package org.keycloak.testsuite.adapter.example.authorization;

import java.util.Arrays;
import java.util.List;
import org.jboss.arquillian.graphene.wait.StringMatcher;
import org.junit.Assert;
import org.junit.Ignore;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientPoliciesResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.ResourcesResource;
import org.keycloak.admin.client.resource.RolePoliciesResource;
import org.keycloak.admin.client.resource.RoleScopeResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.testsuite.util.WaitUtils;
import org.openqa.selenium.By;

/* loaded from: input_file:org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.class */
public abstract class AbstractServletAuthzAdapterTest extends AbstractBaseServletAuthzAdapterTest {
    @Test
    public void testCanNotAccessWhenEnforcing() throws Exception {
        performTests(() -> {
            importResourceServerSettings();
            ResourcesResource resources = getAuthorizationResource().resources();
            ResourceRepresentation resourceRepresentation = (ResourceRepresentation) resources.findByName("Protected Resource").get(0);
            resourceRepresentation.setUri("/index.jsp");
            resources.resource(resourceRepresentation.getId()).update(resourceRepresentation);
        }, () -> {
            login("jdoe", "jdoe");
            this.driver.navigate().to(getResourceServerUrl().toString() + "/enforcing/resource");
            assertWasDenied();
        });
    }

    @Test
    public void testRegularUserPermissions() throws Exception {
        performTests(() -> {
            login("alice", "alice");
            assertWasNotDenied();
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertFalse(hasText("Do  user premium thing"));
            Assert.assertFalse(hasText("Do administration thing"));
            navigateToUserPremiumPage();
            assertWasDenied();
            navigateToAdminPage();
            assertWasDenied();
        });
    }

    @Test
    public void testUserPremiumPermissions() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            assertWasNotDenied();
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertTrue(hasText("Do  user premium thing"));
            Assert.assertFalse(hasText("Do administration thing"));
            navigateToUserPremiumPage();
            assertWasNotDenied();
            navigateToAdminPage();
            assertWasDenied();
        });
    }

    @Test
    public void testAdminPermissions() throws Exception {
        performTests(() -> {
            login("admin", "admin");
            assertWasNotDenied();
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertTrue(hasText("Do administration thing"));
            Assert.assertFalse(hasText("Do  user premium thing"));
            navigateToUserPremiumPage();
            assertWasDenied();
            navigateToAdminPage();
            assertWasNotDenied();
        });
    }

    @Test
    public void testGrantPremiumAccessToUser() throws Exception {
        performTests(() -> {
            login("alice", "alice");
            assertWasNotDenied();
            navigateToUserPremiumPage();
            assertWasDenied();
            updatePermissionPolicies("Premium Resource Permission", "Any User Policy");
            login("alice", "alice");
            navigateToUserPremiumPage();
            assertWasNotDenied();
            updatePermissionPolicies("Premium Resource Permission", "Only Premium User Policy");
            login("alice", "alice");
            navigateToUserPremiumPage();
            assertWasDenied();
            createUserPolicy("Temporary Premium Access Policy", "alice");
            updatePermissionPolicies("Premium Resource Permission", "Temporary Premium Access Policy");
            login("alice", "alice");
            navigateToUserPremiumPage();
            assertWasNotDenied();
        });
    }

    @Test
    public void testGrantAdministrativePermissions() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            navigateToAdminPage();
            assertWasDenied();
            RealmResource realm = realmsResouce().realm("servlet-authz");
            UsersResource users = realm.users();
            List search = users.search("jdoe", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
            Assert.assertFalse(search.isEmpty());
            users.get(((UserRepresentation) search.get(0)).getId()).roles().realmLevel().add(Arrays.asList(realm.roles().get("admin").toRepresentation()));
            login("jdoe", "jdoe");
            navigateToAdminPage();
            assertWasNotDenied();
        });
    }

    @Test
    @Ignore
    public void testAccessPublicResource() throws Exception {
        performTests(() -> {
            this.driver.navigate().to(getResourceServerUrl() + "/public-html.html");
            WaitUtils.waitForPageToLoad();
            Assert.assertTrue(hasText("This is public resource that should be accessible without login."));
        });
    }

    @Test
    public void testRequiredRole() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasNotDenied();
            RolesResource roles = getClientResource("servlet-authz-app").roles();
            roles.create(new RoleRepresentation("required-role", "", false));
            RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
            rolePolicyRepresentation.setName("Required Role Policy");
            rolePolicyRepresentation.addRole("user_premium", false);
            rolePolicyRepresentation.addRole("servlet-authz-app/required-role", false);
            RolePoliciesResource role = getAuthorizationResource().policies().role();
            role.create(rolePolicyRepresentation);
            RolePolicyRepresentation findByName = role.findByName(rolePolicyRepresentation.getName());
            updatePermissionPolicies("Premium Resource Permission", findByName.getName());
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasNotDenied();
            findByName.getRoles().clear();
            findByName.addRole("user_premium", false);
            findByName.addRole("servlet-authz-app/required-role", true);
            role.findById(findByName.getId()).update(findByName);
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasDenied();
            UsersResource users = realmsResouce().realm("servlet-authz").users();
            RoleScopeResource clientLevel = users.get(((UserRepresentation) users.search("jdoe").get(0)).getId()).roles().clientLevel(getClientResource("servlet-authz-app").toRepresentation().getId());
            RoleRepresentation representation = roles.get("required-role").toRepresentation();
            clientLevel.add(Arrays.asList(representation));
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasNotDenied();
            findByName.getRoles().clear();
            findByName.addRole("user_premium", false);
            findByName.addRole("servlet-authz-app/required-role", false);
            role.findById(findByName.getId()).update(findByName);
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasNotDenied();
            clientLevel.remove(Arrays.asList(representation));
            login("jdoe", "jdoe");
            navigateToUserPremiumPage();
            assertWasNotDenied();
        });
    }

    @Test
    public void testOnlySpecificClient() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            assertWasNotDenied();
            ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
            clientPolicyRepresentation.setName("Only Client Policy");
            clientPolicyRepresentation.addClient(new String[]{"admin-cli"});
            ClientPoliciesResource client = getAuthorizationResource().policies().client();
            client.create(clientPolicyRepresentation).close();
            ClientPolicyRepresentation findByName = client.findByName(clientPolicyRepresentation.getName());
            updatePermissionPolicies("Protected Resource Permission", findByName.getName());
            login("jdoe", "jdoe");
            assertWasDenied();
            findByName.addClient(new String[]{"servlet-authz-app"});
            client.findById(findByName.getId()).update(findByName);
            login("jdoe", "jdoe");
            assertWasNotDenied();
        });
    }

    @Test
    public void testAccessResourceWithAnyScope() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            this.driver.navigate().to(getResourceServerUrl() + "/protected/scopes.jsp");
            WaitUtils.waitForPageToLoad();
            Assert.assertTrue(hasText("Granted"));
        });
    }

    @Test
    public void testMultipleURLsForResourceRealmConfig() throws Exception {
        performTests(() -> {
            login("jdoe", "jdoe");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index1.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource1 index1.jsp");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index2.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource1 index2.jsp");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern1/page.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource2/pattern1");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern2/page.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource2/pattern2");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/test");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/sub-resource2/test");
            updatePermissionPolicies("Permission for multiple url resource", "Deny Policy");
            login("jdoe", "jdoe");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index1.jsp");
            ((StringMatcher) WaitUtils.waitUntilElement(By.tagName("h2")).text().not()).contains("sub-resource1 index1.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("You can not access this resource.");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index2.jsp");
            ((StringMatcher) WaitUtils.waitUntilElement(By.tagName("h2")).text().not()).contains("sub-resource1 index2.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("You can not access this resource.");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern1/page.jsp");
            ((StringMatcher) WaitUtils.waitUntilElement(By.tagName("h2")).text().not()).contains("sub-resource2/pattern1");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("You can not access this resource.");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern2/page.jsp");
            ((StringMatcher) WaitUtils.waitUntilElement(By.tagName("h2")).text().not()).contains("sub-resource2/pattern2");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("You can not access this resource.");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/test");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/sub-resource2/test");
            updatePermissionPolicies("Permission for multiple url resource", "All Users Policy");
            login("jdoe", "jdoe");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index1.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource1 index1.jsp");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource1/index2.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource1 index2.jsp");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern1/page.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource2/pattern1");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/pattern2/page.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("sub-resource2/pattern2");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/test");
            this.driver.navigate().to(getResourceServerUrl() + "/keycloak-7269/sub-resource2/test.jsp");
            WaitUtils.waitUntilElement(By.tagName("h2")).text().contains("keycloak-7269/sub-resource2/test");
        });
    }
}
