package org.keycloak.testsuite.keycloaksaml;

import java.io.IOException;
import java.util.HashSet;
import java.util.LinkedList;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.ClientBuilder;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.apache.commons.io.IOUtils;
import org.junit.Assert;
import org.junit.rules.ExternalResource;
import org.keycloak.adapters.saml.SamlAuthenticationError;
import org.keycloak.adapters.saml.SamlPrincipal;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.protocol.saml.mappers.GroupMembershipMapper;
import org.keycloak.protocol.saml.mappers.HardcodedAttributeMapper;
import org.keycloak.protocol.saml.mappers.HardcodedRole;
import org.keycloak.protocol.saml.mappers.RoleNameMapper;
import org.keycloak.protocol.saml.mappers.UserAttributeStatementMapper;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.saml.BaseSAML2BindingBuilder;
import org.keycloak.saml.SAML2ErrorResponseBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.processing.core.saml.v2.constants.X500SAMLProfileConstants;
import org.keycloak.services.managers.RealmManager;
import org.keycloak.testsuite.KeycloakServer;
import org.keycloak.testsuite.Retry;
import org.keycloak.testsuite.pages.AppPage;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.rule.AbstractKeycloakRule;
import org.keycloak.testsuite.rule.ErrorServlet;
import org.keycloak.testsuite.rule.KeycloakRule;
import org.keycloak.testsuite.rule.WebResource;
import org.keycloak.testsuite.rule.WebRule;
import org.openqa.selenium.WebDriver;

/* loaded from: input_file:org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy.class */
public class SamlAdapterTestStrategy extends ExternalResource {
    protected String AUTH_SERVER_URL;
    protected String APP_SERVER_BASE_URL;
    protected AbstractKeycloakRule keycloakRule;
    public WebRule webRule = new WebRule(this);

    @WebResource
    protected WebDriver driver;

    @WebResource
    protected LoginPage loginPage;

    @WebResource
    protected InputPage inputPage;

    /* loaded from: input_file:org/keycloak/testsuite/keycloaksaml/SamlAdapterTestStrategy$CheckAuthError.class */
    public interface CheckAuthError {
        void check(WebDriver webDriver);
    }

    public SamlAdapterTestStrategy(String str, String str2, AbstractKeycloakRule abstractKeycloakRule) {
        this.AUTH_SERVER_URL = AppPage.AUTH_SERVER_URL;
        this.APP_SERVER_BASE_URL = "http://localhost:8081";
        this.AUTH_SERVER_URL = str;
        this.APP_SERVER_BASE_URL = str2;
        this.keycloakRule = abstractKeycloakRule;
    }

    protected void before() throws Throwable {
        super.before();
        this.webRule.before();
    }

    protected void after() {
        super.after();
        this.webRule.after();
    }

    public static RealmModel baseAdapterTestInitialization(KeycloakSession keycloakSession, RealmManager realmManager, RealmModel realmModel, Class<?> cls) {
        return realmManager.importRealm((RealmRepresentation) KeycloakServer.loadJson(cls.getResourceAsStream("/keycloak-saml/testsaml.json"), RealmRepresentation.class));
    }

    protected void checkLoggedOut(String str, boolean z) {
        String pageSource = this.driver.getPageSource();
        System.out.println("*** logout pagesource ***");
        System.out.println(pageSource);
        System.out.println("driver url: " + this.driver.getCurrentUrl());
        Assert.assertTrue(pageSource.contains("request-path: /logout.jsp"));
        this.driver.navigate().to(str);
        checkAtLoginPage(z);
    }

    protected void checkAtLoginPage(boolean z) {
        if (z) {
            assertAtLoginPagePostBinding();
        } else {
            assertAtLoginPageRedirectBinding();
        }
    }

    protected void assertAtLoginPageRedirectBinding() {
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
    }

    protected void assertAtLoginPagePostBinding() {
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.AUTH_SERVER_URL + "/realms/demo/login-actions/authenticate"));
    }

    public void testSavedPostRequest() throws Exception {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/input-portal");
        System.err.println("*********** Current url: " + this.driver.getCurrentUrl());
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.APP_SERVER_BASE_URL + "/input-portal"));
        this.inputPage.execute("hello");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke@redhat.com", "password");
        System.out.println("Current url: " + this.driver.getCurrentUrl());
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/input-portal/secured/post");
        String pageSource = this.driver.getPageSource();
        System.out.println(pageSource);
        Assert.assertTrue(pageSource.contains("parameter=hello"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/input-portal/insecure");
        System.out.println("insecure: ");
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("Insecure Page"));
        if (System.getProperty("insecure.user.principal.unsupported") == null) {
            Assert.assertTrue(this.driver.getPageSource().contains("UserPrincipal"));
        }
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/input-portal?GLO=true");
        Client newClient = ClientBuilder.newClient();
        Form form = new Form();
        form.param("parameter", "hello");
        Assert.assertTrue(((String) newClient.target(this.APP_SERVER_BASE_URL + "/input-portal/unsecured").request().post(Entity.form(form), String.class)).contains("parameter=hello"));
        newClient.close();
    }

    public void testErrorHandling() throws Exception {
        ErrorServlet.authError = null;
        Client newClient = ClientBuilder.newClient();
        newClient.target(this.APP_SERVER_BASE_URL + "/employee-sig/").request().get().close();
        Response response = newClient.target(new BaseSAML2BindingBuilder().relayState((String) null).redirectBinding(new SAML2ErrorResponseBuilder().destination(this.APP_SERVER_BASE_URL + "/employee-sig/saml").issuer(this.AUTH_SERVER_URL + "/realms/demo").status(JBossSAMLURIConstants.STATUS_REQUEST_DENIED.get()).buildDocument()).generateURI(this.APP_SERVER_BASE_URL + "/employee-sig/saml", false)).request().get();
        String str = (String) response.readEntity(String.class);
        response.close();
        Assert.assertTrue(str.contains("Error Page"));
        newClient.close();
        Assert.assertNotNull(ErrorServlet.authError);
        SamlAuthenticationError samlAuthenticationError = ErrorServlet.authError;
        Assert.assertEquals(SamlAuthenticationError.Reason.ERROR_STATUS, samlAuthenticationError.getReason());
        Assert.assertNotNull(samlAuthenticationError.getStatus());
        ErrorServlet.authError = null;
    }

    public void testPostSimpleLoginLogout() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post/");
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post/", true);
    }

    public void testPostPassiveLoginLogout(boolean z) {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-passive/");
        Assert.assertEquals(this.APP_SERVER_BASE_URL + "/sales-post-passive/saml", this.driver.getCurrentUrl());
        System.out.println(this.driver.getPageSource());
        if (z) {
            Assert.assertTrue(this.driver.getPageSource().contains("HTTP status code: 403"));
        } else {
            Assert.assertTrue(this.driver.getPageSource().contains("principal=null"));
        }
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post/");
        this.loginPage.login("bburke", "password");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-passive/");
        Assert.assertEquals(this.APP_SERVER_BASE_URL + "/sales-post-passive/", this.driver.getCurrentUrl());
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-passive?GLO=true");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post?GLO=true");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-passive/");
        Assert.assertEquals(this.APP_SERVER_BASE_URL + "/sales-post-passive/saml", this.driver.getCurrentUrl());
        Assert.assertFalse(this.driver.getPageSource().contains("bburke"));
    }

    public void testPostSimpleUnauthorized(CheckAuthError checkAuthError) {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("unauthorized", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post/");
        System.out.println(this.driver.getPageSource());
        checkAuthError.check(this.driver);
    }

    public void testPostSimpleLoginLogoutIdpInitiated() {
        this.driver.navigate().to(this.AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post");
        this.loginPage.login("bburke", "password");
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.APP_SERVER_BASE_URL + "/sales-post"));
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post/", true);
    }

    public void testPostSimpleLoginLogoutIdpInitiatedRedirectTo() {
        this.driver.navigate().to(this.AUTH_SERVER_URL + "/realms/demo/protocol/saml/clients/sales-post2");
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post2/foo");
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post2?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post2/", true);
    }

    public void testPostSignedLoginLogout() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-sig/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-sig/", true);
    }

    public void testPostSignedResponseAndAssertionLoginLogout() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-assertion-and-response-sig/", true);
    }

    public void testPostSignedLoginLogoutTransientNameID() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-sig-transient/");
        System.out.println(this.driver.getPageSource());
        Assert.assertFalse(this.driver.getPageSource().contains("bburke"));
        Assert.assertTrue(this.driver.getPageSource().contains("principal=G-"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-transient?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-sig-transient/", true);
    }

    public void testPostSignedLoginLogoutPersistentNameID() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-sig-persistent/");
        System.out.println(this.driver.getPageSource());
        Assert.assertFalse(this.driver.getPageSource().contains("bburke"));
        Assert.assertTrue(this.driver.getPageSource().contains("principal=G-"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-persistent?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-sig-persistent/", true);
    }

    public void testPostSignedLoginLogoutEmailNameID() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-email/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-sig-email/");
        System.out.println(this.driver.getPageSource());
        Assert.assertTrue(this.driver.getPageSource().contains("principal=bburke@redhat.com"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig-email?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-sig-email/", true);
    }

    public void testRelayStateEncoding() throws Exception {
        SamlSPFacade.samlResponse = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee/");
        assertAtLoginPageRedirectBinding();
        System.out.println(this.driver.getCurrentUrl());
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee/");
        Assert.assertEquals(SamlSPFacade.sentRelayState, SamlSPFacade.RELAY_STATE);
        Assert.assertNotNull(SamlSPFacade.samlResponse);
    }

    public void testAttributes() throws Exception {
        this.keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.keycloaksaml.SamlAdapterTestStrategy.1
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                ClientModel clientByClientId = realmModel2.getClientByClientId(SamlAdapterTestStrategy.this.APP_SERVER_BASE_URL + "/employee2/");
                clientByClientId.addProtocolMapper(GroupMembershipMapper.create("groups", "group", (String) null, (String) null, true));
                clientByClientId.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("topAttribute", "topAttribute", "topAttribute", "Basic", (String) null, false, (String) null));
                clientByClientId.addProtocolMapper(UserAttributeStatementMapper.createAttributeMapper("level2Attribute", "level2Attribute", "level2Attribute", "Basic", (String) null, false, (String) null));
            }
        }, "demo");
        SendUsernameServlet.sentPrincipal = null;
        SendUsernameServlet.checkRoles = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee2/");
        assertAtLoginPagePostBinding();
        LinkedList linkedList = new LinkedList();
        linkedList.add("manager");
        linkedList.add("user");
        SendUsernameServlet.checkRoles = linkedList;
        this.loginPage.login("level2GroupUser", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee2/");
        SendUsernameServlet.checkRoles = null;
        SamlPrincipal samlPrincipal = SendUsernameServlet.sentPrincipal;
        Assert.assertNotNull(samlPrincipal);
        Assert.assertEquals("level2@redhat.com", samlPrincipal.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
        Assert.assertEquals("true", samlPrincipal.getAttribute("topAttribute"));
        Assert.assertEquals("true", samlPrincipal.getAttribute("level2Attribute"));
        Assert.assertNotNull(samlPrincipal.getAttributes("group"));
        new HashSet();
        Assert.assertEquals("level2@redhat.com", samlPrincipal.getFriendlyAttribute("email"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee2/?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/employee2/", true);
        SendUsernameServlet.sentPrincipal = null;
        SendUsernameServlet.checkRoles = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee2/");
        assertAtLoginPagePostBinding();
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add("manager");
        linkedList2.add("employee");
        linkedList2.add("user");
        SendUsernameServlet.checkRoles = linkedList2;
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee2/");
        SendUsernameServlet.checkRoles = null;
        SamlPrincipal samlPrincipal2 = SendUsernameServlet.sentPrincipal;
        Assert.assertNotNull(samlPrincipal2);
        Assert.assertEquals("bburke@redhat.com", samlPrincipal2.getAttribute(X500SAMLProfileConstants.EMAIL.get()));
        Assert.assertEquals("bburke@redhat.com", samlPrincipal2.getFriendlyAttribute("email"));
        Assert.assertEquals("617", samlPrincipal2.getAttribute("phone"));
        Assert.assertNull(samlPrincipal2.getFriendlyAttribute("phone"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee2/?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/employee2/", true);
        this.keycloakRule.update(new KeycloakRule.KeycloakSetup() { // from class: org.keycloak.testsuite.keycloaksaml.SamlAdapterTestStrategy.2
            @Override // org.keycloak.testsuite.rule.KeycloakRule.KeycloakSetup
            public void config(RealmManager realmManager, RealmModel realmModel, RealmModel realmModel2) {
                ClientModel clientByClientId = realmModel2.getClientByClientId(SamlAdapterTestStrategy.this.APP_SERVER_BASE_URL + "/employee2/");
                for (ProtocolMapperModel protocolMapperModel : clientByClientId.getProtocolMappers()) {
                    if (protocolMapperModel.getName().equals("role-list")) {
                        clientByClientId.removeProtocolMapper(protocolMapperModel);
                        protocolMapperModel.setId((String) null);
                        protocolMapperModel.getConfig().put("single", "true");
                        protocolMapperModel.getConfig().put("attribute.name", "memberOf");
                        clientByClientId.addProtocolMapper(protocolMapperModel);
                    }
                }
                clientByClientId.addProtocolMapper(HardcodedAttributeMapper.create("hardcoded-attribute", "hardcoded-attribute", "Basic", (String) null, "hard", false, (String) null));
                clientByClientId.addProtocolMapper(HardcodedRole.create("hardcoded-role", "hardcoded-role"));
                clientByClientId.addProtocolMapper(RoleNameMapper.create("renamed-role", "manager", "el-jefe"));
                clientByClientId.addProtocolMapper(RoleNameMapper.create("renamed-employee-role", SamlAdapterTestStrategy.this.APP_SERVER_BASE_URL + "/employee/.employee", "pee-on"));
            }
        }, "demo");
        System.out.println(">>>>>>>>>> single role attribute <<<<<<<<");
        SendUsernameServlet.sentPrincipal = null;
        SendUsernameServlet.checkRoles = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee2/");
        assertAtLoginPagePostBinding();
        LinkedList linkedList3 = new LinkedList();
        linkedList3.add("el-jefe");
        linkedList3.add("user");
        linkedList3.add("hardcoded-role");
        linkedList3.add("pee-on");
        SendUsernameServlet.checkRoles = linkedList3;
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee2/");
        SendUsernameServlet.checkRoles = null;
        SamlPrincipal samlPrincipal3 = SendUsernameServlet.sentPrincipal;
        Assert.assertNotNull(samlPrincipal3);
        Assert.assertEquals("hard", samlPrincipal3.getAttribute("hardcoded-attribute"));
    }

    public void testRedirectSignedLoginLogout() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig/");
        assertAtLoginPageRedirectBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee-sig/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/employee-sig/", false);
    }

    public void testRedirectSignedLoginLogoutFrontNoSSO() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig-front/");
        assertAtLoginPageRedirectBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee-sig-front/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig-front?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/employee-sig-front/", false);
    }

    public void testRedirectSignedLoginLogoutFront() {
        System.out.println("visit 1st app ");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig/");
        assertAtLoginPageRedirectBinding();
        System.out.println("login to form");
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee-sig/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        System.out.println("visit 2nd app ");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig-front/");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/employee-sig-front/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        System.out.println("visit 3rd app ");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig/");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-post-sig/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        System.out.println("GLO");
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/employee-sig/", false);
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/employee-sig-front/");
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-sig/");
        assertAtLoginPagePostBinding();
    }

    public void testPostEncryptedLoginLogout() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-enc/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Retry.execute(new Runnable() { // from class: org.keycloak.testsuite.keycloaksaml.SamlAdapterTestStrategy.3
            @Override // java.lang.Runnable
            public void run() {
                Assert.assertEquals(SamlAdapterTestStrategy.this.driver.getCurrentUrl(), SamlAdapterTestStrategy.this.APP_SERVER_BASE_URL + "/sales-post-enc/");
            }
        }, 10, 100L);
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-post-enc?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-post-enc/", true);
    }

    public void testPostBadClientSignature() {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/bad-client-sales-post-sig/");
        System.out.println(this.driver.getCurrentUrl());
        Assert.assertTrue(this.driver.getCurrentUrl().startsWith(this.AUTH_SERVER_URL + "/realms/demo/protocol/saml"));
        Assert.assertEquals(this.driver.getTitle(), "We're sorry...");
    }

    public void testPostBadRealmSignature() {
        ErrorServlet.authError = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/bad-realm-sales-post-sig/saml");
        System.out.println(this.driver.getPageSource());
        Assert.assertNotNull(ErrorServlet.authError);
        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, ErrorServlet.authError.getReason());
        ErrorServlet.authError = null;
    }

    public void testPostBadAssertionSignature() {
        ErrorServlet.authError = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/bad-assertion-sales-post-sig/saml");
        System.out.println(this.driver.getPageSource());
        Assert.assertNotNull(ErrorServlet.authError);
        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, ErrorServlet.authError.getReason());
        ErrorServlet.authError = null;
    }

    public void testMissingAssertionSignature() {
        ErrorServlet.authError = null;
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/missing-assertion-sig/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/missing-assertion-sig/saml");
        System.out.println(this.driver.getPageSource());
        Assert.assertNotNull(ErrorServlet.authError);
        Assert.assertEquals(SamlAuthenticationError.Reason.INVALID_SIGNATURE, ErrorServlet.authError.getReason());
        ErrorServlet.authError = null;
    }

    public void testMetadataPostSignedLoginLogout() throws Exception {
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-metadata/");
        assertAtLoginPagePostBinding();
        this.loginPage.login("bburke", "password");
        Assert.assertEquals(this.driver.getCurrentUrl(), this.APP_SERVER_BASE_URL + "/sales-metadata/");
        Assert.assertTrue(this.driver.getPageSource().contains("bburke"));
        this.driver.navigate().to(this.APP_SERVER_BASE_URL + "/sales-metadata?GLO=true");
        checkLoggedOut(this.APP_SERVER_BASE_URL + "/sales-metadata/", true);
    }

    public static void uploadSP(String str) {
        try {
            Keycloak keycloak = Keycloak.getInstance(str, "master", "admin", "admin", "admin-cli", (String) null);
            keycloak.realm("demo").toRepresentation();
            Assert.assertEquals(201L, r0.clients().create(r0.convertClientDescription(IOUtils.toString(SamlAdapterTestStrategy.class.getResourceAsStream("/keycloak-saml/sp-metadata.xml")))).getStatus());
            keycloak.close();
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }
}
