package org.keycloak.testsuite.admin;

import java.util.List;
import java.util.concurrent.atomic.AtomicReference;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.core.Response;
import org.junit.AfterClass;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.common.util.Time;
import org.keycloak.models.AdminRoles;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.admin.PermissionsTest;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.testsuite.utils.tls.TLSUtils;

/* loaded from: input_file:org/keycloak/testsuite/admin/CrossRealmPermissionsTest.class */
public class CrossRealmPermissionsTest extends AbstractKeycloakTest {
    private static final String REALM_NAME = "crossrealm-test";
    private static final String REALM2_NAME = "crossrealm2-test";
    private static Keycloak adminClient1;
    private static Keycloak adminClient2;
    private RealmResource realm1;
    private RealmResource realm2;

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmBuilder testMail = RealmBuilder.create().name(REALM_NAME).testMail();
        testMail.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
        testMail.user(UserBuilder.create().username(AdminRoles.REALM_ADMIN).role("realm-management", AdminRoles.REALM_ADMIN).addPassword("password"));
        list.add(testMail.build());
        adminClient1 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", REALM_NAME, AdminRoles.REALM_ADMIN, "password", "test-client", "secret", TLSUtils.initializeTLS());
        this.realm1 = adminClient1.realm(REALM_NAME);
        RealmBuilder testMail2 = RealmBuilder.create().name(REALM2_NAME).testMail();
        testMail2.client(ClientBuilder.create().clientId("test-client").publicClient().directAccessGrants());
        testMail2.user(UserBuilder.create().username(AdminRoles.REALM_ADMIN).role("realm-management", AdminRoles.REALM_ADMIN).addPassword("password"));
        list.add(testMail2.build());
        adminClient2 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", REALM2_NAME, AdminRoles.REALM_ADMIN, "password", "test-client", "secret", TLSUtils.initializeTLS());
        this.realm2 = adminClient2.realm(REALM2_NAME);
    }

    @AfterClass
    public static void afterClass() {
        adminClient1.close();
        adminClient2.close();
    }

    @Test
    public void users() {
        Response create = this.realm1.users().create(UserBuilder.create().username("randomuser-" + Time.currentTimeMillis()).build());
        final String createdId = ApiUtil.getCreatedId(create);
        create.close();
        this.realm1.users().get(createdId).toRepresentation();
        expectNotFound(new PermissionsTest.Invocation() { // from class: org.keycloak.testsuite.admin.CrossRealmPermissionsTest.1
            @Override // org.keycloak.testsuite.admin.PermissionsTest.Invocation
            public void invoke(RealmResource realmResource) {
                realmResource.users().get(createdId).toRepresentation();
            }
        }, this.realm2);
        expectNotFound(new PermissionsTest.Invocation() { // from class: org.keycloak.testsuite.admin.CrossRealmPermissionsTest.2
            @Override // org.keycloak.testsuite.admin.PermissionsTest.Invocation
            public void invoke(RealmResource realmResource) {
                realmResource.users().get(createdId).update(new UserRepresentation());
            }
        }, this.realm2);
        expectNotFound(new PermissionsTest.Invocation() { // from class: org.keycloak.testsuite.admin.CrossRealmPermissionsTest.3
            @Override // org.keycloak.testsuite.admin.PermissionsTest.Invocation
            public void invoke(RealmResource realmResource) {
                realmResource.users().get(createdId).remove();
            }
        }, this.realm2);
        expectNotFound(new PermissionsTest.Invocation() { // from class: org.keycloak.testsuite.admin.CrossRealmPermissionsTest.4
            @Override // org.keycloak.testsuite.admin.PermissionsTest.Invocation
            public void invoke(RealmResource realmResource) {
                realmResource.users().get(createdId).getUserSessions();
            }
        }, this.realm2);
    }

    private void expectNotFound(final PermissionsTest.Invocation invocation, RealmResource realmResource) {
        expectNotFound(new PermissionsTest.InvocationWithResponse() { // from class: org.keycloak.testsuite.admin.CrossRealmPermissionsTest.5
            @Override // org.keycloak.testsuite.admin.PermissionsTest.InvocationWithResponse
            public void invoke(RealmResource realmResource2, AtomicReference<Response> atomicReference) {
                invocation.invoke(realmResource2);
            }
        }, realmResource);
    }

    private void expectNotFound(PermissionsTest.InvocationWithResponse invocationWithResponse, RealmResource realmResource) {
        int i = 0;
        try {
            AtomicReference<Response> atomicReference = new AtomicReference<>();
            invocationWithResponse.invoke(realmResource, atomicReference);
            Response response = atomicReference.get();
            if (response != null) {
                i = response.getStatus();
            } else {
                Assert.fail("Expected failure");
            }
        } catch (ClientErrorException e) {
            i = e.getResponse().getStatus();
        }
        Assert.assertEquals(404L, i);
    }
}
