package org.keycloak.testsuite.model;

import java.util.HashSet;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.junit.Assert;
import org.junit.Rule;
import org.junit.Test;
import org.junit.rules.ExpectedException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.AbstractTestRealmKeycloakTest;
import org.keycloak.testsuite.admin.AbstractAdminTest;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.ModelTest;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/model/CompositeRolesModelTest.class */
public class CompositeRolesModelTest extends AbstractTestRealmKeycloakTest {

    @Rule
    public ExpectedException expectedException = ExpectedException.none();

    public static Set<RoleModel> getRequestedRoles(ClientModel clientModel, UserModel userModel) {
        HashSet hashSet = new HashSet();
        Set set = (Set) userModel.getRoleMappingsStream().collect(Collectors.toSet());
        Stream.concat(clientModel.getScopeMappingsStream(), clientModel.getRolesStream()).forEach(roleModel -> {
            set.forEach(roleModel -> {
                if (roleModel.getContainer().equals(clientModel)) {
                    hashSet.add(roleModel);
                }
                applyScope(roleModel, roleModel, new HashSet(), hashSet);
            });
        });
        return hashSet;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static void applyScope(RoleModel roleModel, RoleModel roleModel2, Set<RoleModel> set, Set<RoleModel> set2) {
        if (set.contains(roleModel2)) {
            return;
        }
        set.add(roleModel2);
        if (roleModel.hasRole(roleModel2)) {
            set2.add(roleModel2);
        } else if (roleModel2.isComposite()) {
            roleModel2.getCompositesStream().forEach(roleModel3 -> {
                applyScope(roleModel, roleModel3, set, set2);
            });
        }
    }

    private static RoleModel getRole(RealmModel realmModel, String str, String str2) {
        return "realm".equals(str) ? realmModel.getRole(str2) : realmModel.getClientByClientId(str).getRole(str2);
    }

    private static void assertContains(RealmModel realmModel, String str, String str2, Set<RoleModel> set) {
        RoleModel role = getRole(realmModel, str, str2);
        Assert.assertTrue(set.contains(role));
        for (RoleModel roleModel : set) {
            if (roleModel.equals(role)) {
                Assert.assertEquals(roleModel.getContainer(), role.getContainer());
            }
        }
    }

    @Test
    @ModelTest
    public void testNoClientID(KeycloakSession keycloakSession) {
        this.expectedException.expect(RuntimeException.class);
        this.expectedException.expectMessage("Unknown client specification in scope mappings: some-client");
        KeycloakModelUtils.runJobInTransaction(keycloakSession.getKeycloakSessionFactory(), keycloakSession2 -> {
            try {
                RealmRepresentation realmRepresentation = (RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/model/testrealm-noclient-id.json"), RealmRepresentation.class);
                realmRepresentation.setId("TestNoClientID");
                this.adminClient.realms().create(realmRepresentation);
            } catch (RuntimeException e) {
            }
        });
    }

    @Test
    @ModelTest
    public void testComposites(KeycloakSession keycloakSession) {
        KeycloakModelUtils.runJobInTransaction(keycloakSession.getKeycloakSessionFactory(), keycloakSession2 -> {
            RealmModel realm = keycloakSession2.realms().getRealm("TestComposites");
            Set<RoleModel> requestedRoles = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), keycloakSession.users().getUserByUsername(realm, "APP_COMPOSITE_USER"));
            Assert.assertEquals(5L, requestedRoles.size());
            assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_COMPOSITE_ROLE", requestedRoles);
            assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_COMPOSITE_CHILD", requestedRoles);
            assertContains(realm, "APP_COMPOSITE_APPLICATION", "APP_ROLE_2", requestedRoles);
            assertContains(realm, "APP_ROLE_APPLICATION", "APP_ROLE_1", requestedRoles);
            assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles);
            Set<RoleModel> requestedRoles2 = getRequestedRoles(realm.getClientByClientId("APP_COMPOSITE_APPLICATION"), keycloakSession2.users().getUserByUsername(realm, "REALM_APP_COMPOSITE_USER"));
            Assert.assertEquals(4L, requestedRoles2.size());
            assertContains(realm, "APP_ROLE_APPLICATION", "APP_ROLE_1", requestedRoles2);
            Set<RoleModel> requestedRoles3 = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_1_APPLICATION"), keycloakSession2.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
            Assert.assertEquals(1L, requestedRoles3.size());
            assertContains(realm, "realm", "REALM_COMPOSITE_1", requestedRoles3);
            Set<RoleModel> requestedRoles4 = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_2_APPLICATION"), keycloakSession2.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
            Assert.assertEquals(3L, requestedRoles4.size());
            assertContains(realm, "realm", "REALM_COMPOSITE_1", requestedRoles4);
            assertContains(realm, "realm", "REALM_COMPOSITE_CHILD", requestedRoles4);
            assertContains(realm, "realm", "REALM_ROLE_4", requestedRoles4);
            Set<RoleModel> requestedRoles5 = getRequestedRoles(realm.getClientByClientId("REALM_ROLE_1_APPLICATION"), keycloakSession2.users().getUserByUsername(realm, "REALM_COMPOSITE_1_USER"));
            Assert.assertEquals(1L, requestedRoles5.size());
            assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles5);
            Set<RoleModel> requestedRoles6 = getRequestedRoles(realm.getClientByClientId("REALM_COMPOSITE_1_APPLICATION"), keycloakSession2.users().getUserByUsername(realm, "REALM_ROLE_1_USER"));
            Assert.assertEquals(1L, requestedRoles6.size());
            assertContains(realm, "realm", "REALM_ROLE_1", requestedRoles6);
        });
    }

    @Override // org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        this.log.infof("testcomposites imported", new Object[0]);
        RealmRepresentation realmRepresentation2 = (RealmRepresentation) AbstractAdminTest.loadJson(getClass().getResourceAsStream("/model/testcomposites2.json"), RealmRepresentation.class);
        realmRepresentation2.setId("TestComposites");
        this.adminClient.realms().create(realmRepresentation2);
    }
}
