package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import org.junit.Test;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.UserRepresentation;

/* loaded from: input_file:org/keycloak/testsuite/broker/AbstractAdvancedRoleMapperTest.class */
public abstract class AbstractAdvancedRoleMapperTest extends AbstractRoleMapperTest {
    private static final String CLAIMS_OR_ATTRIBUTES = "[\n  {\n    \"key\": \"user-attribute\",\n    \"value\": \"value 1\"\n  },\n  {\n    \"key\": \"user-attribute-2\",\n    \"value\": \"value 2\"\n  }\n]";
    private static final String CLAIMS_OR_ATTRIBUTES_REGEX = "[\n  {\n    \"key\": \"user-attribute\",\n    \"value\": \"va.*\"\n  },\n  {\n    \"key\": \"user-attribute-2\",\n    \"value\": \"value 2\"\n  }\n]";
    private String newValueForAttribute2 = "";

    @Test
    public void allValuesMatch() {
        createAdvancedRoleMapper(CLAIMS_OR_ATTRIBUTES, false);
        createUserInProviderRealm(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("value 1").build()).put("user-attribute-2", ImmutableList.builder().add("value 2").build()).build());
        logInAsUserInIDPForFirstTime();
        assertThatRoleHasBeenAssignedInConsumerRealmTo(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void valuesMismatch() {
        createAdvancedRoleMapper(CLAIMS_OR_ATTRIBUTES, false);
        createUserInProviderRealm(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("value 1").build()).put("user-attribute-2", ImmutableList.builder().add("value mismatch").build()).build());
        logInAsUserInIDPForFirstTime();
        assertThatRoleHasNotBeenAssignedInConsumerRealmTo(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void valuesMatchIfNoClaimsSpecified() {
        createAdvancedRoleMapper("[]", false);
        createUserInProviderRealm(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("some value").build()).put("user-attribute-2", ImmutableList.builder().add("some value").build()).build());
        logInAsUserInIDPForFirstTime();
        assertThatRoleHasBeenAssignedInConsumerRealmTo(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void allValuesMatchRegex() {
        createAdvancedRoleMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true);
        createUserInProviderRealm(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("value 1").build()).put("user-attribute-2", ImmutableList.builder().add("value 2").build()).build());
        logInAsUserInIDPForFirstTime();
        assertThatRoleHasBeenAssignedInConsumerRealmTo(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void valuesMismatchRegex() {
        createAdvancedRoleMapper(CLAIMS_OR_ATTRIBUTES_REGEX, true);
        createUserInProviderRealm(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("mismatch").build()).put("user-attribute-2", ImmutableList.builder().add("value 2").build()).build());
        logInAsUserInIDPForFirstTime();
        assertThatRoleHasNotBeenAssignedInConsumerRealmTo(findUser(this.bc.consumerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail()));
    }

    @Test
    public void updateBrokeredUserMismatchDeletesRole() {
        this.newValueForAttribute2 = "value mismatch";
        assertThatRoleHasNotBeenAssignedInConsumerRealmTo(createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.FORCE, false));
    }

    @Test
    public void updateBrokeredUserMismatchDoesNotDeleteRoleInImportMode() {
        this.newValueForAttribute2 = "value mismatch";
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.IMPORT, false));
    }

    @Test
    public void updateBrokeredUserMatchDoesntDeleteRole() {
        this.newValueForAttribute2 = "value 2";
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.FORCE, false));
    }

    @Test
    public void updateBrokeredUserAssignsRoleInForceModeWhenCreatingTheMapperAfterFirstLogin() {
        this.newValueForAttribute2 = "value 2";
        assertThatRoleHasBeenAssignedInConsumerRealmTo(createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode.FORCE, true));
    }

    public UserRepresentation createMapperAndLoginAsUserTwiceWithMapper(IdentityProviderMapperSyncMode identityProviderMapperSyncMode, boolean z) {
        return loginAsUserTwiceWithMapper(identityProviderMapperSyncMode, z, ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("value 1").build()).put("user-attribute-2", ImmutableList.builder().add("value 2").build()).build());
    }

    @Override // org.keycloak.testsuite.broker.AbstractRoleMapperTest
    protected void updateUser() {
        UserRepresentation findUser = findUser(this.bc.providerRealmName(), this.bc.getUserLogin(), this.bc.getUserEmail());
        findUser.setAttributes(ImmutableMap.builder().put(JsonUserAttributeMapperTest.USER_ATTRIBUTE, ImmutableList.builder().add("value 1").build()).put("user-attribute-2", ImmutableList.builder().add(this.newValueForAttribute2).build()).put("some.other.attribute", ImmutableList.builder().add("some value").build()).build());
        this.adminClient.realm(this.bc.providerRealmName()).users().get(findUser.getId()).update(findUser);
    }

    @Override // org.keycloak.testsuite.broker.AbstractRoleMapperTest
    protected void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, IdentityProviderMapperSyncMode identityProviderMapperSyncMode) {
        createMapperInIdp(identityProviderRepresentation, CLAIMS_OR_ATTRIBUTES, false, identityProviderMapperSyncMode);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void createAdvancedRoleMapper(String str, boolean z) {
        createMapperInIdp(setupIdentityProvider(), str, z, IdentityProviderMapperSyncMode.IMPORT);
    }

    protected abstract void createMapperInIdp(IdentityProviderRepresentation identityProviderRepresentation, String str, boolean z, IdentityProviderMapperSyncMode identityProviderMapperSyncMode);
}
