package org.keycloak.testsuite.admin.client.authorization;

import java.util.Collections;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.RolePoliciesResource;
import org.keycloak.admin.client.resource.RolePolicyResource;
import org.keycloak.admin.client.resource.RolesResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.RolesBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/client/authorization/RolePolicyManagementTest.class */
public class RolePolicyManagementTest extends AbstractPolicyManagementTest {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.testsuite.admin.client.authorization.AbstractPolicyManagementTest
    public RealmBuilder createTestRealm() {
        return super.createTestRealm().roles(RolesBuilder.create().realmRole(new RoleRepresentation("Role A", "Role A description", false)).realmRole(new RoleRepresentation("Role B", "Role B description", false)).realmRole(new RoleRepresentation("Role C", "Role C description", false)));
    }

    @Test
    public void testCreateRealmRolePolicy() {
        AuthorizationResource authorization = getClient().authorization();
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName("Realm Role Policy");
        rolePolicyRepresentation.setDescription("description");
        rolePolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        rolePolicyRepresentation.setLogic(Logic.NEGATIVE);
        rolePolicyRepresentation.addRole("Role A", false);
        rolePolicyRepresentation.addRole("Role B", true);
        assertCreated(authorization, rolePolicyRepresentation);
    }

    @Test
    public void testCreateClientRolePolicy() {
        ClientResource client = getClient();
        AuthorizationResource authorization = client.authorization();
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName("Realm Client Role Policy");
        rolePolicyRepresentation.setDescription("description");
        rolePolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        rolePolicyRepresentation.setLogic(Logic.NEGATIVE);
        RolesResource roles = client.roles();
        roles.create(new RoleRepresentation("Client Role A", "desc", false));
        ClientRepresentation representation = client.toRepresentation();
        roles.create(new RoleRepresentation("Client Role B", "desc", false));
        rolePolicyRepresentation.addRole("resource-server-test/Client Role A");
        rolePolicyRepresentation.addClientRole(representation.getClientId(), "Client Role B", true);
        assertCreated(authorization, rolePolicyRepresentation);
    }

    @Test
    public void testUpdate() {
        AuthorizationResource authorization = getClient().authorization();
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName("Update Test Role Policy");
        rolePolicyRepresentation.setDescription("description");
        rolePolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        rolePolicyRepresentation.setLogic(Logic.NEGATIVE);
        rolePolicyRepresentation.addRole("Role A", false);
        rolePolicyRepresentation.addRole("Role B", true);
        rolePolicyRepresentation.addRole("Role C", false);
        assertCreated(authorization, rolePolicyRepresentation);
        rolePolicyRepresentation.setName("changed");
        rolePolicyRepresentation.setDescription("changed");
        rolePolicyRepresentation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        rolePolicyRepresentation.setLogic(Logic.POSITIVE);
        rolePolicyRepresentation.setRoles((Set) rolePolicyRepresentation.getRoles().stream().filter(roleDefinition -> {
            return !roleDefinition.getId().equals("Resource A");
        }).collect(Collectors.toSet()));
        RolePolicyResource findById = authorization.policies().role().findById(rolePolicyRepresentation.getId());
        findById.update(rolePolicyRepresentation);
        assertRepresentation(rolePolicyRepresentation, findById);
        for (RolePolicyRepresentation.RoleDefinition roleDefinition2 : rolePolicyRepresentation.getRoles()) {
            if (roleDefinition2.getId().equals("Role B")) {
                roleDefinition2.setRequired(false);
            }
            if (roleDefinition2.getId().equals("Role C")) {
                roleDefinition2.setRequired(true);
            }
        }
        findById.update(rolePolicyRepresentation);
        assertRepresentation(rolePolicyRepresentation, findById);
    }

    @Test
    public void testDelete() {
        AuthorizationResource authorization = getClient().authorization();
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName("Test Delete Permission");
        rolePolicyRepresentation.addRole("Role A", false);
        RolePoliciesResource role = authorization.policies().role();
        Response create = role.create(rolePolicyRepresentation);
        Throwable th = null;
        try {
            RolePolicyRepresentation rolePolicyRepresentation2 = (RolePolicyRepresentation) create.readEntity(RolePolicyRepresentation.class);
            role.findById(rolePolicyRepresentation2.getId()).remove();
            try {
                role.findById(rolePolicyRepresentation2.getId()).toRepresentation();
                Assert.fail("Permission not removed");
            } catch (NotFoundException e) {
            }
            if (create != null) {
                if (0 == 0) {
                    create.close();
                    return;
                }
                try {
                    create.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testGenericConfig() {
        AuthorizationResource authorization = getClient().authorization();
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName("Test Generic Config  Permission");
        rolePolicyRepresentation.addRole("Role A", false);
        Response create = authorization.policies().role().create(rolePolicyRepresentation);
        Throwable th = null;
        try {
            try {
                PolicyRepresentation representation = authorization.policies().policy(((RolePolicyRepresentation) create.readEntity(RolePolicyRepresentation.class)).getId()).toRepresentation();
                Assert.assertNotNull(representation.getConfig());
                Assert.assertNotNull(representation.getConfig().get("roles"));
                Assert.assertTrue(((String) representation.getConfig().get("roles")).contains(getRealm().roles().get("Role A").toRepresentation().getId()));
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    private void assertCreated(AuthorizationResource authorizationResource, RolePolicyRepresentation rolePolicyRepresentation) {
        RolePoliciesResource role = authorizationResource.policies().role();
        Response create = role.create(rolePolicyRepresentation);
        Throwable th = null;
        try {
            try {
                assertRepresentation(rolePolicyRepresentation, role.findById(((RolePolicyRepresentation) create.readEntity(RolePolicyRepresentation.class)).getId()));
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    private void assertRepresentation(RolePolicyRepresentation rolePolicyRepresentation, RolePolicyResource rolePolicyResource) {
        RolePolicyRepresentation representation = rolePolicyResource.toRepresentation();
        assertRepresentation(rolePolicyRepresentation, representation, () -> {
            return rolePolicyResource.resources();
        }, () -> {
            return Collections.emptyList();
        }, () -> {
            return rolePolicyResource.associatedPolicies();
        });
        Assert.assertEquals(rolePolicyRepresentation.getRoles().size(), representation.getRoles().size());
        ClientRepresentation representation2 = getClient().toRepresentation();
        Assert.assertEquals(0L, representation.getRoles().stream().filter(roleDefinition -> {
            return !rolePolicyRepresentation.getRoles().stream().filter(roleDefinition -> {
                return (getRoleName(roleDefinition.getId()).equals(roleDefinition.getId()) || new StringBuilder().append(representation2.getClientId()).append("/").append(getRoleName(roleDefinition.getId())).toString().equals(roleDefinition.getId())) && roleDefinition.isRequired() == roleDefinition.isRequired();
            }).findFirst().isPresent();
        }).count());
    }

    private String getRoleName(String str) {
        return getRealm().rolesById().getRole(str).getName();
    }
}
