package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import java.util.HashMap;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/testsuite/broker/HardcodedRoleMapperTest.class */
public class HardcodedRoleMapperTest extends AbstractRoleMapperTest {
    private RealmResource realm;

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerConfiguration();
    }

    @Before
    public void setupRealm() {
        super.addClients();
        this.realm = this.adminClient.realm(this.bc.consumerRealmName());
    }

    @Test
    public void mapperGrantsRoleOnFirstLogin() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperThenLoginAsUserTwiceWithHardcodedRoleMapper(IdentityProviderMapperSyncMode.IMPORT));
    }

    @Test
    public void mapperDoesNotGrantRoleInModeImportIfMapperIsAddedLater() {
        assertThatRoleHasNotBeenAssignedInConsumerRealmTo(loginAsUserThenCreateMapperAndLoginAgainWithHardcodedRoleMapper(IdentityProviderMapperSyncMode.IMPORT));
    }

    @Test
    public void updateBrokeredUserDoesNotGrantRoleInLegacyMode() {
        assertThatRoleHasNotBeenAssignedInConsumerRealmTo(loginAsUserThenCreateMapperAndLoginAgainWithHardcodedRoleMapper(IdentityProviderMapperSyncMode.LEGACY));
    }

    @Test
    public void updateBrokeredUserGrantsRoleInForceMode() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(loginAsUserThenCreateMapperAndLoginAgainWithHardcodedRoleMapper(IdentityProviderMapperSyncMode.FORCE));
    }

    @Test
    public void updateBrokeredUserMatchDoesntDeleteRole() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperThenLoginAsUserTwiceWithHardcodedRoleMapper(IdentityProviderMapperSyncMode.FORCE));
    }

    private UserRepresentation createMapperThenLoginAsUserTwiceWithHardcodedRoleMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, false, new HashMap());
    }

    private UserRepresentation loginAsUserThenCreateMapperAndLoginAgainWithHardcodedRoleMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, true, new HashMap());
    }

    @Override // org.keycloak.testsuite.broker.AbstractRoleMapperTest
    protected void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("oidc-hardcoded-role-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("oidc-hardcoded-role-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("role", AbstractRoleMapperTest.CLIENT_ROLE_MAPPER_REPRESENTATION).build());
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get(identityProviderRepresentation.getAlias());
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
    }
}
