to(logoutUrl.build(new Object[]{this.realm}).toString());
    }

    public String getRedirectUri() {
        return this.redirectUri;
    }

    public String getLoginFormUrl() {
        UriBuilder authUrl = OIDCLoginProtocolService.authUrl(UriBuilder.fromUri(this.baseUrl));
        authUrl.queryParam("response_type", new Object[]{"code"});
        if (this.clientId != null) {
            authUrl.queryParam("client_id", new Object[]{this.clientId});
        }
        if (this.redirectUri != null) {
            authUrl.queryParam("redirect_uri", new Object[]{this.redirectUri});
        }
        if (this.state != null) {
            authUrl.queryParam("state", new Object[]{this.state});
        }
        if (this.uiLocales != null) {
            authUrl.queryParam("ui_locales", new Object[]{this.uiLocales});
        }
        authUrl.queryParam("scope", new Object[]{TokenUtil.attachOIDCScope(this.scope)});
        return authUrl.build(new Object[]{this.realm}).toString();
    }

    public String getAccessTokenUrl() {
        return OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(this.baseUrl)).build(new Object[]{this.realm}).toString();
    }

    public String getTokenIntrospectionUrl() {
        return OIDCLoginProtocolService.tokenIntrospectionUrl(UriBuilder.fromUri(this.baseUrl)).build(new Object[]{this.realm}).toString();
    }

    public String getLogoutUrl(String str, String str2) {
        UriBuilder logoutUrl = OIDCLoginProtocolService.logoutUrl(UriBuilder.fromUri(this.baseUrl));
        if (str != null) {
            logoutUrl.queryParam("redirect_uri", new Object[]{str});
        }
        if (str2 != null) {
            logoutUrl.queryParam("session_state", new Object[]{str2});
        }
        return logoutUrl.build(new Object[]{this.realm}).toString();
    }

    public String getResourceOwnerPasswordCredentialGrantUrl() {
        return OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(this.baseUrl)).build(new Object[]{this.realm}).toString();
    }

    public String getResourceOwnerPasswordCredentialGrantUrl(String str) {
        return OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(this.baseUrl)).build(new Object[]{str}).toString();
    }

    public String getServiceAccountUrl() {
        return getResourceOwnerPasswordCredentialGrantUrl();
    }

    public String getRefreshTokenUrl() {
        return OIDCLoginProtocolService.tokenUrl(UriBuilder.fromUri(this.baseUrl)).build(new Object[]{this.realm}).toString();
    }

    public OAuthClient realm(String str) {
        this.realm = str;
        return this;
    }

    public OAuthClient realmPublicKey(PublicKey publicKey) {
        this.realmPublicKey = publicKey;
        return this;
    }

    public OAuthClient clientId(String str) {
        this.clientId = str;
        return this;
    }

    public OAuthClient redirectUri(String str) {
        this.redirectUri = str;
        return this;
    }

    public OAuthClient state(String str) {
        this.state = str;
        return this;
    }

    public OAuthClient scope(String str) {
        this.scope = str;
        return this;
    }

    public OAuthClient uiLocales(String str) {
        this.uiLocales = str;
        return this;
    }

    public OAuthClient clientSessionState(String str) {
        this.clientSessionState = str;
        return this;
    }

    public OAuthClient clientSessionHost(String str) {
        this.clientSessionHost = str;
        return this;
    }

    public String getRealm() {
        return this.realm;
    }
}
