package org.keycloak.testsuite.client;

import com.fasterxml.jackson.core.JsonProcessingException;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import java.security.KeyFactory;
import java.security.KeyPair;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.spec.InvalidKeySpecException;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.UUID;
import java.util.function.Consumer;
import java.util.function.Function;
import java.util.stream.Collectors;
import javax.ws.rs.BadRequestException;
import javax.ws.rs.core.Response;
import org.apache.http.HttpResponse;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.message.BasicNameValuePair;
import org.hamcrest.MatcherAssert;
import org.hamcrest.Matchers;
import org.jboss.logging.Logger;
import org.junit.After;
import org.junit.Assert;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Rule;
import org.keycloak.adapters.AdapterUtils;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistration;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.common.util.Base64;
import org.keycloak.common.util.Base64Url;
import org.keycloak.common.util.BouncyIntegration;
import org.keycloak.common.util.KeyUtils;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.common.util.Time;
import org.keycloak.common.util.UriUtils;
import org.keycloak.events.EventType;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
import org.keycloak.representations.idm.ClientPoliciesRepresentation;
import org.keycloak.representations.idm.ClientPolicyConditionConfigurationRepresentation;
import org.keycloak.representations.idm.ClientPolicyConditionRepresentation;
import org.keycloak.representations.idm.ClientPolicyExecutorRepresentation;
import org.keycloak.representations.idm.ClientPolicyRepresentation;
import org.keycloak.representations.idm.ClientProfileRepresentation;
import org.keycloak.representations.idm.ClientProfilesRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.representations.oidc.TokenMetadataRepresentation;
import org.keycloak.services.Urls;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.condition.ClientAccessTypeCondition;
import org.keycloak.services.clientpolicy.condition.ClientRolesCondition;
import org.keycloak.services.clientpolicy.condition.ClientScopesCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterContextCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceGroupsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceHostsCondition;
import org.keycloak.services.clientpolicy.condition.ClientUpdaterSourceRolesCondition;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.client.resources.TestApplicationResourceUrls;
import org.keycloak.testsuite.client.resources.TestOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.docker.DockerClientTest;
import org.keycloak.testsuite.oauth.RefreshTokenTest;
import org.keycloak.testsuite.rest.resource.TestingOIDCEndpointsApplicationResource;
import org.keycloak.testsuite.saml.ConcurrentAuthnRequestTest;
import org.keycloak.testsuite.util.ClientPoliciesUtil;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/client/AbstractClientPoliciesTest.class */
public abstract class AbstractClientPoliciesTest extends AbstractKeycloakTest {
    protected static final String REALM_NAME = "test";
    protected static final String TEST_CLIENT = "test-app";
    protected static final String TEST_CLIENT_SECRET = "password";
    protected static final String POLICY_NAME = "MyPolicy";
    protected static final String PROFILE_NAME = "MyProfile";
    protected static final String SAMPLE_CLIENT_ROLE = "sample-client-role";
    protected static final String FAPI1_BASELINE_PROFILE_NAME = "fapi-1-baseline";
    protected static final String FAPI1_ADVANCED_PROFILE_NAME = "fapi-1-advanced";
    protected static final String FAPI_CIBA_PROFILE_NAME = "fapi-ciba";
    protected static final String ERR_MSG_MISSING_NONCE = "Missing parameter: nonce";
    protected static final String ERR_MSG_MISSING_STATE = "Missing parameter: state";
    protected static final String ERR_MSG_CLIENT_REG_FAIL = "Failed to send request";
    protected ClientRegistration reg;

    @Rule
    public AssertEvents events = new AssertEvents(this);
    protected static final Logger logger = Logger.getLogger(AbstractClientPoliciesTest.class);
    private static final ObjectMapper objectMapper = new ObjectMapper();

    @BeforeClass
    public static void beforeClientPoliciesTest() {
        BouncyIntegration.init();
    }

    @Before
    public void before() throws Exception {
        setInitialAccessTokenForDynamicClientRegistration();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setInitialAccessTokenForDynamicClientRegistration() {
        this.reg = ClientRegistration.create().url(this.suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "test").build();
        this.reg.auth(Auth.token(this.adminClient.realm("test").clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10))));
    }

    @After
    public void after() throws Exception {
        this.reg.close();
        revertToBuiltinProfiles();
        revertToBuiltinPolicies();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void setupValidProfilesAndPolicies() throws Exception {
        updateProfiles(new ClientPoliciesUtil.ClientProfilesBuilder().addProfile(new ClientPoliciesUtil.ClientProfileBuilder().createProfile("ordinal-test-profile", "The profile that can be loaded.").addExecutor("secure-client-authenticator", ClientPoliciesUtil.createSecureClientAuthenticatorExecutorConfig(Arrays.asList("client-jwt"), "client-jwt")).toRepresentation()).addProfile(new ClientPoliciesUtil.ClientProfileBuilder().createProfile("lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.").addExecutor("secure-client-authenticator", ClientPoliciesUtil.createSecureClientAuthenticatorExecutorConfig(Arrays.asList("client-jwt"), "client-jwt")).addExecutor("holder-of-key-enforcer", ClientPoliciesUtil.createHolderOfKeyEnforceExecutorConfig(Boolean.TRUE)).addExecutor("secure-client-uris", null).addExecutor("secure-request-object", null).addExecutor("secure-response-type", null).addExecutor("secure-session", null).addExecutor("secure-signature-algorithm", null).addExecutor("secure-signature-algorithm-signed-jwt", null).toRepresentation()).toString());
        updatePolicies(new ClientPoliciesUtil.ClientPoliciesBuilder().addPolicy(new ClientPoliciesUtil.ClientPolicyBuilder().createPolicy("new-policy", "duplicated profiles are ignored.", Boolean.TRUE).addCondition("client-access-type", ClientPoliciesUtil.createClientAccessTypeConditionConfig(Arrays.asList("public", "bearer-only"))).addCondition("client-roles", ClientPoliciesUtil.createClientRolesConditionConfig(Arrays.asList(SAMPLE_CLIENT_ROLE))).addCondition("client-scopes", ClientPoliciesUtil.createClientScopesConditionConfig("Optional", Arrays.asList(SAMPLE_CLIENT_ROLE))).addProfile("ordinal-test-profile").addProfile("lack-of-builtin-field-test-profile").addProfile("ordinal-test-profile").toRepresentation()).addPolicy(new ClientPoliciesUtil.ClientPolicyBuilder().createPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", null).addCondition("client-updater-context", ClientPoliciesUtil.createClientUpdateContextConditionConfig(Arrays.asList("ByAuthenticatedUser"))).addCondition("client-updater-source-groups", ClientPoliciesUtil.createClientUpdateSourceGroupsConditionConfig(Arrays.asList("topGroup"))).addCondition("client-updater-source-host", ClientPoliciesUtil.createClientUpdateSourceHostsConditionConfig(Arrays.asList(DockerClientTest.REGISTRY_HOSTNAME, AssertEvents.DEFAULT_IP_ADDRESS))).addCondition("client-updater-source-roles", ClientPoliciesUtil.createClientUpdateSourceRolesConditionConfig(Arrays.asList(AdminRoles.CREATE_CLIENT))).addProfile("lack-of-builtin-field-test-profile").toRepresentation()).toString());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedLoadedProfiles(Consumer<ClientProfilesRepresentation> consumer) throws Exception {
        ClientProfilesRepresentation profilesWithGlobals = getProfilesWithGlobals();
        assertExpectedProfiles(profilesWithGlobals, Arrays.asList(FAPI1_BASELINE_PROFILE_NAME, FAPI1_ADVANCED_PROFILE_NAME, FAPI_CIBA_PROFILE_NAME), Arrays.asList("ordinal-test-profile", "lack-of-builtin-field-test-profile"));
        ClientProfileRepresentation profileRepresentation = getProfileRepresentation(profilesWithGlobals, FAPI1_BASELINE_PROFILE_NAME, true);
        assertExpectedProfile(profileRepresentation, FAPI1_BASELINE_PROFILE_NAME, "Client profile, which enforce clients to conform 'Financial-grade API Security Profile 1.0 - Part 1: Baseline' specification.");
        assertExpectedExecutors(Arrays.asList("secure-session", "pkce-enforcer", "secure-client-authenticator", "secure-client-uris", "consent-required", "full-scope-disabled"), profileRepresentation);
        assertExpectedSecureSessionEnforceExecutor(profileRepresentation);
        ClientProfileRepresentation profileRepresentation2 = getProfileRepresentation(profilesWithGlobals, "ordinal-test-profile", false);
        consumer.accept(profilesWithGlobals);
        assertExpectedExecutors(Arrays.asList("secure-client-authenticator"), profileRepresentation2);
        assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList("client-jwt"), "client-jwt", profileRepresentation2);
        ClientProfileRepresentation profileRepresentation3 = getProfileRepresentation(profilesWithGlobals, "lack-of-builtin-field-test-profile", false);
        assertExpectedProfile(profileRepresentation3, "lack-of-builtin-field-test-profile", "Without builtin field that is treated as builtin=false.");
        assertExpectedExecutors(Arrays.asList("secure-client-authenticator", "holder-of-key-enforcer", "secure-client-uris", "secure-request-object", "secure-response-type", "secure-session", "secure-signature-algorithm", "secure-signature-algorithm-signed-jwt"), profileRepresentation3);
        assertExpectedSecureClientAuthEnforceExecutor(Arrays.asList("client-jwt"), "client-jwt", profileRepresentation3);
        assertExpectedHolderOfKeyEnforceExecutor(true, profileRepresentation3);
        assertExpectedSecureRedirectUriEnforceExecutor(profileRepresentation3);
        assertExpectedSecureRequestObjectExecutor(profileRepresentation3);
        assertExpectedSecureResponseTypeExecutor(profileRepresentation3);
        assertExpectedSecureSessionEnforceExecutor(profileRepresentation3);
        assertExpectedSecureSigningAlgorithmEnforceExecutor(profileRepresentation3);
        assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(profileRepresentation3);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedLoadedPolicies(Consumer<ClientPoliciesRepresentation> consumer) {
        ClientPoliciesRepresentation policies = getPolicies();
        assertExpectedPolicies(Arrays.asList("new-policy", "lack-of-builtin-field-test-policy"), policies);
        ClientPolicyRepresentation policyRepresentation = getPolicyRepresentation(policies, "new-policy");
        consumer.accept(policies);
        assertExpectedConditions(Arrays.asList("client-access-type", "client-roles", "client-scopes"), policyRepresentation);
        assertExpectedClientAccessTypeCondition(Arrays.asList("public", "bearer-only"), policyRepresentation);
        assertExpectedClientRolesCondition(Arrays.asList(SAMPLE_CLIENT_ROLE), policyRepresentation);
        assertExpectedClientScopesCondition("Optional", Arrays.asList(SAMPLE_CLIENT_ROLE), policyRepresentation);
        ClientPolicyRepresentation policyRepresentation2 = getPolicyRepresentation(policies, "lack-of-builtin-field-test-policy");
        assertExpectedPolicy("lack-of-builtin-field-test-policy", "Without builtin field that is treated as builtin=false.", false, Arrays.asList("lack-of-builtin-field-test-profile"), policyRepresentation2);
        assertExpectedConditions(Arrays.asList("client-updater-context", "client-updater-source-groups", "client-updater-source-host", "client-updater-source-roles"), policyRepresentation2);
        assertExpectedClientUpdateContextCondition(Arrays.asList("ByAuthenticatedUser"), policyRepresentation2);
        assertExpectedClientUpdateSourceGroupsCondition(Arrays.asList("topGroup"), policyRepresentation2);
        assertExpectedClientUpdateSourceHostsCondition(Arrays.asList(DockerClientTest.REGISTRY_HOSTNAME, AssertEvents.DEFAULT_IP_ADDRESS), policyRepresentation2);
        assertExpectedClientUpdateSourceRolesCondition(Arrays.asList(AdminRoles.CREATE_CLIENT), policyRepresentation2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateSuffixedName(String str) {
        return str + "-" + ((Object) UUID.randomUUID().toString().subSequence(0, 7));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPair setupJwks(String str, ClientRepresentation clientRepresentation, ClientResource clientResource) throws Exception {
        TestOIDCEndpointsApplicationResource oidcClientEndpoints = this.testingClient.testApp().oidcClientEndpoints();
        oidcClientEndpoints.generateKeys(str);
        KeyPair keyPairFromGeneratedBase64 = getKeyPairFromGeneratedBase64(oidcClientEndpoints.getKeysAsBase64(), str);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation).setUseJwksUrl(true);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
        clientResource.update(clientRepresentation);
        setTimeOffset(20);
        return keyPairFromGeneratedBase64;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public KeyPair getKeyPairFromGeneratedBase64(Map<String, String> map, String str) throws Exception {
        String str2 = map.get("privateKey");
        String str3 = map.get("publicKey");
        return new KeyPair(decodePublicKey(Base64.decode(str3), str), decodePrivateKey(Base64.decode(str2), str));
    }

    private PrivateKey decodePrivateKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(getKeyAlgorithmFromJwaAlgorithm(str), "BC").generatePrivate(new PKCS8EncodedKeySpec(bArr));
    }

    private PublicKey decodePublicKey(byte[] bArr, String str) throws NoSuchAlgorithmException, InvalidKeySpecException, NoSuchProviderException {
        return KeyFactory.getInstance(getKeyAlgorithmFromJwaAlgorithm(str), "BC").generatePublic(new X509EncodedKeySpec(bArr));
    }

    private String getKeyAlgorithmFromJwaAlgorithm(String str) {
        String str2;
        boolean z = -1;
        switch (str.hashCode()) {
            case 66245349:
                if (str.equals("ES256")) {
                    z = 6;
                    break;
                }
                break;
            case 66246401:
                if (str.equals("ES384")) {
                    z = 7;
                    break;
                }
                break;
            case 66248104:
                if (str.equals("ES512")) {
                    z = 8;
                    break;
                }
                break;
            case 76404080:
                if (str.equals("PS256")) {
                    z = 3;
                    break;
                }
                break;
            case 76405132:
                if (str.equals("PS384")) {
                    z = 4;
                    break;
                }
                break;
            case 76406835:
                if (str.equals("PS512")) {
                    z = 5;
                    break;
                }
                break;
            case 78251122:
                if (str.equals("RS256")) {
                    z = false;
                    break;
                }
                break;
            case 78252174:
                if (str.equals("RS384")) {
                    z = true;
                    break;
                }
                break;
            case 78253877:
                if (str.equals("RS512")) {
                    z = 2;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
            case true:
            case true:
            case RefreshTokenTest.ALLOWED_CLOCK_SKEW /* 3 */:
            case true:
            case ConcurrentAuthnRequestTest.CONCURRENT_THREADS /* 5 */:
                str2 = "RSA";
                break;
            case true:
            case true:
            case true:
                str2 = "EC";
                break;
            default:
                throw new RuntimeException("Unsupported signature algorithm");
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createSignedRequestToken(String str, PrivateKey privateKey, PublicKey publicKey, String str2) {
        JsonWebToken createRequestToken = createRequestToken(str, getRealmInfoUrl());
        String createKeyId = KeyUtils.createKeyId(publicKey);
        return new JWSBuilder().kid(createKeyId).jsonContent(createRequestToken).sign(this.oauth.createSigner(privateKey, createKeyId, str2));
    }

    private String getRealmInfoUrl() {
        return KeycloakUriBuilder.fromUri(UriUtils.getOrigin(this.oauth.getRedirectUri()) + "/auth").path("/realms/{realm-name}").build(new Object[]{"test"}).toString();
    }

    private JsonWebToken createRequestToken(String str, String str2) {
        JsonWebToken jsonWebToken = new JsonWebToken();
        jsonWebToken.id(AdapterUtils.generateId());
        jsonWebToken.issuer(str);
        jsonWebToken.subject(str);
        jsonWebToken.audience(new String[]{str2});
        int currentTime = Time.currentTime();
        jsonWebToken.iat(Long.valueOf(currentTime));
        jsonWebToken.exp(Long.valueOf(currentTime + 10));
        jsonWebToken.nbf(Long.valueOf(currentTime));
        return jsonWebToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthClient.AccessTokenResponse doAccessTokenRequestWithSignedJWT(String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("grant_type", "authorization_code"));
        linkedList.add(new BasicNameValuePair("code", str));
        linkedList.add(new BasicNameValuePair("redirect_uri", this.oauth.getRedirectUri()));
        linkedList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        linkedList.add(new BasicNameValuePair("client_assertion", str2));
        return new OAuthClient.AccessTokenResponse(sendRequest(this.oauth.getAccessTokenUrl(), linkedList));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OAuthClient.AccessTokenResponse doRefreshTokenRequestWithSignedJWT(String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        linkedList.add(new BasicNameValuePair("refresh_token", str));
        linkedList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        linkedList.add(new BasicNameValuePair("client_assertion", str2));
        return new OAuthClient.AccessTokenResponse(sendRequest(this.oauth.getRefreshTokenUrl(), linkedList));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse doTokenIntrospectionWithSignedJWT(String str, String str2, String str3) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("token", str2));
        linkedList.add(new BasicNameValuePair("token_type_hint", str));
        linkedList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        linkedList.add(new BasicNameValuePair("client_assertion", str3));
        return sendRequest(this.oauth.getTokenIntrospectionUrl(), linkedList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse doTokenRevokeWithSignedJWT(String str, String str2, String str3) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("token", str2));
        linkedList.add(new BasicNameValuePair("token_type_hint", str));
        linkedList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        linkedList.add(new BasicNameValuePair("client_assertion", str3));
        return sendRequest(this.oauth.getTokenRevocationUrl(), linkedList);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public HttpResponse doLogoutWithSignedJWT(String str, String str2) throws Exception {
        LinkedList linkedList = new LinkedList();
        linkedList.add(new BasicNameValuePair("grant_type", "refresh_token"));
        linkedList.add(new BasicNameValuePair("refresh_token", str));
        linkedList.add(new BasicNameValuePair("client_assertion_type", "urn:ietf:params:oauth:client-assertion-type:jwt-bearer"));
        linkedList.add(new BasicNameValuePair("client_assertion", str2));
        return sendRequest(this.oauth.getLogoutUrl().build(), linkedList);
    }

    private CloseableHttpResponse sendRequest(String str, List<NameValuePair> list) throws Exception {
        DefaultHttpClient defaultHttpClient = new DefaultHttpClient();
        try {
            HttpPost httpPost = new HttpPost(str);
            httpPost.setEntity(new UrlEncodedFormEntity(list, "UTF-8"));
            CloseableHttpResponse execute = defaultHttpClient.execute(httpPost);
            this.oauth.closeClient(defaultHttpClient);
            return execute;
        } catch (Throwable th) {
            this.oauth.closeClient(defaultHttpClient);
            throw th;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject createValidRequestObjectForSecureRequestObjectExecutor(String str) throws URISyntaxException {
        TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject authorizationEndpointRequestObject = new TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject();
        authorizationEndpointRequestObject.id(KeycloakModelUtils.generateId());
        authorizationEndpointRequestObject.iat(Long.valueOf(Time.currentTime()));
        Long l = 300L;
        authorizationEndpointRequestObject.exp(Long.valueOf(authorizationEndpointRequestObject.getIat().longValue() + l.longValue()));
        authorizationEndpointRequestObject.nbf(authorizationEndpointRequestObject.getIat());
        authorizationEndpointRequestObject.setClientId(str);
        authorizationEndpointRequestObject.setResponseType("code");
        authorizationEndpointRequestObject.setRedirectUriParam(this.oauth.getRedirectUri());
        authorizationEndpointRequestObject.setScope("openid");
        String generateId = KeycloakModelUtils.generateId();
        this.oauth.stateParamHardcoded(generateId);
        authorizationEndpointRequestObject.setState(generateId);
        authorizationEndpointRequestObject.setMax_age(600);
        authorizationEndpointRequestObject.setOtherClaims("custom_claim_ein", "rot");
        authorizationEndpointRequestObject.audience(new String[]{Urls.realmIssuer(new URI(this.suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth"), "test"), "https://example.com"});
        authorizationEndpointRequestObject.setNonce(KeycloakModelUtils.generateId());
        return authorizationEndpointRequestObject;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void registerRequestObject(TestingOIDCEndpointsApplicationResource.AuthorizationEndpointRequestObject authorizationEndpointRequestObject, String str, Algorithm algorithm, boolean z) throws URISyntaxException, IOException {
        this.testingClient.testApp().oidcClientEndpoints();
        ClientResource findClientByClientId = ApiUtil.findClientByClientId(this.adminClient.realm("test"), str);
        ClientRepresentation representation = findClientByClientId.toRepresentation();
        OIDCAdvancedConfigWrapper.fromClientRepresentation(representation).setRequestObjectSignatureAlg(algorithm);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(representation).setUseJwksUrl(true);
        OIDCAdvancedConfigWrapper.fromClientRepresentation(representation).setJwksUrl(TestApplicationResourceUrls.clientJwksUri());
        findClientByClientId.update(representation);
        TestOIDCEndpointsApplicationResource oidcClientEndpoints = this.testingClient.testApp().oidcClientEndpoints();
        oidcClientEndpoints.generateKeys(algorithm.name());
        oidcClientEndpoints.registerOIDCRequest(Base64Url.encode(JsonSerialization.writeValueAsBytes(authorizationEndpointRequestObject)), algorithm.name());
        if (z) {
            this.oauth.request((String) null);
            this.oauth.requestUri(TestApplicationResourceUrls.clientRequestUri());
        } else {
            this.oauth.requestUri((String) null);
            this.oauth.request(oidcClientEndpoints.getOIDCRequest());
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String generateS256CodeChallenge(String str) throws Exception {
        MessageDigest messageDigest = MessageDigest.getInstance("SHA-256");
        messageDigest.update(str.getBytes("ISO_8859_1"));
        return Base64Url.encode(messageDigest.digest());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doIntrospectAccessToken(OAuthClient.AccessTokenResponse accessTokenResponse, String str, String str2, String str3) throws IOException {
        String introspectAccessTokenWithClientCredential = this.oauth.introspectAccessTokenWithClientCredential(str2, str3, accessTokenResponse.getAccessToken());
        JsonNode readTree = objectMapper.readTree(introspectAccessTokenWithClientCredential);
        Assert.assertEquals(true, Boolean.valueOf(readTree.get("active").asBoolean()));
        Assert.assertEquals(str, readTree.get("username").asText());
        Assert.assertEquals(str2, readTree.get("client_id").asText());
        TokenMetadataRepresentation tokenMetadataRepresentation = (TokenMetadataRepresentation) objectMapper.readValue(introspectAccessTokenWithClientCredential, TokenMetadataRepresentation.class);
        Assert.assertEquals(true, Boolean.valueOf(tokenMetadataRepresentation.isActive()));
        Assert.assertEquals(str2, tokenMetadataRepresentation.getClientId());
        Assert.assertEquals(str2, tokenMetadataRepresentation.getIssuedFor());
        this.events.expect(EventType.INTROSPECT_TOKEN).client(str2).user((String) null).clearDetails().assertEvent();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void doTokenRevoke(String str, String str2, String str3, String str4, boolean z) throws IOException {
        this.oauth.clientId(str2);
        this.oauth.doTokenRevoke(str, "refresh_token", str3);
        OAuthClient.AccessTokenResponse doRefreshTokenRequest = this.oauth.doRefreshTokenRequest(str, str3);
        Assert.assertEquals(400L, doRefreshTokenRequest.getStatusCode());
        Assert.assertEquals("invalid_grant", doRefreshTokenRequest.getError());
        if (z) {
            Assert.assertEquals("Offline user session not found", doRefreshTokenRequest.getErrorDescription());
        } else {
            Assert.assertEquals("Session not active", doRefreshTokenRequest.getErrorDescription());
        }
        this.events.expect(EventType.REVOKE_GRANT).clearDetails().client(str2).user(str4).assertEvent();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createClientByAdmin(String str, Consumer<ClientRepresentation> consumer) throws ClientPolicyException {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(str);
        clientRepresentation.setName(str);
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setBearerOnly(Boolean.FALSE);
        clientRepresentation.setPublicClient(Boolean.FALSE);
        clientRepresentation.setServiceAccountsEnabled(Boolean.TRUE);
        clientRepresentation.setRedirectUris(Collections.singletonList(ServerURLs.getAuthServerContextRoot() + "/auth/realms/master/app/auth"));
        consumer.accept(clientRepresentation);
        Response create = this.adminClient.realm("test").clients().create(clientRepresentation);
        if (create.getStatus() == Response.Status.BAD_REQUEST.getStatusCode()) {
            Map map = null;
            try {
                map = (Map) JsonSerialization.readValue((String) create.readEntity(String.class), Map.class);
            } catch (IOException e) {
                Assert.fail();
            }
            throw new ClientPolicyException((String) map.get("error"), (String) map.get("error_description"));
        }
        create.close();
        Assert.assertEquals(Response.Status.CREATED.getStatusCode(), create.getStatus());
        String createdId = ApiUtil.getCreatedId(create);
        this.testContext.getOrCreateCleanup("test").addClientUuid(createdId);
        return createdId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientRepresentation getClientByAdmin(String str) throws ClientPolicyException {
        try {
            return this.adminClient.realm("test").clients().get(str).toRepresentation();
        } catch (BadRequestException e) {
            processClientPolicyExceptionByAdmin(e);
            return null;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientRepresentation getClientByAdminWithName(String str) {
        return (ClientRepresentation) this.adminClient.realm("test").clients().findByClientId(str).get(0);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateClientByAdmin(String str, Consumer<ClientRepresentation> consumer) throws ClientPolicyException {
        ClientResource clientResource = this.adminClient.realm("test").clients().get(str);
        ClientRepresentation representation = clientResource.toRepresentation();
        consumer.accept(representation);
        try {
            clientResource.update(representation);
        } catch (BadRequestException e) {
            processClientPolicyExceptionByAdmin(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deleteClientByAdmin(String str) throws ClientPolicyException {
        try {
            this.adminClient.realm("test").clients().get(str).remove();
        } catch (BadRequestException e) {
            processClientPolicyExceptionByAdmin(e);
        }
    }

    private void processClientPolicyExceptionByAdmin(BadRequestException badRequestException) throws ClientPolicyException {
        Response response = badRequestException.getResponse();
        if (response.getStatus() != Response.Status.BAD_REQUEST.getStatusCode()) {
            response.close();
            return;
        }
        Map map = null;
        try {
            map = (Map) JsonSerialization.readValue((String) response.readEntity(String.class), Map.class);
        } catch (IOException e) {
            Assert.fail();
        }
        throw new ClientPolicyException((String) map.get("error"), (String) map.get("error_description"));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void restartAuthenticatedClientRegistrationSetting() throws ClientRegistrationException {
        this.reg.close();
        this.reg = ClientRegistration.create().url(this.suiteContext.getAuthServerInfo().getContextRoot() + "/auth", "test").build();
        this.reg.auth(Auth.token(this.adminClient.realm("test").clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10))));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authCreateClients() {
        this.reg.auth(Auth.token(getToken("create-clients", "password")));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void authManageClients() {
        this.reg.auth(Auth.token(getToken("manage-clients", "password")));
    }

    protected void authNoAccess() {
        this.reg.auth(Auth.token(getToken("no-access", "password")));
    }

    private String getToken(String str, String str2) {
        try {
            return this.oauth.doGrantAccessTokenRequest("test", str, str2, (String) null, "admin-cli", (String) null).getAccessToken();
        } catch (Exception e) {
            throw new RuntimeException(e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String createClientDynamically(String str, Consumer<OIDCClientRepresentation> consumer) throws ClientRegistrationException {
        OIDCClientRepresentation oIDCClientRepresentation = new OIDCClientRepresentation();
        oIDCClientRepresentation.setClientName(str);
        oIDCClientRepresentation.setClientUri(ServerURLs.getAuthServerContextRoot());
        oIDCClientRepresentation.setRedirectUris(Collections.singletonList(ServerURLs.getAuthServerContextRoot() + "/auth/realms/master/app/auth"));
        consumer.accept(oIDCClientRepresentation);
        OIDCClientRepresentation create = this.reg.oidc().create(oIDCClientRepresentation);
        this.reg.auth(Auth.token(create));
        String clientId = create.getClientId();
        this.testContext.getOrCreateCleanup("test").addClientUuid(clientId);
        return clientId;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public OIDCClientRepresentation getClientDynamically(String str) throws ClientRegistrationException {
        return this.reg.oidc().get(str);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateClientDynamically(String str, Consumer<OIDCClientRepresentation> consumer) throws ClientRegistrationException {
        OIDCClientRepresentation oIDCClientRepresentation = this.reg.oidc().get(str);
        consumer.accept(oIDCClientRepresentation);
        this.reg.auth(Auth.token(this.reg.oidc().update(oIDCClientRepresentation)));
    }

    protected void deleteClientDynamically(String str) throws ClientRegistrationException {
        this.reg.oidc().delete(str);
    }

    protected String convertToProfilesJson(ClientProfilesRepresentation clientProfilesRepresentation) {
        String str = null;
        try {
            str = objectMapper.writeValueAsString(clientProfilesRepresentation);
        } catch (JsonProcessingException e) {
            Assert.fail();
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateProfiles(String str) throws ClientPolicyException {
        try {
            this.adminClient.realm("test").clientPoliciesProfilesResource().updateProfiles((ClientProfilesRepresentation) JsonSerialization.readValue(str, ClientProfilesRepresentation.class));
        } catch (Exception e) {
            throw new ClientPolicyException("update profiles failed", e.getMessage());
        } catch (BadRequestException e2) {
            throw new ClientPolicyException("update profiles failed", e2.getResponse().getStatusInfo().toString());
        }
    }

    protected void updateProfiles(ClientProfilesRepresentation clientProfilesRepresentation) throws ClientPolicyException {
        updateProfiles(convertToProfilesJson(clientProfilesRepresentation));
    }

    protected void revertToBuiltinProfiles() throws ClientPolicyException {
        updateProfiles("{}");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientProfilesRepresentation getProfilesWithGlobals() {
        return this.adminClient.realm("test").clientPoliciesProfilesResource().getProfiles(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientProfilesRepresentation getProfilesWithoutGlobals() {
        return this.adminClient.realm("test").clientPoliciesProfilesResource().getProfiles(false);
    }

    protected String convertToProfileJson(ClientProfileRepresentation clientProfileRepresentation) {
        String str = null;
        try {
            str = objectMapper.writeValueAsString(clientProfileRepresentation);
        } catch (JsonProcessingException e) {
            Assert.fail();
        }
        return str;
    }

    protected ClientProfileRepresentation convertToProfile(String str) {
        ClientProfileRepresentation clientProfileRepresentation = null;
        try {
            clientProfileRepresentation = (ClientProfileRepresentation) JsonSerialization.readValue(str, ClientProfileRepresentation.class);
        } catch (IOException e) {
            Assert.fail();
        }
        return clientProfileRepresentation;
    }

    protected ClientProfileRepresentation getProfile(String str) {
        ClientProfilesRepresentation profilesWithGlobals;
        if (str == null || (profilesWithGlobals = getProfilesWithGlobals()) == null || profilesWithGlobals.getProfiles() == null || !profilesWithGlobals.getProfiles().stream().anyMatch(clientProfileRepresentation -> {
            return str.equals(clientProfileRepresentation.getName());
        })) {
            return null;
        }
        return (ClientProfileRepresentation) ((List) profilesWithGlobals.getProfiles().stream().filter(clientProfileRepresentation2 -> {
            return str.equals(clientProfileRepresentation2.getName());
        }).collect(Collectors.toList())).get(0);
    }

    protected String getProfileJson(String str) {
        return convertToProfileJson(getProfile(str));
    }

    protected void addProfile(ClientProfileRepresentation clientProfileRepresentation) throws ClientPolicyException {
        ClientProfilesRepresentation profilesWithoutGlobals = getProfilesWithoutGlobals();
        if (profilesWithoutGlobals == null || profilesWithoutGlobals.getProfiles() == null) {
            return;
        }
        profilesWithoutGlobals.getProfiles().add(clientProfileRepresentation);
        updateProfiles(convertToProfilesJson(profilesWithoutGlobals));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updateProfile(ClientProfileRepresentation clientProfileRepresentation) throws ClientPolicyException {
        if (clientProfileRepresentation == null || clientProfileRepresentation.getName() == null) {
            return;
        }
        String name = clientProfileRepresentation.getName();
        ClientProfilesRepresentation profilesWithoutGlobals = getProfilesWithoutGlobals();
        if (profilesWithoutGlobals.getProfiles().stream().anyMatch(clientProfileRepresentation2 -> {
            return name.equals(clientProfileRepresentation2.getName());
        })) {
            profilesWithoutGlobals.getProfiles().remove((ClientProfileRepresentation) ((List) profilesWithoutGlobals.getProfiles().stream().filter(clientProfileRepresentation3 -> {
                return name.equals(clientProfileRepresentation3.getName());
            }).collect(Collectors.toList())).get(0));
            profilesWithoutGlobals.getProfiles().add(clientProfileRepresentation);
            updateProfiles(convertToProfilesJson(profilesWithoutGlobals));
        }
    }

    protected void deleteProfile(String str) throws ClientPolicyException {
        if (str == null) {
            return;
        }
        ClientProfilesRepresentation profilesWithoutGlobals = getProfilesWithoutGlobals();
        if (profilesWithoutGlobals.getProfiles().stream().anyMatch(clientProfileRepresentation -> {
            return str.equals(clientProfileRepresentation.getName());
        })) {
            profilesWithoutGlobals.getProfiles().remove((ClientProfileRepresentation) ((List) profilesWithoutGlobals.getProfiles().stream().filter(clientProfileRepresentation2 -> {
                return str.equals(clientProfileRepresentation2.getName());
            }).collect(Collectors.toList())).get(0));
            updateProfiles(convertToProfilesJson(profilesWithoutGlobals));
        }
    }

    protected String convertToPoliciesJson(ClientPoliciesRepresentation clientPoliciesRepresentation) {
        String str = null;
        try {
            str = objectMapper.writeValueAsString(clientPoliciesRepresentation);
        } catch (JsonProcessingException e) {
            Assert.fail();
        }
        return str;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePolicies(String str) throws ClientPolicyException {
        ClientPoliciesRepresentation clientPoliciesRepresentation;
        if (str == null) {
            clientPoliciesRepresentation = null;
        } else {
            try {
                clientPoliciesRepresentation = (ClientPoliciesRepresentation) JsonSerialization.readValue(str, ClientPoliciesRepresentation.class);
            } catch (BadRequestException e) {
                throw new ClientPolicyException("update policies failed", e.getResponse().getStatusInfo().toString());
            } catch (IOException e2) {
                throw new ClientPolicyException("update policies failed", e2.getMessage());
            }
        }
        this.adminClient.realm("test").clientPoliciesPoliciesResource().updatePolicies(clientPoliciesRepresentation);
    }

    protected void revertToBuiltinPolicies() throws ClientPolicyException {
        updatePolicies("{}");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientPoliciesRepresentation getPolicies() {
        return this.adminClient.realm("test").clientPoliciesPoliciesResource().getPolicies();
    }

    protected String convertToPolicyJson(ClientPolicyRepresentation clientPolicyRepresentation) {
        String str = null;
        try {
            str = objectMapper.writeValueAsString(clientPolicyRepresentation);
        } catch (JsonProcessingException e) {
            Assert.fail();
        }
        return str;
    }

    protected ClientPolicyRepresentation convertToPolicy(String str) {
        ClientPolicyRepresentation clientPolicyRepresentation = null;
        try {
            clientPolicyRepresentation = (ClientPolicyRepresentation) JsonSerialization.readValue(str, ClientPolicyRepresentation.class);
        } catch (IOException e) {
            Assert.fail();
        }
        return clientPolicyRepresentation;
    }

    protected ClientPolicyRepresentation getPolicy(String str) {
        ClientPoliciesRepresentation policies;
        if (str == null || (policies = getPolicies()) == null || policies.getPolicies() == null || !policies.getPolicies().stream().anyMatch(clientPolicyRepresentation -> {
            return str.equals(clientPolicyRepresentation.getName());
        })) {
            return null;
        }
        return (ClientPolicyRepresentation) ((List) policies.getPolicies().stream().filter(clientPolicyRepresentation2 -> {
            return str.equals(clientPolicyRepresentation2.getName());
        }).collect(Collectors.toList())).get(0);
    }

    protected String getPolicyJson(String str) {
        return convertToPolicyJson(getPolicy(str));
    }

    protected void addPolicy(ClientPolicyRepresentation clientPolicyRepresentation) throws ClientPolicyException {
        ClientPoliciesRepresentation policies = getPolicies();
        if (policies == null || policies.getPolicies() == null) {
            return;
        }
        policies.getPolicies().add(clientPolicyRepresentation);
        updatePolicies(convertToPoliciesJson(policies));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void updatePolicy(ClientPolicyRepresentation clientPolicyRepresentation) throws ClientPolicyException {
        if (clientPolicyRepresentation == null || clientPolicyRepresentation.getName() == null) {
            return;
        }
        String name = clientPolicyRepresentation.getName();
        ClientPoliciesRepresentation policies = getPolicies();
        if (policies.getPolicies().stream().anyMatch(clientPolicyRepresentation2 -> {
            return name.equals(clientPolicyRepresentation2.getName());
        })) {
            policies.getPolicies().remove((ClientPolicyRepresentation) ((List) policies.getPolicies().stream().filter(clientPolicyRepresentation3 -> {
                return name.equals(clientPolicyRepresentation3.getName());
            }).collect(Collectors.toList())).get(0));
            policies.getPolicies().add(clientPolicyRepresentation);
            updatePolicies(convertToPoliciesJson(policies));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void deletePolicy(String str) throws ClientPolicyException {
        if (str == null) {
            return;
        }
        ClientPoliciesRepresentation policies = getPolicies();
        if (policies.getPolicies().stream().anyMatch(clientPolicyRepresentation -> {
            return str.equals(clientPolicyRepresentation.getName());
        })) {
            policies.getPolicies().remove((ClientPolicyRepresentation) ((List) policies.getPolicies().stream().filter(clientPolicyRepresentation2 -> {
                return str.equals(clientPolicyRepresentation2.getName());
            }).collect(Collectors.toList())).get(0));
            updatePolicies(convertToPoliciesJson(policies));
        }
    }

    protected ClientProfilesRepresentation getProfilesRepresentation(String str) {
        return (ClientProfilesRepresentation) getCompoundsRepresentation(str, ClientProfilesRepresentation.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientProfileRepresentation getProfileRepresentation(ClientProfilesRepresentation clientProfilesRepresentation, String str, boolean z) {
        return (ClientProfileRepresentation) getCompoundRepresentation(clientProfilesRepresentation, str, z ? (v0) -> {
            return v0.getGlobalProfiles();
        } : (v0) -> {
            return v0.getProfiles();
        }, clientProfileRepresentation -> {
            return clientProfileRepresentation.getName();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedProfiles(ClientProfilesRepresentation clientProfilesRepresentation, List<String> list, List<String> list2) {
        assertExpectedCompounds(list, clientProfilesRepresentation, clientProfilesRepresentation2 -> {
            return clientProfilesRepresentation2.getGlobalProfiles();
        }, clientProfileRepresentation -> {
            return clientProfileRepresentation.getName();
        });
        assertExpectedCompounds(list2, clientProfilesRepresentation, clientProfilesRepresentation3 -> {
            return clientProfilesRepresentation3.getProfiles();
        }, clientProfileRepresentation2 -> {
            return clientProfileRepresentation2.getName();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedProfile(ClientProfileRepresentation clientProfileRepresentation, String str, String str2) {
        Assert.assertNotNull(clientProfileRepresentation);
        Assert.assertEquals(str2, clientProfileRepresentation.getDescription());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedExecutors(List<String> list, ClientProfileRepresentation clientProfileRepresentation) {
        MatcherAssert.assertThat((List) clientProfileRepresentation.getExecutors().stream().map((v0) -> {
            return v0.getExecutorProviderId();
        }).collect(Collectors.toList()), Matchers.containsInAnyOrder(list.toArray()));
    }

    protected void assertExpectedHolderOfKeyEnforceExecutor(boolean z, ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedAutoConfiguredExecutor(z, "holder-of-key-enforcer", clientProfileRepresentation);
    }

    protected void assertExpectedPKCEEnforceExecutor(boolean z, ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedAutoConfiguredExecutor(z, "pkce-enforcer", clientProfileRepresentation);
    }

    protected void assertExpectedSecureClientAuthEnforceExecutor(List<String> list, String str, ClientProfileRepresentation clientProfileRepresentation) throws Exception {
        Assert.assertNotNull(clientProfileRepresentation);
        JsonNode configOfExecutor = getConfigOfExecutor("secure-client-authenticator", clientProfileRepresentation);
        Assert.assertNotNull(configOfExecutor);
        Assert.assertEquals(new HashSet(list), new HashSet((Collection) JsonSerialization.readValue(configOfExecutor.get("allowed-client-authenticators").toString(), List.class)));
        Assert.assertEquals(str, configOfExecutor.get("default-client-authenticator").textValue());
    }

    protected void assertExpectedSecureRedirectUriEnforceExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-client-uris", clientProfileRepresentation);
    }

    protected void assertExpectedSecureRequestObjectExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-request-object", clientProfileRepresentation);
    }

    protected void assertExpectedSecureResponseTypeExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-response-type", clientProfileRepresentation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedSecureSessionEnforceExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-session", clientProfileRepresentation);
    }

    protected void assertExpectedSecureSigningAlgorithmEnforceExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-signature-algorithm", clientProfileRepresentation);
    }

    protected void assertExpectedSecureSigningAlgorithmForSignedJwtEnforceExecutor(ClientProfileRepresentation clientProfileRepresentation) {
        assertExpectedEmptyConfig("secure-signature-algorithm-signed-jwt", clientProfileRepresentation);
    }

    protected void assertExpectedAutoConfiguredExecutor(boolean z, String str, ClientProfileRepresentation clientProfileRepresentation) {
        Assert.assertNotNull(clientProfileRepresentation);
        JsonNode configOfExecutor = getConfigOfExecutor(str, clientProfileRepresentation);
        Assert.assertNotNull(configOfExecutor);
        Assert.assertEquals(Boolean.valueOf(z), Boolean.valueOf(configOfExecutor.get("auto-configure") == null ? false : configOfExecutor.get("auto-configure").asBoolean()));
    }

    private JsonNode getConfigOfExecutor(String str, ClientProfileRepresentation clientProfileRepresentation) {
        ClientPolicyExecutorRepresentation clientPolicyExecutorRepresentation = (ClientPolicyExecutorRepresentation) clientProfileRepresentation.getExecutors().stream().filter(clientPolicyExecutorRepresentation2 -> {
            return str.equals(clientPolicyExecutorRepresentation2.getExecutorProviderId());
        }).findFirst().orElse(null);
        if (clientPolicyExecutorRepresentation == null) {
            return null;
        }
        return clientPolicyExecutorRepresentation.getConfiguration();
    }

    protected ClientPoliciesRepresentation getPoliciesRepresentation(String str) {
        return (ClientPoliciesRepresentation) getCompoundsRepresentation(str, ClientPoliciesRepresentation.class);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientPolicyRepresentation getPolicyRepresentation(ClientPoliciesRepresentation clientPoliciesRepresentation, String str) {
        return (ClientPolicyRepresentation) getCompoundRepresentation(clientPoliciesRepresentation, str, clientPoliciesRepresentation2 -> {
            return clientPoliciesRepresentation2.getPolicies();
        }, clientPolicyRepresentation -> {
            return clientPolicyRepresentation.getName();
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedPolicies(List<String> list, ClientPoliciesRepresentation clientPoliciesRepresentation) {
        Assert.assertNotNull(clientPoliciesRepresentation);
        List policies = clientPoliciesRepresentation.getPolicies();
        if (policies == null) {
            Assert.assertNull(list);
        } else {
            Assert.assertEquals(new HashSet(list), (Set) policies.stream().map(clientPolicyRepresentation -> {
                return clientPolicyRepresentation.getName();
            }).collect(Collectors.toSet()));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void assertExpectedPolicy(String str, String str2, boolean z, List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        Assert.assertNotNull(clientPolicyRepresentation);
        Assert.assertEquals(str2, clientPolicyRepresentation.getDescription());
        Assert.assertEquals(Boolean.valueOf(z), clientPolicyRepresentation.isEnabled());
        Assert.assertEquals(new HashSet(list), new HashSet(clientPolicyRepresentation.getProfiles()));
    }

    protected void assertExpectedConditions(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        MatcherAssert.assertThat((List) clientPolicyRepresentation.getConditions().stream().map((v0) -> {
            return v0.getConditionProviderId();
        }).collect(Collectors.toList()), Matchers.containsInAnyOrder(list.toArray()));
    }

    protected void assertExpectedAnyClientCondition(ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertTrue("Expected empty configuration for provider any-client", getConfigAsExpectedType(clientPolicyRepresentation, "any-client", ClientPolicyConditionConfigurationRepresentation.class).getConfigAsMap().isEmpty());
    }

    protected void assertExpectedClientAccessTypeCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-access-type", ClientAccessTypeCondition.Configuration.class).getType(), list);
    }

    protected void assertExpectedClientRolesCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-roles", ClientRolesCondition.Configuration.class).getRoles(), list);
    }

    protected void assertExpectedClientScopesCondition(String str, List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        ClientScopesCondition.Configuration configAsExpectedType = getConfigAsExpectedType(clientPolicyRepresentation, "client-scopes", ClientScopesCondition.Configuration.class);
        org.keycloak.testsuite.Assert.assertEquals(configAsExpectedType.getType(), str);
        org.keycloak.testsuite.Assert.assertEquals(configAsExpectedType.getScope(), list);
    }

    protected void assertExpectedClientUpdateContextCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-updater-context", ClientUpdaterContextCondition.Configuration.class).getUpdateClientSource(), list);
    }

    protected void assertExpectedClientUpdateSourceGroupsCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-updater-source-groups", ClientUpdaterSourceGroupsCondition.Configuration.class).getGroups(), list);
    }

    protected void assertExpectedClientUpdateSourceHostsCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-updater-source-host", ClientUpdaterSourceHostsCondition.Configuration.class).getTrustedHosts(), list);
    }

    protected void assertExpectedClientUpdateSourceRolesCondition(List<String> list, ClientPolicyRepresentation clientPolicyRepresentation) {
        org.keycloak.testsuite.Assert.assertEquals(getConfigAsExpectedType(clientPolicyRepresentation, "client-updater-source-roles", ClientUpdaterSourceRolesCondition.Configuration.class).getRoles(), list);
    }

    private <CFG extends ClientPolicyConditionConfigurationRepresentation> CFG getConfigAsExpectedType(ClientPolicyRepresentation clientPolicyRepresentation, String str, Class<CFG> cls) {
        return (CFG) JsonSerialization.mapper.convertValue(((ClientPolicyConditionRepresentation) clientPolicyRepresentation.getConditions().stream().filter(clientPolicyConditionRepresentation -> {
            return str.equals(clientPolicyConditionRepresentation.getConditionProviderId());
        }).findFirst().orElseThrow(() -> {
            return new AssertionError("Expected to contain configuration for condition " + str);
        })).getConfiguration(), cls);
    }

    /* JADX WARN: Multi-variable type inference failed */
    private <T> T getCompoundsRepresentation(String str, Class<T> cls) {
        T t = null;
        try {
            t = JsonSerialization.readValue(str, cls);
        } catch (IOException e) {
            Assert.fail();
        }
        return t;
    }

    private <T, R> void assertExpectedCompounds(List<String> list, R r, Function<R, List<T>> function, Function<T, String> function2) {
        Assert.assertNotNull(r);
        List<T> apply = function.apply(r);
        if (apply == null) {
            Assert.assertNull(list);
        } else {
            Assert.assertEquals(new HashSet(list), (Set) apply.stream().map(obj -> {
                return (String) function2.apply(obj);
            }).collect(Collectors.toSet()));
        }
    }

    private <T, R> T getCompoundRepresentation(R r, String str, Function<R, List<T>> function, Function<T, String> function2) {
        List list;
        Assert.assertNotNull(r);
        if (function.apply(r) == null || (list = (List) function.apply(r).stream().filter(obj -> {
            return ((String) function2.apply(obj)).equals(str);
        }).collect(Collectors.toList())) == null || list.size() != 1) {
            return null;
        }
        return (T) list.get(0);
    }

    private void assertExpectedEmptyConfig(String str, ClientProfileRepresentation clientProfileRepresentation) {
        org.keycloak.testsuite.Assert.assertTrue("Expected empty configuration for provider " + str, getConfigOfExecutor(str, clientProfileRepresentation).isEmpty());
    }
}
