package org.keycloak.testsuite.admin;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.hamcrest.CoreMatchers;
import org.hamcrest.Matchers;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ProtocolMappersResource;
import org.keycloak.admin.client.resource.RoleMappingResource;
import org.keycloak.common.util.Time;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.adapters.action.GlobalRequestResult;
import org.keycloak.representations.idm.ClientMappingsRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.UserSessionRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.CredentialBuilder;
import org.keycloak.testsuite.util.RoleBuilder;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/ClientTest.class */
public class ClientTest extends AbstractAdminTest {
    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void getClients() {
        Assert.assertNames(this.realm.clients().findAll(), BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "account-console", "realm-management", "security-admin-console", "broker", "admin-cli");
    }

    private ClientRepresentation createClient() {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("my-app");
        clientRepresentation.setDescription("my-app description");
        clientRepresentation.setEnabled(true);
        Response create = this.realm.clients().create(clientRepresentation);
        create.close();
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        org.junit.Assert.assertEquals("my-app", ApiUtil.findClientResourceByClientId(this.realm, "my-app").toRepresentation().getClientId());
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(createdId), clientRepresentation, ResourceType.CLIENT);
        clientRepresentation.setId(createdId);
        return clientRepresentation;
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void createClientVerify() {
        ClientResource clientResource = this.realm.clients().get(createClient().getId());
        org.junit.Assert.assertNotNull(clientResource);
        org.junit.Assert.assertNull(clientResource.toRepresentation().getSecret());
        Assert.assertNames(this.realm.clients().findAll(), BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "account-console", "realm-management", "security-admin-console", "broker", "my-app", "admin-cli");
    }

    @Test
    public void testInvalidUrlClientValidation() {
        testClientUriValidation("Root URL is not a valid URL", "Base URL is not a valid URL", "Backchannel logout URL is not a valid URL", null, "invalid", "myapp://some-fake-app");
    }

    @Test
    public void testIllegalSchemeClientValidation() {
        testClientUriValidation("Root URL uses an illegal scheme", "Base URL uses an illegal scheme", "Backchannel logout URL uses an illegal scheme", "A redirect URI uses an illegal scheme", "data:text/html;base64,PHNjcmlwdD5jb25maXJtKGRvY3VtZW50LmRvbWFpbik7PC9zY3JpcHQ+", "javascript:confirm(document.domain)/*");
    }

    @Test
    public void testFragmentProhibitedClientValidation() {
        testClientUriValidation("Root URL must not contain an URL fragment", null, null, "Redirect URIs must not contain an URI fragment", "http://redhat.com/abcd#someFragment");
    }

    private void testClientUriValidation(String str, String str2, String str3, String str4, String... strArr) {
        testClientUriValidation(false, str, str2, str3, str4, strArr);
        testClientUriValidation(true, str, str2, str3, str4, strArr);
    }

    private void testClientUriValidation(boolean z, String str, String str2, String str3, String str4, String... strArr) {
        ClientRepresentation createClient;
        if (z) {
            createClient = new ClientRepresentation();
            createClient.setClientId("my-app2");
            createClient.setEnabled(true);
        } else {
            createClient = createClient();
        }
        for (String str5 : strArr) {
            if (str != null) {
                createClient.setRootUrl(str5);
                createOrUpdateClientExpectingValidationErrors(createClient, z, str);
            }
            createClient.setRootUrl((String) null);
            if (str2 != null) {
                createClient.setBaseUrl(str5);
                createOrUpdateClientExpectingValidationErrors(createClient, z, str2);
            }
            createClient.setBaseUrl((String) null);
            if (str3 != null) {
                OIDCAdvancedConfigWrapper.fromClientRepresentation(createClient).setBackchannelLogoutUrl(str5);
                createOrUpdateClientExpectingValidationErrors(createClient, z, str3);
            }
            OIDCAdvancedConfigWrapper.fromClientRepresentation(createClient).setBackchannelLogoutUrl((String) null);
            if (str4 != null) {
                createClient.setRedirectUris(Collections.singletonList(str5));
                createOrUpdateClientExpectingValidationErrors(createClient, z, str4);
            }
            createClient.setRedirectUris((List) null);
            if (str != null) {
                createClient.setRootUrl(str5);
            }
            if (str2 != null) {
                createClient.setBaseUrl(str5);
            }
            if (str4 != null) {
                createClient.setRedirectUris(Collections.singletonList(str5));
            }
            createOrUpdateClientExpectingValidationErrors(createClient, z, str, str2, str4);
            createClient.setRootUrl((String) null);
            createClient.setBaseUrl((String) null);
            createClient.setRedirectUris((List) null);
        }
    }

    private void createOrUpdateClientExpectingValidationErrors(ClientRepresentation clientRepresentation, boolean z, String... strArr) {
        Response response = null;
        if (z) {
            response = this.realm.clients().create(clientRepresentation);
        } else {
            try {
                this.realm.clients().get(clientRepresentation.getId()).update(clientRepresentation);
                org.junit.Assert.fail("Expected exception");
            } catch (BadRequestException e) {
                response = e.getResponse();
            }
        }
        String[] strArr2 = (String[]) Arrays.stream(strArr).filter((v0) -> {
            return Objects.nonNull(v0);
        }).toArray(i -> {
            return new String[i];
        });
        org.junit.Assert.assertEquals(response.getStatus(), 400L);
        OAuth2ErrorRepresentation oAuth2ErrorRepresentation = (OAuth2ErrorRepresentation) response.readEntity(OAuth2ErrorRepresentation.class);
        org.junit.Assert.assertThat(Arrays.asList(oAuth2ErrorRepresentation.getErrorDescription().split("; ")), Matchers.containsInAnyOrder(strArr2));
        org.junit.Assert.assertEquals("invalid_input", oAuth2ErrorRepresentation.getError());
    }

    private void updateClientExpectingSuccessfulClientUpdate(ClientRepresentation clientRepresentation, String str, String str2) {
        this.realm.clients().get(clientRepresentation.getId()).update(clientRepresentation);
        ClientRepresentation representation = this.realm.clients().get(clientRepresentation.getId()).toRepresentation();
        org.junit.Assert.assertEquals(str, representation.getRootUrl());
        org.junit.Assert.assertEquals(str2, representation.getBaseUrl());
    }

    @Test
    public void removeClient() {
        String id = createClient().getId();
        org.junit.Assert.assertNotNull(ApiUtil.findClientByClientId(this.realm, "my-app"));
        this.realm.clients().get(id).remove();
        org.junit.Assert.assertNull(ApiUtil.findClientResourceByClientId(this.realm, "my-app"));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientResourcePath(id), ResourceType.CLIENT);
    }

    @Test
    public void getClientRepresentation() {
        String id = createClient().getId();
        ClientRepresentation representation = this.realm.clients().get(id).toRepresentation();
        org.junit.Assert.assertEquals(id, representation.getId());
        org.junit.Assert.assertEquals("my-app", representation.getClientId());
        org.junit.Assert.assertTrue(representation.isEnabled().booleanValue());
    }

    @Test
    public void getClientDescription() {
        String id = createClient().getId();
        ClientRepresentation representation = this.realm.clients().get(id).toRepresentation();
        org.junit.Assert.assertEquals(id, representation.getId());
        org.junit.Assert.assertEquals("my-app description", representation.getDescription());
    }

    @Test
    public void getClientSessions() throws Exception {
        org.junit.Assert.assertEquals(200L, this.oauth.doGrantAccessTokenRequest("password", AssertEvents.DEFAULT_USERNAME, "password").getStatusCode());
        org.junit.Assert.assertEquals(200L, this.oauth.doAccessTokenRequest(this.oauth.doLogin(AssertEvents.DEFAULT_USERNAME, "password").getCode(), "password").getStatusCode());
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        org.junit.Assert.assertEquals(2L, ((Integer) findClientByClientId.getApplicationSessionCount().get("count")).intValue());
        List userSessions = findClientByClientId.getUserSessions(0, 100);
        org.junit.Assert.assertEquals(2L, userSessions.size());
        org.junit.Assert.assertEquals(1L, ((UserSessionRepresentation) userSessions.get(0)).getClients().size());
    }

    @Test
    public void getAllClients() {
        List findAll = this.realm.clients().findAll();
        org.junit.Assert.assertNotNull(findAll);
        org.junit.Assert.assertFalse(findAll.isEmpty());
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void getAllClientsSearchAndPagination() {
        HashSet hashSet = new HashSet();
        int i = 1;
        while (i <= 10) {
            try {
                Response create = this.realm.clients().create(ClientBuilder.create().clientId("ccx-" + (i < 10 ? "0" + i : Integer.valueOf(i))).build());
                hashSet.add(ApiUtil.getCreatedId(create));
                create.close();
                i++;
            } catch (Throwable th) {
                hashSet.stream().forEach(str -> {
                    this.realm.clients().get(str).remove();
                });
                throw th;
            }
        }
        assertPaginatedClients(1, 10, this.realm.clients().findAll("ccx-", (Boolean) null, true, 0, 100));
        assertPaginatedClients(1, 5, this.realm.clients().findAll("ccx-", (Boolean) null, true, 0, 5));
        assertPaginatedClients(6, 10, this.realm.clients().findAll("ccx-", (Boolean) null, true, 5, 5));
        hashSet.stream().forEach(str2 -> {
            this.realm.clients().get(str2).remove();
        });
    }

    private void assertPaginatedClients(int i, int i2, List<ClientRepresentation> list) {
        LinkedList linkedList = new LinkedList();
        int i3 = i;
        while (i3 <= i2) {
            linkedList.add("ccx-" + (i3 < 10 ? "0" + i3 : Integer.valueOf(i3)));
            i3++;
        }
        org.junit.Assert.assertThat((List) list.stream().map(clientRepresentation -> {
            return clientRepresentation.getClientId();
        }).collect(Collectors.toList()), CoreMatchers.is(linkedList));
    }

    @Test
    public void getClientById() {
        createClient();
        ClientRepresentation representation = ApiUtil.findClientResourceByClientId(this.realm, "my-app").toRepresentation();
        assertClient(representation, this.realm.clients().get(representation.getId()).toRepresentation());
    }

    @Test
    public void deleteDefaultRole() {
        String id = createClient().getId();
        RoleRepresentation roleRepresentation = new RoleRepresentation("test", "test", false);
        this.realm.clients().get(id).roles().create(roleRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(id, "test"), roleRepresentation, ResourceType.CLIENT_ROLE);
        RoleRepresentation representation = this.realm.clients().get(id).roles().get("test").toRepresentation();
        this.realm.roles().get("default-roles-admin-client-test").addComposites(Collections.singletonList(representation));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("default-roles-admin-client-test"), Collections.singletonList(representation), ResourceType.REALM_ROLE);
        org.junit.Assert.assertThat(this.realm.roles().get("default-roles-admin-client-test").getRoleComposites().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), Matchers.hasItem(representation.getName()));
        this.realm.clients().get(id).roles().deleteRole("test");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(id, "test"), ResourceType.CLIENT_ROLE);
        org.junit.Assert.assertThat(this.realm.roles().get("default-roles-admin-client-test").getRoleComposites().stream().map((v0) -> {
            return v0.getName();
        }).collect(Collectors.toSet()), Matchers.not(Matchers.hasItem(representation)));
    }

    @Test
    public void testProtocolMappers() {
        protocolMappersTest(createClient().getId(), ApiUtil.findClientByClientId(this.realm, "my-app").getProtocolMappers());
    }

    @Test
    public void updateClient() {
        ClientRepresentation createClient = createClient();
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setId(createClient.getId());
        clientRepresentation.setClientId(createClient.getClientId());
        clientRepresentation.setBaseUrl("http://baseurl");
        this.realm.clients().get(createClient.getId()).update(clientRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(createClient.getId()), clientRepresentation, ResourceType.CLIENT);
        assertClient(createClient, this.realm.clients().get(createClient.getId()).toRepresentation());
        clientRepresentation.setSecret("new-secret");
        this.realm.clients().get(createClient.getId()).update(clientRepresentation);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.clientResourcePath(createClient.getId()), clientRepresentation, ResourceType.CLIENT);
        ClientRepresentation representation = this.realm.clients().get(createClient.getId()).toRepresentation();
        assertClient(createClient, representation);
        representation.getAttributes().put("backchannel.logout.url", "");
        this.realm.clients().get(representation.getId()).update(representation);
        org.junit.Assert.assertFalse(this.realm.clients().get(createClient.getId()).toRepresentation().getAttributes().containsKey("backchannel.logout.url"));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void serviceAccount() {
        Response create = this.realm.clients().create(ClientBuilder.create().clientId("serviceClient").serviceAccount().build());
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        create.close();
        UserRepresentation serviceAccountUser = this.realm.clients().get(createdId).getServiceAccountUser();
        org.junit.Assert.assertEquals("service-account-serviceclient", serviceAccountUser.getUsername());
        org.junit.Assert.assertNull(serviceAccountUser.getEmail());
    }

    @Test
    public void pushRevocation() {
        this.testingClient.testApp().clearAdminActions();
        String id = createAppClient().getId();
        this.realm.clients().get(id).pushRevocation();
        org.junit.Assert.assertEquals(r0.getNotBefore().intValue(), this.testingClient.testApp().getAdminPushNotBefore().getNotBefore());
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.clientPushRevocationPath(id), ResourceType.CLIENT);
    }

    private ClientRepresentation createAppClient() {
        String replace = this.oauth.getRedirectUri().replace("/master/", "/admin-client-test/");
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(AssertEvents.DEFAULT_CLIENT_ID);
        clientRepresentation.setAdminUrl(this.suiteContext.getAuthServerInfo().getContextRoot() + "/auth/realms/master/app/admin");
        clientRepresentation.setRedirectUris(Collections.singletonList(replace));
        clientRepresentation.setSecret("secret");
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setNotBefore(Integer.valueOf(Time.currentTime() - 60));
        Response create = this.realm.clients().create(clientRepresentation);
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        create.close();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientResourcePath(createdId), clientRepresentation, ResourceType.CLIENT);
        clientRepresentation.setId(createdId);
        return clientRepresentation;
    }

    @Test(expected = BadRequestException.class)
    public void testAddNodeWithReservedCharacter() {
        this.testingClient.testApp().clearAdminActions();
        this.realm.clients().get(createAppClient().getId()).registerNode(Collections.singletonMap("node", "foo#"));
    }

    @Test
    public void nodes() {
        this.testingClient.testApp().clearAdminActions();
        String id = createAppClient().getId();
        String host = this.suiteContext.getAuthServerInfo().getContextRoot().getHost();
        this.realm.clients().get(id).registerNode(Collections.singletonMap("node", host));
        this.realm.clients().get(id).registerNode(Collections.singletonMap("node", "invalid"));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, host), ResourceType.CLUSTER_NODE);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE);
        GlobalRequestResult testNodesAvailable = this.realm.clients().get(id).testNodesAvailable();
        org.junit.Assert.assertEquals(1L, testNodesAvailable.getSuccessRequests().size());
        org.junit.Assert.assertEquals(1L, testNodesAvailable.getFailedRequests().size());
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.ACTION, AdminEventPaths.clientTestNodesAvailablePath(id), testNodesAvailable, ResourceType.CLUSTER_NODE);
        org.junit.Assert.assertEquals(AssertEvents.DEFAULT_CLIENT_ID, this.testingClient.testApp().getTestAvailable().getResource());
        org.junit.Assert.assertEquals(2L, this.realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
        this.realm.clients().get(id).unregisterNode("invalid");
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientNodePath(id, "invalid"), ResourceType.CLUSTER_NODE);
        org.junit.Assert.assertEquals(1L, this.realm.clients().get(id).toRepresentation().getRegisteredNodes().size());
    }

    @Test
    public void offlineUserSessions() throws IOException {
        ClientRepresentation createAppClient = createAppClient();
        String id = createAppClient.getId();
        Response create = this.realm.users().create(UserBuilder.create().username("testuser").build());
        String createdId = ApiUtil.getCreatedId(create);
        create.close();
        this.realm.users().get(createdId).resetPassword(CredentialBuilder.create().password("password").build());
        org.junit.Assert.assertEquals(new Long(0L), this.realm.clients().get(id).getOfflineSessionCount().get("count"));
        org.junit.Assert.assertEquals("There should be no offline sessions", 0L, this.realm.users().get(createdId).getOfflineSessions(id).size());
        this.oauth.realm("admin-client-test");
        this.oauth.redirectUri((String) createAppClient.getRedirectUris().get(0));
        this.oauth.scope("offline_access");
        this.oauth.doLogin("testuser", "password");
        org.junit.Assert.assertEquals(200L, this.oauth.doAccessTokenRequest((String) this.oauth.getCurrentQuery().get("code"), "secret").getStatusCode());
        org.junit.Assert.assertEquals(new Long(1L), this.realm.clients().get(id).getOfflineSessionCount().get("count"));
        List offlineUserSessions = this.realm.clients().get(id).getOfflineUserSessions(0, 100);
        org.junit.Assert.assertEquals(1L, offlineUserSessions.size());
        org.junit.Assert.assertEquals("testuser", ((UserSessionRepresentation) offlineUserSessions.get(0)).getUsername());
        List offlineSessions = this.realm.users().get(createdId).getOfflineSessions(id);
        org.junit.Assert.assertEquals("There should be one offline session", 1L, offlineSessions.size());
        assertOfflineSession((UserSessionRepresentation) offlineUserSessions.get(0), (UserSessionRepresentation) offlineSessions.get(0));
    }

    private void assertOfflineSession(UserSessionRepresentation userSessionRepresentation, UserSessionRepresentation userSessionRepresentation2) {
        org.junit.Assert.assertEquals("id", userSessionRepresentation.getId(), userSessionRepresentation2.getId());
        org.junit.Assert.assertEquals("userId", userSessionRepresentation.getUserId(), userSessionRepresentation2.getUserId());
        org.junit.Assert.assertEquals("userName", userSessionRepresentation.getUsername(), userSessionRepresentation2.getUsername());
        org.junit.Assert.assertEquals("clients", userSessionRepresentation.getClients(), userSessionRepresentation2.getClients());
    }

    @Test
    public void scopes() {
        Response create = this.realm.clients().create(ClientBuilder.create().clientId("client").fullScopeEnabled(false).build());
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        create.close();
        this.assertAdminEvents.poll();
        RoleMappingResource scopeMappings = this.realm.clients().get(createdId).getScopeMappings();
        RoleRepresentation build = RoleBuilder.create().name("role1").build();
        RoleRepresentation build2 = RoleBuilder.create().name("role2").build();
        this.realm.roles().create(build);
        this.realm.roles().create(build2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role1"), build, ResourceType.REALM_ROLE);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath("role2"), build2, ResourceType.REALM_ROLE);
        RoleRepresentation representation = this.realm.roles().get("role1").toRepresentation();
        RoleRepresentation representation2 = this.realm.roles().get("role2").toRepresentation();
        this.realm.roles().get("role1").addComposites(Collections.singletonList(representation2));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourceCompositesPath("role1"), Collections.singletonList(representation2), ResourceType.REALM_ROLE);
        String id = ((ClientRepresentation) this.realm.clients().findByClientId(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME).get(0)).getId();
        RoleRepresentation representation3 = this.realm.clients().get(id).roles().get("view-profile").toRepresentation();
        scopeMappings.realmLevel().add(Collections.singletonList(representation));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(createdId), Collections.singletonList(representation), ResourceType.REALM_SCOPE_MAPPING);
        scopeMappings.clientLevel(id).add(Collections.singletonList(representation3));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(createdId, id), Collections.singletonList(representation3), ResourceType.CLIENT_SCOPE_MAPPING);
        Assert.assertNames(scopeMappings.realmLevel().listAll(), "role1");
        Assert.assertNames(scopeMappings.realmLevel().listEffective(), "role1", "role2");
        Assert.assertNames(scopeMappings.realmLevel().listAvailable(), "offline_access", "uma_authorization", "default-roles-admin-client-test");
        Assert.assertNames(scopeMappings.clientLevel(id).listAll(), "view-profile");
        Assert.assertNames(scopeMappings.clientLevel(id).listEffective(), "view-profile");
        Assert.assertNames(scopeMappings.clientLevel(id).listAvailable(), "manage-account", "manage-account-links", "view-applications", "view-consent", "manage-consent", "delete-account");
        Assert.assertNames(scopeMappings.getAll().getRealmMappings(), "role1");
        Assert.assertNames(((ClientMappingsRepresentation) scopeMappings.getAll().getClientMappings().get(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME)).getMappings(), "view-profile");
        scopeMappings.realmLevel().remove(Collections.singletonList(representation));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsRealmLevelPath(createdId), Collections.singletonList(representation), ResourceType.REALM_SCOPE_MAPPING);
        scopeMappings.clientLevel(id).remove(Collections.singletonList(representation3));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientScopeMappingsClientLevelPath(createdId, id), Collections.singletonList(representation3), ResourceType.CLIENT_SCOPE_MAPPING);
        Assert.assertNames(scopeMappings.realmLevel().listAll(), new String[0]);
        Assert.assertNames(scopeMappings.realmLevel().listEffective(), new String[0]);
        Assert.assertNames(scopeMappings.realmLevel().listAvailable(), "offline_access", "uma_authorization", "role1", "role2", "default-roles-admin-client-test");
        Assert.assertNames(scopeMappings.clientLevel(id).listAll(), new String[0]);
        Assert.assertNames(scopeMappings.clientLevel(id).listAvailable(), "view-profile", "manage-account", "manage-account-links", "view-applications", "view-consent", "manage-consent", "delete-account");
        Assert.assertNames(scopeMappings.clientLevel(id).listEffective(), new String[0]);
    }

    @Test
    public void scopesRoleRemoval() {
        Response create = this.realm.clients().create(ClientBuilder.create().clientId("clientA").fullScopeEnabled(false).build());
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        create.close();
        this.assertAdminEvents.poll();
        Response create2 = this.realm.clients().create(ClientBuilder.create().clientId("clientB").fullScopeEnabled(false).build());
        String createdId2 = ApiUtil.getCreatedId(create2);
        getCleanup().addClientUuid(createdId2);
        create2.close();
        this.assertAdminEvents.poll();
        RoleMappingResource scopeMappings = this.realm.clients().get(createdId).getScopeMappings();
        RoleRepresentation build = RoleBuilder.create().name("realm-role").build();
        this.realm.roles().create(build);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.roleResourcePath(build.getName()), build, ResourceType.REALM_ROLE);
        RoleRepresentation build2 = RoleBuilder.create().name("clientB-role").build();
        this.realm.clients().get(createdId2).roles().create(build2);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientRoleResourcePath(createdId2, build2.getName()), build2, ResourceType.CLIENT_ROLE);
        RoleRepresentation representation = this.realm.roles().get(build.getName()).toRepresentation();
        RoleRepresentation representation2 = this.realm.clients().get(createdId2).roles().get(build2.getName()).toRepresentation();
        scopeMappings.realmLevel().add(Collections.singletonList(representation));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsRealmLevelPath(createdId), Collections.singletonList(representation), ResourceType.REALM_SCOPE_MAPPING);
        scopeMappings.clientLevel(createdId2).add(Collections.singletonList(representation2));
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientScopeMappingsClientLevelPath(createdId, createdId2), Collections.singletonList(representation2), ResourceType.CLIENT_SCOPE_MAPPING);
        Assert.assertNames(scopeMappings.realmLevel().listAll(), representation.getName());
        Assert.assertNames(scopeMappings.clientLevel(createdId2).listAll(), representation2.getName());
        this.realm.roles().deleteRole(representation.getName());
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.roleResourcePath(representation.getName()), ResourceType.REALM_ROLE);
        Assert.assertNames(scopeMappings.realmLevel().listAll(), new String[0]);
        Assert.assertNames(scopeMappings.clientLevel(createdId2).listAll(), representation2.getName());
        this.realm.clients().get(createdId2).roles().deleteRole(representation2.getName());
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientRoleResourcePath(createdId2, representation2.getName()), ResourceType.CLIENT_ROLE);
        Assert.assertNames(scopeMappings.realmLevel().listAll(), new String[0]);
        Assert.assertNames(scopeMappings.clientLevel(createdId2).listAll(), new String[0]);
    }

    public void protocolMappersTest(String str, ProtocolMappersResource protocolMappersResource) {
        String str2 = null;
        String str3 = null;
        String str4 = null;
        for (ProtocolMapperRepresentation protocolMapperRepresentation : protocolMappersResource.getMappers()) {
            if (protocolMapperRepresentation.getName().equals("email")) {
                str2 = protocolMapperRepresentation.getId();
            } else if (protocolMapperRepresentation.getName().equals("username")) {
                str3 = protocolMapperRepresentation.getId();
            } else if (protocolMapperRepresentation.getName().equals("foo")) {
                str4 = protocolMapperRepresentation.getId();
            }
        }
        org.junit.Assert.assertNull(str2);
        org.junit.Assert.assertNull(str3);
        org.junit.Assert.assertNull(str4);
        ProtocolMapperRepresentation protocolMapperRepresentation2 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation2.setName("foo");
        protocolMapperRepresentation2.setProtocol("openid-connect");
        protocolMapperRepresentation2.setProtocolMapper("oidc-hardcoded-claim-mapper");
        Response createMapper = protocolMappersResource.createMapper(protocolMapperRepresentation2);
        String uri = createMapper.getLocation().toString();
        String substring = uri.substring(uri.lastIndexOf("/") + 1);
        createMapper.close();
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.CREATE, AdminEventPaths.clientProtocolMapperPath(str, substring), protocolMapperRepresentation2, ResourceType.PROTOCOL_MAPPER);
        ProtocolMapperRepresentation mapperById = protocolMappersResource.getMapperById(substring);
        org.junit.Assert.assertEquals(mapperById.getName(), "foo");
        protocolMappersResource.update(substring, mapperById);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.UPDATE, AdminEventPaths.clientProtocolMapperPath(str, substring), mapperById, ResourceType.PROTOCOL_MAPPER);
        protocolMappersResource.getMapperById(substring);
        protocolMappersResource.delete(substring);
        this.assertAdminEvents.assertEvent(this.realmId, OperationType.DELETE, AdminEventPaths.clientProtocolMapperPath(str, substring), ResourceType.PROTOCOL_MAPPER);
        try {
            protocolMappersResource.getMapperById(substring);
            org.junit.Assert.fail("Not expected to find deleted mapper");
        } catch (NotFoundException e) {
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void updateClientWithProtocolMapper() {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId("my-app");
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setName("foo");
        protocolMapperRepresentation.setProtocol("openid-connect");
        protocolMapperRepresentation.setProtocolMapper("oidc-hardcoded-claim-mapper");
        clientRepresentation.setProtocolMappers(Collections.singletonList(protocolMapperRepresentation));
        Response create = this.realm.clients().create(clientRepresentation);
        create.close();
        String createdId = ApiUtil.getCreatedId(create);
        getCleanup().addClientUuid(createdId);
        ClientResource clientResource = this.realm.clients().get(createdId);
        org.junit.Assert.assertNotNull(clientResource);
        ClientRepresentation representation = clientResource.toRepresentation();
        List protocolMappers = representation.getProtocolMappers();
        org.junit.Assert.assertEquals(1L, protocolMappers.size());
        org.junit.Assert.assertEquals("foo", ((ProtocolMapperRepresentation) protocolMappers.get(0)).getName());
        ClientRepresentation clientRepresentation2 = new ClientRepresentation();
        clientRepresentation2.setId(representation.getId());
        clientRepresentation2.setClientId(representation.getClientId());
        ProtocolMapperRepresentation protocolMapperRepresentation2 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation2.setName("bar");
        protocolMapperRepresentation2.setProtocol("openid-connect");
        protocolMapperRepresentation2.setProtocolMapper("oidc-hardcoded-role-mapper");
        protocolMappers.add(protocolMapperRepresentation2);
        clientRepresentation2.setProtocolMappers(protocolMappers);
        this.realm.clients().get(representation.getId()).update(clientRepresentation2);
        assertClient(representation, this.realm.clients().get(representation.getId()).toRepresentation());
    }

    public static void assertClient(ClientRepresentation clientRepresentation, ClientRepresentation clientRepresentation2) {
        if (clientRepresentation.getClientId() != null) {
            Assert.assertEquals(clientRepresentation.getClientId(), clientRepresentation2.getClientId());
        }
        if (clientRepresentation.getName() != null) {
            Assert.assertEquals(clientRepresentation.getName(), clientRepresentation2.getName());
        }
        if (clientRepresentation.isEnabled() != null) {
            Assert.assertEquals(clientRepresentation.isEnabled(), clientRepresentation2.isEnabled());
        }
        if (clientRepresentation.isAlwaysDisplayInConsole() != null) {
            Assert.assertEquals(clientRepresentation.isAlwaysDisplayInConsole(), clientRepresentation2.isAlwaysDisplayInConsole());
        }
        if (clientRepresentation.isBearerOnly() != null) {
            Assert.assertEquals(clientRepresentation.isBearerOnly(), clientRepresentation2.isBearerOnly());
        }
        if (clientRepresentation.isPublicClient() != null) {
            Assert.assertEquals(clientRepresentation.isPublicClient(), clientRepresentation2.isPublicClient());
        }
        if (clientRepresentation.isFullScopeAllowed() != null) {
            Assert.assertEquals(clientRepresentation.isFullScopeAllowed(), clientRepresentation2.isFullScopeAllowed());
        }
        if (clientRepresentation.getRootUrl() != null) {
            Assert.assertEquals(clientRepresentation.getRootUrl(), clientRepresentation2.getRootUrl());
        }
        if (clientRepresentation.getAdminUrl() != null) {
            Assert.assertEquals(clientRepresentation.getAdminUrl(), clientRepresentation2.getAdminUrl());
        }
        if (clientRepresentation.getBaseUrl() != null) {
            Assert.assertEquals(clientRepresentation.getBaseUrl(), clientRepresentation2.getBaseUrl());
        }
        if (clientRepresentation.isSurrogateAuthRequired() != null) {
            Assert.assertEquals(clientRepresentation.isSurrogateAuthRequired(), clientRepresentation2.isSurrogateAuthRequired());
        }
        if (clientRepresentation.getClientAuthenticatorType() != null) {
            Assert.assertEquals(clientRepresentation.getClientAuthenticatorType(), clientRepresentation2.getClientAuthenticatorType());
        }
        if (clientRepresentation.getNotBefore() != null) {
            Assert.assertEquals(clientRepresentation.getNotBefore(), clientRepresentation2.getNotBefore());
        }
        if (clientRepresentation.getDefaultRoles() != null) {
            HashSet hashSet = new HashSet();
            for (String str : clientRepresentation.getDefaultRoles()) {
                hashSet.add(str);
            }
            HashSet hashSet2 = new HashSet();
            for (String str2 : clientRepresentation2.getDefaultRoles()) {
                hashSet2.add(str2);
            }
            Assert.assertEquals(hashSet, hashSet2);
        }
        if (clientRepresentation.getRedirectUris() != null) {
            HashSet hashSet3 = new HashSet();
            Iterator it = clientRepresentation.getRedirectUris().iterator();
            while (it.hasNext()) {
                hashSet3.add((String) it.next());
            }
            HashSet hashSet4 = new HashSet();
            Iterator it2 = clientRepresentation2.getRedirectUris().iterator();
            while (it2.hasNext()) {
                hashSet4.add((String) it2.next());
            }
            Assert.assertEquals(hashSet3, hashSet4);
        }
        if (clientRepresentation.getWebOrigins() != null) {
            HashSet hashSet5 = new HashSet();
            Iterator it3 = clientRepresentation.getWebOrigins().iterator();
            while (it3.hasNext()) {
                hashSet5.add((String) it3.next());
            }
            HashSet hashSet6 = new HashSet();
            Iterator it4 = clientRepresentation2.getWebOrigins().iterator();
            while (it4.hasNext()) {
                hashSet6.add((String) it4.next());
            }
            Assert.assertEquals(hashSet5, hashSet6);
        }
        List protocolMappers = clientRepresentation.getProtocolMappers();
        if (protocolMappers != null) {
            Assert.assertEquals((Set) protocolMappers.stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet()), (Set) clientRepresentation2.getProtocolMappers().stream().map((v0) -> {
                return v0.getName();
            }).collect(Collectors.toSet()));
        }
    }
}
