package org.keycloak.testsuite.admin.realm;

import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.hamcrest.collection.IsCollectionWithSize;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.RoleResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RoleBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/realm/RealmRolesTest.class */
public class RealmRolesTest extends AbstractAdminTest {
    private static final Map<String, List<String>> ROLE_A_ATTRIBUTES = Collections.singletonMap("role-a-attr-key1", Collections.singletonList("role-a-attr-val1"));
    private RolesResource resource;
    private Map<String, String> ids = new HashMap();
    private String clientUuid;

    @Before
    public void before() {
        RoleRepresentation build = RoleBuilder.create().name("role-a").description("Role A").attributes(ROLE_A_ATTRIBUTES).build();
        RoleRepresentation build2 = RoleBuilder.create().name("role-b").description("Role B").build();
        RoleRepresentation build3 = RoleBuilder.create().name("role-with-users").description("Role with users").build();
        RoleRepresentation build4 = RoleBuilder.create().name("role-without-users").description("role-without-users").build();
        this.adminClient.realm("admin-client-test").roles().create(build);
        this.adminClient.realm("admin-client-test").roles().create(build2);
        this.adminClient.realm("admin-client-test").roles().create(build3);
        this.adminClient.realm("admin-client-test").roles().create(build4);
        ClientRepresentation build5 = ClientBuilder.create().clientId("client-a").build();
        Response create = this.adminClient.realm("admin-client-test").clients().create(build5);
        Throwable th = null;
        try {
            try {
                this.clientUuid = ApiUtil.getCreatedId(create);
                getCleanup().addClientUuid(this.clientUuid);
                if (create != null) {
                    if (0 != 0) {
                        try {
                            create.close();
                        } catch (Throwable th2) {
                            th.addSuppressed(th2);
                        }
                    } else {
                        create.close();
                    }
                }
                RoleRepresentation build6 = RoleBuilder.create().name("role-c").description("Role C").build();
                this.adminClient.realm("admin-client-test").clients().get(this.clientUuid).roles().create(build6);
                for (RoleRepresentation roleRepresentation : this.adminClient.realm("admin-client-test").roles().list()) {
                    this.ids.put(roleRepresentation.getName(), roleRepresentation.getId());
                }
                for (RoleRepresentation roleRepresentation2 : this.adminClient.realm("admin-client-test").clients().get(this.clientUuid).roles().list()) {
                    this.ids.put(roleRepresentation2.getName(), roleRepresentation2.getId());
                }
                UserRepresentation userRepresentation = new UserRepresentation();
                userRepresentation.setUsername("test-role-member");
                userRepresentation.setEmail("test-role-member@test-role-member.com");
                userRepresentation.setRequiredActions(Collections.emptyList());
                userRepresentation.setEnabled(true);
                this.adminClient.realm("admin-client-test").users().create(userRepresentation);
                getCleanup().addRoleId(this.ids.get("role-a"));
                getCleanup().addRoleId(this.ids.get("role-b"));
                getCleanup().addRoleId(this.ids.get("role-c"));
                getCleanup().addRoleId(this.ids.get("role-with-users"));
                getCleanup().addRoleId(this.ids.get("role-without-users"));
                getCleanup().addUserId(((UserRepresentation) this.adminClient.realm("admin-client-test").users().search(userRepresentation.getUsername()).get(0)).getId());
                GroupRepresentation groupRepresentation = new GroupRepresentation();
                groupRepresentation.setName("test-role-group");
                groupRepresentation.setPath("/test-role-group");
                this.adminClient.realm("admin-client-test").groups().add(groupRepresentation);
                getCleanup().addGroupId(((GroupRepresentation) this.adminClient.realm("admin-client-test").groups().groups().get(0)).getId());
                this.resource = this.adminClient.realm("admin-client-test").roles();
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-a"), build, ResourceType.REALM_ROLE);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-b"), build2, ResourceType.REALM_ROLE);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-with-users"), build3, ResourceType.REALM_ROLE);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role-without-users"), build4, ResourceType.REALM_ROLE);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(this.clientUuid), build5, ResourceType.CLIENT);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(this.clientUuid, "role-c"), build6, ResourceType.CLIENT_ROLE);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.userResourcePath(((UserRepresentation) this.adminClient.realm("admin-client-test").users().search(userRepresentation.getUsername()).get(0)).getId()), userRepresentation, ResourceType.USER);
                this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.groupPath(((GroupRepresentation) this.adminClient.realm("admin-client-test").groups().groups().get(0)).getId()), groupRepresentation, ResourceType.GROUP);
            } finally {
            }
        } catch (Throwable th3) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    private RoleRepresentation makeRole(String str) {
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setName(str);
        return roleRepresentation;
    }

    @Test
    public void getRole() {
        RoleRepresentation representation = this.resource.get("role-a").toRepresentation();
        Assert.assertNotNull(representation);
        Assert.assertEquals("role-a", representation.getName());
        Assert.assertEquals("Role A", representation.getDescription());
        Assert.assertEquals(ROLE_A_ATTRIBUTES, representation.getAttributes());
        Assert.assertFalse(representation.isComposite());
    }

    @Test(expected = ClientErrorException.class)
    public void createRoleWithSameName() {
        this.resource.create(RoleBuilder.create().name("role-a").build());
    }

    @Test
    public void updateRole() {
        RoleRepresentation representation = this.resource.get("role-a").toRepresentation();
        representation.setName("role-a-new");
        representation.setDescription("Role A New");
        Map singletonMap = Collections.singletonMap("attrKeyNew", Collections.singletonList("attrValueNew"));
        representation.setAttributes(singletonMap);
        this.resource.get("role-a").update(representation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.roleResourcePath("role-a"), representation, ResourceType.REALM_ROLE);
        RoleRepresentation representation2 = this.resource.get("role-a-new").toRepresentation();
        Assert.assertNotNull(representation2);
        Assert.assertEquals("role-a-new", representation2.getName());
        Assert.assertEquals("Role A New", representation2.getDescription());
        Assert.assertEquals(singletonMap, representation2.getAttributes());
        Assert.assertFalse(representation2.isComposite());
    }

    @Test
    public void deleteRole() {
        Assert.assertNotNull(this.resource.get("role-a"));
        this.resource.deleteRole("role-a");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath("role-a"), ResourceType.REALM_ROLE);
        try {
            this.resource.get("role-a").toRepresentation();
            Assert.fail("Expected 404");
        } catch (NotFoundException e) {
        }
    }

    @Test
    public void composites() {
        Assert.assertFalse(this.resource.get("role-a").toRepresentation().isComposite());
        Assert.assertEquals(0L, this.resource.get("role-a").getRoleComposites().size());
        LinkedList linkedList = new LinkedList();
        linkedList.add(RoleBuilder.create().id(this.ids.get("role-b")).build());
        linkedList.add(RoleBuilder.create().id(this.ids.get("role-c")).build());
        this.resource.get("role-a").addComposites(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role-a"), linkedList, ResourceType.REALM_ROLE);
        Set roleComposites = this.resource.get("role-a").getRoleComposites();
        Assert.assertTrue(this.resource.get("role-a").toRepresentation().isComposite());
        org.keycloak.testsuite.Assert.assertNames(roleComposites, "role-b", "role-c");
        org.keycloak.testsuite.Assert.assertNames(this.resource.get("role-a").getRealmRoleComposites(), "role-b");
        org.keycloak.testsuite.Assert.assertNames(this.resource.get("role-a").getClientRoleComposites(this.clientUuid), "role-c");
        this.resource.get("role-a").deleteComposites(linkedList);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.roleResourceCompositesPath("role-a"), linkedList, ResourceType.REALM_ROLE);
        Assert.assertFalse(this.resource.get("role-a").toRepresentation().isComposite());
        Assert.assertEquals(0L, this.resource.get("role-a").getRoleComposites().size());
    }

    @Test
    public void testUsersInRole() {
        RoleResource roleResource = this.resource.get("role-with-users");
        List search = this.adminClient.realm("admin-client-test").users().search("test-role-member", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        UserRepresentation representation = this.adminClient.realm("admin-client-test").users().get(((UserRepresentation) search.get(0)).getId()).toRepresentation();
        RoleResource roleResource2 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
        LinkedList linkedList = new LinkedList();
        linkedList.add(roleResource2.toRepresentation());
        this.adminClient.realm("admin-client-test").users().get(representation.getId()).roles().realmLevel().add(linkedList);
        this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName()).getRoleUserMembers();
        Assert.assertEquals(1L, r0.getRoleUserMembers().size());
    }

    @Test
    public void testUsersNotInRole() {
        this.adminClient.realm("admin-client-test").roles().get(this.resource.get("role-without-users").toRepresentation().getName()).getRoleUserMembers();
        Assert.assertEquals(0L, r0.getRoleUserMembers().size());
    }

    @Test
    public void testGroupsInRole() {
        RoleResource roleResource = this.resource.get("role-with-users");
        GroupRepresentation groupRepresentation = (GroupRepresentation) this.adminClient.realm("admin-client-test").groups().groups().stream().filter(groupRepresentation2 -> {
            return groupRepresentation2.getPath().equals("/test-role-group");
        }).findFirst().get();
        RoleResource roleResource2 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
        LinkedList linkedList = new LinkedList();
        linkedList.add(roleResource2.toRepresentation());
        this.adminClient.realm("admin-client-test").groups().group(groupRepresentation.getId()).roles().realmLevel().add(linkedList);
        Assert.assertTrue(this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName()).getRoleGroupMembers().stream().filter(groupRepresentation3 -> {
            return groupRepresentation3.getPath().equals("/test-role-group");
        }).findFirst().isPresent());
    }

    @Test
    public void testGroupsNotInRole() {
        Assert.assertTrue(this.adminClient.realm("admin-client-test").roles().get(this.resource.get("role-without-users").toRepresentation().getName()).getRoleGroupMembers().isEmpty());
    }

    @Test
    public void roleMembershipAfterUserRemoval() {
        RoleResource roleResource = this.resource.get("role-with-users");
        List search = this.adminClient.realm("admin-client-test").users().search("test-role-member", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        UserRepresentation representation = this.adminClient.realm("admin-client-test").users().get(((UserRepresentation) search.get(0)).getId()).toRepresentation();
        RoleResource roleResource2 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
        LinkedList linkedList = new LinkedList();
        linkedList.add(roleResource2.toRepresentation());
        this.adminClient.realm("admin-client-test").users().get(representation.getId()).roles().realmLevel().add(linkedList);
        RoleResource roleResource3 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
        roleResource3.getRoleUserMembers();
        Assert.assertEquals(1L, roleResource3.getRoleUserMembers().size());
        this.adminClient.realm("admin-client-test").users().delete(representation.getId());
        roleResource3.getRoleUserMembers();
        Assert.assertEquals(0L, roleResource3.getRoleUserMembers().size());
    }

    @Test
    public void testRoleMembershipWithPagination() {
        RoleResource roleResource = this.resource.get("role-with-users");
        UserRepresentation userRepresentation = new UserRepresentation();
        userRepresentation.setUsername("test-role-member2");
        userRepresentation.setEmail("test-role-member2@test-role-member.com");
        userRepresentation.setRequiredActions(Collections.emptyList());
        userRepresentation.setEnabled(true);
        this.adminClient.realm("admin-client-test").users().create(userRepresentation);
        List search = this.adminClient.realm("admin-client-test").users().search("test-role-member", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
        MatcherAssert.assertThat(search, IsCollectionWithSize.hasSize(2));
        Iterator it = search.iterator();
        while (it.hasNext()) {
            UserRepresentation representation = this.adminClient.realm("admin-client-test").users().get(((UserRepresentation) it.next()).getId()).toRepresentation();
            RoleResource roleResource2 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
            LinkedList linkedList = new LinkedList();
            linkedList.add(roleResource2.toRepresentation());
            this.adminClient.realm("admin-client-test").users().get(representation.getId()).roles().realmLevel().add(linkedList);
        }
        RoleResource roleResource3 = this.adminClient.realm("admin-client-test").roles().get(roleResource.toRepresentation().getName());
        Set roleUserMembers = roleResource3.getRoleUserMembers(0, 1);
        HashSet hashSet = new HashSet();
        MatcherAssert.assertThat(roleUserMembers, IsCollectionWithSize.hasSize(1));
        hashSet.add(((UserRepresentation) roleUserMembers.iterator().next()).getUsername());
        Set roleUserMembers2 = roleResource3.getRoleUserMembers(1, 1);
        MatcherAssert.assertThat(roleUserMembers2, IsCollectionWithSize.hasSize(1));
        hashSet.add(((UserRepresentation) roleUserMembers2.iterator().next()).getUsername());
        MatcherAssert.assertThat(roleResource3.getRoleUserMembers(2, 1), Matchers.is(Matchers.empty()));
        MatcherAssert.assertThat(hashSet, Matchers.containsInAnyOrder(new String[]{"test-role-member", "test-role-member2"}));
    }

    @Test
    public void testSearchForRoles() {
        for (int i = 0; i < 15; i++) {
            String str = "testrole" + i;
            RoleRepresentation makeRole = makeRole(str);
            this.resource.create(makeRole);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(str), makeRole, ResourceType.REALM_ROLE);
        }
        RoleRepresentation makeRole2 = makeRole("abcdefg");
        this.resource.create(makeRole2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("abcdefg"), makeRole2, ResourceType.REALM_ROLE);
        RoleRepresentation makeRole3 = makeRole("defghij");
        this.resource.create(makeRole3);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("defghij"), makeRole3, ResourceType.REALM_ROLE);
        Assert.assertEquals(2L, this.resource.list("defg", -1, -1).size());
        Assert.assertEquals(15L, this.resource.list("testrole", -1, -1).size());
        Assert.assertEquals(5L, this.resource.list("testrole", 1, 5).size());
    }

    @Test
    public void testPaginationRoles() {
        for (int i = 0; i < 15; i++) {
            String str = "role" + i;
            RoleRepresentation makeRole = makeRole(str);
            this.resource.create(makeRole);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(str), makeRole, ResourceType.REALM_ROLE);
        }
        Assert.assertEquals(5L, this.resource.list(1, 5).size());
        Assert.assertEquals(5L, this.resource.list(5, 5).size());
        Assert.assertEquals(5L, this.resource.list(1, 5).size());
        Assert.assertTrue(this.resource.list(1, (Integer) null).size() > 15);
    }

    @Test
    public void testPaginationRolesCache() {
        for (int i = 0; i < 5; i++) {
            String str = "paginaterole" + i;
            RoleRepresentation makeRole = makeRole(str);
            this.resource.create(makeRole);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(str), makeRole, ResourceType.REALM_ROLE);
        }
        List list = this.resource.list(1, 1000);
        RoleRepresentation makeRole2 = makeRole("anewrole");
        this.resource.create(makeRole2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("anewrole"), makeRole2, ResourceType.REALM_ROLE);
        Assert.assertEquals(list.size() + 1, this.resource.list(1, 1000).size());
    }

    @Test
    public void getRolesWithFullRepresentation() {
        for (int i = 0; i < 5; i++) {
            String str = "attributesrole" + i;
            RoleRepresentation makeRole = makeRole(str);
            HashMap hashMap = new HashMap();
            hashMap.put("attribute1", Arrays.asList("value1", "value2"));
            makeRole.setAttributes(hashMap);
            this.resource.create(makeRole);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(str), makeRole, ResourceType.REALM_ROLE);
        }
        Assert.assertTrue(((RoleRepresentation) this.resource.list("attributesrole", false).get(0)).getAttributes().containsKey("attribute1"));
    }

    @Test
    public void getRolesWithBriefRepresentation() {
        for (int i = 0; i < 5; i++) {
            String str = "attributesrolebrief" + i;
            RoleRepresentation makeRole = makeRole(str);
            HashMap hashMap = new HashMap();
            hashMap.put("attribute1", Arrays.asList("value1", "value2"));
            makeRole.setAttributes(hashMap);
            this.resource.create(makeRole);
            this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(str), makeRole, ResourceType.REALM_ROLE);
        }
        Assert.assertNull(((RoleRepresentation) this.resource.list("attributesrolebrief", true).get(0)).getAttributes());
    }

    @Test
    public void testDefaultRoles() {
        RoleResource roleResource = this.adminClient.realm("admin-client-test").roles().get("default-roles-admin-client-test");
        UserRepresentation userRepresentation = (UserRepresentation) this.adminClient.realm("admin-client-test").users().search("test-role-member").get(0);
        UserResource userResource = this.adminClient.realm("admin-client-test").users().get(userRepresentation.getId());
        MatcherAssert.assertThat(convertRolesToNames(userResource.roles().realmLevel().listAll()), Matchers.hasItem("default-roles-admin-client-test"));
        MatcherAssert.assertThat(convertRolesToNames(userResource.roles().realmLevel().listEffective()), Matchers.allOf(Matchers.hasItem("default-roles-admin-client-test"), Matchers.hasItem("offline_access"), Matchers.hasItem("uma_authorization")));
        roleResource.addComposites(Collections.singletonList(this.resource.get("role-a").toRepresentation()));
        UserResource userResource2 = this.adminClient.realm("admin-client-test").users().get(userRepresentation.getId());
        MatcherAssert.assertThat(convertRolesToNames(userResource2.roles().realmLevel().listAll()), Matchers.allOf(Matchers.hasItem("default-roles-admin-client-test"), Matchers.not(Matchers.hasItem("role-a"))));
        MatcherAssert.assertThat(convertRolesToNames(userResource2.roles().realmLevel().listEffective()), Matchers.allOf(Matchers.hasItem("default-roles-admin-client-test"), Matchers.hasItem("offline_access"), Matchers.hasItem("uma_authorization"), Matchers.hasItem("role-a")));
        MatcherAssert.assertThat(userResource2.roles().clientLevel(this.clientUuid).listAll(), Matchers.empty());
        MatcherAssert.assertThat(userResource2.roles().clientLevel(this.clientUuid).listEffective(), Matchers.empty());
        roleResource.addComposites(Collections.singletonList(this.adminClient.realm("admin-client-test").clients().get(this.clientUuid).roles().get("role-c").toRepresentation()));
        UserResource userResource3 = this.adminClient.realm("admin-client-test").users().get(userRepresentation.getId());
        MatcherAssert.assertThat(userResource3.roles().clientLevel(this.clientUuid).listAll(), Matchers.empty());
        MatcherAssert.assertThat(convertRolesToNames(userResource3.roles().clientLevel(this.clientUuid).listEffective()), Matchers.hasItem("role-c"));
    }

    private List<String> convertRolesToNames(List<RoleRepresentation> list) {
        return (List) list.stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toList());
    }
}
