package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.saml.RoleMapperTest;

/* loaded from: input_file:org/keycloak/testsuite/broker/AttributeToRoleMapperTest.class */
public class AttributeToRoleMapperTest extends AbstractRoleMapperTest {
    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcSamlBrokerConfiguration();
    }

    @Test
    public void mapperGrantsRoleOnFirstLogin() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperThenLoginAsUserTwiceWithAttributeToRoleMapper(IdentityProviderMapperSyncMode.FORCE));
    }

    @Test
    public void updateBrokeredUserGrantsRoleInLegacyMode() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(loginAsUserThenCreateMapperAndLoginAgainWithAttributeToRoleMapper(IdentityProviderMapperSyncMode.LEGACY));
    }

    @Test
    public void updateBrokeredUserGrantsRoleInForceMode() {
        assertThatRoleHasBeenAssignedInConsumerRealmTo(loginAsUserThenCreateMapperAndLoginAgainWithAttributeToRoleMapper(IdentityProviderMapperSyncMode.FORCE));
    }

    private UserRepresentation createMapperThenLoginAsUserTwiceWithAttributeToRoleMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, false, ImmutableMap.builder().put(RoleMapperTest.ROLE_ATTRIBUTE_NAME, ImmutableList.builder().add(AbstractRoleMapperTest.CLIENT_ROLE_MAPPER_REPRESENTATION).build()).build());
    }

    private UserRepresentation loginAsUserThenCreateMapperAndLoginAgainWithAttributeToRoleMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, true, ImmutableMap.builder().put(RoleMapperTest.ROLE_ATTRIBUTE_NAME, ImmutableList.builder().add(AbstractRoleMapperTest.CLIENT_ROLE_MAPPER_REPRESENTATION).build()).build());
    }

    @Override // org.keycloak.testsuite.broker.AbstractRoleMapperTest
    protected void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName("user-role-mapper");
        identityProviderMapperRepresentation.setIdentityProviderMapper("saml-role-idp-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", identityProviderMapperSyncMode.toString()).put("attribute.name", RoleMapperTest.ROLE_ATTRIBUTE_NAME).put("attribute.value", "user").put("role", AbstractRoleMapperTest.CLIENT_ROLE_MAPPER_REPRESENTATION).build());
        IdentityProviderResource identityProviderResource = this.realm.identityProviders().get(identityProviderRepresentation.getAlias());
        identityProviderMapperRepresentation.setIdentityProviderAlias(this.bc.getIDPAlias());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
    }
}
