package org.keycloak.testsuite.oauth;

import java.lang.invoke.SerializedLambda;
import java.net.URI;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.util.HashMap;
import java.util.List;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.TokenVerifier;
import org.keycloak.authorization.model.Policy;
import org.keycloak.common.Profile;
import org.keycloak.common.util.Base64Url;
import org.keycloak.dom.saml.v2.assertion.AssertionType;
import org.keycloak.dom.saml.v2.assertion.AudienceRestrictionType;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ImpersonationConstants;
import org.keycloak.models.ImpersonationSessionNote;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.protocol.oidc.mappers.UserSessionNoteMapper;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.saml.common.util.DocumentUtil;
import org.keycloak.saml.processing.core.parsers.saml.SAMLParser;
import org.keycloak.saml.processing.core.saml.v2.util.AssertionUtil;
import org.keycloak.saml.processing.core.util.XMLEncryptionUtil;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.KeyUtils;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.util.BasicAuthHelper;
import org.w3c.dom.Document;
import org.w3c.dom.Element;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
@EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test.class */
public class ClientTokenExchangeSAML2Test extends AbstractKeycloakTest {
    private static final String SAML_SIGNED_TARGET = "http://localhost:8080/saml-signed-assertion/";
    private static final String SAML_ENCRYPTED_TARGET = "http://localhost:8080/saml-encrypted-assertion/";
    private static final String SAML_SIGNED_AND_ENCRYPTED_TARGET = "http://localhost:8080/saml-signed-and-encrypted-assertion/";
    private static final String SAML_UNSIGNED_AND_UNENCRYPTED_TARGET = "http://localhost:8080/saml-unsigned-and-unencrypted-assertion/";
    private static final String REALM_PRIVATE_KEY = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=";
    private static final String REALM_PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
    private static final String ENCRYPTION_CERTIFICATE = "MIIB1DCCAT0CBgFJGVacCDANBgkqhkiG9w0BAQsFADAwMS4wLAYDVQQDEyVodHRwOi8vbG9jYWxob3N0OjgwODAvc2FsZXMtcG9zdC1lbmMvMB4XDTE0MTAxNjE0MjA0NloXDTI0MTAxNjE0MjIyNlowMDEuMCwGA1UEAxMlaHR0cDovL2xvY2FsaG9zdDo4MDgwL3NhbGVzLXBvc3QtZW5jLzCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA2+5MCT5BnVN+IYnKZcH6ev1pjXGi4feE0nOycq/VJ3aeaZMi4G9AxOxCBPupErOC7Kgm/Bw5AdJyw+Q12wSRXfJ9FhqCrLXpb7YOhbVSTJ8De5O8mW35DxAlh/cxe9FXjqPb286wKTUZ3LfGYR+X235UQeCTAPS/Ufi21EXaEikCAwEAATANBgkqhkiG9w0BAQsFAAOBgQBMrfGD9QFfx5v7ld/OAto5rjkTe3R1Qei8XRXfcs83vLaqEzjEtTuLGrJEi55kXuJgBpVmQpnwCCkkjSy0JxbqLDdVi9arfWUxEGmOr01ZHycELhDNaQcFqVMPr5kRHIHgktT8hK2IgCvd3Fy9/JCgUgCPxKfhwecyEOKxUc857g==";
    private static final String ENCRYPTION_PRIVATE_KEY = "MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t";

    @Rule
    public AssertEvents events = new AssertEvents(this);

    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setId("test");
        realmRepresentation.setRealm("test");
        realmRepresentation.setEnabled(true);
        realmRepresentation.setPrivateKey("MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=");
        realmRepresentation.setPublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB");
        realmRepresentation.setAccessCodeLifespan(60);
        list.add(realmRepresentation);
    }

    public static void setupRealm(KeycloakSession keycloakSession) {
        addTargetClients(keycloakSession);
        addDirectExchanger(keycloakSession);
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        RoleModel role = realmByName.getRole("example");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        RoleModel role2 = management.getRealmManagementClient().getRole(ImpersonationConstants.IMPERSONATION_ROLE);
        ClientModel addClient = realmByName.addClient("client-exchanger");
        addClient.setClientId("client-exchanger");
        addClient.setPublicClient(false);
        addClient.setDirectAccessGrantsEnabled(true);
        addClient.setEnabled(true);
        addClient.setSecret("secret");
        addClient.setProtocol("openid-connect");
        addClient.setFullScopeAllowed(false);
        addClient.addScopeMapping(role2);
        addClient.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(ImpersonationSessionNote.IMPERSONATOR_ID));
        addClient.addProtocolMapper(UserSessionNoteMapper.createUserSessionNoteMapper(ImpersonationSessionNote.IMPERSONATOR_USERNAME));
        ClientModel addClient2 = realmByName.addClient("illegal");
        addClient2.setClientId("illegal");
        addClient2.setPublicClient(false);
        addClient2.setDirectAccessGrantsEnabled(true);
        addClient2.setEnabled(true);
        addClient2.setSecret("secret");
        addClient2.setProtocol("openid-connect");
        addClient2.setFullScopeAllowed(false);
        ClientModel addClient3 = realmByName.addClient("legal");
        addClient3.setClientId("legal");
        addClient3.setPublicClient(false);
        addClient3.setDirectAccessGrantsEnabled(true);
        addClient3.setEnabled(true);
        addClient3.setSecret("secret");
        addClient3.setProtocol("openid-connect");
        addClient3.setFullScopeAllowed(false);
        ClientModel addClient4 = realmByName.addClient("direct-legal");
        addClient4.setClientId("direct-legal");
        addClient4.setPublicClient(false);
        addClient4.setDirectAccessGrantsEnabled(true);
        addClient4.setEnabled(true);
        addClient4.setSecret("secret");
        addClient4.setProtocol("openid-connect");
        addClient4.setFullScopeAllowed(false);
        ClientModel addClient5 = realmByName.addClient("direct-public");
        addClient5.setClientId("direct-public");
        addClient5.setPublicClient(true);
        addClient5.setDirectAccessGrantsEnabled(true);
        addClient5.setEnabled(true);
        addClient5.setProtocol("openid-connect");
        addClient5.setFullScopeAllowed(false);
        ClientModel addClient6 = realmByName.addClient("direct-no-secret");
        addClient6.setClientId("direct-no-secret");
        addClient6.setPublicClient(false);
        addClient6.setDirectAccessGrantsEnabled(true);
        addClient6.setEnabled(true);
        addClient6.setProtocol("openid-connect");
        addClient6.setFullScopeAllowed(false);
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setName("to");
        clientPolicyRepresentation.addClient(new String[]{addClient.getId()});
        clientPolicyRepresentation.addClient(new String[]{addClient3.getId()});
        clientPolicyRepresentation.addClient(new String[]{addClient4.getId()});
        ClientModel clientByClientId = realmByName.getClientByClientId(SAML_SIGNED_TARGET);
        ClientModel clientByClientId2 = realmByName.getClientByClientId(SAML_ENCRYPTED_TARGET);
        ClientModel clientByClientId3 = realmByName.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET);
        ClientModel clientByClientId4 = realmByName.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
        Assert.assertNotNull(clientByClientId);
        Assert.assertNotNull(clientByClientId2);
        Assert.assertNotNull(clientByClientId3);
        Assert.assertNotNull(clientByClientId4);
        Policy create = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRepresentation, management.realmResourceServer());
        management.clients().exchangeToPermission(clientByClientId).addAssociatedPolicy(create);
        management.clients().exchangeToPermission(clientByClientId2).addAssociatedPolicy(create);
        management.clients().exchangeToPermission(clientByClientId3).addAssociatedPolicy(create);
        management.clients().exchangeToPermission(clientByClientId4).addAssociatedPolicy(create);
        ClientPolicyRepresentation clientPolicyRepresentation2 = new ClientPolicyRepresentation();
        clientPolicyRepresentation2.setName("clientImpersonators");
        clientPolicyRepresentation2.addClient(new String[]{addClient4.getId()});
        clientPolicyRepresentation2.addClient(new String[]{addClient5.getId()});
        clientPolicyRepresentation2.addClient(new String[]{addClient6.getId()});
        Policy create2 = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRepresentation2, management.realmResourceServer());
        management.users().setPermissionsEnabled(true);
        management.users().adminImpersonatingPermission().addAssociatedPolicy(create2);
        management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        UserModel addUser = keycloakSession.users().addUser(realmByName, "user");
        addUser.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
        addUser.grantRole(role);
        addUser.grantRole(role2);
        UserModel addUser2 = keycloakSession.users().addUser(realmByName, "bad-impersonator");
        addUser2.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser2, UserCredentialModel.password("password"));
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    protected boolean isImportAfterEachMethod() {
        return true;
    }

    @Test
    @UncaughtServerErrorExpected
    public void testExchangeToSAML2SignedAssertion() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        String accessToken = this.oauth.doGrantAccessTokenRequest("secret", "user", "password").getAccessToken();
        AccessToken token = TokenVerifier.create(accessToken, AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "user");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        OAuthClient.AccessTokenResponse doTokenExchange = this.oauth.doTokenExchange("test", accessToken, SAML_SIGNED_TARGET, "client-exchanger", "secret", hashMap);
        String str = new String(Base64Url.decode(doTokenExchange.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange.getIssuedTokenType());
        Element documentElement = DocumentUtil.getDocument(str).getDocumentElement();
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignedElement(documentElement));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(documentElement);
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignatureValid(documentElement, publicKeyFromString("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")));
        org.keycloak.testsuite.Assert.assertEquals(60L, doTokenExchange.getExpiresIn());
        org.keycloak.testsuite.Assert.assertEquals(SAML_SIGNED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
        OAuthClient.AccessTokenResponse doTokenExchange2 = this.oauth.doTokenExchange("test", accessToken, SAML_SIGNED_TARGET, "legal", "secret", hashMap);
        String str2 = new String(Base64Url.decode(doTokenExchange2.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange2.getIssuedTokenType());
        Element documentElement2 = DocumentUtil.getDocument(str2).getDocumentElement();
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignedElement(documentElement2));
        AssertionType assertionType2 = (AssertionType) SAMLParser.getInstance().parse(documentElement2);
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignatureValid(documentElement2, publicKeyFromString("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")));
        org.keycloak.testsuite.Assert.assertEquals(SAML_SIGNED_TARGET, ((URI) ((AudienceRestrictionType) assertionType2.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("user", assertionType2.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType2, (List) null).contains("example"));
        org.keycloak.testsuite.Assert.assertEquals(403L, this.oauth.doTokenExchange("test", accessToken, SAML_SIGNED_TARGET, "illegal", "secret", hashMap).getStatusCode());
    }

    @Test
    @UncaughtServerErrorExpected
    public void testExchangeToSAML2EncryptedAssertion() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        String accessToken = this.oauth.doGrantAccessTokenRequest("secret", "user", "password").getAccessToken();
        AccessToken token = TokenVerifier.create(accessToken, AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "user");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        OAuthClient.AccessTokenResponse doTokenExchange = this.oauth.doTokenExchange("test", accessToken, SAML_ENCRYPTED_TARGET, "client-exchanger", "secret", hashMap);
        String str = new String(Base64Url.decode(doTokenExchange.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange.getIssuedTokenType());
        Element decryptElementInDocument = XMLEncryptionUtil.decryptElementInDocument(DocumentUtil.getDocument(str), privateKeyFromString("MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t"));
        org.keycloak.testsuite.Assert.assertFalse(AssertionUtil.isSignedElement(decryptElementInDocument));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(decryptElementInDocument);
        org.keycloak.testsuite.Assert.assertEquals(30L, doTokenExchange.getExpiresIn());
        org.keycloak.testsuite.Assert.assertEquals(SAML_ENCRYPTED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
    }

    @Test
    @UncaughtServerErrorExpected
    public void testExchangeToSAML2SignedAndEncryptedAssertion() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        String accessToken = this.oauth.doGrantAccessTokenRequest("secret", "user", "password").getAccessToken();
        AccessToken token = TokenVerifier.create(accessToken, AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "user");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        OAuthClient.AccessTokenResponse doTokenExchange = this.oauth.doTokenExchange("test", accessToken, SAML_SIGNED_AND_ENCRYPTED_TARGET, "client-exchanger", "secret", hashMap);
        String str = new String(Base64Url.decode(doTokenExchange.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange.getIssuedTokenType());
        Element decryptElementInDocument = XMLEncryptionUtil.decryptElementInDocument(DocumentUtil.getDocument(str), privateKeyFromString("MIICXQIBAAKBgQDb7kwJPkGdU34hicplwfp6/WmNcaLh94TSc7Jyr9Undp5pkyLgb0DE7EIE+6kSs4LsqCb8HDkB0nLD5DXbBJFd8n0WGoKstelvtg6FtVJMnwN7k7yZbfkPECWH9zF70VeOo9vbzrApNRnct8ZhH5fbflRB4JMA9L9R+LbURdoSKQIDAQABAoGBANtbZG9bruoSGp2s5zhzLzd4hczT6Jfk3o9hYjzNb5Z60ymN3Z1omXtQAdEiiNHkRdNxK+EM7TcKBfmoJqcaeTkW8cksVEAW23ip8W9/XsLqmbU2mRrJiKa+KQNDSHqJi1VGyimi4DDApcaqRZcaKDFXg2KDr/Qt5JFD/o9IIIPZAkEA+ZENdBIlpbUfkJh6Ln+bUTss/FZ1FsrcPZWu13rChRMrsmXsfzu9kZUWdUeQ2Dj5AoW2Q7L/cqdGXS7Mm5XhcwJBAOGZq9axJY5YhKrsksvYRLhQbStmGu5LG75suF+rc/44sFq+aQM7+oeRr4VY88Mvz7mk4esdfnk7ae+cCazqJvMCQQCx1L1cZw3yfRSn6S6u8XjQMjWE/WpjulujeoRiwPPY9WcesOgLZZtYIH8nRL6ehEJTnMnahbLmlPFbttxPRUanAkA11MtSIVcKzkhp2KV2ipZrPJWwI18NuVJXb+3WtjypTrGWFZVNNkSjkLnHIeCYlJIGhDd8OL9zAiBXEm6kmgLNAkBWAg0tK2hCjvzsaA505gWQb4X56uKWdb0IzN+fOLB3Qt7+fLqbVQNQoNGzqey6B4MoS1fUKAStqdGTFYPG/+9t"));
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignedElement(decryptElementInDocument));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(decryptElementInDocument);
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignatureValid(decryptElementInDocument, publicKeyFromString("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")));
        org.keycloak.testsuite.Assert.assertEquals(SAML_SIGNED_AND_ENCRYPTED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
    }

    @Test
    @UncaughtServerErrorExpected
    public void testExchangeToSAML2UnsignedAndUnencryptedAssertion() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        String accessToken = this.oauth.doGrantAccessTokenRequest("secret", "user", "password").getAccessToken();
        AccessToken token = TokenVerifier.create(accessToken, AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "user");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        OAuthClient.AccessTokenResponse doTokenExchange = this.oauth.doTokenExchange("test", accessToken, SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, "client-exchanger", "secret", hashMap);
        String str = new String(Base64Url.decode(doTokenExchange.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange.getIssuedTokenType());
        Document document = DocumentUtil.getDocument(str);
        org.keycloak.testsuite.Assert.assertFalse(AssertionUtil.isSignedElement(document.getDocumentElement()));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(document);
        org.keycloak.testsuite.Assert.assertEquals(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
    }

    @Test
    @UncaughtServerErrorExpected
    public void testImpersonation() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        String accessToken = this.oauth.doGrantAccessTokenRequest("secret", "user", "password").getAccessToken();
        AccessToken token = TokenVerifier.create(accessToken, AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "user");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        hashMap.put("requested_subject", "impersonated-user");
        OAuthClient.AccessTokenResponse doTokenExchange = this.oauth.doTokenExchange("test", accessToken, SAML_SIGNED_TARGET, "client-exchanger", "secret", hashMap);
        String str = new String(Base64Url.decode(doTokenExchange.getAccessToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", doTokenExchange.getIssuedTokenType());
        Element documentElement = DocumentUtil.getDocument(str).getDocumentElement();
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignedElement(documentElement));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(documentElement);
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignatureValid(documentElement, publicKeyFromString("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")));
        org.keycloak.testsuite.Assert.assertEquals(SAML_SIGNED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("impersonated-user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
    }

    @Test
    @UncaughtServerErrorExpected
    public void testBadImpersonator() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        this.oauth.realm("test");
        this.oauth.clientId("client-exchanger");
        AccessToken token = TokenVerifier.create(this.oauth.doGrantAccessTokenRequest("secret", "bad-impersonator", "password").getAccessToken(), AccessToken.class).parse().getToken();
        org.keycloak.testsuite.Assert.assertEquals(token.getPreferredUsername(), "bad-impersonator");
        org.keycloak.testsuite.Assert.assertTrue(token.getRealmAccess() == null || !token.getRealmAccess().isUserInRole("example"));
        HashMap hashMap = new HashMap();
        hashMap.put("requested_token_type", "urn:ietf:params:oauth:token-type:saml2");
        hashMap.put("requested_subject", "impersonated-user");
        org.keycloak.testsuite.Assert.assertEquals(403L, this.oauth.doTokenExchange("test", r0, SAML_SIGNED_TARGET, "client-exchanger", "secret", hashMap).getStatusCode());
    }

    @Test
    @UncaughtServerErrorExpected
    public void testDirectImpersonation() throws Exception {
        this.testingClient.server().run(ClientTokenExchangeSAML2Test::setupRealm);
        WebTarget path = AdminClientUtil.createResteasyClient().target(OAuthClient.AUTH_SERVER_ROOT).path("/realms").path("test").path("protocol/openid-connect/token");
        System.out.println("Exchange url: " + path.getUri().toString());
        Response post = path.request().header("Authorization", BasicAuthHelper.createHeader("direct-legal", "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("requested_token_type", "urn:ietf:params:oauth:token-type:saml2").param("requested_subject", "impersonated-user").param("audience", SAML_SIGNED_TARGET)));
        org.keycloak.testsuite.Assert.assertEquals(200L, post.getStatus());
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) post.readEntity(AccessTokenResponse.class);
        post.close();
        String str = new String(Base64Url.decode(accessTokenResponse.getToken()), "UTF-8");
        org.keycloak.testsuite.Assert.assertEquals("urn:ietf:params:oauth:token-type:saml2", accessTokenResponse.getOtherClaims().get("issued_token_type"));
        Element documentElement = DocumentUtil.getDocument(str).getDocumentElement();
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignedElement(documentElement));
        AssertionType assertionType = (AssertionType) SAMLParser.getInstance().parse(documentElement);
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.isSignatureValid(documentElement, publicKeyFromString("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB")));
        org.keycloak.testsuite.Assert.assertEquals(SAML_SIGNED_TARGET, ((URI) ((AudienceRestrictionType) assertionType.getConditions().getConditions().get(0)).getAudience().get(0)).toString());
        org.keycloak.testsuite.Assert.assertEquals("impersonated-user", assertionType.getSubject().getSubType().getBaseID().getValue());
        org.keycloak.testsuite.Assert.assertTrue(AssertionUtil.getRoles(assertionType, (List) null).contains("example"));
        Response post2 = path.request().header("Authorization", BasicAuthHelper.createHeader("direct-public", "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("requested_token_type", "urn:ietf:params:oauth:token-type:saml2").param("requested_subject", "impersonated-user").param("audience", SAML_SIGNED_TARGET)));
        org.keycloak.testsuite.Assert.assertEquals(403L, post2.getStatus());
        post2.close();
        Response post3 = path.request().header("Authorization", BasicAuthHelper.createHeader("direct-no-secret", "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("requested_token_type", "urn:ietf:params:oauth:token-type:saml2").param("requested_subject", "impersonated-user").param("audience", SAML_SIGNED_TARGET)));
        org.keycloak.testsuite.Assert.assertTrue(post3.getStatus() >= 400);
        post3.close();
    }

    private static void addTargetClients(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        ClientModel addClient = realmByName.addClient(SAML_SIGNED_TARGET);
        addClient.setClientId(SAML_SIGNED_TARGET);
        addClient.setEnabled(true);
        addClient.setProtocol("saml");
        addClient.setFullScopeAllowed(true);
        addClient.setAttribute("saml.authnstatement", "true");
        addClient.setAttribute("saml_assertion_consumer_url_post", "http://localhost:8080/saml-signed-assertion/endpoint");
        addClient.setAttribute("saml_name_id_format", "username");
        addClient.setAttribute("saml.assertion.signature", "true");
        addClient.setAttribute("saml.server.signature", "true");
        addClient.setAttribute("saml.encrypt", "false");
        ClientModel addClient2 = realmByName.addClient(SAML_ENCRYPTED_TARGET);
        addClient2.setClientId(SAML_ENCRYPTED_TARGET);
        addClient2.setEnabled(true);
        addClient2.setProtocol("saml");
        addClient2.setFullScopeAllowed(true);
        addClient2.setAttribute("saml.authnstatement", "true");
        addClient2.setAttribute("saml_assertion_consumer_url_post", "http://localhost:8080/saml-encrypted-assertion/endpoint");
        addClient2.setAttribute("saml_name_id_format", "username");
        addClient2.setAttribute("saml.assertion.signature", "false");
        addClient2.setAttribute("saml.server.signature", "true");
        addClient2.setAttribute("saml.encrypt", "true");
        addClient2.setAttribute("saml.encryption.certificate", ENCRYPTION_CERTIFICATE);
        addClient2.setAttribute("saml.assertion.lifespan", "30");
        ClientModel addClient3 = realmByName.addClient(SAML_SIGNED_AND_ENCRYPTED_TARGET);
        addClient3.setClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET);
        addClient3.setEnabled(true);
        addClient3.setProtocol("saml");
        addClient3.setFullScopeAllowed(true);
        addClient3.setAttribute("saml.authnstatement", "true");
        addClient3.setAttribute("saml_assertion_consumer_url_post", "http://localhost:8080/saml-signed-and-encrypted-assertion/endpoint");
        addClient3.setAttribute("saml_name_id_format", "username");
        addClient3.setAttribute("saml.assertion.signature", "true");
        addClient3.setAttribute("saml.server.signature", "true");
        addClient3.setAttribute("saml.encrypt", "true");
        addClient3.setAttribute("saml.encryption.certificate", ENCRYPTION_CERTIFICATE);
        ClientModel addClient4 = realmByName.addClient(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
        addClient4.setClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET);
        addClient4.setEnabled(true);
        addClient4.setProtocol("saml");
        addClient4.setFullScopeAllowed(true);
        addClient4.setAttribute("saml.authnstatement", "true");
        addClient4.setAttribute("saml_assertion_consumer_url_post", "http://localhost:8080/saml-unsigned-and-unencrypted-assertion/endpoint");
        addClient4.setAttribute("saml_name_id_format", "username");
        addClient4.setAttribute("saml.assertion.signature", "false");
        addClient4.setAttribute("saml.server.signature", "true");
        addClient4.setAttribute("saml.encrypt", "false");
    }

    private static void addDirectExchanger(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        RoleModel addRole = realmByName.addRole("example");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        ClientModel addClient = realmByName.addClient("direct-exchanger");
        addClient.setName("direct-exchanger");
        addClient.setClientId("direct-exchanger");
        addClient.setPublicClient(false);
        addClient.setDirectAccessGrantsEnabled(true);
        addClient.setEnabled(true);
        addClient.setSecret("secret");
        addClient.setProtocol("openid-connect");
        addClient.setFullScopeAllowed(false);
        management.clients().setPermissionsEnabled(realmByName.getClientByClientId(SAML_SIGNED_TARGET), true);
        management.clients().setPermissionsEnabled(realmByName.getClientByClientId(SAML_ENCRYPTED_TARGET), true);
        management.clients().setPermissionsEnabled(realmByName.getClientByClientId(SAML_SIGNED_AND_ENCRYPTED_TARGET), true);
        management.clients().setPermissionsEnabled(realmByName.getClientByClientId(SAML_UNSIGNED_AND_UNENCRYPTED_TARGET), true);
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setName("clientImpersonatorsDirect");
        clientPolicyRepresentation.addClient(new String[]{addClient.getId()});
        Policy create = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRepresentation, management.realmResourceServer());
        management.users().setPermissionsEnabled(true);
        management.users().adminImpersonatingPermission().addAssociatedPolicy(create);
        management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        UserModel addUser = keycloakSession.users().addUser(realmByName, "impersonated-user");
        addUser.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
        addUser.grantRole(addRole);
    }

    private PublicKey publicKeyFromString(String str) {
        return KeyUtils.publicKeyFromString(str);
    }

    private PrivateKey privateKeyFromString(String str) {
        return KeyUtils.privateKeyFromString(str);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 1058059794:
                if (implMethodName.equals("setupRealm")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/oauth/ClientTokenExchangeSAML2Test") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return ClientTokenExchangeSAML2Test::setupRealm;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
