package org.keycloak.testsuite.oauth;

import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.ws.rs.core.Response;
import org.hamcrest.CoreMatchers;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.common.util.UriUtils;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.protocol.oidc.mappers.AddressMapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.UserInfo;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.cli.KcinitTest;
import org.keycloak.testsuite.updaters.ClientAttributeUpdater;
import org.keycloak.testsuite.updaters.ProtocolMappersUpdater;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.ClientManager;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.testsuite.util.UserInfoClientUtil;

/* loaded from: input_file:org/keycloak/testsuite/oauth/OIDCProtocolMappersTest.class */
public class OIDCProtocolMappersTest extends AbstractKeycloakTest {

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @Before
    public void clientConfiguration() {
        ClientManager.realm(this.adminClient.realm("test")).clientId(AssertEvents.DEFAULT_CLIENT_ID).directAccessGrant(true);
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
    }

    private void deleteMappers(ProtocolMappersResource protocolMappersResource) {
        ProtocolMapperRepresentation mapperByNameAndProtocol = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappersResource, "openid-connect", "Realm roles mapper");
        if (mapperByNameAndProtocol != null) {
            protocolMappersResource.delete(mapperByNameAndProtocol.getId());
        }
        ProtocolMapperRepresentation mapperByNameAndProtocol2 = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappersResource, "openid-connect", "Client roles mapper");
        if (mapperByNameAndProtocol2 != null) {
            protocolMappersResource.delete(mapperByNameAndProtocol2.getId());
        }
        ProtocolMapperRepresentation mapperByNameAndProtocol3 = ProtocolMapperUtil.getMapperByNameAndProtocol(protocolMappersResource, "openid-connect", "group-value");
        if (mapperByNameAndProtocol3 != null) {
            protocolMappersResource.delete(mapperByNameAndProtocol3.getId());
        }
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Test
    @EnableFeature(value = Profile.Feature.UPLOAD_SCRIPTS, skipRestart = true)
    public void testTokenScriptMapping() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper1", "computed-via-script", "computed-via-script", "String", true, true, "'hello_' + user.username", false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper2", "multiValued-via-script", "multiValued-via-script", "String", true, true, "new java.util.ArrayList(['A','B'])", true)).close();
        Response createMapper = findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper3", "syntax-error-script", "syntax-error-script", "String", true, true, "func_tion foo(){ return 'fail';} foo()", false));
        MatcherAssert.assertThat(createMapper.getStatusInfo().getFamily(), Matchers.is(Response.Status.Family.CLIENT_ERROR));
        createMapper.close();
        AccessToken verifyToken = this.oauth.verifyToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getAccessToken());
        Assert.assertEquals("hello_test-user@localhost", verifyToken.getOtherClaims().get("computed-via-script"));
        Assert.assertEquals(Arrays.asList("A", "B"), verifyToken.getOtherClaims().get("multiValued-via-script"));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testTokenMapping() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.singleAttribute("street", "5 Yawkey Way");
        representation.singleAttribute("locality", "Boston");
        representation.singleAttribute("region_some", "MA");
        representation.singleAttribute("postal_code", "02115");
        representation.singleAttribute("country", "USA");
        representation.singleAttribute("formatted", "6 Foo Street");
        representation.singleAttribute("phone", "617-777-6666");
        representation.singleAttribute("json-attribute", "{\"a\": 1, \"b\": 2, \"c\": [{\"a\": 1, \"b\": 2}], \"d\": {\"a\": 1, \"b\": 2}}");
        representation.getAttributes().put("json-attribute-multi", Arrays.asList("{\"a\": 1, \"b\": 2, \"c\": [{\"a\": 1, \"b\": 2}], \"d\": {\"a\": 1, \"b\": 2}}", "{\"a\": 1, \"b\": 2, \"c\": [{\"a\": 1, \"b\": 2}], \"d\": {\"a\": 1, \"b\": 2}}"));
        representation.getAttributes().put("departments", Arrays.asList("finance", "development"));
        findUserByUsernameId.update(representation);
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        ProtocolMapperRepresentation createAddressMapper = ProtocolMapperUtil.createAddressMapper(true, true, true);
        createAddressMapper.getConfig().put(AddressMapper.getModelPropertyName("region"), "region_some");
        createAddressMapper.getConfig().put(AddressMapper.getModelPropertyName("country"), "country_some");
        createAddressMapper.getConfig().remove(AddressMapper.getModelPropertyName("postal_code"));
        findClientResourceByClientId.getProtocolMappers().createMapper(createAddressMapper).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("hard", "hard", "coded", "String", true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("hard-nested", "nested.hard", "coded-nested", "String", true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("custom phone", "phone", "home_phone", "String", true, true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("nested phone", "phone", "home.phone", "String", true, true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("dotted phone", "phone", "home\\.phone", "String", true, true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("departments", "departments", "department", "String", true, true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("firstDepartment", "departments", "firstDepartment", "String", true, true, false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedRole("hard-realm", "hardcoded")).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedRole("hard-app", "app.hardcoded")).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createRoleNameMapper("rename-app-role", "test-app.customer-user", "realm-user")).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper1", "computed-via-script", "computed-via-script", "String", true, true, "'hello_' + user.username", false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper2", "multiValued-via-script", "multiValued-via-script", "String", true, true, "new java.util.ArrayList(['A','B'])", true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("json-attribute-mapper", "json-attribute", "claim-from-json-attribute", "JSON", true, true, false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("json-attribute-mapper-multi", "json-attribute-multi", "claim-from-json-attribute-multi", "JSON", true, true, true)).close();
        Response createMapper = findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createScriptMapper("test-script-mapper3", "syntax-error-script", "syntax-error-script", "String", true, true, "func_tion foo(){ return 'fail';} foo()", false));
        MatcherAssert.assertThat(createMapper.getStatusInfo().getFamily(), Matchers.is(Response.Status.Family.CLIENT_ERROR));
        createMapper.close();
        OAuthClient.AccessTokenResponse browserLogin = browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password");
        IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin.getIdToken());
        Assert.assertNotNull(verifyIDToken.getAddress());
        Assert.assertEquals(verifyIDToken.getName(), "Tom Brady");
        Assert.assertEquals(verifyIDToken.getAddress().getStreetAddress(), "5 Yawkey Way");
        Assert.assertEquals(verifyIDToken.getAddress().getLocality(), "Boston");
        Assert.assertEquals(verifyIDToken.getAddress().getRegion(), "MA");
        Assert.assertEquals(verifyIDToken.getAddress().getPostalCode(), "02115");
        Assert.assertNull(verifyIDToken.getAddress().getCountry());
        Assert.assertEquals(verifyIDToken.getAddress().getFormattedAddress(), "6 Foo Street");
        Assert.assertNotNull(verifyIDToken.getOtherClaims().get("home_phone"));
        MatcherAssert.assertThat((List) verifyIDToken.getOtherClaims().get("home_phone"), Matchers.hasItems(new String[]{"617-777-6666"}));
        Assert.assertNotNull(verifyIDToken.getOtherClaims().get("home.phone"));
        MatcherAssert.assertThat((List) verifyIDToken.getOtherClaims().get("home.phone"), Matchers.hasItems(new String[]{"617-777-6666"}));
        Assert.assertEquals("coded", verifyIDToken.getOtherClaims().get("hard"));
        Assert.assertEquals("coded-nested", ((Map) verifyIDToken.getOtherClaims().get("nested")).get("hard"));
        MatcherAssert.assertThat((List) ((Map) verifyIDToken.getOtherClaims().get("home")).get("phone"), Matchers.hasItems(new String[]{"617-777-6666"}));
        MatcherAssert.assertThat((List) verifyIDToken.getOtherClaims().get("department"), Matchers.containsInAnyOrder(new String[]{"finance", "development"}));
        Object obj = verifyIDToken.getOtherClaims().get("firstDepartment");
        MatcherAssert.assertThat(obj, Matchers.instanceOf(String.class));
        MatcherAssert.assertThat(obj, Matchers.anyOf(Matchers.is("finance"), Matchers.is("development")));
        Map map = (Map) verifyIDToken.getOtherClaims().get("claim-from-json-attribute");
        MatcherAssert.assertThat(map.get("a"), Matchers.instanceOf(Integer.TYPE));
        MatcherAssert.assertThat(map.get("c"), Matchers.instanceOf(Collection.class));
        MatcherAssert.assertThat(map.get("d"), Matchers.instanceOf(Map.class));
        List list = (List) verifyIDToken.getOtherClaims().get("claim-from-json-attribute-multi");
        Assert.assertEquals(2L, list.size());
        MatcherAssert.assertThat(((Map) list.get(0)).get("a"), Matchers.instanceOf(Integer.TYPE));
        MatcherAssert.assertThat(((Map) list.get(1)).get("c"), Matchers.instanceOf(Collection.class));
        MatcherAssert.assertThat(((Map) list.get(1)).get("d"), Matchers.instanceOf(Map.class));
        AccessToken verifyToken = this.oauth.verifyToken(browserLogin.getAccessToken());
        Assert.assertEquals(verifyToken.getName(), "Tom Brady");
        Assert.assertNotNull(verifyToken.getAddress());
        Assert.assertEquals(verifyToken.getAddress().getStreetAddress(), "5 Yawkey Way");
        Assert.assertEquals(verifyToken.getAddress().getLocality(), "Boston");
        Assert.assertEquals(verifyToken.getAddress().getRegion(), "MA");
        Assert.assertEquals(verifyToken.getAddress().getPostalCode(), "02115");
        Assert.assertNull(verifyIDToken.getAddress().getCountry());
        Assert.assertEquals(verifyIDToken.getAddress().getFormattedAddress(), "6 Foo Street");
        Assert.assertNotNull(verifyToken.getOtherClaims().get("home_phone"));
        MatcherAssert.assertThat((List) verifyToken.getOtherClaims().get("home_phone"), Matchers.hasItems(new String[]{"617-777-6666"}));
        Assert.assertEquals("coded", verifyToken.getOtherClaims().get("hard"));
        Assert.assertEquals("coded-nested", ((Map) verifyToken.getOtherClaims().get("nested")).get("hard"));
        MatcherAssert.assertThat((List) ((Map) verifyToken.getOtherClaims().get("home")).get("phone"), Matchers.hasItems(new String[]{"617-777-6666"}));
        List list2 = (List) verifyIDToken.getOtherClaims().get("department");
        Assert.assertEquals(2L, list2.size());
        Assert.assertTrue(list2.contains("finance") && list2.contains("development"));
        Assert.assertTrue(verifyToken.getRealmAccess().getRoles().contains("hardcoded"));
        Assert.assertTrue(verifyToken.getRealmAccess().getRoles().contains("realm-user"));
        org.keycloak.testsuite.Assert.assertNull(verifyToken.getResourceAccess(AssertEvents.DEFAULT_CLIENT_ID));
        Assert.assertTrue(verifyToken.getResourceAccess(KcinitTest.APP).getRoles().contains("hardcoded"));
        org.keycloak.testsuite.Assert.assertThat(verifyToken.getAudience(), Matchers.arrayContainingInAnyOrder(new String[]{KcinitTest.APP, BackchannelLogoutTest.ACCOUNT_CLIENT_NAME}));
        org.keycloak.testsuite.Assert.assertNames(verifyToken.getAllowedOrigins(), "http://localhost:8180", "https://localhost:8543");
        Map map2 = (Map) verifyToken.getOtherClaims().get("claim-from-json-attribute");
        MatcherAssert.assertThat(map2.get("a"), Matchers.instanceOf(Integer.TYPE));
        MatcherAssert.assertThat(map2.get("c"), Matchers.instanceOf(Collection.class));
        MatcherAssert.assertThat(map2.get("d"), Matchers.instanceOf(Map.class));
        this.oauth.openLogout();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        for (ProtocolMapperRepresentation protocolMapperRepresentation : findClientByClientId.toRepresentation().getProtocolMappers()) {
            if (protocolMapperRepresentation.getName().equals("address") || protocolMapperRepresentation.getName().equals("hard") || protocolMapperRepresentation.getName().equals("hard-nested") || protocolMapperRepresentation.getName().equals("custom phone") || protocolMapperRepresentation.getName().equals("dotted phone") || protocolMapperRepresentation.getName().equals("departments") || protocolMapperRepresentation.getName().equals("firstDepartment") || protocolMapperRepresentation.getName().equals("nested phone") || protocolMapperRepresentation.getName().equals("rename-app-role") || protocolMapperRepresentation.getName().equals("hard-realm") || protocolMapperRepresentation.getName().equals("hard-app") || protocolMapperRepresentation.getName().equals("test-script-mapper") || protocolMapperRepresentation.getName().equals("json-attribute-mapper")) {
                findClientByClientId.getProtocolMappers().delete(protocolMapperRepresentation.getId());
            }
        }
        this.events.clear();
        IDToken verifyIDToken2 = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
        Assert.assertNull(verifyIDToken2.getAddress());
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("home_phone"));
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("hard"));
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("nested"));
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("department"));
        this.oauth.openLogout();
        this.events.clear();
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testTokenPropertiesMapping() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.singleAttribute("userid", "123456789");
        representation.getAttributes().put("useraud", Arrays.asList(AssertEvents.DEFAULT_CLIENT_ID, "other"));
        findUserByUsernameId.update(representation);
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("userid-as-sub", "userid", "sub", "String", true, true, false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("useraud", "useraud", "aud", "String", true, true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("website-hardcoded", "website", "http://localhost", "String", true, true)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedClaim("iat-hardcoded", "iat", "123", "long", true, false)).close();
        OAuthClient.AccessTokenResponse browserLogin = browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password");
        IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin.getIdToken());
        Assert.assertEquals(representation.firstAttribute("userid"), verifyIDToken.getSubject());
        Assert.assertEquals("http://localhost", verifyIDToken.getWebsite());
        Assert.assertNotNull(verifyIDToken.getAudience());
        MatcherAssert.assertThat(Arrays.asList(verifyIDToken.getAudience()), Matchers.hasItems(new String[]{AssertEvents.DEFAULT_CLIENT_ID, "other"}));
        AccessToken verifyToken = this.oauth.verifyToken(browserLogin.getAccessToken());
        Assert.assertEquals(representation.firstAttribute("userid"), verifyToken.getSubject());
        Assert.assertEquals("http://localhost", verifyToken.getWebsite());
        Assert.assertNotNull(verifyToken.getAudience());
        MatcherAssert.assertThat(Arrays.asList(verifyToken.getAudience()), Matchers.hasItems(new String[]{AssertEvents.DEFAULT_CLIENT_ID, "other"}));
        Assert.assertNotEquals(123L, verifyToken.getIat().longValue());
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            UserInfo userInfo = (UserInfo) UserInfoClientUtil.executeUserInfoRequest_getMethod(createResteasyClient, browserLogin.getAccessToken()).readEntity(UserInfo.class);
            Assert.assertEquals(representation.firstAttribute("userid"), userInfo.getSubject());
            Assert.assertEquals(representation.getEmail(), userInfo.getEmail());
            Assert.assertEquals(representation.getUsername(), userInfo.getPreferredUsername());
            Assert.assertEquals(representation.getLastName(), userInfo.getFamilyName());
            Assert.assertEquals(representation.getFirstName(), userInfo.getGivenName());
            Assert.assertEquals("http://localhost", userInfo.getWebsite());
            Assert.assertNotNull(verifyToken.getAudience());
            MatcherAssert.assertThat(Arrays.asList(verifyToken.getAudience()), Matchers.hasItems(new String[]{AssertEvents.DEFAULT_CLIENT_ID, "other"}));
            createResteasyClient.close();
            this.oauth.openLogout();
            ClientResource findClientByClientId = ApiUtil.findClientByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
            for (ProtocolMapperRepresentation protocolMapperRepresentation : findClientByClientId.toRepresentation().getProtocolMappers()) {
                if (protocolMapperRepresentation.getName().equals("userid-as-sub") || protocolMapperRepresentation.getName().equals("website-hardcoded") || protocolMapperRepresentation.getName().equals("iat-hardcoded") || protocolMapperRepresentation.getName().equals("useraud")) {
                    findClientByClientId.getProtocolMappers().delete(protocolMapperRepresentation.getId());
                }
            }
            this.events.clear();
        } catch (Throwable th) {
            createResteasyClient.close();
            throw th;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testNullOrEmptyTokenMapping() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.singleAttribute("empty", "");
        representation.singleAttribute("null", (String) null);
        findUserByUsernameId.update(representation);
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("empty", "empty", "empty", "String", true, true, false)).close();
        findClientResourceByClientId.getProtocolMappers().createMapper(ProtocolMapperUtil.createClaimMapper("null", "null", "null", "String", true, true, false)).close();
        OAuthClient.AccessTokenResponse browserLogin = browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password");
        IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin.getIdToken());
        Object obj = verifyIDToken.getOtherClaims().get("empty");
        MatcherAssert.assertThat(obj == null ? null : (String) obj, Matchers.isEmptyOrNullString());
        Assert.assertNull(verifyIDToken.getOtherClaims().get("null"));
        this.oauth.verifyToken(browserLogin.getAccessToken());
        this.oauth.openLogout();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        for (ProtocolMapperRepresentation protocolMapperRepresentation : findClientByClientId.toRepresentation().getProtocolMappers()) {
            if (protocolMapperRepresentation.getName().equals("empty") || protocolMapperRepresentation.getName().equals("null")) {
                findClientByClientId.getProtocolMappers().delete(protocolMapperRepresentation.getId());
            }
        }
        this.events.clear();
        IDToken verifyIDToken2 = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
        Assert.assertNull(verifyIDToken2.getAddress());
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("empty"));
        Assert.assertNull(verifyIDToken2.getOtherClaims().get("null"));
        this.oauth.openLogout();
        this.events.clear();
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testUserRoleToAttributeMappers() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, null, "Client roles mapper", "roles-custom.test-app", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", AssertEvents.DEFAULT_CLIENT_ID}));
        String str = (String) map.get("realm");
        String str2 = (String) map.get(AssertEvents.DEFAULT_CLIENT_ID);
        assertRolesString(str, "pref.user", "pref.offline_access");
        assertRolesString(str2, "customer-user");
        deleteMappers(protocolMappers);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testUserRolesMovedFromAccessTokenProperties() throws Exception {
        ClientScopeResource findClientScopeByName = ApiUtil.findClientScopeByName(this.adminClient.realm("test"), "roles");
        ProtocolMapperRepresentation protocolMapperRepresentation = null;
        ProtocolMapperRepresentation protocolMapperRepresentation2 = null;
        for (ProtocolMapperRepresentation protocolMapperRepresentation3 : findClientScopeByName.getProtocolMappers().getMappers()) {
            if ("realm roles".equals(protocolMapperRepresentation3.getName())) {
                protocolMapperRepresentation = protocolMapperRepresentation3;
            } else if ("client roles".equals(protocolMapperRepresentation3.getName())) {
                protocolMapperRepresentation2 = protocolMapperRepresentation3;
            }
        }
        String str = (String) protocolMapperRepresentation.getConfig().get("claim.name");
        String str2 = (String) protocolMapperRepresentation2.getConfig().get("claim.name");
        protocolMapperRepresentation.getConfig().put("claim.name", "custom.roles");
        findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation.getId(), protocolMapperRepresentation);
        protocolMapperRepresentation2.getConfig().put("claim.name", "custom.roles");
        findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation2.getId(), protocolMapperRepresentation2);
        Response createMapper = findClientScopeByName.getProtocolMappers().createMapper(ProtocolMapperUtil.createHardcodedRole("hard-realm", "hardcoded"));
        String createdId = ApiUtil.getCreatedId(createMapper);
        createMapper.close();
        try {
            OAuthClient.AccessTokenResponse browserLogin = browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password");
            AccessToken verifyToken = this.oauth.verifyToken(browserLogin.getAccessToken());
            org.keycloak.testsuite.Assert.assertNull(verifyToken.getRealmAccess());
            org.keycloak.testsuite.Assert.assertTrue(verifyToken.getResourceAccess().isEmpty());
            String str3 = new String(new JWSInput(browserLogin.getAccessToken()).getContent(), StandardCharsets.UTF_8);
            org.keycloak.testsuite.Assert.assertFalse(str3.contains("realm_access"));
            org.keycloak.testsuite.Assert.assertFalse(str3.contains("resource_access"));
            org.keycloak.testsuite.Assert.assertNames((List) ((Map) verifyToken.getOtherClaims().get("custom")).get("roles"), "offline_access", "user", "customer-user", "hardcoded", "view-profile", "manage-account", "manage-account-links");
            org.keycloak.testsuite.Assert.assertNames(Arrays.asList(verifyToken.getAudience()), BackchannelLogoutTest.ACCOUNT_CLIENT_NAME);
            findClientScopeByName.getProtocolMappers().delete(createdId);
            protocolMapperRepresentation.getConfig().put("claim.name", str);
            findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation.getId(), protocolMapperRepresentation);
            protocolMapperRepresentation2.getConfig().put("claim.name", str2);
            findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation2.getId(), protocolMapperRepresentation2);
        } catch (Throwable th) {
            findClientScopeByName.getProtocolMappers().delete(createdId);
            protocolMapperRepresentation.getConfig().put("claim.name", str);
            findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation.getId(), protocolMapperRepresentation);
            protocolMapperRepresentation2.getConfig().put("claim.name", str2);
            findClientScopeByName.getProtocolMappers().update(protocolMapperRepresentation2.getId(), protocolMapperRepresentation2);
            throw th;
        }
    }

    @Test
    public void testRolesAndAllowedOriginsRemovedFromAccessToken() throws Exception {
        RealmResource realm = this.adminClient.realm("test");
        ClientScopeRepresentation representation = ApiUtil.findClientScopeByName(realm, "web-origins").toRepresentation();
        ClientScopeRepresentation representation2 = ApiUtil.findClientScopeByName(realm, "roles").toRepresentation();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(realm, AssertEvents.DEFAULT_CLIENT_ID);
        findClientByClientId.removeDefaultClientScope(representation.getId());
        findClientByClientId.removeDefaultClientScope(representation2.getId());
        try {
            OAuthClient.AccessTokenResponse browserLogin = browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password");
            AccessToken verifyToken = this.oauth.verifyToken(browserLogin.getAccessToken());
            org.keycloak.testsuite.Assert.assertNull(verifyToken.getAllowedOrigins());
            org.keycloak.testsuite.Assert.assertNull(verifyToken.getRealmAccess());
            org.keycloak.testsuite.Assert.assertTrue(verifyToken.getResourceAccess().isEmpty());
            org.keycloak.testsuite.Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyToken.getIssuedFor());
            org.keycloak.testsuite.Assert.assertFalse(verifyToken.hasAudience(AssertEvents.DEFAULT_CLIENT_ID));
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin.getIdToken());
            org.keycloak.testsuite.Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, verifyIDToken.getIssuedFor());
            org.keycloak.testsuite.Assert.assertTrue(verifyIDToken.hasAudience(AssertEvents.DEFAULT_CLIENT_ID));
            findClientByClientId.addDefaultClientScope(representation.getId());
            findClientByClientId.addDefaultClientScope(representation2.getId());
        } catch (Throwable th) {
            findClientByClientId.addDefaultClientScope(representation.getId());
            findClientByClientId.addDefaultClientScope(representation2.getId());
            throw th;
        }
    }

    @Test
    public void testUserRoleToAttributeMappersWithMultiValuedRoles() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, null, "Client roles mapper", "roles-custom.test-app", true, true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", AssertEvents.DEFAULT_CLIENT_ID}));
        org.keycloak.testsuite.Assert.assertThat(map.get("realm"), CoreMatchers.instanceOf(List.class));
        org.keycloak.testsuite.Assert.assertThat(map.get(AssertEvents.DEFAULT_CLIENT_ID), CoreMatchers.instanceOf(List.class));
        List<String> list = (List) map.get("realm");
        List<String> list2 = (List) map.get(AssertEvents.DEFAULT_CLIENT_ID);
        assertRoles(list, "pref.user", "pref.offline_access");
        assertRoles(list2, "customer-user");
        deleteMappers(protocolMappers);
    }

    @Test
    public void testUserRoleToAttributeMappersWithFullScopeDisabled() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, null, "Client roles mapper", "roles-custom.test-app", true, true, true);
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        ClientRepresentation representation = findClientResourceByClientId.toRepresentation();
        representation.setFullScopeAllowed(false);
        findClientResourceByClientId.update(representation);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", AssertEvents.DEFAULT_CLIENT_ID}));
        org.keycloak.testsuite.Assert.assertThat(map.get("realm"), CoreMatchers.instanceOf(List.class));
        org.keycloak.testsuite.Assert.assertThat(map.get(AssertEvents.DEFAULT_CLIENT_ID), CoreMatchers.instanceOf(List.class));
        List<String> list = (List) map.get("realm");
        List<String> list2 = (List) map.get(AssertEvents.DEFAULT_CLIENT_ID);
        assertRoles(list, "pref.user");
        assertRoles(list2, "customer-user");
        deleteMappers(protocolMappers);
        ClientRepresentation representation2 = findClientResourceByClientId.toRepresentation();
        representation2.setFullScopeAllowed(true);
        findClientResourceByClientId.update(representation2);
    }

    @Test
    public void testRoleMapperWithRoleInheritedFromMoreGroups() throws Exception {
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, null, "Client roles mapper", "roles-custom.test-app", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserClientRoleMappingMapper));
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/topGroup/level2group2");
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), "level2GroupUser");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        this.oauth.clientId(AssertEvents.DEFAULT_CLIENT_ID);
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", "level2GroupUser", "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{AssertEvents.DEFAULT_CLIENT_ID}));
        assertRolesString((String) map.get(AssertEvents.DEFAULT_CLIENT_ID), "customer-user");
        findUserByUsernameId.leaveGroup(groupByPath.getId());
        deleteMappers(protocolMappers);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testUserGroupRoleToAttributeMappers() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, "ta.", "Client roles mapper", "roles-custom.test-app", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", "rich.roles@redhat.com", "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", AssertEvents.DEFAULT_CLIENT_ID}));
        String str = (String) map.get("realm");
        String str2 = (String) map.get(AssertEvents.DEFAULT_CLIENT_ID);
        assertRolesString(str, "pref.admin", "pref.user", "pref.customer-user-premium", "pref.realm-composite-role", "pref.sample-realm-role");
        assertRolesString(str2, "ta.customer-user", "ta.customer-admin-composite-role", "ta.customer-admin", "ta.sample-client-role");
        deleteMappers(protocolMappers);
    }

    @Test
    public void testUserGroupRoleToAttributeMappersNotScopedOtherApp() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper("test-app-authz", null, "Client roles mapper", "roles-custom.test-app-authz", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), "test-app-authz").getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        ClientManager.realm(this.adminClient.realm("test")).clientId("test-app-authz").directAccessGrant(true);
        this.oauth.clientId("test-app-authz");
        String redirectUri = this.oauth.getRedirectUri();
        this.oauth.redirectUri(UriUtils.getOrigin(redirectUri) + "/test-app-authz");
        IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("secret", "rich.roles@redhat.com", "password").getIdToken());
        this.oauth.redirectUri(redirectUri);
        Map map = (Map) verifyIDToken.getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm"}));
        String str = (String) map.get("realm");
        String str2 = (String) map.get("test-app-authz");
        assertRolesString(str, "pref.admin", "pref.user", "pref.customer-user-premium", "pref.realm-composite-role", "pref.sample-realm-role");
        Assert.assertNull(str2);
        deleteMappers(protocolMappers);
    }

    @Test
    public void testUserGroupRoleToAttributeMappersScoped() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper("test-app-scope", null, "Client roles mapper", "roles-custom.test-app-scope", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), "test-app-scope").getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        ClientManager.realm(this.adminClient.realm("test")).clientId("test-app-scope").directAccessGrant(true);
        this.oauth.clientId("test-app-scope");
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", "rich.roles@redhat.com", "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", "test-app-scope"}));
        String str = (String) map.get("realm");
        String str2 = (String) map.get("test-app-scope");
        assertRolesString(str, "pref.admin", "pref.user", "pref.customer-user-premium");
        assertRolesString(str2, "test-app-allowed-by-scope", "test-app-disallowed-by-scope");
        deleteMappers(protocolMappers);
    }

    @Test
    public void testUserGroupRoleToAttributeMappersScopedClientNotSet() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(null, null, "Client roles mapper", "roles-custom.test-app-scope", true, true);
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), "test-app-scope").getProtocolMappers();
        protocolMappers.createMapper(Arrays.asList(createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper));
        ClientManager.realm(this.adminClient.realm("test")).clientId("test-app-scope").directAccessGrant(true);
        this.oauth.clientId("test-app-scope");
        Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", "rich.roles@redhat.com", "password").getIdToken()).getOtherClaims().get("roles-custom");
        org.keycloak.testsuite.Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", "test-app-scope"}));
        String str = (String) map.get("realm");
        String str2 = (String) map.get("test-app-scope");
        assertRolesString(str, "pref.admin", "pref.user", "pref.customer-user-premium");
        assertRolesString(str2, "test-app-allowed-by-scope", "test-app-disallowed-by-scope");
        deleteMappers(protocolMappers);
    }

    @Test
    public void testUserGroupRoleToAttributeMappersScopedWithDifferentClient() throws Exception {
        ProtocolMapperRepresentation createUserRealmRoleMappingMapper = ProtocolMapperUtil.createUserRealmRoleMappingMapper("pref.", "Realm roles mapper", "roles-custom.realm", true, true);
        ProtocolMapperRepresentation createUserClientRoleMappingMapper = ProtocolMapperUtil.createUserClientRoleMappingMapper(AssertEvents.DEFAULT_CLIENT_ID, null, "Client roles mapper", "roles-custom.test-app", true, true);
        ClientAttributeUpdater directAccessGrantsEnabled = ClientAttributeUpdater.forClient(this.adminClient, "test", "test-app-scope").setDirectAccessGrantsEnabled(true);
        Throwable th = null;
        try {
            ProtocolMappersUpdater protocolMappersUpdater = new ProtocolMappersUpdater(((ClientResource) directAccessGrantsEnabled.getResource()).getProtocolMappers());
            Throwable th2 = null;
            try {
                protocolMappersUpdater.add(new ProtocolMapperRepresentation[]{createUserRealmRoleMappingMapper, createUserClientRoleMappingMapper}).update();
                this.oauth.clientId("test-app-scope");
                Map map = (Map) this.oauth.verifyIDToken(browserLogin("password", "rich.roles@redhat.com", "password").getIdToken()).getOtherClaims().get("roles-custom");
                Assert.assertNotNull(map);
                MatcherAssert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"realm", AssertEvents.DEFAULT_CLIENT_ID}));
                String str = (String) map.get("realm");
                String str2 = (String) map.get(AssertEvents.DEFAULT_CLIENT_ID);
                assertRolesString(str, "pref.admin", "pref.user", "pref.customer-user-premium");
                assertRolesString(str2, "customer-admin-composite-role", "customer-admin");
                if (protocolMappersUpdater != null) {
                    if (0 != 0) {
                        try {
                            protocolMappersUpdater.close();
                        } catch (Throwable th3) {
                            th2.addSuppressed(th3);
                        }
                    } else {
                        protocolMappersUpdater.close();
                    }
                }
                if (directAccessGrantsEnabled != null) {
                    if (0 == 0) {
                        directAccessGrantsEnabled.close();
                        return;
                    }
                    try {
                        directAccessGrantsEnabled.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                }
            } catch (Throwable th5) {
                if (protocolMappersUpdater != null) {
                    if (0 != 0) {
                        try {
                            protocolMappersUpdater.close();
                        } catch (Throwable th6) {
                            th2.addSuppressed(th6);
                        }
                    } else {
                        protocolMappersUpdater.close();
                    }
                }
                throw th5;
            }
        } catch (Throwable th7) {
            if (directAccessGrantsEnabled != null) {
                if (0 != 0) {
                    try {
                        directAccessGrantsEnabled.close();
                    } catch (Throwable th8) {
                        th.addSuppressed(th8);
                    }
                } else {
                    directAccessGrantsEnabled.close();
                }
            }
            throw th7;
        }
    }

    @Test
    public void testGroupAttributeUserOneGroupNoMultivalueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setAttributes(new HashMap());
        representation.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
        findUserByUsernameId.update(representation);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, false, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof String);
            Assert.assertTrue("user-value1".equals(verifyIDToken.getOtherClaims().get("group-value")) || "user-value2".equals(verifyIDToken.getOtherClaims().get("group-value")));
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeUserOneGroupMultivalueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setAttributes(new HashMap());
        representation.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
        findUserByUsernameId.update(representation);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(2L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("user-value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("user-value2"));
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeUserOneGroupMultivalueAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        UserRepresentation representation = findUserByUsernameId.toRepresentation();
        representation.setAttributes(new HashMap());
        representation.getAttributes().put("group-value", Arrays.asList("user-value1", "user-value2"));
        findUserByUsernameId.update(representation);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(4L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("user-value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("user-value2"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2"));
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            representation.getAttributes().remove("group-value");
            findUserByUsernameId.update(representation);
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeOneGroupNoMultivalueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, false, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof String);
            Assert.assertTrue("value1".equals(verifyIDToken.getOtherClaims().get("group-value")) || "value2".equals(verifyIDToken.getOtherClaims().get("group-value")));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeOneGroupMultiValueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(2L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2"));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeOneGroupMultiValueAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(2L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2"));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeTwoGroupNoMultivalueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        GroupRepresentation groupRepresentation2 = new GroupRepresentation();
        groupRepresentation2.setName("group2");
        groupRepresentation2.setAttributes(new HashMap());
        groupRepresentation2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
        this.adminClient.realm("test").groups().add(groupRepresentation2);
        GroupRepresentation groupByPath2 = this.adminClient.realm("test").getGroupByPath("/group2");
        findUserByUsernameId.joinGroup(groupByPath2.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, false, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof String);
            Assert.assertTrue("value1".equals(verifyIDToken.getOtherClaims().get("group-value")) || "value2".equals(verifyIDToken.getOtherClaims().get("group-value")) || "value3".equals(verifyIDToken.getOtherClaims().get("group-value")));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeTwoGroupMultiValueNoAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        GroupRepresentation groupRepresentation2 = new GroupRepresentation();
        groupRepresentation2.setName("group2");
        groupRepresentation2.setAttributes(new HashMap());
        groupRepresentation2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
        this.adminClient.realm("test").groups().add(groupRepresentation2);
        GroupRepresentation groupByPath2 = this.adminClient.realm("test").getGroupByPath("/group2");
        findUserByUsernameId.joinGroup(groupByPath2.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, false)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(2L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue((((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value1") && ((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2")) || (((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2") && ((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value3")));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    @Test
    public void testGroupAttributeTwoGroupMultiValueAggregate() throws Exception {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(this.adminClient.realm("test"), AssertEvents.DEFAULT_USERNAME);
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName("group1");
        groupRepresentation.setAttributes(new HashMap());
        groupRepresentation.getAttributes().put("group-value", Arrays.asList("value1", "value2"));
        this.adminClient.realm("test").groups().add(groupRepresentation);
        GroupRepresentation groupByPath = this.adminClient.realm("test").getGroupByPath("/group1");
        findUserByUsernameId.joinGroup(groupByPath.getId());
        GroupRepresentation groupRepresentation2 = new GroupRepresentation();
        groupRepresentation2.setName("group2");
        groupRepresentation2.setAttributes(new HashMap());
        groupRepresentation2.getAttributes().put("group-value", Arrays.asList("value2", "value3"));
        this.adminClient.realm("test").groups().add(groupRepresentation2);
        GroupRepresentation groupByPath2 = this.adminClient.realm("test").getGroupByPath("/group2");
        findUserByUsernameId.joinGroup(groupByPath2.getId());
        ProtocolMappersResource protocolMappers = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID).getProtocolMappers();
        protocolMappers.createMapper(ProtocolMapperUtil.createClaimMapper("group-value", "group-value", "group-value", "String", true, true, true, true)).close();
        try {
            IDToken verifyIDToken = this.oauth.verifyIDToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getIdToken());
            Assert.assertNotNull(verifyIDToken.getOtherClaims());
            Assert.assertNotNull(verifyIDToken.getOtherClaims().get("group-value"));
            Assert.assertTrue(verifyIDToken.getOtherClaims().get("group-value") instanceof List);
            Assert.assertEquals(3L, ((List) verifyIDToken.getOtherClaims().get("group-value")).size());
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value1"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value2"));
            Assert.assertTrue(((List) verifyIDToken.getOtherClaims().get("group-value")).contains("value3"));
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
        } catch (Throwable th) {
            findUserByUsernameId.leaveGroup(groupByPath.getId());
            this.adminClient.realm("test").groups().group(groupByPath.getId()).remove();
            findUserByUsernameId.leaveGroup(groupByPath2.getId());
            this.adminClient.realm("test").groups().group(groupByPath2.getId()).remove();
            deleteMappers(protocolMappers);
            throw th;
        }
    }

    private void assertRoles(List<String> list, String... strArr) {
        org.keycloak.testsuite.Assert.assertNames(list, strArr);
    }

    private void assertRolesString(String str, String... strArr) {
        org.keycloak.testsuite.Assert.assertThat(Boolean.valueOf(str.matches("^\\[.*\\]$")), Matchers.is(true));
        String[] split = str.substring(1, str.length() - 1).split(",\\s*");
        if (strArr == null || strArr.length == 0) {
            org.keycloak.testsuite.Assert.assertThat(split, Matchers.arrayContainingInAnyOrder(new String[]{""}));
        } else {
            org.keycloak.testsuite.Assert.assertThat(split, Matchers.arrayContainingInAnyOrder(strArr));
        }
    }

    private ProtocolMapperRepresentation makeMapper(String str, String str2, Map<String, String> map) {
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setProtocol("openid-connect");
        protocolMapperRepresentation.setName(str);
        protocolMapperRepresentation.setProtocolMapper(str2);
        protocolMapperRepresentation.setConfig(map);
        return protocolMapperRepresentation;
    }

    private OAuthClient.AccessTokenResponse browserLogin(String str, String str2, String str3) {
        return this.oauth.doAccessTokenRequest(this.oauth.doLogin(str2, str3).getCode(), str);
    }
}
