package org.keycloak.testsuite.broker;

import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/testsuite/broker/AbstractRoleMapperTest.class */
public abstract class AbstractRoleMapperTest extends AbstractIdentityProviderMapperTest {
    private static final String CLIENT = "realm-management";
    private static final String CLIENT_ROLE = "view-realm";
    public static final String ROLE_USER = "user";
    public static final String CLIENT_ROLE_MAPPER_REPRESENTATION = "realm-management.view-realm";

    protected abstract void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode);

    protected void updateUser() {
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserRepresentation loginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, boolean z, Map<String, List<String>> map) {
        IdentityProviderRepresentation identityProviderRepresentation = setupIdentityProvider();
        if (!z) {
            createMapperInIdp(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        createUserInProviderRealm(map);
        createUserRoleAndGrantToUserInProviderRealm();
        logInAsUserInIDPForFirstTime();
        UserRepresentation findUser = findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
        if (z) {
            assertThatRoleHasNotBeenAssignedInConsumerRealmTo(findUser);
        } else {
            assertThatRoleHasBeenAssignedInConsumerRealmTo(findUser);
        }
        if (z) {
            createMapperInIdp(identityProviderRepresentation, identityProviderMapperSyncMode);
        }
        logoutFromRealm(BrokerTestTools.getConsumerRoot(), this.bc.consumerRealmName());
        updateUser();
        logInAsUserInIDP();
        return findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
    }

    protected void createUserRoleAndGrantToUserInProviderRealm() {
        this.adminClient.realm(this.bc.providerRealmName()).roles().create(new RoleRepresentation("user", (String) null, false));
        this.adminClient.realm(this.bc.providerRealmName()).users().get(this.userId).roles().realmLevel().add(Collections.singletonList(this.adminClient.realm(this.bc.providerRealmName()).roles().get("user").toRepresentation()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertThatRoleHasBeenAssignedInConsumerRealmTo(UserRepresentation userRepresentation) {
        Assert.assertThat(userRepresentation.getClientRoles().get(CLIENT), Matchers.contains(new String[]{CLIENT_ROLE}));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertThatRoleHasNotBeenAssignedInConsumerRealmTo(UserRepresentation userRepresentation) {
        Assert.assertThat(userRepresentation.getClientRoles().get(CLIENT), Matchers.not(Matchers.contains(new String[]{CLIENT_ROLE})));
    }
}
