package org.keycloak.testsuite.exportimport;

import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.function.Function;
import java.util.function.Predicate;
import java.util.stream.Collectors;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientScopeResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.common.Profile;
import org.keycloak.models.credential.dto.PasswordCredentialData;
import org.keycloak.representations.idm.AuthenticationFlowRepresentation;
import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.FederatedIdentityRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.storage.UserStorageProvider;
import org.keycloak.storage.ldap.mappers.LDAPStorageMapper;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.client.KeycloakTestingClient;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/exportimport/ExportImportUtil.class */
public class ExportImportUtil {
    public static void assertDataImportedInRealm(Keycloak keycloak, KeycloakTestingClient keycloakTestingClient, RealmRepresentation realmRepresentation) throws IOException {
        Assert.assertTrue(realmRepresentation.isVerifyEmail().booleanValue());
        Assert.assertEquals(3600000, realmRepresentation.getOfflineSessionIdleTimeout());
        Assert.assertEquals(1500, realmRepresentation.getAccessTokenLifespanForImplicitFlow());
        Assert.assertEquals(1800, realmRepresentation.getSsoSessionIdleTimeout());
        Assert.assertEquals(36000, realmRepresentation.getSsoSessionMaxLifespan());
        Assert.assertEquals(3600, realmRepresentation.getSsoSessionIdleTimeoutRememberMe());
        Assert.assertEquals(172800, realmRepresentation.getSsoSessionMaxLifespanRememberMe());
        Set requiredCredentials = realmRepresentation.getRequiredCredentials();
        Assert.assertEquals(1L, requiredCredentials.size());
        Assert.assertEquals("password", (String) requiredCredentials.iterator().next());
        RealmResource realm = keycloak.realm(realmRepresentation.getRealm());
        Assert.assertNotNull(findByUsername(realm, "loginclient"));
        Assert.assertEquals(0L, realm.users().get(r0.getId()).getFederatedIdentity().size());
        Assert.assertEquals(10L, realm.clients().findAll().size());
        ClientRepresentation representation = ApiUtil.findClientByClientId(realm, "Application").toRepresentation();
        ClientRepresentation representation2 = ApiUtil.findClientByClientId(realm, "OtherApp").toRepresentation();
        ClientRepresentation representation3 = ApiUtil.findClientByClientId(realm, BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).toRepresentation();
        ClientRepresentation representation4 = ApiUtil.findClientByClientId(realm, "test-app-authz").toRepresentation();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(realm, "NonExisting");
        Assert.assertNotNull(representation);
        Assert.assertNotNull(representation2);
        Assert.assertNull(findClientByClientId);
        List findAll = realm.clients().findAll();
        Assert.assertEquals(10L, findAll.size());
        Assert.assertTrue(hasClient(findAll, representation));
        Assert.assertTrue(hasClient(findAll, representation2));
        Assert.assertTrue(hasClient(findAll, representation3));
        Assert.assertEquals("Applicationn", representation.getName());
        Assert.assertEquals(50, representation.getNodeReRegistrationTimeout());
        Map registeredNodes = representation.getRegisteredNodes();
        Assert.assertEquals(2L, registeredNodes.size());
        Assert.assertTrue(10 == ((Integer) registeredNodes.get("node1")).intValue());
        Assert.assertTrue(20 == ((Integer) registeredNodes.get("172.10.15.20")).intValue());
        Assert.assertEquals("client-secret", representation.getClientAuthenticatorType());
        Assert.assertEquals("client-jwt", representation2.getClientAuthenticatorType());
        Map authenticationFlowBindingOverrides = representation2.getAuthenticationFlowBindingOverrides();
        Assert.assertNotNull(authenticationFlowBindingOverrides);
        Assert.assertEquals(1L, authenticationFlowBindingOverrides.size());
        Assert.assertTrue(authenticationFlowBindingOverrides.containsKey("browser"));
        AuthenticationFlowRepresentation flow = realm.flows().getFlow((String) authenticationFlowBindingOverrides.get("browser"));
        Assert.assertNotNull(flow);
        Assert.assertEquals("browser", flow.getAlias());
        Assert.assertNull(ApiUtil.findClientResourceById(realm, "982734"));
        Assert.assertEquals(representation.getId(), ApiUtil.findClientResourceById(realm, representation.getId()).toRepresentation().getId());
        UserRepresentation findByUsername = findByUsername(realm, "admin");
        Assert.assertNull(findByUsername.getCreatedTimestamp());
        Set<RoleRepresentation> allRoles = allRoles(realm, findByUsername);
        Assert.assertEquals(3L, allRoles.size());
        Assert.assertTrue(containsRole(allRoles, findRealmRole(realm, "admin")));
        Assert.assertTrue(containsRole(allRoles, findClientRole(realm, representation.getId(), "app-admin")));
        Assert.assertTrue(containsRole(allRoles, findClientRole(realm, representation2.getId(), "otherapp-admin")));
        UserRepresentation findByUsername2 = findByUsername(realm, "wburke");
        Assert.assertEquals(new Long(123654L), findByUsername2.getCreatedTimestamp());
        Set<RoleRepresentation> allRoles2 = allRoles(realm, findByUsername2);
        Assert.assertEquals(2L, allRoles2.size());
        Assert.assertFalse(containsRole(allRoles2, findRealmRole(realm, "admin")));
        Assert.assertTrue(containsRole(allRoles2, findClientRole(realm, representation.getId(), "app-user")));
        Assert.assertTrue(containsRole(allRoles2, findClientRole(realm, representation2.getId(), "otherapp-user")));
        Assert.assertNull(realm.users().get(findByUsername2.getId()).roles().getAll().getRealmMappings());
        Assert.assertEquals(159, findByUsername2.getNotBefore());
        Assert.assertEquals(new Long(123655L), findByUsername(realm, "loginclient").getCreatedTimestamp());
        Assert.assertEquals(1234L, ((PasswordCredentialData) JsonSerialization.readValue(((CredentialRepresentation) realm.users().get(findByUsername(realm, "hashedpassworduser").getId()).credentials().stream().filter(credentialRepresentation -> {
            return "password".equals(credentialRepresentation.getType());
        }).findFirst().get()).getCredentialData(), PasswordCredentialData.class)).getHashIterations());
        List<RoleRepresentation> realmRolesForUser = realmRolesForUser(realm, findByUsername);
        Assert.assertEquals(1L, realmRolesForUser.size());
        Assert.assertEquals("admin", realmRolesForUser.iterator().next().getName());
        List<RoleRepresentation> clientRolesForUser = clientRolesForUser(realm, representation, findByUsername);
        Assert.assertEquals(1L, clientRolesForUser.size());
        Assert.assertEquals("app-admin", clientRolesForUser.iterator().next().getName());
        Map attributes = findByUsername2.getAttributes();
        Assert.assertEquals(1L, attributes.size());
        List list = (List) attributes.get("old-email");
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals("bburke@redhat.com", list.get(0));
        Map attributes2 = findByUsername.getAttributes();
        Assert.assertEquals(2L, attributes2.size());
        List list2 = (List) attributes2.get("key1");
        Assert.assertEquals(1L, list2.size());
        Assert.assertEquals("val1", list2.get(0));
        List list3 = (List) attributes2.get("key2");
        Assert.assertEquals(2L, list3.size());
        Assert.assertTrue(list3.contains("val21") && list3.contains("val22"));
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(realm, "oauthclient");
        ClientRepresentation representation5 = findClientResourceByClientId.toRepresentation();
        Assert.assertEquals("clientpassword", findClientResourceByClientId.getSecret().getValue());
        Assert.assertTrue(representation5.isEnabled().booleanValue());
        Assert.assertNotNull(representation5);
        Set<RoleRepresentation> allScopeMappings = allScopeMappings(findClientResourceByClientId);
        Assert.assertEquals(2L, allScopeMappings.size());
        Assert.assertTrue(containsRole(allScopeMappings, findRealmRole(realm, "admin")));
        Assert.assertTrue(containsRole(allScopeMappings, findClientRole(realm, representation.getId(), "app-user")));
        Assert.assertTrue(containsRole(realmScopeMappings(findClientResourceByClientId), findRealmRole(realm, "admin")));
        Assert.assertTrue(containsRole(clientScopeMappings(findClientResourceByClientId), findClientRole(realm, representation.getId(), "app-user")));
        UserResource userResource = realm.users().get(findByUsername(realm, "mySocialUser").getId());
        List<FederatedIdentityRepresentation> federatedIdentity = userResource.getFederatedIdentity();
        Assert.assertEquals(3L, federatedIdentity.size());
        boolean z = false;
        boolean z2 = false;
        boolean z3 = false;
        FederatedIdentityRepresentation federatedIdentityRepresentation = null;
        for (FederatedIdentityRepresentation federatedIdentityRepresentation2 : federatedIdentity) {
            if ("facebook1".equals(federatedIdentityRepresentation2.getIdentityProvider())) {
                z = true;
                federatedIdentityRepresentation = federatedIdentityRepresentation2;
                Assert.assertEquals("facebook1", federatedIdentityRepresentation2.getUserId());
                Assert.assertEquals("fbuser1", federatedIdentityRepresentation2.getUserName());
            } else if ("google1".equals(federatedIdentityRepresentation2.getIdentityProvider())) {
                z2 = true;
                Assert.assertEquals("google1", federatedIdentityRepresentation2.getUserId());
                Assert.assertEquals("mysocialuser@gmail.com", federatedIdentityRepresentation2.getUserName());
            } else if ("twitter1".equals(federatedIdentityRepresentation2.getIdentityProvider())) {
                z3 = true;
                Assert.assertEquals("twitter1", federatedIdentityRepresentation2.getUserId());
                Assert.assertEquals("twuser1", federatedIdentityRepresentation2.getUserName());
            }
        }
        Assert.assertTrue(z && z3 && z2);
        Assert.assertEquals(keycloakTestingClient.testing().getUserByFederatedIdentity(realmRepresentation.getRealm(), "facebook1", "facebook1", "fbuser1").getUsername(), userResource.toRepresentation().getUsername());
        Assert.assertNull(keycloakTestingClient.testing().getUserByFederatedIdentity(realmRepresentation.getRealm(), "facebook", "not-existing", "not-existing"));
        Assert.assertEquals("facebook1", federatedIdentityRepresentation.getUserId());
        Assert.assertEquals("fbuser1", federatedIdentityRepresentation.getUserName());
        Assert.assertEquals("facebook1", federatedIdentityRepresentation.getIdentityProvider());
        userResource.removeFederatedIdentity("facebook1");
        Assert.assertEquals(2L, userResource.getFederatedIdentity().size());
        userResource.addFederatedIdentity("facebook1", federatedIdentityRepresentation);
        Assert.assertEquals(3L, userResource.getFederatedIdentity().size());
        Map smtpServer = realmRepresentation.getSmtpServer();
        Assert.assertTrue(smtpServer.size() == 3);
        Assert.assertEquals("auto@keycloak.org", smtpServer.get("from"));
        Assert.assertEquals(DockerClientTest.REGISTRY_HOSTNAME, smtpServer.get("host"));
        Assert.assertEquals("3025", smtpServer.get("port"));
        List<IdentityProviderRepresentation> identityProviders = realmRepresentation.getIdentityProviders();
        Assert.assertEquals(3L, identityProviders.size());
        IdentityProviderRepresentation identityProviderRepresentation = null;
        for (IdentityProviderRepresentation identityProviderRepresentation2 : identityProviders) {
            if (identityProviderRepresentation2.getAlias().equals("google1")) {
                identityProviderRepresentation = identityProviderRepresentation2;
            }
        }
        Assert.assertNotNull(identityProviderRepresentation);
        Assert.assertEquals("google1", identityProviderRepresentation.getAlias());
        Assert.assertEquals("google", identityProviderRepresentation.getProviderId());
        Assert.assertTrue(identityProviderRepresentation.isEnabled());
        Assert.assertEquals("googleId", identityProviderRepresentation.getConfig().get("clientId"));
        Assert.assertEquals("googleSecret", identityProviderRepresentation.getConfig().get("clientSecret"));
        List userFederationProviders = realmRepresentation.getUserFederationProviders();
        Assert.assertTrue(userFederationProviders == null || userFederationProviders.size() == 0);
        List query = realm.components().query(realmRepresentation.getId(), UserStorageProvider.class.getName());
        Assert.assertTrue(query.size() == 2);
        ComponentRepresentation componentRepresentation = (ComponentRepresentation) query.get(0);
        ComponentRepresentation componentRepresentation2 = (ComponentRepresentation) query.get(1);
        if (!"MyLDAPProvider1".equals(componentRepresentation.getName())) {
            componentRepresentation2 = componentRepresentation;
            componentRepresentation = (ComponentRepresentation) query.get(1);
        }
        Assert.assertEquals("MyLDAPProvider1", componentRepresentation.getName());
        Assert.assertEquals("ldap", componentRepresentation.getProviderId());
        Assert.assertEquals("1", componentRepresentation.getConfig().getFirst("priority"));
        Assert.assertEquals("ldap://foo", componentRepresentation.getConfig().getFirst("connectionUrl"));
        Assert.assertEquals("MyLDAPProvider2", componentRepresentation2.getName());
        Assert.assertEquals("ldap://bar", componentRepresentation2.getConfig().getFirst("connectionUrl"));
        ComponentRepresentation componentRepresentation3 = (ComponentRepresentation) realm.components().query(componentRepresentation.getId(), LDAPStorageMapper.class.getName()).iterator().next();
        Assert.assertEquals("FullNameMapper", componentRepresentation3.getName());
        Assert.assertEquals("full-name-ldap-mapper", componentRepresentation3.getProviderId());
        Assert.assertEquals("cn", componentRepresentation3.getConfig().getFirst("ldap.full.name.attribute"));
        Assert.assertNull(keycloakTestingClient.testing().getUserByUsernameFromFedProviderFactory(realmRepresentation.getRealm(), "wburke"));
        AuthenticationFlowRepresentation clientAuthFlow = keycloakTestingClient.testing().getClientAuthFlow(realmRepresentation.getRealm());
        Assert.assertEquals("clients", clientAuthFlow.getAlias());
        Assert.assertNotNull(realm.flows().getFlow(clientAuthFlow.getId()));
        Assert.assertTrue(realm.flows().getExecutions(clientAuthFlow.getAlias()).size() > 0);
        AuthenticationFlowRepresentation resetCredFlow = keycloakTestingClient.testing().getResetCredFlow(realmRepresentation.getRealm());
        Assert.assertEquals("reset credentials", resetCredFlow.getAlias());
        Assert.assertNotNull(realm.flows().getFlow(resetCredFlow.getId()));
        Assert.assertTrue(realm.flows().getExecutions(resetCredFlow.getAlias()).size() > 0);
        List protocolMappers = representation.getProtocolMappers();
        Assert.assertNull(findMapperByName(protocolMappers, "openid-connect", "username"));
        Assert.assertNull(findMapperByName(protocolMappers, "openid-connect", "email"));
        Assert.assertNull(findMapperByName(protocolMappers, "openid-connect", "given name"));
        Assert.assertNull(findMapperByName(protocolMappers, "openid-connect", "gss delegation credential"));
        Assert.assertEquals(1L, representation2.getProtocolMappers().size());
        List protocolMappers2 = representation2.getProtocolMappers();
        Assert.assertNull(findMapperByName(protocolMappers2, "openid-connect", "username"));
        assertGssProtocolMapper(findMapperByName(protocolMappers2, "openid-connect", "gss delegation credential"));
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) realm.clientScopes().findAll().stream().filter(clientScopeRepresentation2 -> {
            return "foo_scope".equals(clientScopeRepresentation2.getName());
        }).findFirst().get();
        Assert.assertEquals("foo_scope", clientScopeRepresentation.getName());
        Assert.assertEquals("foo scope-desc", clientScopeRepresentation.getDescription());
        Assert.assertEquals("openid-connect", clientScopeRepresentation.getProtocol());
        Assert.assertEquals(1L, clientScopeRepresentation.getProtocolMappers().size());
        assertGssProtocolMapper(findMapperByName(clientScopeRepresentation.getProtocolMappers(), "openid-connect", "gss delegation credential"));
        Set<RoleRepresentation> allScopeMappings2 = allScopeMappings(realm.clientScopes().get(clientScopeRepresentation.getId()));
        Assert.assertEquals(3L, allScopeMappings2.size());
        Assert.assertTrue(containsRole(allScopeMappings2, findRealmRole(realm, "admin")));
        Assert.assertTrue(containsRole(allScopeMappings2, findClientRole(realm, representation.getId(), "app-user")));
        Assert.assertTrue(containsRole(allScopeMappings2, findClientRole(realm, representation.getId(), "app-admin")));
        Assert.assertTrue(containsRole(realmScopeMappings(realm.clientScopes().get(clientScopeRepresentation.getId())), findRealmRole(realm, "admin")));
        List<RoleRepresentation> clientScopeMappings = clientScopeMappings(realm.clientScopes().get(clientScopeRepresentation.getId()));
        Assert.assertTrue(containsRole(clientScopeMappings, findClientRole(realm, representation.getId(), "app-user")));
        Assert.assertTrue(containsRole(clientScopeMappings, findClientRole(realm, representation.getId(), "app-admin")));
        Assert.assertTrue(representation2.getDefaultClientScopes().contains("foo_scope"));
        Assert.assertFalse(representation.getDefaultClientScopes().contains("foo_scope"));
        testRealmDefaultClientScopes(realm);
        List consents = realm.users().get(findByUsername.getId()).getConsents();
        Assert.assertEquals(2L, consents.size());
        Map<String, Object> findConsentByClientId = findConsentByClientId(consents, representation.getClientId());
        Assert.assertNotNull(findConsentByClientId);
        Assert.assertTrue(isClientScopeGranted(findConsentByClientId, "offline_access", "roles", "profile", "email", BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "web-origins"));
        Assert.assertFalse(isClientScopeGranted(findConsentByClientId(consents, representation2.getClientId()), "offline_access"));
        Assert.assertTrue(representation.isStandardFlowEnabled().booleanValue());
        Assert.assertTrue(representation.isImplicitFlowEnabled().booleanValue());
        Assert.assertTrue(representation.isDirectAccessGrantsEnabled().booleanValue());
        Assert.assertFalse(representation2.isStandardFlowEnabled().booleanValue());
        Assert.assertFalse(representation2.isImplicitFlowEnabled().booleanValue());
        Assert.assertFalse(representation2.isDirectAccessGrantsEnabled().booleanValue());
        Assert.assertFalse(representation.isServiceAccountsEnabled().booleanValue());
        Assert.assertTrue(representation2.isServiceAccountsEnabled().booleanValue());
        if (ProfileAssume.isFeatureEnabled(Profile.Feature.AUTHORIZATION)) {
            Assert.assertTrue(representation4.isServiceAccountsEnabled().booleanValue());
            Assert.assertNull(keycloakTestingClient.testing().getUserByServiceAccountClient(realmRepresentation.getRealm(), representation.getClientId()));
            UserRepresentation userByServiceAccountClient = keycloakTestingClient.testing().getUserByServiceAccountClient(realmRepresentation.getRealm(), representation2.getClientId());
            Assert.assertNotNull(userByServiceAccountClient);
            Assert.assertEquals("service-account-otherapp", userByServiceAccountClient.getUsername());
            UserRepresentation userByServiceAccountClient2 = keycloakTestingClient.testing().getUserByServiceAccountClient(realmRepresentation.getRealm(), representation4.getClientId());
            Assert.assertNotNull(userByServiceAccountClient2);
            Assert.assertEquals("service-account-test-app-authz", userByServiceAccountClient2.getUsername());
            Set<RoleRepresentation> allRoles3 = allRoles(realm, userByServiceAccountClient);
            Assert.assertEquals(3L, allRoles3.size());
            Assert.assertTrue(containsRole(allRoles3, findRealmRole(realm, "user")));
            Assert.assertTrue(containsRole(allRoles3, findClientRole(realm, representation2.getId(), "otherapp-user")));
            Assert.assertTrue(containsRole(allRoles3, findClientRole(realm, representation2.getId(), "otherapp-admin")));
            assertAuthorizationSettingsOtherApp(realm);
            assertAuthorizationSettingsTestAppAuthz(realm);
        }
    }

    private static boolean isClientScopeGranted(Map<String, Object> map, String... strArr) {
        if (map.get("grantedClientScopes") == null) {
            return false;
        }
        return ((List) map.get("grantedClientScopes")).containsAll(Arrays.asList(strArr));
    }

    private static Map<String, Object> findConsentByClientId(List<Map<String, Object>> list, String str) {
        for (Map<String, Object> map : list) {
            if (str.equals(map.get("clientId"))) {
                return map;
            }
        }
        return null;
    }

    private static void assertGssProtocolMapper(ProtocolMapperRepresentation protocolMapperRepresentation) {
        Assert.assertEquals("gss delegation credential", protocolMapperRepresentation.getName());
        Assert.assertEquals("openid-connect", protocolMapperRepresentation.getProtocol());
        Assert.assertEquals("oidc-usersessionmodel-note-mapper", protocolMapperRepresentation.getProtocolMapper());
        String str = (String) protocolMapperRepresentation.getConfig().get("access.token.claim");
        String str2 = (String) protocolMapperRepresentation.getConfig().get("id.token.claim");
        Assert.assertTrue(str.equalsIgnoreCase("true"));
        Assert.assertTrue(str2 == null || !Boolean.parseBoolean(str2));
    }

    private static ProtocolMapperRepresentation findMapperByName(List<ProtocolMapperRepresentation> list, String str, String str2) {
        if (list == null) {
            return null;
        }
        for (ProtocolMapperRepresentation protocolMapperRepresentation : list) {
            if (protocolMapperRepresentation.getProtocol().equals(str) && protocolMapperRepresentation.getName().equals(str2)) {
                return protocolMapperRepresentation;
            }
        }
        return null;
    }

    private static boolean hasClient(List<ClientRepresentation> list, ClientRepresentation clientRepresentation) {
        Iterator<ClientRepresentation> it = list.iterator();
        while (it.hasNext()) {
            if (clientRepresentation.getId().equals(it.next().getId())) {
                return true;
            }
        }
        return false;
    }

    private static UserRepresentation findByUsername(RealmResource realmResource, String str) {
        for (UserRepresentation userRepresentation : realmResource.users().search((String) null, 0, -1)) {
            if (userRepresentation.getUsername().equalsIgnoreCase(str)) {
                return userRepresentation;
            }
        }
        return null;
    }

    private static Set<RoleRepresentation> allScopeMappings(ClientResource clientResource) {
        HashSet hashSet = new HashSet();
        List<RoleRepresentation> realmScopeMappings = realmScopeMappings(clientResource);
        if (realmScopeMappings != null) {
            hashSet.addAll(realmScopeMappings);
        }
        hashSet.addAll(clientScopeMappings(clientResource));
        return hashSet;
    }

    private static Set<RoleRepresentation> allScopeMappings(ClientScopeResource clientScopeResource) {
        HashSet hashSet = new HashSet();
        List<RoleRepresentation> realmScopeMappings = realmScopeMappings(clientScopeResource);
        if (realmScopeMappings != null) {
            hashSet.addAll(realmScopeMappings);
        }
        hashSet.addAll(clientScopeMappings(clientScopeResource));
        return hashSet;
    }

    private static List<RoleRepresentation> clientScopeMappings(ClientResource clientResource) {
        LinkedList linkedList = new LinkedList();
        Map clientMappings = clientResource.getScopeMappings().getAll().getClientMappings();
        if (clientMappings == null) {
            return linkedList;
        }
        Iterator it = clientMappings.keySet().iterator();
        while (it.hasNext()) {
            List mappings = ((ClientMappingsRepresentation) clientMappings.get((String) it.next())).getMappings();
            if (mappings != null) {
                linkedList.addAll(mappings);
            }
        }
        return linkedList;
    }

    private static List<RoleRepresentation> clientScopeMappings(ClientScopeResource clientScopeResource) {
        LinkedList linkedList = new LinkedList();
        Map clientMappings = clientScopeResource.getScopeMappings().getAll().getClientMappings();
        if (clientMappings == null) {
            return linkedList;
        }
        Iterator it = clientMappings.keySet().iterator();
        while (it.hasNext()) {
            List mappings = ((ClientMappingsRepresentation) clientMappings.get((String) it.next())).getMappings();
            if (mappings != null) {
                linkedList.addAll(mappings);
            }
        }
        return linkedList;
    }

    private static List<RoleRepresentation> realmScopeMappings(ClientResource clientResource) {
        return clientResource.getScopeMappings().realmLevel().listAll();
    }

    private static List<RoleRepresentation> realmScopeMappings(ClientScopeResource clientScopeResource) {
        return clientScopeResource.getScopeMappings().realmLevel().listAll();
    }

    private static Set<RoleRepresentation> allRoles(RealmResource realmResource, UserRepresentation userRepresentation) {
        UserResource userResource = realmResource.users().get(userRepresentation.getId());
        HashSet hashSet = new HashSet();
        List realmMappings = userResource.roles().getAll().getRealmMappings();
        if (realmMappings != null) {
            hashSet.addAll(realmMappings);
        }
        hashSet.addAll(allClientRolesForUser(realmResource, userRepresentation));
        return hashSet;
    }

    private static List<RoleRepresentation> realmRolesForUser(RealmResource realmResource, UserRepresentation userRepresentation) {
        return realmResource.users().get(userRepresentation.getId()).roles().getAll().getRealmMappings();
    }

    private static List<RoleRepresentation> allClientRolesForUser(RealmResource realmResource, UserRepresentation userRepresentation) {
        UserResource userResource = realmResource.users().get(userRepresentation.getId());
        LinkedList linkedList = new LinkedList();
        Iterator it = userResource.roles().getAll().getClientMappings().keySet().iterator();
        while (it.hasNext()) {
            List mappings = ((ClientMappingsRepresentation) userResource.roles().getAll().getClientMappings().get((String) it.next())).getMappings();
            if (mappings != null) {
                linkedList.addAll(mappings);
            }
        }
        return linkedList;
    }

    private static List<RoleRepresentation> clientRolesForUser(RealmResource realmResource, ClientRepresentation clientRepresentation, UserRepresentation userRepresentation) {
        return realmResource.users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll();
    }

    private static RoleRepresentation findRealmRole(RealmResource realmResource, String str) {
        return realmResource.roles().get(str).toRepresentation();
    }

    private static RoleRepresentation findClientRole(RealmResource realmResource, String str, String str2) {
        return realmResource.clients().get(str).roles().get(str2).toRepresentation();
    }

    private static boolean containsRole(Collection<RoleRepresentation> collection, RoleRepresentation roleRepresentation) {
        Iterator<RoleRepresentation> it = collection.iterator();
        while (it.hasNext()) {
            if (it.next().getId().equals(roleRepresentation.getId())) {
                return true;
            }
        }
        return false;
    }

    private static void assertAuthorizationSettingsOtherApp(RealmResource realmResource) {
        AuthorizationResource findAuthorizationSettings = ApiUtil.findAuthorizationSettings(realmResource, "OtherApp");
        Assert.assertNotNull(findAuthorizationSettings);
        Assert.assertThat(findAuthorizationSettings.resources().resources().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()), Matchers.containsInAnyOrder(new String[]{"Default Resource", "test"}));
        Assert.assertThat(findAuthorizationSettings.policies().policies().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList()), Matchers.containsInAnyOrder(new String[]{"User Policy", "Default Permission", "test-permission"}));
    }

    private static void assertAuthorizationSettingsTestAppAuthz(RealmResource realmResource) {
        AuthorizationResource findAuthorizationSettings = ApiUtil.findAuthorizationSettings(realmResource, "test-app-authz");
        Assert.assertNotNull(findAuthorizationSettings);
        List resources = findAuthorizationSettings.resources().resources();
        Assert.assertEquals(4L, resources.size());
        ResourceServerRepresentation settings = findAuthorizationSettings.getSettings();
        ArrayList arrayList = new ArrayList();
        arrayList.add(resourceRepresentation -> {
            if (!"Admin Resource".equals(resourceRepresentation.getName())) {
                return false;
            }
            Assert.assertEquals(settings.getClientId(), resourceRepresentation.getOwner().getId());
            Assert.assertEquals("/protected/admin/*", resourceRepresentation.getUri());
            Assert.assertEquals("http://test-app-authz/protected/admin", resourceRepresentation.getType());
            Assert.assertEquals("http://icons.com/icon-admin", resourceRepresentation.getIconUri());
            Assert.assertEquals(1L, resourceRepresentation.getScopes().size());
            return true;
        });
        arrayList.add(resourceRepresentation2 -> {
            if (!"Protected Resource".equals(resourceRepresentation2.getName())) {
                return false;
            }
            Assert.assertEquals(settings.getClientId(), resourceRepresentation2.getOwner().getId());
            Assert.assertEquals("/*", resourceRepresentation2.getUri());
            Assert.assertEquals("http://test-app-authz/protected/resource", resourceRepresentation2.getType());
            Assert.assertEquals("http://icons.com/icon-resource", resourceRepresentation2.getIconUri());
            Assert.assertEquals(1L, resourceRepresentation2.getScopes().size());
            return true;
        });
        arrayList.add(resourceRepresentation3 -> {
            if (!"Premium Resource".equals(resourceRepresentation3.getName())) {
                return false;
            }
            Assert.assertEquals(settings.getClientId(), resourceRepresentation3.getOwner().getId());
            Assert.assertEquals("/protected/premium/*", resourceRepresentation3.getUri());
            Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRepresentation3.getType());
            Assert.assertEquals("http://icons.com/icon-premium", resourceRepresentation3.getIconUri());
            Assert.assertEquals(1L, resourceRepresentation3.getScopes().size());
            return true;
        });
        arrayList.add(resourceRepresentation4 -> {
            if (!"Main Page".equals(resourceRepresentation4.getName())) {
                return false;
            }
            Assert.assertEquals(settings.getClientId(), resourceRepresentation4.getOwner().getId());
            Assert.assertNull(resourceRepresentation4.getUri());
            Assert.assertEquals("urn:test-app-authz:protected:resource", resourceRepresentation4.getType());
            Assert.assertEquals("http://icons.com/icon-main-page", resourceRepresentation4.getIconUri());
            Assert.assertEquals(3L, resourceRepresentation4.getScopes().size());
            return true;
        });
        assertPredicate(resources, arrayList);
        List scopes = findAuthorizationSettings.scopes().scopes();
        Assert.assertEquals(6L, scopes.size());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(scopeRepresentation -> {
            return "admin-access".equals(scopeRepresentation.getName());
        });
        arrayList2.add(scopeRepresentation2 -> {
            return "resource-access".equals(scopeRepresentation2.getName());
        });
        arrayList2.add(scopeRepresentation3 -> {
            return "premium-access".equals(scopeRepresentation3.getName());
        });
        arrayList2.add(scopeRepresentation4 -> {
            return "urn:test-app-authz:page:main:actionForAdmin".equals(scopeRepresentation4.getName());
        });
        arrayList2.add(scopeRepresentation5 -> {
            return "urn:test-app-authz:page:main:actionForUser".equals(scopeRepresentation5.getName());
        });
        arrayList2.add(scopeRepresentation6 -> {
            return "urn:test-app-authz:page:main:actionForPremiumUser".equals(scopeRepresentation6.getName());
        });
        assertPredicate(scopes, arrayList2);
        List policies = findAuthorizationSettings.policies().policies();
        Assert.assertEquals(14L, policies.size());
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(policyRepresentation -> {
            return "Any Admin Policy".equals(policyRepresentation.getName());
        });
        arrayList3.add(policyRepresentation2 -> {
            return "Any User Policy".equals(policyRepresentation2.getName());
        });
        arrayList3.add(policyRepresentation3 -> {
            return "Client and Realm Role Policy".equals(policyRepresentation3.getName());
        });
        arrayList3.add(policyRepresentation4 -> {
            return "Client Test Policy".equals(policyRepresentation4.getName());
        });
        arrayList3.add(policyRepresentation5 -> {
            return "Group Policy Test".equals(policyRepresentation5.getName());
        });
        arrayList3.add(policyRepresentation6 -> {
            return "Only Premium User Policy".equals(policyRepresentation6.getName());
        });
        arrayList3.add(policyRepresentation7 -> {
            return "wburke policy".equals(policyRepresentation7.getName());
        });
        arrayList3.add(policyRepresentation8 -> {
            return "All Users Policy".equals(policyRepresentation8.getName());
        });
        arrayList3.add(policyRepresentation9 -> {
            return "Premium Resource Permission".equals(policyRepresentation9.getName());
        });
        arrayList3.add(policyRepresentation10 -> {
            return "Administrative Resource Permission".equals(policyRepresentation10.getName());
        });
        arrayList3.add(policyRepresentation11 -> {
            return "Protected Resource Permission".equals(policyRepresentation11.getName());
        });
        arrayList3.add(policyRepresentation12 -> {
            return "Action 1 on Main Page Resource Permission".equals(policyRepresentation12.getName());
        });
        arrayList3.add(policyRepresentation13 -> {
            return "Action 2 on Main Page Resource Permission".equals(policyRepresentation13.getName());
        });
        arrayList3.add(policyRepresentation14 -> {
            return "Action 3 on Main Page Resource Permission".equals(policyRepresentation14.getName());
        });
        assertPredicate(policies, arrayList3);
    }

    private static <D> void assertPredicate(List<D> list, List<Predicate<D>> list2) {
        Assert.assertTrue(!list.stream().filter(obj -> {
            return !list2.stream().filter(predicate -> {
                return predicate.test(obj);
            }).findFirst().isPresent();
        }).findAny().isPresent());
    }

    private static Matcher<Iterable<? super String>> getDefaultClientScopeNameMatcher(ClientRepresentation clientRepresentation) {
        String clientId = clientRepresentation.getClientId();
        boolean z = -1;
        switch (clientId.hashCode()) {
            case -1612348641:
                if (clientId.equals("client-with-template")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                return Matchers.hasItem("Default_test_template");
            default:
                return Matchers.not(Matchers.hasItem("Default_test_template"));
        }
    }

    public static void testClientDefaultClientScopes(RealmResource realmResource) {
        for (ClientRepresentation clientRepresentation : realmResource.clients().findAll(true)) {
            Assert.assertThat("Default client scopes for " + clientRepresentation.getClientId(), clientRepresentation.getDefaultClientScopes(), getDefaultClientScopeNameMatcher(clientRepresentation));
        }
    }

    public static void testRealmDefaultClientScopes(RealmResource realmResource) {
        Map map = (Map) realmResource.clientScopes().findAll().stream().collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, Function.identity()));
        Assert.assertThat(map.keySet(), Matchers.hasItems(new String[]{"profile", "email", "address", "phone", "offline_access", "roles", "web-origins", "microprofile-jwt", "role_list"}));
        org.keycloak.testsuite.Assert.assertNames(((Map) ((ClientScopeRepresentation) map.get("email")).getProtocolMappers().stream().collect(Collectors.toMap(protocolMapperRepresentation -> {
            return protocolMapperRepresentation.getName();
        }, protocolMapperRepresentation2 -> {
            return protocolMapperRepresentation2;
        }))).keySet(), "email", "email verified");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) map.get("offline_access");
        org.keycloak.testsuite.Assert.assertTrue(clientScopeRepresentation.getProtocolMappers() == null || clientScopeRepresentation.getProtocolMappers().isEmpty());
        org.keycloak.testsuite.Assert.assertNames(realmResource.clientScopes().get(clientScopeRepresentation.getId()).getScopeMappings().realmLevel().listAll(), "offline_access");
        Assert.assertThat((Set) realmResource.getDefaultDefaultClientScopes().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), Matchers.hasItems(new String[]{"profile", "email", "roles", "web-origins"}));
        Assert.assertThat((Set) realmResource.getDefaultOptionalClientScopes().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), Matchers.hasItems(new String[]{"address", "phone", "offline_access", "microprofile-jwt"}));
    }
}
