package org.keycloak.testsuite.admin.client.authorization;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.UUID;
import java.util.stream.Collectors;
import javax.ws.rs.NotFoundException;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.GroupPoliciesResource;
import org.keycloak.admin.client.resource.GroupPolicyResource;
import org.keycloak.admin.client.resource.GroupsResource;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.GroupRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.GroupPolicyRepresentation;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.testsuite.util.GroupBuilder;
import org.keycloak.testsuite.util.RealmBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/client/authorization/GroupPolicyManagementTest.class */
public class GroupPolicyManagementTest extends AbstractPolicyManagementTest {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.keycloak.testsuite.admin.client.authorization.AbstractPolicyManagementTest
    public RealmBuilder createTestRealm() {
        return super.createTestRealm().group(GroupBuilder.create().name("Group A").subGroups((List) Arrays.asList("Group B", "Group D").stream().map(str -> {
            return "Group B".equals(str) ? GroupBuilder.create().name(str).subGroups((List) Arrays.asList("Group C", "Group E").stream().map(str -> {
                return GroupBuilder.create().name(str).build();
            }).collect(Collectors.toList())).build() : GroupBuilder.create().name(str).build();
        }).collect(Collectors.toList())).build()).group(GroupBuilder.create().name("Group F").build()).group(GroupBuilder.create().name("Group G").build()).group(GroupBuilder.create().name("Group H").subGroups((List) Arrays.asList("Group I", "Group J").stream().map(str2 -> {
            return "Group I".equals(str2) ? GroupBuilder.create().name(str2).subGroups((List) Arrays.asList("Group K", "Group L").stream().map(str2 -> {
                return GroupBuilder.create().name(str2).build();
            }).collect(Collectors.toList())).build() : GroupBuilder.create().name(str2).build();
        }).collect(Collectors.toList())).build());
    }

    @Test
    public void testCreate() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName("Group Policy");
        groupPolicyRepresentation.setDescription("description");
        groupPolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        groupPolicyRepresentation.setLogic(Logic.NEGATIVE);
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroupPath("/Group A/Group B/Group C", true);
        groupPolicyRepresentation.addGroupPath(new String[]{"Group F"});
        assertCreated(authorization, groupPolicyRepresentation);
    }

    @Test
    public void testCreateWithoutGroupsClaim() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName(KeycloakModelUtils.generateId());
        groupPolicyRepresentation.setDescription("description");
        groupPolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        groupPolicyRepresentation.setLogic(Logic.NEGATIVE);
        groupPolicyRepresentation.addGroupPath("/Group A/Group B/Group C", true);
        groupPolicyRepresentation.addGroupPath(new String[]{"Group F"});
        assertCreated(authorization, groupPolicyRepresentation);
    }

    @Test
    public void testUpdate() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName("Update Group Policy");
        groupPolicyRepresentation.setDescription("description");
        groupPolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        groupPolicyRepresentation.setLogic(Logic.NEGATIVE);
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroupPath("/Group A/Group B/Group C", true);
        groupPolicyRepresentation.addGroupPath(new String[]{"Group F"});
        assertCreated(authorization, groupPolicyRepresentation);
        groupPolicyRepresentation.setName("changed");
        groupPolicyRepresentation.setDescription("changed");
        groupPolicyRepresentation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        groupPolicyRepresentation.setLogic(Logic.POSITIVE);
        groupPolicyRepresentation.setGroupsClaim((String) null);
        groupPolicyRepresentation.removeGroup(new String[]{"/Group A/Group B"});
        GroupPolicyResource findById = authorization.policies().group().findById(groupPolicyRepresentation.getId());
        findById.update(groupPolicyRepresentation);
        assertRepresentation(groupPolicyRepresentation, findById);
        for (GroupPolicyRepresentation.GroupDefinition groupDefinition : groupPolicyRepresentation.getGroups()) {
            if (groupDefinition.getPath().equals("Group F")) {
                groupDefinition.setExtendChildren(true);
            }
        }
        findById.update(groupPolicyRepresentation);
        assertRepresentation(groupPolicyRepresentation, findById);
        groupPolicyRepresentation.getGroups().clear();
        groupPolicyRepresentation.addGroupPath(new String[]{"/Group A/Group B"});
        findById.update(groupPolicyRepresentation);
        assertRepresentation(groupPolicyRepresentation, findById);
    }

    @Test
    public void testDelete() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName("Delete Group Policy");
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroupPath("/Group A/Group B/Group C", true);
        groupPolicyRepresentation.addGroupPath(new String[]{"Group F"});
        GroupPoliciesResource group = authorization.policies().group();
        Response create = group.create(groupPolicyRepresentation);
        Throwable th = null;
        try {
            try {
                GroupPolicyRepresentation groupPolicyRepresentation2 = (GroupPolicyRepresentation) create.readEntity(GroupPolicyRepresentation.class);
                group.findById(groupPolicyRepresentation2.getId()).remove();
                try {
                    group.findById(groupPolicyRepresentation2.getId()).toRepresentation();
                    Assert.fail("Permission not removed");
                } catch (NotFoundException e) {
                }
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testRemoveWithoutPath() {
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName("Delete Group Path Policy");
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroup(new String[]{"Group A"});
        groupPolicyRepresentation.removeGroup(new String[]{"Group A"});
        Assert.assertTrue(groupPolicyRepresentation.getGroups().isEmpty());
    }

    @Test
    public void testGenericConfig() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName("Test Generic Config Permission");
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroupPath(new String[]{"/Group A"});
        Response create = authorization.policies().group().create(groupPolicyRepresentation);
        Throwable th = null;
        try {
            try {
                PolicyRepresentation representation = authorization.policies().policy(((GroupPolicyRepresentation) create.readEntity(GroupPolicyRepresentation.class)).getId()).toRepresentation();
                Assert.assertNotNull(representation.getConfig());
                Assert.assertNotNull(representation.getConfig().get("groups"));
                Assert.assertTrue(((String) representation.getConfig().get("groups")).contains(((GroupRepresentation) getRealm().groups().groups().stream().filter(groupRepresentation -> {
                    return groupRepresentation.getName().equals("Group A");
                }).findFirst().get()).getId()));
                if (create != null) {
                    if (0 == 0) {
                        create.close();
                        return;
                    }
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (create != null) {
                if (th != null) {
                    try {
                        create.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    create.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testDeleteGroupAndPolicy() {
        AuthorizationResource authorization = getClient().authorization();
        GroupPolicyRepresentation groupPolicyRepresentation = new GroupPolicyRepresentation();
        groupPolicyRepresentation.setName(UUID.randomUUID().toString());
        groupPolicyRepresentation.setDescription("description");
        groupPolicyRepresentation.setDecisionStrategy(DecisionStrategy.CONSENSUS);
        groupPolicyRepresentation.setLogic(Logic.NEGATIVE);
        groupPolicyRepresentation.setGroupsClaim("groups");
        groupPolicyRepresentation.addGroupPath("/Group G", true);
        assertCreated(authorization, groupPolicyRepresentation);
        GroupsResource groups = getRealm().groups();
        groups.group(((GroupRepresentation) groups.groups("Group G", (Integer) null, (Integer) null).get(0)).getId()).remove();
        try {
            getClient().authorization().policies().group().findByName(groupPolicyRepresentation.getName());
        } catch (NotFoundException e) {
        }
        groupPolicyRepresentation.getGroups().clear();
        groupPolicyRepresentation.addGroupPath(new String[]{"/Group H/Group I/Group K"});
        groupPolicyRepresentation.addGroupPath(new String[]{"/Group F"});
        assertCreated(authorization, groupPolicyRepresentation);
        groups.group(((GroupRepresentation) groups.groups("Group K", (Integer) null, (Integer) null).get(0)).getId()).remove();
        Assert.assertNotNull(getClient().authorization().policies().group().findByName(groupPolicyRepresentation.getName()));
        Assert.assertEquals(1L, r0.getGroups().size());
    }

    private void assertCreated(AuthorizationResource authorizationResource, GroupPolicyRepresentation groupPolicyRepresentation) {
        GroupPoliciesResource group = authorizationResource.policies().group();
        assertRepresentation(groupPolicyRepresentation, group.findById(((GroupPolicyRepresentation) group.create(groupPolicyRepresentation).readEntity(GroupPolicyRepresentation.class)).getId()));
    }

    private void assertRepresentation(GroupPolicyRepresentation groupPolicyRepresentation, GroupPolicyResource groupPolicyResource) {
        GroupPolicyRepresentation representation = groupPolicyResource.toRepresentation();
        assertRepresentation(groupPolicyRepresentation, representation, () -> {
            return groupPolicyResource.resources();
        }, () -> {
            return Collections.emptyList();
        }, () -> {
            return groupPolicyResource.associatedPolicies();
        });
        Assert.assertEquals(groupPolicyRepresentation.getGroups().size(), representation.getGroups().size());
        Assert.assertEquals(0L, representation.getGroups().stream().filter(groupDefinition -> {
            return !groupPolicyRepresentation.getGroups().stream().filter(groupDefinition -> {
                return getGroupPath(groupDefinition.getId()).equals(getCanonicalGroupPath(groupDefinition.getPath())) && groupDefinition.isExtendChildren() == groupDefinition.isExtendChildren();
            }).findFirst().isPresent();
        }).count());
    }

    private String getGroupPath(String str) {
        return getRealm().groups().group(str).toRepresentation().getPath();
    }

    private String getCanonicalGroupPath(String str) {
        return str.charAt(0) == '/' ? str : "/" + str;
    }
}
