package org.keycloak.testsuite.client;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.representations.idm.ClientPoliciesRepresentation;
import org.keycloak.representations.idm.ClientPolicyRepresentation;
import org.keycloak.representations.idm.ClientProfileRepresentation;
import org.keycloak.representations.idm.ClientProfilesRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ClientPoliciesUtil;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/client/ClientPoliciesLoadUpdateTest.class */
public class ClientPoliciesLoadUpdateTest extends AbstractClientPoliciesTest {
    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add((RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/testrealm.json"), RealmRepresentation.class));
    }

    @Test
    public void testLoadBuiltinProfilesAndPolicies() throws Exception {
        ClientProfilesRepresentation profilesWithGlobals = getProfilesWithGlobals();
        assertExpectedProfiles(profilesWithGlobals, Arrays.asList("fapi-1-baseline", "fapi-1-advanced", "fapi-ciba"), Collections.emptyList());
        ClientProfileRepresentation profileRepresentation = getProfileRepresentation(profilesWithGlobals, "fapi-1-baseline", true);
        assertExpectedProfile(profileRepresentation, "fapi-1-baseline", "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
        assertExpectedExecutors(Arrays.asList("secure-session", "pkce-enforcer", "secure-client-authenticator", "secure-client-uris", "consent-required", "full-scope-disabled"), profileRepresentation);
        assertExpectedSecureSessionEnforceExecutor(profileRepresentation);
        assertExpectedProfiles(getProfilesWithoutGlobals(), null, Collections.emptyList());
        ClientPoliciesRepresentation policies = getPolicies();
        assertExpectedPolicies(Collections.emptyList(), policies);
        Assert.assertNull(getPolicyRepresentation(policies, "builtin-default-policy"));
    }

    @Test
    public void testUpdateValidProfilesAndPolicies() throws Exception {
        setupValidProfilesAndPolicies();
        assertExpectedLoadedProfiles(clientProfilesRepresentation -> {
            assertExpectedProfile(getProfileRepresentation(clientProfilesRepresentation, "ordinal-test-profile", false), "ordinal-test-profile", "The profile that can be loaded.");
        });
        assertExpectedLoadedPolicies(clientPoliciesRepresentation -> {
            assertExpectedPolicy("new-policy", "duplicated profiles are ignored.", true, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), getPolicyRepresentation(clientPoliciesRepresentation, "new-policy"));
        });
        String str = "The profile has been updated.";
        ClientProfilesRepresentation profilesWithoutGlobals = getProfilesWithoutGlobals();
        ClientPoliciesUtil.ClientProfilesBuilder clientProfilesBuilder = new ClientPoliciesUtil.ClientProfilesBuilder();
        profilesWithoutGlobals.getProfiles().stream().forEach(clientProfileRepresentation -> {
            if (clientProfileRepresentation.getName().equals("ordinal-test-profile")) {
                clientProfileRepresentation.setDescription(str);
            }
            clientProfilesBuilder.addProfile(clientProfileRepresentation);
        });
        updateProfiles(clientProfilesBuilder.toString());
        assertExpectedLoadedProfiles(clientProfilesRepresentation2 -> {
            assertExpectedProfile(getProfileRepresentation(clientProfilesRepresentation2, "ordinal-test-profile", false), "ordinal-test-profile", str);
        });
        String str2 = "The policy has also been updated.";
        ClientPoliciesRepresentation policies = getPolicies();
        ClientPoliciesUtil.ClientPoliciesBuilder clientPoliciesBuilder = new ClientPoliciesUtil.ClientPoliciesBuilder();
        policies.getPolicies().stream().forEach(clientPolicyRepresentation -> {
            if (clientPolicyRepresentation.getName().equals("new-policy")) {
                clientPolicyRepresentation.setDescription(str2);
                clientPolicyRepresentation.setEnabled((Boolean) null);
            }
            clientPoliciesBuilder.addPolicy(clientPolicyRepresentation);
        });
        updatePolicies(clientPoliciesBuilder.toString());
        assertExpectedLoadedPolicies(clientPoliciesRepresentation2 -> {
            assertExpectedPolicy("new-policy", str2, false, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"), getPolicyRepresentation(clientPoliciesRepresentation2, "new-policy"));
        });
    }

    @Test
    public void testDuplicatedProfiles() throws Exception {
        String convertClientProfilesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
        ClientProfileRepresentation representation = new ClientPoliciesUtil.ClientProfileBuilder().createProfile("builtin-basic-security", "Enforce basic security level").addExecutor("secure-client-authenticator", ClientPoliciesUtil.createSecureClientAuthenticatorExecutorConfig(Arrays.asList("client-secret", "client-jwt"), null)).addExecutor("pkce-enforcer", ClientPoliciesUtil.createPKCEEnforceExecutorConfig(Boolean.FALSE)).addExecutor("no-such-executor", ClientPoliciesUtil.createPKCEEnforceExecutorConfig(Boolean.TRUE)).toRepresentation();
        try {
            updateProfiles(new ClientPoliciesUtil.ClientProfilesBuilder().addProfile(representation).addProfile(new ClientPoliciesUtil.ClientProfileBuilder().createProfile("ordinal-test-profile", "The profile that can be loaded.").addExecutor("secure-client-authenticator", ClientPoliciesUtil.createSecureClientAuthenticatorExecutorConfig(Collections.singletonList("client-jwt"), "client-jwt")).toRepresentation()).addProfile(representation).toString());
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            org.junit.Assert.assertEquals("Bad Request", e.getErrorDetail());
            org.junit.Assert.assertEquals(convertClientProfilesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals()));
        }
    }

    @Test
    public void testOverwriteBuiltinProfileNotAllowed() throws Exception {
        try {
            updateProfiles(new ClientPoliciesUtil.ClientProfilesBuilder().addProfile(new ClientPoliciesUtil.ClientProfileBuilder().createProfile("fapi-1-baseline", "Pershyy Profil").addExecutor("secure-client-authenticator", ClientPoliciesUtil.createSecureClientAuthenticatorExecutorConfig(Arrays.asList("client-jwt", "client-secret-jwt", "client-x509"), "client-x509")).toRepresentation()).toRepresentation().toString());
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            org.junit.Assert.assertEquals("update profiles failed", e.getError());
        }
    }

    @Test
    public void testNullProfiles() throws Exception {
        String convertClientProfilesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
        try {
            updateProfiles((String) null);
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            org.junit.Assert.assertEquals("argument \"content\" is null", e.getErrorDetail());
            org.junit.Assert.assertEquals(convertClientProfilesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals()));
        }
    }

    @Test
    public void testInvalidFormattedJsonProfiles() throws Exception {
        String convertClientProfilesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
        try {
            updateProfiles("{\n    \"profiles\": [\n        {\n            \"name\" : \"ordinal-test-profile\",\n            \"description\" : \"invalid , added.\",\n            \"builtin\" : false,\n            \"executors\": [\n                {\n                    \"new-secure-client-authnenticator\": {\n                        \"client-authns\": [ \"private-key-jwt\" ],\n                        \"client-authns-augment\" : \"private-key-jwt\",\n                        \"is-augment\" : true\n                    }\n                }\n            ]\n        },\n    ]\n}");
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            MatcherAssert.assertThat(e.getErrorDetail(), Matchers.startsWith("Unrecognized field"));
            org.junit.Assert.assertEquals(convertClientProfilesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals()));
        }
    }

    @Test
    public void testInvalidFieldTypeJsonProfiles() throws Exception {
        String convertClientProfilesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals());
        try {
            updateProfiles("{\n    \"profiles\": [\n        {\n            \"name\" : \"ordinal-test-profile\",\n            \"description\" : \"Not builtin profile that should be skipped.\",\n            \"builtin\" : \"no\",\n            \"executors\": {\n                    \"new-secure-client-authnenticator\": {\n                        \"client-authns\": [ \"private-key-jwt\" ],\n                        \"client-authns-augment\" : \"private-key-jwt\",\n                        \"is-augment\" : true\n                    }\n            ]\n        }\n    ]\n}");
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            MatcherAssert.assertThat(e.getErrorDetail(), Matchers.startsWith("Unrecognized field "));
            org.junit.Assert.assertEquals(convertClientProfilesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientProfilesRepresentationToJson(getProfilesWithGlobals()));
        }
    }

    @Test
    public void testDuplicatedPolicies() throws Exception {
        String convertClientPoliciesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies());
        ClientPolicyRepresentation representation = new ClientPoliciesUtil.ClientPolicyBuilder().createPolicy("builtin-duplicated-new-policy", "builtin duplicated new policy is ignored.", Boolean.TRUE).addCondition("client-roles", ClientPoliciesUtil.createClientRolesConditionConfig(Arrays.asList("sample-client-role"))).addProfile("fapi-1-baseline").toRepresentation();
        try {
            updatePolicies(new ClientPoliciesUtil.ClientPoliciesBuilder().addPolicy(representation).addPolicy(new ClientPoliciesUtil.ClientPolicyBuilder().createPolicy("new-policy", "duplicated profiles are ignored.", Boolean.TRUE).addCondition("client-access-type", ClientPoliciesUtil.createClientAccessTypeConditionConfig(Arrays.asList("public", "bearer-only"))).addProfile("lack-of-builtin-field-test-profile").addProfile("ordinal-test-profile").toRepresentation()).addPolicy(representation).toString());
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            org.junit.Assert.assertEquals("Bad Request", e.getErrorDetail());
            org.junit.Assert.assertEquals(convertClientPoliciesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies()));
        }
    }

    @Test
    public void testNullPolicies() throws Exception {
        String convertClientPoliciesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies());
        try {
            updatePolicies(null);
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            org.junit.Assert.assertEquals("Bad Request", e.getErrorDetail());
            org.junit.Assert.assertEquals(convertClientPoliciesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies()));
        }
    }

    @Test
    public void testInvalidFormattedJsonPolicies() throws Exception {
        String convertClientPoliciesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies());
        try {
            updatePolicies("{\n    \"policies\": [\n        {\n            \"name\": \"ordinal-test-policy\",\n            \"description\" : \"bracket not enclosed properly.\",\n            \"builtin\": false,\n            \"enable\": true,\n            \"conditions\": [\n                {\n                    \"new-client-updater-source-host\": {\n                        \"trusted-hosts\": [\"myuniversity\"],\n                        \"host-sending-request-must-match\" : [true]\n                    }\n                }\n            ],\n            \"profiles\": [ \"builtin-advanced-security\" ]\n        }\n}");
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            MatcherAssert.assertThat(e.getErrorDetail(), Matchers.startsWith("Unrecognized field "));
            org.junit.Assert.assertEquals(convertClientPoliciesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies()));
        }
    }

    @Test
    public void testInvalidFieldTypeJsonPolicies() throws Exception {
        String convertClientPoliciesRepresentationToJson = org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies());
        try {
            updatePolicies("{    \n    \"policies\": [    \n        {    \n            \"name\": \"ordinal-test-policy\",    \n            \"description\" : \"Not builtin policy that should be skipped.\",    \n            \"builtin\": false,    \n            \"enable\": true,    \n            \"conditions\": true,    \n            \"profiles\": [ \"builtin-advanced-security\" ]    \n        }    \n    ]    \n}");
            org.junit.Assert.fail();
        } catch (ClientPolicyException e) {
            MatcherAssert.assertThat(e.getErrorDetail(), Matchers.startsWith("Unrecognized field "));
            org.junit.Assert.assertEquals(convertClientPoliciesRepresentationToJson, org.keycloak.services.clientpolicy.ClientPoliciesUtil.convertClientPoliciesRepresentationToJson(getPolicies()));
        }
    }

    @Test
    public void testCRUDRealmRepresentation() throws Exception {
        setupValidProfilesAndPolicies();
        RealmResource realm = realmsResouce().realm("test");
        RealmRepresentation representation = realm.toRepresentation();
        assertExpectedProfiles(representation.getParsedClientProfiles(), null, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
        assertExpectedPolicies(Arrays.asList("new-policy", "lack-of-builtin-field-test-policy"), representation.getParsedClientPolicies());
        realm.update(representation);
        RealmRepresentation representation2 = realm.toRepresentation();
        assertExpectedProfiles(representation2.getParsedClientProfiles(), null, Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
        assertExpectedPolicies(Arrays.asList("new-policy", "lack-of-builtin-field-test-policy"), representation2.getParsedClientPolicies());
    }
}
