package org.keycloak.testsuite.broker;

import java.util.List;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.ClassRule;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Time;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.KeycloakServer;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.openqa.selenium.NoSuchElementException;

/* loaded from: input_file:org/keycloak/testsuite/broker/OIDCKeycloakServerBrokerWithConsentTest.class */
public class OIDCKeycloakServerBrokerWithConsentTest extends AbstractIdentityProviderTest {
    private static final int PORT = 8082;
    private static Keycloak keycloak1;
    private static Keycloak keycloak2;

    @ClassRule
    public static AbstractKeycloakRule oidcServerRule = new AbstractKeycloakRule() { // from class: org.keycloak.testsuite.broker.OIDCKeycloakServerBrokerWithConsentTest.1
        @Override // org.keycloak.testsuite.rule.AbstractKeycloakRule
        protected void configureServer(KeycloakServer keycloakServer) {
            keycloakServer.getConfig().setPort(OIDCKeycloakServerBrokerWithConsentTest.PORT);
        }

        @Override // org.keycloak.testsuite.rule.AbstractKeycloakRule
        protected void configure(KeycloakSession keycloakSession, RealmManager realmManager, RealmModel realmModel) {
            this.server.importRealm(getClass().getResourceAsStream("/broker-test/test-broker-realm-with-kc-oidc.json"));
            AbstractIdentityProviderTest.setUpdateProfileFirstLogin(AbstractIdentityProviderTest.getRealm(keycloakSession), "off");
        }

        @Override // org.keycloak.testsuite.rule.AbstractKeycloakRule
        protected String[] getTestRealms() {
            return new String[]{"realm-with-oidc-identity-provider"};
        }
    };

    @BeforeClass
    public static void before() {
        keycloak1 = Keycloak.getInstance(AppPage.AUTH_SERVER_URL, "master", "admin", "admin", "admin-cli");
        keycloak2 = Keycloak.getInstance("http://localhost:8082/auth", "master", "admin", "admin", "admin-cli");
        RealmResource realm = keycloak2.realm("realm-with-oidc-identity-provider");
        List findByClientId = realm.clients().findByClientId("broker-app");
        Assert.assertEquals(1L, findByClientId.size());
        ClientRepresentation clientRepresentation = (ClientRepresentation) findByClientId.get(0);
        clientRepresentation.setConsentRequired(true);
        realm.clients().get(clientRepresentation.getId()).update(clientRepresentation);
        RealmResource realm2 = keycloak1.realm("realm-with-broker");
        RealmRepresentation representation = realm2.toRepresentation();
        representation.setAccessCodeLifespanLogin(30);
        representation.setAccessCodeLifespan(30);
        representation.setAccessCodeLifespanUserAction(30);
        realm2.update(representation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.testsuite.broker.AbstractIdentityProviderTest
    public String getProviderId() {
        return "kc-oidc-idp";
    }

    @Test
    public void testConsentDeniedWithExpiredClientSession() throws Exception {
        loginIDP("test-user");
        Time.setOffset(60);
        try {
            this.grantPage.assertCurrent();
            this.grantPage.cancel();
            this.errorPage.assertCurrent();
            this.errorPage.clickBackToApplication();
            Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/realms/realm-with-broker/protocol/openid-connect/auth"));
            Time.setOffset(0);
        } catch (Throwable th) {
            Time.setOffset(0);
            throw th;
        }
    }

    @Test
    public void testConsentDeniedWithExpiredAndClearedClientSession() throws Exception {
        loginIDP("test-user");
        Time.setOffset(60);
        try {
            brokerServerRule.stopSession(this.session, true);
            this.session = brokerServerRule.startSession();
            this.session.sessions().removeExpired(getRealm());
            brokerServerRule.stopSession(this.session, true);
            this.session = brokerServerRule.startSession();
            this.grantPage.assertCurrent();
            this.grantPage.cancel();
            this.errorPage.assertCurrent();
            try {
                this.errorPage.clickBackToApplication();
                Assert.fail("Not expected to have link backToApplication available");
            } catch (NoSuchElementException e) {
            }
            Time.setOffset(0);
        } catch (Throwable th) {
            Time.setOffset(0);
            throw th;
        }
    }

    @Test
    public void testAccountManagementLinkingAndExpiredClientSession() throws Exception {
        loginToAccountManagement("pedroigor");
        this.accountFederatedIdentityPage.clickAddProvider(getProviderId());
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
        this.loginPage.login("test-user", "password");
        Time.setOffset(60);
        try {
            this.grantPage.assertCurrent();
            this.grantPage.cancel();
            this.accountFederatedIdentityPage.assertCurrent();
            Assert.assertEquals("The page expired. Please try one more time.", this.accountFederatedIdentityPage.getError());
            this.accountFederatedIdentityPage.clickAddProvider(getProviderId());
            Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
            this.loginPage.login("test-user", "password");
            Time.setOffset(120);
            this.grantPage.assertCurrent();
            this.grantPage.accept();
            this.accountFederatedIdentityPage.assertCurrent();
            Assert.assertEquals("The page expired. Please try one more time.", this.accountFederatedIdentityPage.getError());
            Time.setOffset(0);
            RealmResource realm = keycloak2.realm("realm-with-oidc-identity-provider");
            realm.users().get(((UserRepresentation) realm.users().search("test-user", 0, 1).get(0)).getId()).revokeConsent("broker-app");
        } catch (Throwable th) {
            Time.setOffset(0);
            throw th;
        }
    }

    @Test
    public void testLoginCancelConsent() throws Exception {
        loginIDP("test-user");
        this.grantPage.assertCurrent();
        this.grantPage.cancel();
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8081/auth/"));
        Assert.assertTrue(this.driver.getTitle().equals("Log in to realm-with-broker"));
    }

    @Test
    public void testAccountManagementLinkingCancelConsent() throws Exception {
        loginToAccountManagement("pedroigor");
        this.accountFederatedIdentityPage.clickAddProvider(getProviderId());
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith("http://localhost:8082/auth/"));
        this.loginPage.login("test-user", "password");
        this.grantPage.assertCurrent();
        this.grantPage.cancel();
        this.accountFederatedIdentityPage.assertCurrent();
        Assert.assertEquals("Consent denied.", this.accountFederatedIdentityPage.getError());
    }

    private void loginToAccountManagement(String str) {
        this.accountFederatedIdentityPage.realm("realm-with-broker");
        this.accountFederatedIdentityPage.open();
        Assert.assertTrue(this.driver.getTitle().equals("Log in to realm-with-broker"));
        this.loginPage.login(str, "password");
        Assert.assertTrue(this.accountFederatedIdentityPage.isCurrent());
    }
}
