package org.keycloak.testsuite.admin;

import java.io.IOException;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.cert.CertificateException;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Optional;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.ManagementPermissionRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.util.AdminClientUtil;

/* loaded from: input_file:org/keycloak/testsuite/admin/UsersTest.class */
public class UsersTest extends AbstractAdminTest {
    @Before
    public void cleanUsers() {
        Iterator it = this.realm.users().list().iterator();
        while (it.hasNext()) {
            this.realm.users().delete(((UserRepresentation) it.next()).getId());
        }
    }

    @Test
    public void findUsersByEmailVerifiedStatus() {
        createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com", userRepresentation -> {
            userRepresentation.setEmailVerified(true);
        });
        createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com", userRepresentation2 -> {
            userRepresentation2.setEmailVerified(false);
        });
        List search = this.realm.users().search((String) null, (String) null, (String) null, (String) null, true, (Integer) null, (Integer) null, (Boolean) null, true);
        Assert.assertThat(search, CoreMatchers.is(Matchers.not(Matchers.empty())));
        Assert.assertThat(((UserRepresentation) search.get(0)).getUsername(), CoreMatchers.is("user1"));
        List search2 = this.realm.users().search((String) null, (String) null, (String) null, (String) null, false, (Integer) null, (Integer) null, (Boolean) null, true);
        Assert.assertThat(search2, CoreMatchers.is(Matchers.not(Matchers.empty())));
        Assert.assertThat(((UserRepresentation) search2.get(0)).getUsername(), CoreMatchers.is("user2"));
    }

    @Test
    public void countUsersByEmailVerifiedStatus() {
        createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com", userRepresentation -> {
            userRepresentation.setEmailVerified(true);
        });
        createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com", userRepresentation2 -> {
            userRepresentation2.setEmailVerified(false);
        });
        createUser(this.realmId, "user3", "password", "user3FirstName", "user3LastName", "user3@example.com", userRepresentation3 -> {
            userRepresentation3.setEmailVerified(true);
        });
        Assert.assertThat(this.realm.users().countEmailVerified(true), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, true, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().countEmailVerified(false), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, false, (String) null), CoreMatchers.is(1));
    }

    @Test
    public void countUsersWithViewPermission() {
        createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com");
        createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com");
        Assert.assertThat(this.realm.users().count(), CoreMatchers.is(2));
    }

    @Test
    public void countUsersBySearchWithViewPermission() {
        createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com");
        createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com");
        Assert.assertThat(this.realm.users().count("user"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("FirstName"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("user2FirstName"), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("LastName"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("user2LastName"), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("@example.com"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("user1@example.com"), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("notExisting"), CoreMatchers.is(0));
        Assert.assertThat(this.realm.users().count(""), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null), CoreMatchers.is(2));
    }

    @Test
    public void countUsersByFiltersWithViewPermission() {
        createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com");
        createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com");
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, "user"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, "user1"), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, "notExisting"), CoreMatchers.is(0));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, ""), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, "FirstName", (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, "user2FirstName", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count((String) null, "notExisting", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(this.realm.users().count((String) null, "", (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("LastName", (String) null, (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("user2LastName", (String) null, (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("notExisting", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(this.realm.users().count("", (String) null, (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, "@example.com", (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, "user1@example.com", (String) null), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, "user1@test.com", (String) null), CoreMatchers.is(0));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, "", (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("user1LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("user1LastName", "", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(this.realm.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, "@example.com", "user"), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count((String) null, (String) null, (String) null, (String) null), CoreMatchers.is(2));
        Assert.assertThat(this.realm.users().count("", "", "", ""), CoreMatchers.is(2));
    }

    @Test
    public void countUsersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        Assert.assertThat(setupTestEnvironmentWithPermissions(true).users().count(), CoreMatchers.is(3));
    }

    @Test
    public void countUsersBySearchWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        RealmResource realmResource = setupTestEnvironmentWithPermissions(true);
        Assert.assertThat(realmResource.users().count("user"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("FirstName"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("user2FirstName"), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("LastName"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("user2LastName"), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("@example.com"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("user1@example.com"), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("notExisting"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count(""), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null), CoreMatchers.is(3));
    }

    @Test
    public void countUsersByFiltersWithGroupViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        RealmResource realmResource = setupTestEnvironmentWithPermissions(true);
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "user"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "user1"), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "notExisting"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, ""), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, "FirstName", (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, "user2FirstName", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count((String) null, "notExisting", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, "", (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("LastName", (String) null, (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("user2LastName", (String) null, (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("notExisting", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("", (String) null, (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "@example.com", (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "user1@example.com", (String) null), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "user1@test.com", (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "", (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("user1LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("user1LastName", "", (String) null, (String) null), CoreMatchers.is(1));
        Assert.assertThat(realmResource.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "@example.com", "user"), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, (String) null), CoreMatchers.is(3));
        Assert.assertThat(realmResource.users().count("", "", "", ""), CoreMatchers.is(3));
    }

    @Test
    public void countUsersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, IOException, KeyManagementException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        Assert.assertThat(setupTestEnvironmentWithPermissions(false).users().count(), CoreMatchers.is(0));
    }

    @Test
    public void countUsersBySearchWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        RealmResource realmResource = setupTestEnvironmentWithPermissions(false);
        Assert.assertThat(realmResource.users().count("user"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("FirstName"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user2FirstName"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("LastName"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user2LastName"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("@example.com"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user1@example.com"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("notExisting"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count(""), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null), CoreMatchers.is(0));
    }

    @Test
    public void countUsersByFiltersWithNoViewPermission() throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        RealmResource realmResource = setupTestEnvironmentWithPermissions(false);
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "user"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "user1"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, "notExisting"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, ""), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, "FirstName", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, "user2FirstName", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, "notExisting", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, "", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("LastName", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user2LastName", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("notExisting", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("", (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "@example.com", (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "user1@example.com", (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "user1@test.com", (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "", (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user1LastName", "FirstName", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("user1LastName", "", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("LastName", "", (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, "@example.com", "user"), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count((String) null, (String) null, (String) null, (String) null), CoreMatchers.is(0));
        Assert.assertThat(realmResource.users().count("", "", "", ""), CoreMatchers.is(0));
    }

    private RealmResource setupTestEnvironmentWithPermissions(boolean z) throws CertificateException, NoSuchAlgorithmException, KeyStoreException, KeyManagementException, IOException {
        String createUser = createUser(this.realmId, "test-user", "password", "", "", "");
        String id = ((ClientRepresentation) this.realm.clients().findByClientId("realm-management").get(0)).getId();
        this.realm.users().get(createUser).roles().clientLevel(id).add(Collections.singletonList(this.realm.clients().get(id).roles().get("query-users").toRepresentation()));
        List<GroupRepresentation> list = setupUsersInGroupsWithPermissions();
        if (z) {
            AuthorizationResource authorization = this.realm.clients().get(id).authorization();
            UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
            userPolicyRepresentation.setName("test-policy");
            userPolicyRepresentation.setUsers(Collections.singleton(createUser));
            authorization.policies().user().create(userPolicyRepresentation).close();
            PolicyRepresentation findByName = authorization.policies().findByName("test-policy");
            Optional<GroupRepresentation> findFirst = list.stream().filter(groupRepresentation -> {
                return groupRepresentation.getName().equals("grp1");
            }).findFirst();
            Assert.assertThat(Boolean.valueOf(findFirst.isPresent()), CoreMatchers.is(true));
            ScopePermissionRepresentation findByName2 = authorization.permissions().scope().findByName("view.members.permission.group." + findFirst.get().getId());
            findByName2.setPolicies(Collections.singleton(findByName.getId()));
            findByName2.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
            authorization.permissions().scope().findById(findByName2.getId()).update(findByName2);
        }
        return AdminClientUtil.createAdminClient(true, this.realm.toRepresentation().getRealm(), "test-user", "password", "admin-cli", "").realm(this.realm.toRepresentation().getRealm());
    }

    private List<GroupRepresentation> setupUsersInGroupsWithPermissions() {
        GroupRepresentation createGroupWithPermissions = createGroupWithPermissions("grp1");
        GroupRepresentation createGroupWithPermissions2 = createGroupWithPermissions("grp2");
        String createUser = createUser(this.realmId, "user1", "password", "user1FirstName", "user1LastName", "user1@example.com");
        String createUser2 = createUser(this.realmId, "user2", "password", "user2FirstName", "user2LastName", "user2@example.com");
        String createUser3 = createUser(this.realmId, "user3", "password", "user3FirstName", "user3LastName", "user3@example.com");
        String createUser4 = createUser(this.realmId, "user4", "password", "user4FirstName", "user4LastName", "user4@example.com");
        this.realm.users().get(createUser).joinGroup(createGroupWithPermissions.getId());
        this.realm.users().get(createUser2).joinGroup(createGroupWithPermissions.getId());
        this.realm.users().get(createUser3).joinGroup(createGroupWithPermissions.getId());
        this.realm.users().get(createUser4).joinGroup(createGroupWithPermissions2.getId());
        ArrayList arrayList = new ArrayList();
        arrayList.add(createGroupWithPermissions);
        arrayList.add(createGroupWithPermissions2);
        return arrayList;
    }

    private GroupRepresentation createGroupWithPermissions(String str) {
        GroupRepresentation groupRepresentation = new GroupRepresentation();
        groupRepresentation.setName(str);
        this.realm.groups().add(groupRepresentation);
        Optional findFirst = this.realm.groups().groups().stream().filter(groupRepresentation2 -> {
            return groupRepresentation2.getName().equals(str);
        }).findFirst();
        Assert.assertThat(Boolean.valueOf(findFirst.isPresent()), CoreMatchers.is(true));
        GroupRepresentation groupRepresentation3 = (GroupRepresentation) findFirst.get();
        String id = groupRepresentation3.getId();
        this.realm.groups().group(id).setPermissions(new ManagementPermissionRepresentation(true));
        Assert.assertThat(Boolean.valueOf(this.realm.groups().group(id).getPermissions().isEnabled()), CoreMatchers.is(true));
        return groupRepresentation3;
    }
}
