package org.keycloak.testsuite.script;

import java.io.IOException;
import java.util.List;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.container.test.api.TargetsContainer;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.ShrinkWrap;
import org.jboss.shrinkwrap.api.asset.StringAsset;
import org.jboss.shrinkwrap.api.spec.JavaArchive;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.provider.ScriptProviderDescriptor;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.util.ContainerAssume;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ProtocolMapperUtil;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/script/DeployedScriptMapperTest.class */
public class DeployedScriptMapperTest extends AbstractTestRealmKeycloakTest {
    private static final String SCRIPT_DEPLOYMENT_NAME = "scripts.jar";

    @ArquillianResource
    private Deployer deployer;

    @Deployment(name = SCRIPT_DEPLOYMENT_NAME, managed = false, testable = false)
    @TargetsContainer("auth-server-current")
    public static JavaArchive deploy() throws IOException {
        ScriptProviderDescriptor scriptProviderDescriptor = new ScriptProviderDescriptor();
        scriptProviderDescriptor.addMapper("My Mapper", "mapper-a.js");
        return ShrinkWrap.create(JavaArchive.class, SCRIPT_DEPLOYMENT_NAME).addAsManifestResource(new StringAsset(JsonSerialization.writeValueAsPrettyString(scriptProviderDescriptor)), "keycloak-scripts.json").addAsResource("scripts/mapper-example.js", "mapper-a.js");
    }

    @BeforeClass
    public static void verifyEnvironment() {
        ContainerAssume.assumeNotAuthServerUndertow();
        ContainerAssume.assumeNotAuthServerQuarkus();
    }

    @Before
    public void configureFlows() {
        this.deployer.deploy(SCRIPT_DEPLOYMENT_NAME);
    }

    @After
    public void onAfter() {
        this.deployer.undeploy(SCRIPT_DEPLOYMENT_NAME);
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
    }

    @Test
    public void testScriptMapperNotAvailable() {
        Assert.assertFalse(((List) this.adminClient.serverInfo().getInfo().getProtocolMapperTypes().get("openid-connect")).stream().anyMatch(protocolMapperTypeRepresentation -> {
            return "oidc-script-based-protocol-mapper".equals(protocolMapperTypeRepresentation.getId());
        }));
    }

    @Test
    @EnableFeature(value = Profile.Feature.SCRIPTS, skipRestart = true, executeAsLast = false)
    public void testTokenScriptMapping() {
        ClientResource findClientResourceByClientId = ApiUtil.findClientResourceByClientId(this.adminClient.realm("test"), AssertEvents.DEFAULT_CLIENT_ID);
        ProtocolMapperRepresentation createScriptMapper = ProtocolMapperUtil.createScriptMapper("test-script-mapper1", "computed-via-script", "computed-via-script", "String", true, true, "'hello_' + user.username", false);
        createScriptMapper.setProtocolMapper("script-mapper-a.js");
        findClientResourceByClientId.getProtocolMappers().createMapper(createScriptMapper).close();
        Assert.assertEquals("hello_test-user@localhost", this.oauth.verifyToken(browserLogin("password", AssertEvents.DEFAULT_USERNAME, "password").getAccessToken()).getOtherClaims().get("computed-via-script"));
    }

    private OAuthClient.AccessTokenResponse browserLogin(String str, String str2, String str3) {
        return this.oauth.doAccessTokenRequest(this.oauth.doLogin(str2, str3).getCode(), str);
    }
}
