package org.keycloak.testsuite.account;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.UserResource;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.Profile;
import org.keycloak.common.enums.AccountRestApiVersion;
import org.keycloak.common.util.ObjectUtil;
import org.keycloak.credential.CredentialTypeMetadata;
import org.keycloak.models.AuthenticationExecutionModel;
import org.keycloak.models.UserModel;
import org.keycloak.representations.account.ClientRepresentation;
import org.keycloak.representations.account.ConsentRepresentation;
import org.keycloak.representations.account.ConsentScopeRepresentation;
import org.keycloak.representations.account.SessionRepresentation;
import org.keycloak.representations.account.UserProfileAttributeMetadata;
import org.keycloak.representations.account.UserRepresentation;
import org.keycloak.representations.idm.AuthenticationExecutionInfoRepresentation;
import org.keycloak.representations.idm.AuthenticationExecutionRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.CredentialRepresentation;
import org.keycloak.representations.idm.ErrorRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderRepresentation;
import org.keycloak.representations.idm.RequiredActionProviderSimpleRepresentation;
import org.keycloak.services.resources.account.AccountCredentialResource;
import org.keycloak.services.util.ResolveRelative;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.admin.authentication.AbstractAuthenticationTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.oauth.OAuthGrantTest;
import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
@EnableFeature(value = Profile.Feature.WEB_AUTHN, skipRestart = true, onlyForProduct = true)
/* loaded from: input_file:org/keycloak/testsuite/account/AccountRestServiceTest.class */
public class AccountRestServiceTest extends AbstractRestServiceTest {
    @Test
    public void testGetUserProfileMetadata_EditUsernameAllowed() throws IOException {
        UserRepresentation user = getUser();
        Assert.assertNotNull(user.getUserProfileMetadata());
        assertUserProfileAttributeMetadata(user, "username", "${username}", true, false);
        assertUserProfileAttributeMetadata(user, "email", "${email}", true, false);
        assertUserProfileAttributeMetadata(user, "firstName", "${firstName}", true, false);
        assertUserProfileAttributeMetadata(user, "lastName", "${lastName}", true, false);
    }

    @Test
    public void testGetUserProfileMetadata_EditUsernameDisallowed() throws IOException {
        try {
            RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
            representation.setEditUsernameAllowed(false);
            this.adminClient.realm("test").update(representation);
            UserRepresentation user = getUser();
            Assert.assertNotNull(user.getUserProfileMetadata());
            Assert.assertEquals(0L, assertUserProfileAttributeMetadata(user, "username", "${username}", true, true).getValidators().size());
            UserProfileAttributeMetadata assertUserProfileAttributeMetadata = assertUserProfileAttributeMetadata(user, "email", "${email}", true, false);
            Assert.assertEquals(1L, assertUserProfileAttributeMetadata.getValidators().size());
            Assert.assertTrue(assertUserProfileAttributeMetadata.getValidators().containsKey("email"));
            assertUserProfileAttributeMetadata(user, "firstName", "${firstName}", true, false);
            assertUserProfileAttributeMetadata(user, "lastName", "${lastName}", true, false);
            RealmRepresentation representation2 = testRealm().toRepresentation();
            representation2.setEditUsernameAllowed(true);
            testRealm().update(representation2);
        } catch (Throwable th) {
            RealmRepresentation representation3 = testRealm().toRepresentation();
            representation3.setEditUsernameAllowed(true);
            testRealm().update(representation3);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserProfileAttributeMetadata getUserProfileAttributeMetadata(UserRepresentation userRepresentation, String str) {
        if (userRepresentation.getUserProfileMetadata() == null) {
            return null;
        }
        for (UserProfileAttributeMetadata userProfileAttributeMetadata : userRepresentation.getUserProfileMetadata().getAttributes()) {
            if (str.equals(userProfileAttributeMetadata.getName())) {
                return userProfileAttributeMetadata;
            }
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserProfileAttributeMetadata assertUserProfileAttributeMetadata(UserRepresentation userRepresentation, String str, String str2, boolean z, boolean z2) {
        UserProfileAttributeMetadata userProfileAttributeMetadata = getUserProfileAttributeMetadata(userRepresentation, str);
        Assert.assertNotNull(userProfileAttributeMetadata);
        Assert.assertEquals("Unexpected display name for attribute " + userProfileAttributeMetadata.getName(), str2, userProfileAttributeMetadata.getDisplayName());
        Assert.assertEquals("Unexpected required flag for attribute " + userProfileAttributeMetadata.getName(), Boolean.valueOf(z), Boolean.valueOf(userProfileAttributeMetadata.isRequired()));
        Assert.assertEquals("Unexpected readonly flag for attribute " + userProfileAttributeMetadata.getName(), Boolean.valueOf(z2), Boolean.valueOf(userProfileAttributeMetadata.isReadOnly()));
        return userProfileAttributeMetadata;
    }

    @Test
    public void testGetProfile() throws IOException {
        UserRepresentation user = getUser();
        Assert.assertEquals("Tom", user.getFirstName());
        Assert.assertEquals("Brady", user.getLastName());
        Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, user.getEmail());
        Assert.assertFalse(user.isEmailVerified());
        Assert.assertTrue(user.getAttributes().isEmpty());
    }

    @Test
    public void testUpdateSingleField() throws IOException {
        UserRepresentation user = getUser();
        String username = user.getUsername();
        String firstName = user.getFirstName();
        String lastName = user.getLastName();
        String email = user.getEmail();
        HashMap hashMap = new HashMap(user.getAttributes());
        try {
            RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
            representation.setRegistrationEmailAsUsername(false);
            this.adminClient.realm("test").update(representation);
            user.setFirstName((String) null);
            user.setLastName("Bob");
            user.setEmail((String) null);
            user.getAttributes().clear();
            user = updateAndGet(user);
            Assert.assertEquals(user.getLastName(), "Bob");
            Assert.assertNull(user.getFirstName());
            Assert.assertNull(user.getEmail());
            RealmRepresentation representation2 = this.adminClient.realm("test").toRepresentation();
            representation2.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation2);
            user.setUsername(username);
            user.setFirstName(firstName);
            user.setLastName(lastName);
            user.setEmail(email);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
        } catch (Throwable th) {
            RealmRepresentation representation3 = this.adminClient.realm("test").toRepresentation();
            representation3.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation3);
            user.setUsername(username);
            user.setFirstName(firstName);
            user.setLastName(lastName);
            user.setEmail(email);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
            throw th;
        }
    }

    @Test
    public void testUpdateProfileEmailChangeSetsEmailVerified() throws IOException {
        UserRepresentation user = getUser();
        String email = user.getEmail();
        try {
            RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
            representation.setRegistrationEmailAsUsername(false);
            this.adminClient.realm("test").update(representation);
            UserResource userResource = this.adminClient.realm("test").users().get(user.getId());
            org.keycloak.representations.idm.UserRepresentation representation2 = userResource.toRepresentation();
            representation2.setEmailVerified(true);
            userResource.update(representation2);
            UserRepresentation user2 = getUser();
            Assert.assertEquals(true, Boolean.valueOf(user2.isEmailVerified()));
            user2.setEmail(email);
            UserRepresentation updateAndGet = updateAndGet(user2);
            Assert.assertEquals(email, updateAndGet.getEmail());
            Assert.assertEquals(true, Boolean.valueOf(updateAndGet.isEmailVerified()));
            updateAndGet.setEmail("bobby@localhost");
            user = updateAndGet(updateAndGet);
            Assert.assertEquals("bobby@localhost", user.getEmail());
            Assert.assertEquals(false, Boolean.valueOf(user.isEmailVerified()));
            RealmRepresentation representation3 = this.adminClient.realm("test").toRepresentation();
            representation3.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation3);
            user.setEmail(email);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
        } catch (Throwable th) {
            RealmRepresentation representation4 = this.adminClient.realm("test").toRepresentation();
            representation4.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation4);
            user.setEmail(email);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
            throw th;
        }
    }

    @Test
    public void testUpdateProfile() throws IOException {
        UserRepresentation user = getUser();
        String username = user.getUsername();
        String firstName = user.getFirstName();
        String lastName = user.getLastName();
        String email = user.getEmail();
        HashMap hashMap = new HashMap(user.getAttributes());
        try {
            RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
            representation.setRegistrationEmailAsUsername(false);
            this.adminClient.realm("test").update(representation);
            user.setFirstName("Homer");
            user.setLastName("Simpsons");
            user.getAttributes().put("attr1", Collections.singletonList("val1"));
            user.getAttributes().put("attr2", Collections.singletonList("val2"));
            UserRepresentation updateAndGet = updateAndGet(user);
            Assert.assertEquals("Homer", updateAndGet.getFirstName());
            Assert.assertEquals("Simpsons", updateAndGet.getLastName());
            Assert.assertEquals(2L, updateAndGet.getAttributes().size());
            Assert.assertEquals(1L, ((List) updateAndGet.getAttributes().get("attr1")).size());
            Assert.assertEquals("val1", ((List) updateAndGet.getAttributes().get("attr1")).get(0));
            Assert.assertEquals(1L, ((List) updateAndGet.getAttributes().get("attr2")).size());
            Assert.assertEquals("val2", ((List) updateAndGet.getAttributes().get("attr2")).get(0));
            updateAndGet.getAttributes().remove("attr1");
            ((List) updateAndGet.getAttributes().get("attr2")).add("val3");
            UserRepresentation updateAndGet2 = updateAndGet(updateAndGet);
            if (isDeclarativeUserProfile()) {
                Assert.assertEquals(2L, updateAndGet2.getAttributes().size());
                Assert.assertTrue(((List) updateAndGet2.getAttributes().get("attr1")).isEmpty());
            } else {
                Assert.assertEquals(1L, updateAndGet2.getAttributes().size());
            }
            Assert.assertEquals(2L, ((List) updateAndGet2.getAttributes().get("attr2")).size());
            Assert.assertThat(updateAndGet2.getAttributes().get("attr2"), Matchers.containsInAnyOrder(new String[]{"val2", "val3"}));
            updateAndGet2.setEmail("bobby@localhost");
            UserRepresentation updateAndGet3 = updateAndGet(updateAndGet2);
            Assert.assertEquals("bobby@localhost", updateAndGet3.getEmail());
            updateAndGet3.setEmail("john-doh@localhost");
            updateError(updateAndGet3, 409, "emailExistsMessage");
            updateAndGet3.setEmail(AssertEvents.DEFAULT_USERNAME);
            UserRepresentation updateAndGet4 = updateAndGet(updateAndGet3);
            Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, updateAndGet4.getEmail());
            updateAndGet4.setUsername("john-doh@localhost");
            updateError(updateAndGet4, 409, "usernameExistsMessage");
            updateAndGet4.setUsername(AssertEvents.DEFAULT_USERNAME);
            UserRepresentation updateAndGet5 = updateAndGet(updateAndGet4);
            Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, updateAndGet5.getUsername());
            representation.setRegistrationEmailAsUsername(true);
            this.adminClient.realm("test").update(representation);
            updateAndGet5.setUsername("updatedUsername");
            UserRepresentation updateAndGet6 = updateAndGet(updateAndGet5);
            Assert.assertEquals(AssertEvents.DEFAULT_USERNAME, updateAndGet6.getUsername());
            representation.setRegistrationEmailAsUsername(false);
            this.adminClient.realm("test").update(representation);
            updateAndGet6.setUsername("updatedUsername");
            user = updateAndGet(updateAndGet6);
            Assert.assertEquals("updatedusername", user.getUsername());
            representation.setEditUsernameAllowed(false);
            representation.setRegistrationEmailAsUsername(false);
            this.adminClient.realm("test").update(representation);
            user.setUsername("updatedUsername2");
            updateError(user, 400, "readOnlyUsernameMessage");
            RealmRepresentation representation2 = this.adminClient.realm("test").toRepresentation();
            representation2.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation2);
            user.setUsername(username);
            user.setFirstName(firstName);
            user.setLastName(lastName);
            user.setEmail(email);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
        } catch (Throwable th) {
            RealmRepresentation representation3 = this.adminClient.realm("test").toRepresentation();
            representation3.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation3);
            user.setUsername(username);
            user.setFirstName(firstName);
            user.setLastName(lastName);
            user.setEmail(email);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
            throw th;
        }
    }

    @Test
    public void testUpdateProfileCannotChangeThroughAttributes() throws IOException {
        UserRepresentation user = getUser();
        String username = user.getUsername();
        HashMap hashMap = new HashMap(user.getAttributes());
        try {
            user.getAttributes().put("username", Collections.singletonList("Username"));
            user.getAttributes().put("attr2", Collections.singletonList("val2"));
            user = updateAndGet(user);
            Assert.assertEquals(user.getUsername(), username);
            RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
            representation.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation);
            user.setUsername(username);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
        } catch (Throwable th) {
            RealmRepresentation representation2 = this.adminClient.realm("test").toRepresentation();
            representation2.setEditUsernameAllowed(true);
            this.adminClient.realm("test").update(representation2);
            user.setUsername(username);
            user.setAttributes(hashMap);
            System.out.println(SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asResponse().asString());
            Assert.assertEquals(204L, r0.getStatus());
            throw th;
        }
    }

    @Test
    public void testUpdateProfileWithRegistrationEmailAsUsername() throws IOException {
        RealmRepresentation representation = this.adminClient.realm("test").toRepresentation();
        representation.setRegistrationEmailAsUsername(true);
        this.adminClient.realm("test").update(representation);
        UserRepresentation user = getUser();
        String firstName = user.getFirstName();
        try {
            user.setFirstName("Homer1");
            user = updateAndGet(user);
            Assert.assertEquals("Homer1", user.getFirstName());
            user.setFirstName(firstName);
            Assert.assertEquals(204L, SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asStatus());
        } catch (Throwable th) {
            user.setFirstName(firstName);
            Assert.assertEquals(204L, SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(user).asStatus());
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public UserRepresentation getUser() throws IOException {
        SimpleHttp auth = SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken());
        try {
            return (UserRepresentation) auth.asJson(UserRepresentation.class);
        } catch (IOException e) {
            System.err.println("Error during user reading: " + auth.asString());
            throw e;
        }
    }

    protected UserRepresentation updateAndGet(UserRepresentation userRepresentation) throws IOException {
        SimpleHttp json = SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(userRepresentation);
        try {
            Assert.assertEquals(204L, json.asStatus());
            return getUser();
        } catch (AssertionError e) {
            System.err.println("Error during user update: " + json.asString());
            throw e;
        }
    }

    protected void updateError(UserRepresentation userRepresentation, int i, String str) throws IOException {
        SimpleHttp.Response asResponse = SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(this.tokenUtil.getToken()).json(userRepresentation).asResponse();
        Assert.assertEquals(i, asResponse.getStatus());
        Assert.assertEquals(str, ((ErrorRepresentation) asResponse.asJson(ErrorRepresentation.class)).getErrorMessage());
    }

    @Test
    public void testProfilePermissions() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("no-account-access", "password");
        TokenUtil tokenUtil2 = new TokenUtil("view-account-access", "password");
        Assert.assertEquals(403L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(tokenUtil.getToken()).json(new UserRepresentation()).asStatus());
        Assert.assertEquals(403L, SimpleHttp.doPost(getAccountUrl(null), this.httpClient).auth(tokenUtil2.getToken()).json(new UserRepresentation()).asStatus());
    }

    @Test
    public void testUpdateProfilePermissions() throws IOException {
        Assert.assertEquals(403L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("no-account-access", "password").getToken()).asStatus());
        Assert.assertEquals(200L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-account-access", "password").getToken()).asStatus());
    }

    @Test
    public void testCredentialsGet() throws IOException {
        configureBrowserFlowWithWebAuthnAuthenticator("browser-webauthn");
        RequiredActionProviderSimpleRepresentation requiredActionProviderSimpleRepresentation = new RequiredActionProviderSimpleRepresentation();
        requiredActionProviderSimpleRepresentation.setId("12345");
        requiredActionProviderSimpleRepresentation.setName("webauthn-register");
        requiredActionProviderSimpleRepresentation.setProviderId("webauthn-register");
        testRealm().flows().registerRequiredAction(requiredActionProviderSimpleRepresentation);
        RequiredActionProviderSimpleRepresentation requiredActionProviderSimpleRepresentation2 = new RequiredActionProviderSimpleRepresentation();
        requiredActionProviderSimpleRepresentation2.setId("6789");
        requiredActionProviderSimpleRepresentation2.setName("webauthn-register-passwordless");
        requiredActionProviderSimpleRepresentation2.setProviderId("webauthn-register-passwordless");
        testRealm().flows().registerRequiredAction(requiredActionProviderSimpleRepresentation2);
        List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
        Assert.assertEquals(4L, credentials.size());
        AccountCredentialResource.CredentialContainer credentialContainer = credentials.get(0);
        assertCredentialContainerExpected(credentialContainer, "password", CredentialTypeMetadata.Category.BASIC_AUTHENTICATION.toString(), "password-display-name", "password-help-text", "kcAuthenticatorPasswordClass", null, UserModel.RequiredAction.UPDATE_PASSWORD.toString(), false, 1);
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) credentialContainer.getUserCredentials().get(0);
        Assert.assertNull(credentialRepresentation.getSecretData());
        Assert.assertNotNull(credentialRepresentation.getCredentialData());
        assertCredentialContainerExpected(credentials.get(1), "otp", CredentialTypeMetadata.Category.TWO_FACTOR.toString(), "otp-display-name", "otp-help-text", "kcAuthenticatorOTPClass", UserModel.RequiredAction.CONFIGURE_TOTP.toString(), null, true, 0);
        assertCredentialContainerExpected(credentials.get(2), "webauthn", CredentialTypeMetadata.Category.TWO_FACTOR.toString(), "webauthn-display-name", "webauthn-help-text", "kcAuthenticatorWebAuthnClass", "webauthn-register", null, true, 0);
        assertCredentialContainerExpected(credentials.get(3), "webauthn-passwordless", CredentialTypeMetadata.Category.PASSWORDLESS.toString(), "webauthn-passwordless-display-name", "webauthn-passwordless-help-text", "kcAuthenticatorWebAuthnPasswordlessClass", "webauthn-register-passwordless", null, true, 0);
        setRequiredActionEnabledStatus("webauthn-register-passwordless", false);
        assertExpectedCredentialTypes(getCredentials(), "password", "otp", "webauthn");
        removeWebAuthnFlow("browser-webauthn");
        assertExpectedCredentialTypes(getCredentials(), "password", "otp");
        List list = (List) SimpleHttp.doGet(getAccountUrl("credentials?type=password"), this.httpClient).auth(this.tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.1
        });
        Assert.assertEquals(1L, list.size());
        Assert.assertEquals("password", ((AccountCredentialResource.CredentialContainer) list.get(0)).getType());
        Assert.assertEquals(1L, r0.getUserCredentials().size());
        List list2 = (List) SimpleHttp.doGet(getAccountUrl("credentials?type=password&user-credentials=false"), this.httpClient).auth(this.tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.2
        });
        Assert.assertEquals(1L, list2.size());
        AccountCredentialResource.CredentialContainer credentialContainer2 = (AccountCredentialResource.CredentialContainer) list2.get(0);
        Assert.assertEquals("password", credentialContainer2.getType());
        Assert.assertNull(credentialContainer2.getUserCredentials());
    }

    @Test
    public void testCRUDCredentialOfDifferentUser() throws IOException {
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), "user-with-one-configured-otp");
        CredentialRepresentation credentialRepresentation = (CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation2 -> {
            return "otp".equals(credentialRepresentation2.getType());
        }).findFirst().get();
        Assert.assertEquals(404L, SimpleHttp.doPut(getAccountUrl("credentials/" + credentialRepresentation.getId() + "/label"), this.httpClient).auth(this.tokenUtil.getToken()).json("new-label").asResponse().getStatus());
        Assert.assertEquals(404L, SimpleHttp.doDelete(getAccountUrl("credentials/" + credentialRepresentation.getId()), this.httpClient).acceptJson().auth(this.tokenUtil.getToken()).asResponse().getStatus());
        Assert.assertTrue(ObjectUtil.isEqualOrBothNull(credentialRepresentation.getUserLabel(), ((CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation3 -> {
            return "otp".equals(credentialRepresentation3.getType());
        }).findFirst().get()).getUserLabel()));
    }

    private List<AccountCredentialResource.CredentialContainer> getCredentials() throws IOException {
        return (List) SimpleHttp.doGet(getAccountUrl("credentials"), this.httpClient).auth(this.tokenUtil.getToken()).asJson(new TypeReference<List<AccountCredentialResource.CredentialContainer>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.3
        });
    }

    @Test
    public void testCredentialsGetDisabledOtp() throws IOException {
        AuthenticationExecutionModel.Requirement executionRequirement = setExecutionRequirement("browser", "Browser - Conditional OTP", AuthenticationExecutionModel.Requirement.DISABLED);
        AuthenticationExecutionModel.Requirement executionRequirement2 = setExecutionRequirement("first broker login", "OTP Form", AuthenticationExecutionModel.Requirement.DISABLED);
        AuthenticationExecutionModel.Requirement executionRequirement3 = setExecutionRequirement("direct grant", "Direct Grant - Conditional OTP", AuthenticationExecutionModel.Requirement.DISABLED);
        try {
            List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
            Assert.assertEquals(1L, credentials.size());
            Assert.assertEquals("password", credentials.get(0).getType());
            setExecutionRequirement("browser", "Browser - Conditional OTP", executionRequirement);
            List<AccountCredentialResource.CredentialContainer> credentials2 = getCredentials();
            Assert.assertEquals(2L, credentials2.size());
            Assert.assertEquals("otp", credentials2.get(1).getType());
            setExecutionRequirement("browser", "Browser - Conditional OTP", AuthenticationExecutionModel.Requirement.DISABLED);
            setExecutionRequirement("first broker login", "OTP Form", executionRequirement2);
            List<AccountCredentialResource.CredentialContainer> credentials3 = getCredentials();
            Assert.assertEquals(2L, credentials3.size());
            Assert.assertEquals("otp", credentials3.get(1).getType());
            setExecutionRequirement("browser", "Browser - Conditional OTP", executionRequirement);
            setExecutionRequirement("direct grant", "Direct Grant - Conditional OTP", executionRequirement3);
        } catch (Throwable th) {
            setExecutionRequirement("browser", "Browser - Conditional OTP", executionRequirement);
            setExecutionRequirement("direct grant", "Direct Grant - Conditional OTP", executionRequirement3);
            throw th;
        }
    }

    @Test
    public void testCredentialsGetWithDisabledOtpRequiredAction() throws IOException {
        assertExpectedCredentialTypes(getCredentials(), "password", "otp");
        setRequiredActionEnabledStatus(UserModel.RequiredAction.CONFIGURE_TOTP.name(), false);
        assertExpectedCredentialTypes(getCredentials(), "password");
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), AssertEvents.DEFAULT_USERNAME);
        findUserByUsernameId.update(UserBuilder.edit(findUserByUsernameId.toRepresentation()).totpSecret("abcdefabcdef").build());
        List<AccountCredentialResource.CredentialContainer> credentials = getCredentials();
        assertExpectedCredentialTypes(credentials, "password", "otp");
        AccountCredentialResource.CredentialContainer credentialContainer = credentials.get(1);
        Assert.assertNull(credentialContainer.getCreateAction());
        Assert.assertNull(credentialContainer.getUpdateAction());
        setRequiredActionEnabledStatus(UserModel.RequiredAction.CONFIGURE_TOTP.name(), true);
        findUserByUsernameId.removeCredential(((CredentialRepresentation) findUserByUsernameId.credentials().stream().filter(credentialRepresentation -> {
            return "otp".equals(credentialRepresentation.getType());
        }).findFirst().get()).getId());
    }

    private void setRequiredActionEnabledStatus(String str, boolean z) {
        RequiredActionProviderRepresentation requiredAction = testRealm().flows().getRequiredAction(str);
        requiredAction.setEnabled(z);
        testRealm().flows().updateRequiredAction(str, requiredAction);
    }

    private void assertExpectedCredentialTypes(List<AccountCredentialResource.CredentialContainer> list, String... strArr) {
        Assert.assertEquals(list.size(), strArr.length);
        int i = 0;
        Iterator<AccountCredentialResource.CredentialContainer> it = list.iterator();
        while (it.hasNext()) {
            Assert.assertEquals(it.next().getType(), strArr[i]);
            i++;
        }
    }

    @Test
    public void testCredentialsForUserWithoutPassword() throws IOException {
        getCredentials();
        UserResource findUserByUsernameId = ApiUtil.findUserByUsernameId(testRealm(), AssertEvents.DEFAULT_USERNAME);
        for (CredentialRepresentation credentialRepresentation : findUserByUsernameId.credentials()) {
            if ("password".equals(credentialRepresentation.getType())) {
                findUserByUsernameId.removeCredential(credentialRepresentation.getId());
            }
        }
        assertCredentialContainerExpected(getCredentials().get(0), "password", CredentialTypeMetadata.Category.BASIC_AUTHENTICATION.toString(), "password-display-name", "password-help-text", "kcAuthenticatorPasswordClass", UserModel.RequiredAction.UPDATE_PASSWORD.toString(), null, false, 0);
        ApiUtil.resetUserPassword(findUserByUsernameId, "password", false);
    }

    private AuthenticationExecutionModel.Requirement setExecutionRequirement(String str, String str2, AuthenticationExecutionModel.Requirement requirement) {
        for (AuthenticationExecutionInfoRepresentation authenticationExecutionInfoRepresentation : testRealm().flows().getExecutions(str)) {
            if (str2.equals(authenticationExecutionInfoRepresentation.getDisplayName())) {
                AuthenticationExecutionModel.Requirement valueOf = AuthenticationExecutionModel.Requirement.valueOf(authenticationExecutionInfoRepresentation.getRequirement());
                authenticationExecutionInfoRepresentation.setRequirement(requirement.toString());
                testRealm().flows().updateExecutions(str, authenticationExecutionInfoRepresentation);
                return valueOf;
            }
        }
        throw new IllegalStateException("Not found execution '" + str2 + "' in flow '" + str + "'.");
    }

    private void configureBrowserFlowWithWebAuthnAuthenticator(String str) {
        HashMap hashMap = new HashMap();
        hashMap.put("newName", str);
        testRealm().flows().copy("browser", hashMap).close();
        String id = AbstractAuthenticationTest.findFlowByAlias(str, testRealm().flows().getFlows()).getId();
        AuthenticationExecutionRepresentation authenticationExecutionRepresentation = new AuthenticationExecutionRepresentation();
        authenticationExecutionRepresentation.setParentFlow(id);
        authenticationExecutionRepresentation.setAuthenticator("webauthn-authenticator");
        authenticationExecutionRepresentation.setRequirement(AuthenticationExecutionModel.Requirement.REQUIRED.toString());
        testRealm().flows().addExecution(authenticationExecutionRepresentation).close();
        AuthenticationExecutionRepresentation authenticationExecutionRepresentation2 = new AuthenticationExecutionRepresentation();
        authenticationExecutionRepresentation2.setParentFlow(id);
        authenticationExecutionRepresentation2.setAuthenticator("webauthn-authenticator-passwordless");
        authenticationExecutionRepresentation2.setRequirement(AuthenticationExecutionModel.Requirement.ALTERNATIVE.toString());
        testRealm().flows().addExecution(authenticationExecutionRepresentation2).close();
    }

    private void removeWebAuthnFlow(String str) {
        testRealm().flows().deleteFlow(AbstractAuthenticationTest.findFlowByAlias(str, testRealm().flows().getFlows()).getId());
    }

    private void assertCredentialContainerExpected(AccountCredentialResource.CredentialContainer credentialContainer, String str, String str2, String str3, String str4, String str5, String str6, String str7, boolean z, int i) {
        Assert.assertEquals(str, credentialContainer.getType());
        Assert.assertEquals(str2, credentialContainer.getCategory());
        Assert.assertEquals(str3, credentialContainer.getDisplayName());
        Assert.assertEquals(str4, credentialContainer.getHelptext());
        Assert.assertEquals(str5, credentialContainer.getIconCssClass());
        Assert.assertEquals(str6, credentialContainer.getCreateAction());
        Assert.assertEquals(str7, credentialContainer.getUpdateAction());
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(credentialContainer.isRemoveable()));
        Assert.assertEquals(i, credentialContainer.getUserCredentials().size());
    }

    public void testDeleteSessions() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("view-account-access", "password");
        this.oauth.doLogin("view-account-access", "password");
        Assert.assertEquals(2L, ((List) SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).auth(tokenUtil.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.4
        })).size());
        Assert.assertEquals(200L, SimpleHttp.doDelete(getAccountUrl("sessions?current=false"), this.httpClient).acceptJson().auth(tokenUtil.getToken()).asStatus());
        Assert.assertEquals(1L, ((List) SimpleHttp.doGet(getAccountUrl("sessions"), this.httpClient).auth(tokenUtil.getToken()).asJson(new TypeReference<List<SessionRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.5
        })).size());
    }

    @Test
    public void listApplications() throws Exception {
        this.oauth.clientId("in-use-client");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password").getErrorDescription());
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-applications-access", "password").getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.6
        });
        Assert.assertFalse(list.isEmpty());
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"in-use-client", "always-display-client", "direct-grant"}));
        assertClientRep((ClientRepresentation) map.get("in-use-client"), "In Use Client", null, false, true, false, null, this.inUseClientAppUri);
        assertClientRep((ClientRepresentation) map.get("always-display-client"), "Always Display Client", null, false, false, false, null, this.alwaysDisplayClientAppUri);
        assertClientRep((ClientRepresentation) map.get("direct-grant"), null, null, false, true, false, null, null);
    }

    @Test
    public void listApplicationsFiltered() throws Exception {
        this.oauth.clientId("in-use-client");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password").getErrorDescription());
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").param("name", "In Use").auth(new TokenUtil("view-applications-access", "password").getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.7
        });
        Assert.assertFalse(list.isEmpty());
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"in-use-client"}));
        assertClientRep((ClientRepresentation) map.get("in-use-client"), "In Use Client", null, false, true, false, null, this.inUseClientAppUri);
    }

    @Test
    public void listApplicationsOfflineAccess() throws Exception {
        this.oauth.scope("offline_access");
        this.oauth.clientId("offline-client");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password").getErrorDescription());
        this.oauth.clientId("offline-client-without-base-url");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password").getErrorDescription());
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-applications-access", "password").getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.8
        });
        Assert.assertFalse(list.isEmpty());
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"offline-client", "offline-client-without-base-url", "always-display-client", "direct-grant"}));
        assertClientRep((ClientRepresentation) map.get("offline-client"), "Offline Client", null, false, true, true, null, this.offlineClientAppUri);
        assertClientRep((ClientRepresentation) map.get("offline-client-without-base-url"), "Offline Client Without Base URL", null, false, true, true, null, null);
    }

    @Test
    public void listApplicationsThirdParty() throws Exception {
        TokenUtil tokenUtil = new TokenUtil("view-applications-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        SimpleHttp.doPost(getAccountUrl("applications/" + OAuthGrantTest.THIRD_PARTY_APP + "/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.9
        });
        Assert.assertFalse(list.isEmpty());
        SimpleHttp.doDelete(getAccountUrl("applications/" + OAuthGrantTest.THIRD_PARTY_APP + "/consent"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asResponse();
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{OAuthGrantTest.THIRD_PARTY_APP, "always-display-client", "direct-grant"}));
        ClientRepresentation clientRepresentation3 = (ClientRepresentation) map.get(OAuthGrantTest.THIRD_PARTY_APP);
        assertClientRep(clientRepresentation3, null, "A third party application", true, false, false, null, "http://localhost:8180/auth/realms/master/app/auth");
        Assert.assertFalse(clientRepresentation3.getConsent().getGrantedScopes().isEmpty());
        ConsentScopeRepresentation consentScopeRepresentation2 = (ConsentScopeRepresentation) clientRepresentation3.getConsent().getGrantedScopes().get(0);
        Assert.assertEquals(clientScopeRepresentation.getId(), consentScopeRepresentation2.getId());
        Assert.assertEquals(clientScopeRepresentation.getName(), consentScopeRepresentation2.getName());
    }

    @Test
    public void listApplicationsWithRootUrl() throws Exception {
        this.oauth.clientId(AccountFormServiceTest.ROOT_URL_CLIENT);
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("password", "view-applications-access", "password").getErrorDescription());
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-applications-access", "password").getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.10
        });
        Assert.assertFalse(list.isEmpty());
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{AccountFormServiceTest.ROOT_URL_CLIENT, "always-display-client", "direct-grant"}));
        assertClientRep((ClientRepresentation) map.get(AccountFormServiceTest.ROOT_URL_CLIENT), null, null, false, true, false, "http://localhost:8180/foo/bar", "/baz");
    }

    private void assertClientRep(ClientRepresentation clientRepresentation, String str, String str2, boolean z, boolean z2, boolean z3, String str3, String str4) {
        Assert.assertNotNull(clientRepresentation);
        Assert.assertEquals(str, clientRepresentation.getClientName());
        Assert.assertEquals(str2, clientRepresentation.getDescription());
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(clientRepresentation.isUserConsentRequired()));
        Assert.assertEquals(Boolean.valueOf(z2), Boolean.valueOf(clientRepresentation.isInUse()));
        Assert.assertEquals(Boolean.valueOf(z3), Boolean.valueOf(clientRepresentation.isOfflineAccess()));
        Assert.assertEquals(str3, clientRepresentation.getRootUrl());
        Assert.assertEquals(str4, clientRepresentation.getBaseUrl());
        Assert.assertEquals(ResolveRelative.resolveRelativeUri((String) null, (String) null, str3, str4), clientRepresentation.getEffectiveUrl());
    }

    @Test
    public void listApplicationsWithoutPermission() throws IOException {
        Assert.assertEquals(403L, SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("no-account-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void getNotExistingApplication() throws IOException {
        Assert.assertEquals(404L, SimpleHttp.doGet(getAccountUrl("applications/not-existing"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-applications-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void createConsentForClient() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
    }

    @Test
    public void updateConsentForClient() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
        ClientScopeRepresentation clientScopeRepresentation2 = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(1);
        ConsentScopeRepresentation consentScopeRepresentation2 = new ConsentScopeRepresentation();
        consentScopeRepresentation2.setId(clientScopeRepresentation2.getId());
        ConsentRepresentation consentRepresentation3 = new ConsentRepresentation();
        consentRepresentation3.setGrantedScopes(Collections.singletonList(consentScopeRepresentation2));
        ConsentRepresentation consentRepresentation4 = (ConsentRepresentation) SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation3).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation4.getCreatedDate().longValue() > 0);
        Assert.assertEquals(consentRepresentation2.getCreatedDate(), consentRepresentation4.getCreatedDate());
        Assert.assertTrue(consentRepresentation4.getLastUpdatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation4.getLastUpdatedDate().longValue() > consentRepresentation2.getLastUpdatedDate().longValue());
        Assert.assertEquals(1L, consentRepresentation4.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation2.getId(), ((ConsentScopeRepresentation) consentRepresentation4.getGrantedScopes().get(0)).getId());
    }

    @Test
    public void createConsentForNotExistingClient() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        new ConsentRepresentation().setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        Assert.assertEquals(404L, SimpleHttp.doPost(getAccountUrl("applications/not-existing/consent"), this.httpClient).header("Accept", "application/json").json(r0).auth(tokenUtil.getToken()).asResponse().getStatus());
    }

    @Test
    public void createConsentForClientWithoutPermission() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("view-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        new ConsentRepresentation().setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        Assert.assertEquals(403L, SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(r0).auth(tokenUtil.getToken()).asResponse().getStatus());
    }

    @Test
    public void createConsentForClientWithPut() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPut(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
    }

    @Test
    public void updateConsentForClientWithPut() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPut(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
        ClientScopeRepresentation clientScopeRepresentation2 = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(1);
        ConsentScopeRepresentation consentScopeRepresentation2 = new ConsentScopeRepresentation();
        consentScopeRepresentation2.setId(clientScopeRepresentation2.getId());
        ConsentRepresentation consentRepresentation3 = new ConsentRepresentation();
        consentRepresentation3.setGrantedScopes(Collections.singletonList(consentScopeRepresentation2));
        ConsentRepresentation consentRepresentation4 = (ConsentRepresentation) SimpleHttp.doPut(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation3).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation4.getCreatedDate().longValue() > 0);
        Assert.assertEquals(consentRepresentation2.getCreatedDate(), consentRepresentation4.getCreatedDate());
        Assert.assertTrue(consentRepresentation4.getLastUpdatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation4.getLastUpdatedDate().longValue() > consentRepresentation2.getLastUpdatedDate().longValue());
        Assert.assertEquals(1L, consentRepresentation4.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation2.getId(), ((ConsentScopeRepresentation) consentRepresentation4.getGrantedScopes().get(0)).getId());
    }

    @Test
    public void createConsentForNotExistingClientWithPut() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        new ConsentRepresentation().setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        Assert.assertEquals(404L, SimpleHttp.doPut(getAccountUrl("applications/not-existing/consent"), this.httpClient).header("Accept", "application/json").json(r0).auth(tokenUtil.getToken()).asResponse().getStatus());
    }

    @Test
    public void createConsentForClientWithoutPermissionWithPut() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("view-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        new ConsentRepresentation().setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        Assert.assertEquals(403L, SimpleHttp.doPut(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(r0).auth(tokenUtil.getToken()).asResponse().getStatus());
    }

    @Test
    public void getConsentForClient() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
        ConsentRepresentation consentRepresentation3 = (ConsentRepresentation) SimpleHttp.doGet(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertEquals(consentRepresentation2.getLastUpdatedDate(), consentRepresentation3.getLastUpdatedDate());
        Assert.assertEquals(consentRepresentation2.getCreatedDate(), consentRepresentation3.getCreatedDate());
        Assert.assertEquals(((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId(), ((ConsentScopeRepresentation) consentRepresentation3.getGrantedScopes().get(0)).getId());
    }

    @Test
    public void getConsentForNotExistingClient() throws IOException {
        Assert.assertEquals(404L, SimpleHttp.doGet(getAccountUrl("applications/not-existing/consent"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-consent-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void getNotExistingConsentForClient() throws IOException {
        Assert.assertEquals(204L, SimpleHttp.doGet(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-consent-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void getConsentWithoutPermission() throws IOException {
        Assert.assertEquals(403L, SimpleHttp.doGet(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("no-account-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void deleteConsentForClient() throws IOException {
        TokenUtil tokenUtil = new TokenUtil("manage-consent-access", "password");
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) testRealm().clientScopes().findAll().get(0);
        ConsentScopeRepresentation consentScopeRepresentation = new ConsentScopeRepresentation();
        consentScopeRepresentation.setId(clientScopeRepresentation.getId());
        ConsentRepresentation consentRepresentation = new ConsentRepresentation();
        consentRepresentation.setGrantedScopes(Collections.singletonList(consentScopeRepresentation));
        ConsentRepresentation consentRepresentation2 = (ConsentRepresentation) SimpleHttp.doPost(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").json(consentRepresentation).auth(tokenUtil.getToken()).asJson(ConsentRepresentation.class);
        Assert.assertTrue(consentRepresentation2.getCreatedDate().longValue() > 0);
        Assert.assertTrue(consentRepresentation2.getLastUpdatedDate().longValue() > 0);
        Assert.assertEquals(1L, consentRepresentation2.getGrantedScopes().size());
        Assert.assertEquals(consentScopeRepresentation.getId(), ((ConsentScopeRepresentation) consentRepresentation2.getGrantedScopes().get(0)).getId());
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asResponse().getStatus());
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asResponse().getStatus());
    }

    @Test
    public void deleteConsentForNotExistingClient() throws IOException {
        Assert.assertEquals(404L, SimpleHttp.doDelete(getAccountUrl("applications/not-existing/consent"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("manage-consent-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void deleteConsentWithoutPermission() throws IOException {
        Assert.assertEquals(403L, SimpleHttp.doDelete(getAccountUrl("applications/security-admin-console/consent"), this.httpClient).header("Accept", "application/json").auth(new TokenUtil("view-consent-access", "password").getToken()).asResponse().getStatus());
    }

    @Test
    public void revokeOfflineAccess() throws Exception {
        this.oauth.scope("offline_access");
        this.oauth.clientId("offline-client");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("secret1", "view-applications-access", "password").getErrorDescription());
        TokenUtil tokenUtil = new TokenUtil("view-applications-access", "password");
        Assert.assertEquals(204L, SimpleHttp.doDelete(getAccountUrl("applications/offline-client/consent"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asResponse().getStatus());
        List list = (List) SimpleHttp.doGet(getAccountUrl("applications"), this.httpClient).header("Accept", "application/json").auth(tokenUtil.getToken()).asJson(new TypeReference<List<ClientRepresentation>>() { // from class: org.keycloak.testsuite.account.AccountRestServiceTest.11
        });
        Assert.assertFalse(list.isEmpty());
        Map map = (Map) list.stream().collect(Collectors.toMap(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }, clientRepresentation2 -> {
            return clientRepresentation2;
        }));
        Assert.assertThat(map.keySet(), Matchers.containsInAnyOrder(new String[]{"offline-client", "always-display-client", "direct-grant"}));
        assertClientRep((ClientRepresentation) map.get("offline-client"), "Offline Client", null, false, true, false, null, this.offlineClientAppUri);
    }

    @Test
    public void testApiVersion() throws IOException {
        this.apiVersion = AccountRestApiVersion.DEFAULT.getStrVersion();
        testUpdateProfile();
        testCredentialsGet();
    }

    @Test
    public void testInvalidApiVersion() throws IOException {
        this.apiVersion = "v2-foo";
        Assert.assertEquals("API version not found", SimpleHttp.doGet(getAccountUrl("credentials"), this.httpClient).auth(this.tokenUtil.getToken()).asResponse().asJson().get("error").textValue());
        Assert.assertEquals(404L, r0.getStatus());
    }

    @Test
    public void testAudience() throws Exception {
        this.oauth.clientId("custom-audience");
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password").getErrorDescription());
        Assert.assertEquals(401L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(r0.getAccessToken()).header("Accept", "application/json").asResponse().getStatus());
        org.keycloak.representations.idm.ClientRepresentation clientRepresentation = (org.keycloak.representations.idm.ClientRepresentation) testRealm().clients().findByClientId("custom-audience").get(0);
        ProtocolMapperRepresentation protocolMapperRepresentation = (ProtocolMapperRepresentation) clientRepresentation.getProtocolMappers().stream().filter(protocolMapperRepresentation2 -> {
            return protocolMapperRepresentation2.getName().equals("aud");
        }).findFirst().orElse(null);
        Assert.assertNotNull("Audience mapper not found", protocolMapperRepresentation);
        protocolMapperRepresentation.getConfig().put("included.custom.audience", BackchannelLogoutTest.ACCOUNT_CLIENT_NAME);
        testRealm().clients().get(clientRepresentation.getId()).getProtocolMappers().update(protocolMapperRepresentation.getId(), protocolMapperRepresentation);
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password").getErrorDescription());
        Assert.assertEquals(200L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(r0.getAccessToken()).header("Accept", "application/json").asResponse().getStatus());
        testRealm().clients().get(clientRepresentation.getId()).getProtocolMappers().delete(protocolMapperRepresentation.getId());
        Assert.assertNull(this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password").getErrorDescription());
        Assert.assertEquals(401L, SimpleHttp.doGet(getAccountUrl(null), this.httpClient).auth(r0.getAccessToken()).header("Accept", "application/json").asResponse().getStatus());
    }

    protected boolean isDeclarativeUserProfile() {
        return false;
    }
}
