package org.keycloak.services.clientregistration.policy.impl;

import java.net.InetAddress;
import java.net.UnknownHostException;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.common.Profile;
import org.keycloak.common.crypto.CryptoIntegration;
import org.keycloak.common.crypto.CryptoProvider;
import org.keycloak.component.ComponentModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.services.clientregistration.policy.ClientRegistrationPolicyException;
import org.keycloak.services.resteasy.ResteasyKeycloakSession;
import org.keycloak.services.resteasy.ResteasyKeycloakSessionFactory;

/* loaded from: input_file:org/keycloak/services/clientregistration/policy/impl/TrustedHostClientRegistrationPolicyTest.class */
public class TrustedHostClientRegistrationPolicyTest {
    private static KeycloakSession session;

    @BeforeClass
    public static void beforeClass() {
        Profile.defaults();
        CryptoIntegration.init(CryptoProvider.class.getClassLoader());
        ResteasyKeycloakSessionFactory resteasyKeycloakSessionFactory = new ResteasyKeycloakSessionFactory();
        resteasyKeycloakSessionFactory.init();
        session = new ResteasyKeycloakSession(resteasyKeycloakSessionFactory);
    }

    @Test
    public void testLocalhostName() {
        TrustedHostClientRegistrationPolicy create = new TrustedHostClientRegistrationPolicyFactory().create(session, createComponentModel("localhost"));
        create.verifyHost("127.0.0.1");
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.verifyHost("10.0.0.1");
        });
        create.checkURLTrusted("https://localhost", create.getTrustedHosts(), create.getTrustedDomains());
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.checkURLTrusted("https://otherhost", create.getTrustedHosts(), create.getTrustedDomains());
        });
    }

    @Test
    public void testLocalhostDomain() {
        TrustedHostClientRegistrationPolicy create = new TrustedHostClientRegistrationPolicyFactory().create(session, createComponentModel("*.localhost"));
        create.verifyHost("127.0.0.1");
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.verifyHost("10.0.0.1");
        });
        create.checkURLTrusted("https://localhost", create.getTrustedHosts(), create.getTrustedDomains());
        create.checkURLTrusted("https://other.localhost", create.getTrustedHosts(), create.getTrustedDomains());
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.checkURLTrusted("https://otherlocalhost", create.getTrustedHosts(), create.getTrustedDomains());
        });
    }

    @Test
    public void testLocalhostIP() {
        TrustedHostClientRegistrationPolicy create = new TrustedHostClientRegistrationPolicyFactory().create(session, createComponentModel("127.0.0.1"));
        create.verifyHost("127.0.0.1");
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.verifyHost("10.0.0.1");
        });
        create.checkURLTrusted("https://127.0.0.1", create.getTrustedHosts(), create.getTrustedDomains());
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.checkURLTrusted("https://localhost", create.getTrustedHosts(), create.getTrustedDomains());
        });
    }

    @Test
    public void testGoogleCrawlBot() {
        TrustedHostClientRegistrationPolicy create = new TrustedHostClientRegistrationPolicyFactory().create(session, createComponentModel("*.googlebot.com"));
        create.verifyHost("66.249.66.1");
        create.checkURLTrusted("https://www.googlebot.com", create.getTrustedHosts(), create.getTrustedDomains());
        create.checkURLTrusted("https://googlebot.com", create.getTrustedHosts(), create.getTrustedDomains());
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.checkURLTrusted("https://www.othergooglebot.com", create.getTrustedHosts(), create.getTrustedDomains());
        });
    }

    @Test
    public void testGithubDomain() throws UnknownHostException {
        TrustedHostClientRegistrationPolicy create = new TrustedHostClientRegistrationPolicyFactory().create(session, createComponentModel("*.github.com"));
        create.verifyHost(InetAddress.getByName("www.github.com").getHostAddress());
        create.verifyHost(InetAddress.getByName("github.com").getHostAddress());
        create.checkURLTrusted("https://www.github.com", create.getTrustedHosts(), create.getTrustedDomains());
        create.checkURLTrusted("https://github.com", create.getTrustedHosts(), create.getTrustedDomains());
        Assert.assertThrows(ClientRegistrationPolicyException.class, () -> {
            create.checkURLTrusted("https://othergithub.com", create.getTrustedHosts(), create.getTrustedDomains());
        });
    }

    private ComponentModel createComponentModel(String... strArr) {
        ComponentModel componentModel = new ComponentModel();
        componentModel.put("host-sending-registration-request-must-match", "true");
        componentModel.put("client-uris-must-match", "true");
        componentModel.getConfig().addAll("trusted-hosts", strArr);
        return componentModel;
    }
}
