package org.keycloak.testsuite.account;

import com.fasterxml.jackson.core.type.TypeReference;
import java.io.IOException;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Set;
import java.util.function.Consumer;
import javax.ws.rs.core.Response;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.authorization.client.AuthzClient;
import org.keycloak.authorization.client.Configuration;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.common.Profile;
import org.keycloak.common.util.KeycloakUriBuilder;
import org.keycloak.jose.jws.JWSInput;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PermissionTicketRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.services.resources.account.resources.AbstractResourceService;
import org.keycloak.testsuite.AssertEvents;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.TokenUtil;
import org.keycloak.testsuite.util.UserBuilder;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/account/ResourcesRestServiceTest.class */
public class ResourcesRestServiceTest extends AbstractRestServiceTest {
    private AuthzClient authzClient;
    private List<String> userNames = new ArrayList(Arrays.asList("alice", "jdoe", "bob"));

    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @Override // org.keycloak.testsuite.account.AbstractRestServiceTest, org.keycloak.testsuite.AbstractTestRealmKeycloakTest
    public void configureTestRealm(RealmRepresentation realmRepresentation) {
        super.configureTestRealm(realmRepresentation);
        realmRepresentation.setUserManagedAccessAllowed(true);
        realmRepresentation.getUsers().add(createUser("alice", "password"));
        realmRepresentation.getUsers().add(createUser("jdoe", "password"));
        realmRepresentation.getUsers().add(createUser("bob", "password"));
        realmRepresentation.getClients().add(ClientBuilder.create().clientId("my-resource-server").authorizationServicesEnabled(true).serviceAccountsEnabled(true).secret("secret").name("My Resource Server").baseUrl("http://resourceserver.com").directAccessGrants().build());
    }

    @Override // org.keycloak.testsuite.account.AbstractRestServiceTest
    public void before() {
        super.before();
        ClientResource resourceServer = getResourceServer();
        this.authzClient = createAuthzClient(resourceServer.toRepresentation());
        AuthorizationResource authorization = resourceServer.authorization();
        for (int i = 0; i < 30; i++) {
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
            resourceRepresentation.setOwnerManagedAccess(true);
            try {
                resourceRepresentation.setOwner(((AccessToken) JsonSerialization.readValue(new JWSInput(this.tokenUtil.getToken()).getContent(), AccessToken.class)).getSubject());
                resourceRepresentation.setName("Resource " + i);
                resourceRepresentation.setDisplayName("Display Name " + i);
                resourceRepresentation.setIconUri("Icon Uri " + i);
                resourceRepresentation.addScope(new String[]{"Scope A", "Scope B", "Scope C", "Scope D"});
                resourceRepresentation.setUri("http://resourceServer.com/resources/" + i);
                Response create = authorization.resources().create(resourceRepresentation);
                Throwable th = null;
                try {
                    try {
                        resourceRepresentation.setId(((ResourceRepresentation) create.readEntity(ResourceRepresentation.class)).getId());
                        if (create != null) {
                            if (0 != 0) {
                                try {
                                    create.close();
                                } catch (Throwable th2) {
                                    th.addSuppressed(th2);
                                }
                            } else {
                                create.close();
                            }
                        }
                        for (String str : Arrays.asList("Scope A", "Scope B")) {
                            PermissionTicketRepresentation permissionTicketRepresentation = new PermissionTicketRepresentation();
                            permissionTicketRepresentation.setGranted(true);
                            permissionTicketRepresentation.setOwner(resourceRepresentation.getOwner().getId());
                            permissionTicketRepresentation.setRequesterName(this.userNames.get(i % this.userNames.size()));
                            permissionTicketRepresentation.setResource(resourceRepresentation.getId());
                            permissionTicketRepresentation.setScopeName(str);
                            this.authzClient.protection(AssertEvents.DEFAULT_USERNAME, "password").permission().create(permissionTicketRepresentation);
                        }
                    } finally {
                    }
                } catch (Throwable th3) {
                    if (create != null) {
                        if (th != null) {
                            try {
                                create.close();
                            } catch (Throwable th4) {
                                th.addSuppressed(th4);
                            }
                        } else {
                            create.close();
                        }
                    }
                    throw th3;
                }
            } catch (Exception e) {
                throw new RuntimeException("Failed to parse access token", e);
            }
        }
    }

    private ClientResource getResourceServer() {
        ClientsResource clients = testRealm().clients();
        return clients.get(((ClientRepresentation) clients.findByClientId("my-resource-server").get(0)).getId());
    }

    @Override // org.keycloak.testsuite.account.AbstractRestServiceTest
    public void after() {
        super.after();
        ClientResource resourceServer = getResourceServer();
        ClientRepresentation representation = resourceServer.toRepresentation();
        representation.setAuthorizationServicesEnabled(false);
        resourceServer.update(representation);
        representation.setAuthorizationServicesEnabled(true);
        resourceServer.update(representation);
    }

    @Test
    public void testGetMyResources() {
        List<AbstractResourceService.Resource> myResources = getMyResources();
        Assert.assertEquals(30L, myResources.size());
        assertMyResourcesResponse(myResources);
    }

    @Test
    public void testGetMyResourcesByName() {
        Assert.assertEquals(11L, getMyResources("Resource 1").size());
        Assert.assertEquals(0L, getMyResources("non-existent\n").size());
        Assert.assertEquals(1L, getMyResources("Resource 23").size());
    }

    @Test
    public void testGetMyResourcesPagination() {
        List<AbstractResourceService.Resource> myResources = getMyResources(0, 10, response -> {
            assertNextPageLink(response, "/realms/test/account/resources", 10, -1, 10);
        });
        Assert.assertEquals(10L, myResources.size());
        assertMyResourcesResponse(myResources);
        Assert.assertEquals(10L, getMyResources(10, 10, response2 -> {
            assertNextPageLink(response2, "/realms/test/account/resources", 20, 0, 10);
        }).size());
        List<AbstractResourceService.Resource> myResources2 = getMyResources(20, 10, response3 -> {
            assertNextPageLink(response3, "/realms/test/account/resources", -1, 10, 10);
        });
        getMyResources(15, 5, response4 -> {
            assertNextPageLink(response4, "/realms/test/account/resources", 20, 10, 5);
        });
        Assert.assertEquals(10L, myResources2.size());
        Assert.assertEquals(0L, getMyResources(30, 10).size());
        getMyResources(5, 10, response5 -> {
            assertNextPageLink(response5, "/realms/test/account/resources", 15, 0, 10);
        });
        getMyResources(10, 10, response6 -> {
            assertNextPageLink(response6, "/realms/test/account/resources", 20, 0, 10);
        });
        getMyResources(20, 10, response7 -> {
            assertNextPageLink(response7, "/realms/test/account/resources", -1, 10, 10);
        });
        getMyResources(20, 20, response8 -> {
            assertNextPageLink(response8, "/realms/test/account/resources", -1, 0, 20);
        });
        getMyResources(30, 30, response9 -> {
            assertNextPageLink(response9, "/realms/test/account/resources", -1, -1, 30);
        });
        getMyResources(30, 31, response10 -> {
            assertNextPageLink(response10, "/realms/test/account/resources", -1, -1, 31);
        });
        getMyResources(0, 30, response11 -> {
            assertNextPageLink(response11, "/realms/test/account/resources", -1, -1, 30);
        });
        getMyResources(0, 31, response12 -> {
            assertNextPageLink(response12, "/realms/test/account/resources", -1, -1, 31);
        });
    }

    @Test
    public void testGetSharedWithMe() {
        Iterator<String> it = this.userNames.iterator();
        while (it.hasNext()) {
            List<AbstractResourceService.ResourcePermission> sharedWithMe = getSharedWithMe(it.next());
            Assert.assertEquals(10L, sharedWithMe.size());
            assertSharedWithMeResponse(sharedWithMe);
        }
    }

    @Test
    public void testGetSharedWithMeByName() {
        Assert.assertEquals(5L, getSharedWithMe("jdoe", "Resource 1", -1, -1, null).size());
        Assert.assertEquals(0L, getSharedWithMe("jdoe", "non-existent", -1, -1, null).size());
        Assert.assertEquals(10L, getSharedWithMe("jdoe", "resource", -1, -1, null).size());
    }

    @Test
    public void testGetSharedWithMePagination() {
        for (String str : this.userNames) {
            assertSharedWithMeResponse(getSharedWithMe(str, null, 0, 3, response -> {
                assertNextPageLink(response, "/realms/test/account/resources/shared-with-me", 3, -1, 3);
            }));
            getSharedWithMe(str, null, 3, 3, response2 -> {
                assertNextPageLink(response2, "/realms/test/account/resources/shared-with-me", 6, 0, 3);
            });
            getSharedWithMe(str, null, 6, 3, response3 -> {
                assertNextPageLink(response3, "/realms/test/account/resources/shared-with-me", 9, 3, 3);
            });
            getSharedWithMe(str, null, 9, 3, response4 -> {
                assertNextPageLink(response4, "/realms/test/account/resources/shared-with-me", -1, 6, 3);
            });
        }
    }

    @Test
    public void testGetSharedWithOthers() {
        List<AbstractResourceService.ResourcePermission> list = (List) doGet("/shared-with-others", new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.1
        });
        Assert.assertEquals(30L, list.size());
        assertSharedWithOthersResponse(list);
    }

    @Test
    public void testGetSharedWithOthersPagination() {
        List<AbstractResourceService.ResourcePermission> list = (List) doGet("/shared-with-others?first=0&max=5", new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.2
        }, response -> {
            assertNextPageLink(response, "/realms/test/account/resources/shared-with-others", 5, -1, 5);
        });
        Assert.assertEquals(5L, list.size());
        assertSharedWithOthersResponse(list);
        doGet("/shared-with-others?first=5&max=5", new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.3
        }, response2 -> {
            assertNextPageLink(response2, "/realms/test/account/resources/shared-with-others", 10, 0, 5);
        });
        doGet("/shared-with-others?first=20&max=5", new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.4
        }, response3 -> {
            assertNextPageLink(response3, "/realms/test/account/resources/shared-with-others", 25, 15, 5);
        });
        doGet("/shared-with-others?first=25&max=5", new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.5
        }, response4 -> {
            assertNextPageLink(response4, "/realms/test/account/resources/shared-with-others", -1, 20, 5);
        });
    }

    @Test
    public void testGetResource() {
        AbstractResourceService.Resource resource = (AbstractResourceService.Resource) doGet("/" + getMyResources().get(0).getId(), AbstractResourceService.Resource.class);
        String uri = resource.getUri();
        int parseInt = Integer.parseInt(uri.substring(uri.lastIndexOf(47) + 1));
        Assert.assertNotNull(resource.getId());
        Assert.assertEquals("Resource " + parseInt, resource.getName());
        Assert.assertEquals("Display Name " + parseInt, resource.getDisplayName());
        Assert.assertEquals("Icon Uri " + parseInt, resource.getIconUri());
        Assert.assertEquals("my-resource-server", resource.getClient().getClientId());
        Assert.assertEquals("My Resource Server", resource.getClient().getName());
        Assert.assertEquals("http://resourceserver.com", resource.getClient().getBaseUrl());
        Assert.assertEquals(4L, resource.getScopes().size());
        Assert.assertEquals("resource_not_found", ((OAuth2ErrorRepresentation) doGet("/invalid_resource", OAuth2ErrorRepresentation.class)).getError());
        Assert.assertEquals("invalid_resource", ((OAuth2ErrorRepresentation) doGet("/" + getMyResources().get(0).getId(), this.authzClient.obtainAccessToken("jdoe", "password").getToken(), OAuth2ErrorRepresentation.class)).getError());
    }

    @Test
    public void testGetPermissions() throws Exception {
        AbstractResourceService.Resource resource = getMyResources().get(0);
        List list = (List) doGet("/" + resource.getId() + "/permissions", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.6
        });
        Assert.assertEquals(1L, list.size());
        AbstractResourceService.Permission permission = (AbstractResourceService.Permission) list.get(0);
        ArrayList arrayList = new ArrayList();
        Assert.assertTrue(this.userNames.contains(permission.getUsername()));
        Assert.assertEquals(2L, permission.getScopes().size());
        ArrayList<String> arrayList2 = new ArrayList(this.userNames);
        arrayList2.remove(permission.getUsername());
        for (String str : arrayList2) {
            AbstractResourceService.Permission permission2 = new AbstractResourceService.Permission();
            permission2.setUsername(str);
            permission2.addScope(new String[]{"Scope D"});
            arrayList.add(permission2);
        }
        SimpleHttp.doPut(getAccountUrl("resources/" + resource.getId() + "/permissions"), this.httpClient).auth(this.tokenUtil.getToken()).json(arrayList).asResponse();
        List<AbstractResourceService.Permission> list2 = (List) doGet("/" + resource.getId() + "/permissions", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.7
        });
        Assert.assertEquals(3L, list2.size());
        for (AbstractResourceService.Permission permission3 : list2) {
            Assert.assertTrue(this.userNames.contains(permission3.getUsername()));
            if (permission.getUsername().equals(permission3.getUsername())) {
                Assert.assertEquals(2L, permission3.getScopes().size());
            } else {
                Assert.assertEquals(1L, permission3.getScopes().size());
            }
        }
    }

    @Test
    public void testShareResource() throws Exception {
        LinkedList<String> linkedList = new LinkedList(Arrays.asList("jdoe", "alice"));
        ArrayList arrayList = new ArrayList();
        AbstractResourceService.ResourcePermission resourcePermission = null;
        Iterator it = linkedList.iterator();
        while (it.hasNext()) {
            resourcePermission = getSharedWithMe((String) it.next()).get(0);
            Assert.assertNotNull(resourcePermission);
            Assert.assertEquals(2L, resourcePermission.getScopes().size());
        }
        arrayList.add(new AbstractResourceService.Permission((String) linkedList.get(0), new String[]{"Scope C", "Scope D"}));
        arrayList.add(new AbstractResourceService.Permission((String) linkedList.get(linkedList.size() - 1), new String[]{"Scope A", "Scope B", "Scope C", "Scope D"}));
        String id = resourcePermission.getId();
        Assert.assertEquals(Response.Status.NO_CONTENT.getStatusCode(), SimpleHttp.doPut(getAccountUrl("resources/" + id + "/permissions"), this.httpClient).auth(this.tokenUtil.getToken()).json(arrayList).asResponse().getStatus());
        for (String str : linkedList) {
            Assert.assertNotNull(getSharedWithMe(str).stream().filter(resourcePermission2 -> {
                return resourcePermission2.getId().equals(id);
            }).findAny().orElse(null));
            if (str.equals(linkedList.get(linkedList.size() - 1))) {
                Assert.assertEquals(4L, r0.getScopes().size());
            } else {
                Assert.assertEquals(2L, r0.getScopes().size());
            }
        }
    }

    @Test
    public void failShareResourceInvalidPermissions() throws Exception {
        Assert.assertEquals(Response.Status.BAD_REQUEST.getStatusCode(), SimpleHttp.doPut(getAccountUrl("resources/" + getMyResources().get(0).getId() + "/permissions"), this.httpClient).auth(this.tokenUtil.getToken()).json(new ArrayList()).asResponse().getStatus());
    }

    @Test
    public void testEndpointPermissions() throws Exception {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setOwnerManagedAccess(true);
        resourceRepresentation.setOwner(findUser("view-account-access").getId());
        resourceRepresentation.setName("Resource view-account-access");
        resourceRepresentation.setDisplayName("Display Name view-account-access");
        resourceRepresentation.setIconUri("Icon Uri view-account-access");
        resourceRepresentation.addScope(new String[]{"Scope A", "Scope B", "Scope C", "Scope D"});
        resourceRepresentation.setUri("http://resourceServer.com/resources/view-account-access");
        Response create = getResourceServer().authorization().resources().create(resourceRepresentation);
        Throwable th = null;
        try {
            String id = ((ResourceRepresentation) create.readEntity(ResourceRepresentation.class)).getId();
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    create.close();
                }
            }
            String accountUrl = getAccountUrl("resources");
            String str = accountUrl + "/shared-with-others";
            String str2 = accountUrl + "/shared-with-me";
            String str3 = accountUrl + "/" + id;
            String str4 = str3 + "/permissions";
            String str5 = str3 + "/permissions/requests";
            TokenUtil tokenUtil = new TokenUtil("view-account-access", "password");
            TokenUtil tokenUtil2 = new TokenUtil("no-account-access", "password");
            for (String str6 : Arrays.asList(accountUrl, str, str2, str3, str4, str5)) {
                Assert.assertEquals("no-account-access GET " + str6, 403L, SimpleHttp.doGet(str6, this.httpClient).acceptJson().auth(tokenUtil2.getToken()).asStatus());
                Assert.assertEquals("view-account-access GET " + str6, 200L, SimpleHttp.doGet(str6, this.httpClient).acceptJson().auth(tokenUtil.getToken()).asStatus());
            }
            Assert.assertEquals("no-account-access PUT " + str4, 403L, SimpleHttp.doPut(str4, this.httpClient).acceptJson().auth(tokenUtil2.getToken()).json(Collections.emptyList()).asStatus());
            Assert.assertEquals("view-account-access PUT " + str4, 403L, SimpleHttp.doPut(str4, this.httpClient).acceptJson().auth(tokenUtil.getToken()).json(Collections.emptyList()).asStatus());
        } catch (Throwable th3) {
            if (create != null) {
                if (0 != 0) {
                    try {
                        create.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    create.close();
                }
            }
            throw th3;
        }
    }

    @Test
    public void testRevokePermission() throws Exception {
        List<String> asList = Arrays.asList("jdoe", "alice");
        ArrayList arrayList = new ArrayList();
        AbstractResourceService.ResourcePermission resourcePermission = null;
        Iterator it = asList.iterator();
        while (it.hasNext()) {
            resourcePermission = getSharedWithMe((String) it.next()).get(0);
            Assert.assertNotNull(resourcePermission);
            Assert.assertEquals(2L, resourcePermission.getScopes().size());
        }
        arrayList.add(new AbstractResourceService.Permission((String) asList.get(0), new String[]{"Scope C"}));
        arrayList.add(new AbstractResourceService.Permission((String) asList.get(asList.size() - 1), new String[]{"Scope B", "Scope D"}));
        String id = resourcePermission.getId();
        Assert.assertEquals(Response.Status.NO_CONTENT.getStatusCode(), SimpleHttp.doPut(getAccountUrl("resources/" + id + "/permissions"), this.httpClient).auth(this.tokenUtil.getToken()).json(arrayList).asResponse().getStatus());
        for (String str : asList) {
            Assert.assertNotNull(getSharedWithMe(str).stream().filter(resourcePermission2 -> {
                return resourcePermission2.getId().equals(id);
            }).findAny().orElse(null));
            if (str.equals(asList.get(asList.size() - 1))) {
                Assert.assertEquals(2L, r0.getScopes().size());
            } else {
                Assert.assertEquals(1L, r0.getScopes().size());
            }
        }
    }

    @Test
    public void testGetPermissionRequests() {
        AbstractResourceService.Resource resource = getMyResources().get(0);
        Assert.assertTrue(((List) doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.8
        })).isEmpty());
        for (String str : this.userNames) {
            ArrayList<String> arrayList = new ArrayList();
            if ("bob".equals(str)) {
                arrayList.add("Scope D");
            } else if ("alice".equals(str)) {
                arrayList.add("Scope C");
            } else if ("jdoe".equals(str)) {
                arrayList.add("Scope C");
                arrayList.add("Scope D");
            }
            for (String str2 : arrayList) {
                PermissionTicketRepresentation permissionTicketRepresentation = new PermissionTicketRepresentation();
                permissionTicketRepresentation.setGranted(false);
                permissionTicketRepresentation.setOwner(AssertEvents.DEFAULT_USERNAME);
                permissionTicketRepresentation.setRequesterName(str);
                permissionTicketRepresentation.setResource(resource.getId());
                permissionTicketRepresentation.setScopeName(str2);
                this.authzClient.protection(AssertEvents.DEFAULT_USERNAME, "password").permission().create(permissionTicketRepresentation);
            }
        }
        List list = (List) doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.9
        });
        Assert.assertEquals(3L, list.size());
        Iterator it = list.iterator();
        while (it.hasNext()) {
            AbstractResourceService.Permission permission = (AbstractResourceService.Permission) it.next();
            String username = permission.getUsername();
            List scopes = permission.getScopes();
            if ("bob".equals(username)) {
                Assert.assertEquals(1L, scopes.size());
                Assert.assertTrue(scopes.contains("Scope D"));
                it.remove();
            } else if ("alice".equals(username)) {
                Assert.assertEquals(1L, scopes.size());
                Assert.assertTrue(scopes.contains("Scope C"));
                it.remove();
            } else if ("jdoe".equals(username)) {
                Assert.assertEquals(2L, scopes.size());
                Assert.assertTrue(scopes.contains("Scope C"));
                Assert.assertTrue(scopes.contains("Scope D"));
                it.remove();
            }
        }
        Assert.assertTrue(list.isEmpty());
    }

    @Test
    public void testApprovePermissionRequest() throws IOException {
        AbstractResourceService.Resource resource = getMyResources().get(0);
        Assert.assertTrue(((List) doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.10
        })).isEmpty());
        for (String str : this.userNames) {
            ArrayList<String> arrayList = new ArrayList();
            if ("bob".equals(str)) {
                arrayList.add("Scope D");
            } else if ("alice".equals(str)) {
                arrayList.add("Scope C");
            } else if ("jdoe".equals(str)) {
                arrayList.add("Scope C");
                arrayList.add("Scope D");
            }
            for (String str2 : arrayList) {
                PermissionTicketRepresentation permissionTicketRepresentation = new PermissionTicketRepresentation();
                permissionTicketRepresentation.setGranted(false);
                permissionTicketRepresentation.setOwner(AssertEvents.DEFAULT_USERNAME);
                permissionTicketRepresentation.setRequesterName(str);
                permissionTicketRepresentation.setResource(resource.getId());
                permissionTicketRepresentation.setScopeName(str2);
                this.authzClient.protection(AssertEvents.DEFAULT_USERNAME, "password").permission().create(permissionTicketRepresentation);
            }
        }
        List<AbstractResourceService.Permission> list = (List) doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.11
        });
        Assert.assertEquals(3L, list.size());
        for (AbstractResourceService.Permission permission : list) {
            String username = permission.getUsername();
            List scopes = permission.getScopes();
            if ("bob".equals(username)) {
                scopes.clear();
            } else if ("jdoe".equals(username)) {
                scopes.remove("Scope C");
            }
        }
        SimpleHttp.doPut(getAccountUrl("resources/" + resource.getId() + "/permissions"), this.httpClient).auth(this.tokenUtil.getToken()).json(list).asResponse();
        Assert.assertTrue(((List) doGet("/" + resource.getId() + "/permissions/requests", new TypeReference<List<AbstractResourceService.Permission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.12
        })).isEmpty());
        for (String str3 : Arrays.asList("alice", "jdoe")) {
            AbstractResourceService.ResourcePermission orElse = getSharedWithMe(str3).stream().filter(resourcePermission -> {
                return resourcePermission.getId().equals(resource.getId());
            }).findAny().orElse(null);
            Assert.assertNotNull(orElse);
            Set scopes2 = orElse.getScopes();
            if ("alice".equals(str3)) {
                Assert.assertEquals(1L, scopes2.size());
                Assert.assertTrue(scopes2.stream().anyMatch(scopeRepresentation -> {
                    return "Scope C".equals(scopeRepresentation.getName());
                }));
            } else if ("jdoe".equals(str3)) {
                Assert.assertEquals(1L, scopes2.size());
                Assert.assertTrue(scopes2.stream().anyMatch(scopeRepresentation2 -> {
                    return "Scope D".equals(scopeRepresentation2.getName());
                }));
            }
        }
    }

    private List<AbstractResourceService.ResourcePermission> getSharedWithMe(String str) {
        return getSharedWithMe(str, null, -1, -1, null);
    }

    private List<AbstractResourceService.ResourcePermission> getSharedWithMe(String str, String str2, int i, int i2, Consumer<SimpleHttp.Response> consumer) {
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri("/shared-with-me");
        if (str2 != null) {
            fromUri.queryParam("name", new Object[]{str2});
        }
        if (i > -1 && i2 > -1) {
            fromUri.queryParam("first", new Object[]{Integer.valueOf(i)});
            fromUri.queryParam("max", new Object[]{Integer.valueOf(i2)});
        }
        return (List) doGet(fromUri.build(new Object[0]).toString(), this.authzClient.obtainAccessToken(str, "password").getToken(), new TypeReference<List<AbstractResourceService.ResourcePermission>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.13
        }, consumer);
    }

    private <R> R doGet(String str, TypeReference<R> typeReference) {
        return (R) doGet(str, this.tokenUtil.getToken(), typeReference);
    }

    private <R> R doGet(String str, TypeReference<R> typeReference, Consumer<SimpleHttp.Response> consumer) {
        return (R) doGet(str, this.tokenUtil.getToken(), typeReference, consumer);
    }

    private <R> R doGet(String str, Class<R> cls) {
        return (R) doGet(str, this.tokenUtil.getToken(), cls);
    }

    private <R> R doGet(String str, String str2, TypeReference<R> typeReference) {
        try {
            return (R) get(str, str2).asJson(typeReference);
        } catch (IOException e) {
            throw new RuntimeException("Failed to fetch resource", e);
        }
    }

    private <R> R doGet(String str, String str2, TypeReference<R> typeReference, Consumer<SimpleHttp.Response> consumer) {
        try {
            SimpleHttp simpleHttp = get(str, str2);
            simpleHttp.header("Accept", "application/json");
            SimpleHttp.Response asResponse = simpleHttp.asResponse();
            if (consumer != null) {
                consumer.accept(asResponse);
            }
            return (R) JsonSerialization.readValue(asResponse.asString(), typeReference);
        } catch (IOException e) {
            throw new RuntimeException("Failed to fetch resource", e);
        }
    }

    private <R> R doGet(String str, String str2, Class<R> cls) {
        try {
            return (R) get(str, str2).asJson(cls);
        } catch (IOException e) {
            throw new RuntimeException("Failed to fetch resource", e);
        }
    }

    private SimpleHttp get(String str, String str2) {
        return SimpleHttp.doGet(getAccountUrl("resources" + str), this.httpClient).auth(str2);
    }

    private AuthzClient createAuthzClient(ClientRepresentation clientRepresentation) {
        HashMap hashMap = new HashMap();
        hashMap.put("secret", "secret");
        return AuthzClient.create(new Configuration(this.suiteContext.getAuthServerInfo().getContextRoot().toString() + "/auth", testRealm().toRepresentation().getRealm(), clientRepresentation.getClientId(), hashMap, this.httpClient));
    }

    private UserRepresentation createUser(String str, String str2) {
        return UserBuilder.create().username(str).enabled(true).password(str2).role(BackchannelLogoutTest.ACCOUNT_CLIENT_NAME, "manage-account").build();
    }

    private List<AbstractResourceService.Resource> getMyResources() {
        return getMyResources(-1, -1);
    }

    private List<AbstractResourceService.Resource> getMyResources(String str) {
        return getMyResources(str, -1, -1);
    }

    private List<AbstractResourceService.Resource> getMyResources(int i, int i2) {
        return getMyResources((String) null, i, i2);
    }

    private List<AbstractResourceService.Resource> getMyResources(String str, int i, int i2) {
        KeycloakUriBuilder fromUri = KeycloakUriBuilder.fromUri("");
        if (str != null) {
            fromUri.queryParam("name", new Object[]{str});
        }
        if (i > -1 && i2 > -1) {
            fromUri.queryParam("first", new Object[]{Integer.valueOf(i)});
            fromUri.queryParam("max", new Object[]{Integer.valueOf(i2)});
        }
        return (List) doGet(fromUri.build(new Object[0]).toString(), new TypeReference<List<AbstractResourceService.Resource>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.14
        });
    }

    private List<AbstractResourceService.Resource> getMyResources(int i, int i2, Consumer<SimpleHttp.Response> consumer) {
        String str = "";
        if (i > -1 && i2 > -1) {
            str = "?first=" + i + "&max=" + i2;
        }
        return (List) doGet(str, new TypeReference<List<AbstractResourceService.Resource>>() { // from class: org.keycloak.testsuite.account.ResourcesRestServiceTest.15
        }, consumer);
    }

    private void assertSharedWithOthersResponse(List<AbstractResourceService.ResourcePermission> list) {
        for (AbstractResourceService.ResourcePermission resourcePermission : list) {
            String uri = resourcePermission.getUri();
            int parseInt = Integer.parseInt(uri.substring(uri.lastIndexOf(47) + 1));
            Assert.assertNotNull(resourcePermission.getId());
            Assert.assertEquals("Resource " + parseInt, resourcePermission.getName());
            Assert.assertEquals("Display Name " + parseInt, resourcePermission.getDisplayName());
            Assert.assertEquals("Icon Uri " + parseInt, resourcePermission.getIconUri());
            Assert.assertEquals("my-resource-server", resourcePermission.getClient().getClientId());
            Assert.assertEquals("My Resource Server", resourcePermission.getClient().getName());
            Assert.assertEquals("http://resourceserver.com", resourcePermission.getClient().getBaseUrl());
            Assert.assertEquals(1L, resourcePermission.getPermissions().size());
            Assert.assertTrue(this.userNames.contains(((AbstractResourceService.Permission) resourcePermission.getPermissions().iterator().next()).getUsername()));
            Assert.assertEquals(2L, r0.getScopes().size());
        }
    }

    private void assertMyResourcesResponse(List<AbstractResourceService.Resource> list) {
        for (AbstractResourceService.Resource resource : list) {
            String uri = resource.getUri();
            int parseInt = Integer.parseInt(uri.substring(uri.lastIndexOf(47) + 1));
            Assert.assertNotNull(resource.getId());
            Assert.assertEquals("Resource " + parseInt, resource.getName());
            Assert.assertEquals("Display Name " + parseInt, resource.getDisplayName());
            Assert.assertEquals("Icon Uri " + parseInt, resource.getIconUri());
            Assert.assertEquals("my-resource-server", resource.getClient().getClientId());
            Assert.assertEquals("My Resource Server", resource.getClient().getName());
            Assert.assertEquals("http://resourceserver.com", resource.getClient().getBaseUrl());
        }
    }

    private void assertSharedWithMeResponse(List<AbstractResourceService.ResourcePermission> list) {
        for (AbstractResourceService.ResourcePermission resourcePermission : list) {
            String uri = resourcePermission.getUri();
            int parseInt = Integer.parseInt(uri.substring(uri.lastIndexOf(47) + 1));
            Assert.assertNotNull(resourcePermission.getId());
            Assert.assertEquals("Resource " + parseInt, resourcePermission.getName());
            Assert.assertEquals("Display Name " + parseInt, resourcePermission.getDisplayName());
            Assert.assertEquals("Icon Uri " + parseInt, resourcePermission.getIconUri());
            Assert.assertEquals("my-resource-server", resourcePermission.getClient().getClientId());
            Assert.assertEquals("My Resource Server", resourcePermission.getClient().getName());
            Assert.assertEquals("http://resourceserver.com", resourcePermission.getClient().getBaseUrl());
            Assert.assertEquals(2L, resourcePermission.getScopes().size());
        }
    }

    private void assertNextPageLink(SimpleHttp.Response response, String str, int i, int i2, int i3) {
        try {
            List<String> header = response.getHeader("Link");
            if (i == -1 && i2 == -1) {
                Assert.assertNull(header);
                return;
            }
            Assert.assertNotNull(header);
            Assert.assertEquals((i <= -1 || i2 <= -1) ? 1L : 2L, header.size());
            for (String str2 : header) {
                if (str2.contains("rel=\"next\"")) {
                    Assert.assertEquals("<" + this.authzClient.getConfiguration().getAuthServerUrl() + str + "?first=" + i + "&max=" + i3 + ">; rel=\"next\"", str2);
                } else {
                    Assert.assertEquals("<" + this.authzClient.getConfiguration().getAuthServerUrl() + str + "?first=" + i2 + "&max=" + i3 + ">; rel=\"prev\"", str2);
                }
            }
        } catch (IOException e) {
            Assert.fail("Fail to get link header");
        }
    }
}
