package org.keycloak.protocol.saml.profile.util;

import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import jakarta.xml.soap.SOAPException;
import jakarta.xml.soap.SOAPMessage;
import java.io.IOException;
import java.io.InputStream;
import java.io.OutputStream;
import java.net.InetSocketAddress;
import java.net.URI;
import java.util.Collections;
import java.util.HashMap;
import java.util.concurrent.Executor;
import org.apache.commons.io.IOUtils;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.FixMethodOrder;
import org.junit.Test;
import org.junit.runners.MethodSorters;
import org.keycloak.Config;
import org.keycloak.common.Profile;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.crypto.CryptoProvider;
import org.keycloak.dom.saml.v2.assertion.NameIDType;
import org.keycloak.dom.saml.v2.protocol.LogoutRequestType;
import org.keycloak.saml.SAML2LogoutRequestBuilder;
import org.keycloak.saml.common.constants.JBossSAMLURIConstants;
import org.keycloak.saml.common.exceptions.ConfigurationException;
import org.keycloak.saml.processing.api.saml.v2.request.SAML2Request;
import org.keycloak.services.resteasy.ResteasyKeycloakSession;
import org.keycloak.services.resteasy.ResteasyKeycloakSessionFactory;
import org.keycloak.utils.ScopeUtil;
import org.w3c.dom.Document;

@FixMethodOrder(MethodSorters.NAME_ASCENDING)
/* loaded from: input_file:org/keycloak/protocol/saml/profile/util/SoapTest.class */
public class SoapTest {
    private static HttpServer server;

    /* loaded from: input_file:org/keycloak/protocol/saml/profile/util/SoapTest$MyHandler.class */
    private static class MyHandler implements HttpHandler {
        private MyHandler() {
        }

        public void handle(HttpExchange httpExchange) throws IOException {
            if ("POST".equals(httpExchange.getRequestMethod())) {
                httpExchange.getResponseHeaders().putAll(httpExchange.getRequestHeaders());
                InputStream requestBody = httpExchange.getRequestBody();
                try {
                    OutputStream responseBody = httpExchange.getResponseBody();
                    try {
                        httpExchange.sendResponseHeaders(200, Long.parseLong(httpExchange.getRequestHeaders().getFirst("Content-Length")));
                        IOUtils.copy(requestBody, responseBody);
                        if (responseBody != null) {
                            responseBody.close();
                        }
                        if (requestBody != null) {
                            requestBody.close();
                        }
                    } finally {
                    }
                } catch (Throwable th) {
                    if (requestBody != null) {
                        try {
                            requestBody.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    }
                    throw th;
                }
            }
            httpExchange.sendResponseHeaders(400, 0L);
        }
    }

    @BeforeClass
    public static void startHttpServer() throws IOException {
        server = HttpServer.create(new InetSocketAddress(8280), 0);
        server.createContext("/", new MyHandler());
        server.setExecutor((Executor) null);
        server.start();
    }

    @AfterClass
    public static void stopHttpServer() {
        server.stop(0);
    }

    private LogoutRequestType createLogoutRequestType() throws ConfigurationException {
        NameIDType nameIDType = new NameIDType();
        nameIDType.setFormat(URI.create(JBossSAMLURIConstants.NAMEID_FORMAT_TRANSIENT.get()));
        nameIDType.setValue("user1");
        return new SAML2LogoutRequestBuilder().assertionExpiration(60).issuer("http://sample.com").nameId(nameIDType).destination("http://sample.com/logout").sessionIndex("idx").createLogoutRequest();
    }

    @Test
    public void test1ResponseOK() throws Exception {
        LogoutRequestType createLogoutRequestType = createLogoutRequestType();
        Document convert = SAML2Request.convert(createLogoutRequestType);
        Profile.defaults();
        CryptoIntegration.init(CryptoProvider.class.getClassLoader());
        ResteasyKeycloakSessionFactory resteasyKeycloakSessionFactory = new ResteasyKeycloakSessionFactory();
        resteasyKeycloakSessionFactory.init();
        SOAPMessage call = Soap.createMessage().addMimeHeader("SOAPAction", "http://www.oasis-open.org/committees/security").addMimeHeader("custom-header", "custom-value").addToBody(convert).call("http://localhost:8280", new ResteasyKeycloakSession(resteasyKeycloakSessionFactory));
        Assert.assertArrayEquals(new String[]{"no-cache, no-store"}, call.getMimeHeaders().getHeader("Cache-Control"));
        Assert.assertArrayEquals(new String[]{"http://www.oasis-open.org/committees/security"}, call.getMimeHeaders().getHeader("SOAPAction"));
        Assert.assertArrayEquals(new String[]{"custom-value"}, call.getMimeHeaders().getHeader("custom-header"));
        LogoutRequestType samlObject = SAML2Request.getSAML2ObjectFromDocument(Soap.extractSoapMessage(call)).getSamlObject();
        MatcherAssert.assertThat(samlObject, CoreMatchers.instanceOf(LogoutRequestType.class));
        Assert.assertEquals(createLogoutRequestType.getNameID().getValue(), samlObject.getNameID().getValue());
    }

    @Test
    public void test2ConfigurationUsed() throws Exception {
        Document convert = SAML2Request.convert(createLogoutRequestType());
        Profile.defaults();
        CryptoIntegration.init(CryptoProvider.class.getClassLoader());
        Config.init(new Config.ConfigProvider() { // from class: org.keycloak.protocol.saml.profile.util.SoapTest.1
            public String getProvider(String str) {
                return null;
            }

            public String getDefaultProvider(String str) {
                return null;
            }

            public Config.Scope scope(String... strArr) {
                return (strArr.length == 2 && "connectionsHttpClient".equals(strArr[0]) && "default".equals(strArr[1])) ? ScopeUtil.createScope(Collections.singletonMap("proxy-mappings", "localhost;http://localhost:8281")) : ScopeUtil.createScope(new HashMap());
            }
        });
        ResteasyKeycloakSessionFactory resteasyKeycloakSessionFactory = new ResteasyKeycloakSessionFactory();
        resteasyKeycloakSessionFactory.init();
        ResteasyKeycloakSession resteasyKeycloakSession = new ResteasyKeycloakSession(resteasyKeycloakSessionFactory);
        SOAPException assertThrows = Assert.assertThrows(SOAPException.class, () -> {
            Soap.createMessage().addToBody(convert).call("http://localhost:8280", resteasyKeycloakSession);
        });
        MatcherAssert.assertThat(assertThrows.getMessage(), CoreMatchers.containsString("localhost:8281"));
        MatcherAssert.assertThat(assertThrows.getMessage(), CoreMatchers.containsString("Connection refused"));
    }
}
