package org.keycloak.testsuite.authz;

import java.lang.invoke.SerializedLambda;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.client.resource.PermissionResource;
import org.keycloak.forms.account.freemarker.model.AuthorizationBean;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.DecisionEffect;
import org.keycloak.representations.idm.authorization.PermissionTicketRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
import org.keycloak.representations.idm.authorization.PolicyEvaluationResponse;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/authz/UmaRepresentationTest.class */
public class UmaRepresentationTest extends AbstractResourceServerTest {
    private ResourceRepresentation resource;
    private PermissionResource permission;

    private void createPermissionTicket() {
        PermissionTicketRepresentation permissionTicketRepresentation = new PermissionTicketRepresentation();
        permissionTicketRepresentation.setOwner(this.resource.getOwner().getId());
        permissionTicketRepresentation.setResource(this.resource.getId());
        permissionTicketRepresentation.setRequesterName("kolo");
        permissionTicketRepresentation.setScopeName("ScopeA");
        permissionTicketRepresentation.setGranted(true);
        this.permission.create(permissionTicketRepresentation);
    }

    @Test
    public void testCanRepresentPermissionTicketWithNamesOfResourceOwnedByUser() throws Exception {
        this.resource = addResource("Resource A", "marta", true, "ScopeA");
        this.permission = getAuthzClient().protection("marta", "password").permission();
        createPermissionTicket();
        List find = this.permission.find(this.resource.getId(), (String) null, (String) null, (String) null, (Boolean) null, true, (Integer) null, (Integer) null);
        Assert.assertFalse(find.isEmpty());
        Assert.assertEquals(1L, find.size());
        PermissionTicketRepresentation permissionTicketRepresentation = (PermissionTicketRepresentation) find.get(0);
        Assert.assertEquals(permissionTicketRepresentation.getOwnerName(), "marta");
        Assert.assertEquals(permissionTicketRepresentation.getRequesterName(), "kolo");
        Assert.assertEquals(permissionTicketRepresentation.getResourceName(), "Resource A");
        Assert.assertEquals(permissionTicketRepresentation.getScopeName(), "ScopeA");
        Assert.assertTrue(permissionTicketRepresentation.isGranted());
    }

    @Test
    public void testCanRepresentPermissionTicketWithNamesOfResourceOwnedByClient() throws Exception {
        this.resource = addResource("Resource A", getClient(getRealm()).toRepresentation().getId(), true, "ScopeA");
        this.permission = getAuthzClient().protection().permission();
        createPermissionTicket();
        List find = this.permission.find(this.resource.getId(), (String) null, (String) null, (String) null, (Boolean) null, true, (Integer) null, (Integer) null);
        Assert.assertFalse(find.isEmpty());
        Assert.assertEquals(1L, find.size());
        PermissionTicketRepresentation permissionTicketRepresentation = (PermissionTicketRepresentation) find.get(0);
        Assert.assertEquals(permissionTicketRepresentation.getOwnerName(), "resource-server-test");
        Assert.assertEquals(permissionTicketRepresentation.getRequesterName(), "kolo");
        Assert.assertEquals(permissionTicketRepresentation.getResourceName(), "Resource A");
        Assert.assertEquals(permissionTicketRepresentation.getScopeName(), "ScopeA");
        Assert.assertTrue(permissionTicketRepresentation.isGranted());
    }

    @Test
    public void testCanRepresentPolicyResultGrantOfResourceOwnedByUser() throws Exception {
        this.resource = addResource("Resource A", "marta", true, "ScopeA");
        this.permission = getAuthzClient().protection("marta", "password").permission();
        createPermissionTicket();
        RealmResource realm = getRealm();
        String id = getClient(realm).toRepresentation().getId();
        UserRepresentation userRepresentation = (UserRepresentation) realm.users().search("kolo").get(0);
        PolicyEvaluationRequest policyEvaluationRequest = new PolicyEvaluationRequest();
        policyEvaluationRequest.setUserId(userRepresentation.getId());
        policyEvaluationRequest.setClientId(id);
        policyEvaluationRequest.addResource("Resource A", new String[]{"ScopeA"});
        PolicyEvaluationResponse evaluate = getClient(realm).authorization().policies().evaluate(policyEvaluationRequest);
        Assert.assertEquals(evaluate.getStatus(), DecisionEffect.PERMIT);
        List results = evaluate.getResults();
        Assert.assertFalse(results.isEmpty());
        Assert.assertEquals(1L, results.size());
        List policies = ((PolicyEvaluationResponse.EvaluationResultRepresentation) results.get(0)).getPolicies();
        Assert.assertFalse(results.isEmpty());
        Assert.assertEquals(1L, results.size());
        Assert.assertTrue(((PolicyEvaluationResponse.PolicyResultRepresentation) policies.get(0)).getPolicy().getDescription().startsWith("Resource owner (marta) grants access"));
    }

    @Test
    public void testCanRepresentPolicyResultGrantOfResourceOwnedByClient() throws Exception {
        this.resource = addResource("Resource A", getClient(getRealm()).toRepresentation().getId(), true, "ScopeA");
        this.permission = getAuthzClient().protection().permission();
        createPermissionTicket();
        RealmResource realm = getRealm();
        String id = getClient(realm).toRepresentation().getId();
        UserRepresentation userRepresentation = (UserRepresentation) realm.users().search("kolo").get(0);
        PolicyEvaluationRequest policyEvaluationRequest = new PolicyEvaluationRequest();
        policyEvaluationRequest.setUserId(userRepresentation.getId());
        policyEvaluationRequest.setClientId(id);
        policyEvaluationRequest.addResource("Resource A", new String[]{"ScopeA"});
        PolicyEvaluationResponse evaluate = getClient(realm).authorization().policies().evaluate(policyEvaluationRequest);
        Assert.assertEquals(evaluate.getStatus(), DecisionEffect.PERMIT);
        List results = evaluate.getResults();
        Assert.assertFalse(results.isEmpty());
        Assert.assertEquals(1L, results.size());
        List policies = ((PolicyEvaluationResponse.EvaluationResultRepresentation) results.get(0)).getPolicies();
        Assert.assertFalse(results.isEmpty());
        Assert.assertEquals(1L, results.size());
        Assert.assertTrue(((PolicyEvaluationResponse.PolicyResultRepresentation) policies.get(0)).getPolicy().getDescription().startsWith("Resource owner (resource-server-test) grants access"));
    }

    @Test
    public void testCanRepresentResourceBeanOfResourceOwnedByUser() throws Exception {
        this.resource = addResource("Resource A", "marta", true, "ScopeA");
        this.testingClient.server().run(UmaRepresentationTest::testCanRepresentResourceBeanOfResourceOwnedByUser);
    }

    public static void testCanRepresentResourceBeanOfResourceOwnedByUser(KeycloakSession keycloakSession) {
        keycloakSession.getContext().setRealm(keycloakSession.realms().getRealmByName("authz-test"));
        AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
        AuthorizationBean authorizationBean = new AuthorizationBean(keycloakSession, (UserModel) null, keycloakSession.getContext().getUri());
        ClientModel clientByClientId = keycloakSession.getContext().getRealm().getClientByClientId("resource-server-test");
        UserModel userByUsername = keycloakSession.userStorageManager().getUserByUsername(keycloakSession.getContext().getRealm(), "marta");
        authorizationBean.getClass();
        AuthorizationBean.ResourceBean resourceBean = new AuthorizationBean.ResourceBean(authorizationBean, provider.getStoreFactory().getResourceStore().findByName("Resource A", userByUsername.getId(), clientByClientId.getId()));
        Assert.assertEquals("Resource A", resourceBean.getName());
        Assert.assertEquals("marta", resourceBean.getOwnerName());
        Assert.assertNotNull(resourceBean.getUserOwner());
        Assert.assertEquals("marta", resourceBean.getUserOwner().getUsername());
        Assert.assertNull(resourceBean.getClientOwner());
    }

    @Test
    public void testCanRepresentResourceBeanOfResourceOwnedByClient() throws Exception {
        this.resource = addResource("Resource A", getClient(getRealm()).toRepresentation().getId(), true, "ScopeA");
        this.testingClient.server().run(UmaRepresentationTest::testCanRepresentResourceBeanOfResourceOwnedByClient);
    }

    public static void testCanRepresentResourceBeanOfResourceOwnedByClient(KeycloakSession keycloakSession) {
        keycloakSession.getContext().setRealm(keycloakSession.realms().getRealmByName("authz-test"));
        AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
        AuthorizationBean authorizationBean = new AuthorizationBean(keycloakSession, (UserModel) null, keycloakSession.getContext().getUri());
        ClientModel clientByClientId = keycloakSession.getContext().getRealm().getClientByClientId("resource-server-test");
        authorizationBean.getClass();
        AuthorizationBean.ResourceBean resourceBean = new AuthorizationBean.ResourceBean(authorizationBean, provider.getStoreFactory().getResourceStore().findByName("Resource A", clientByClientId.getId(), clientByClientId.getId()));
        Assert.assertEquals("Resource A", resourceBean.getName());
        Assert.assertEquals("resource-server-test", resourceBean.getOwnerName());
        Assert.assertNotNull(resourceBean.getClientOwner());
        Assert.assertEquals("resource-server-test", resourceBean.getClientOwner().getClientId());
        Assert.assertNull(resourceBean.getUserOwner());
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1094004870:
                if (implMethodName.equals("testCanRepresentResourceBeanOfResourceOwnedByUser")) {
                    z = false;
                    break;
                }
                break;
            case 406628282:
                if (implMethodName.equals("testCanRepresentResourceBeanOfResourceOwnedByClient")) {
                    z = true;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/authz/UmaRepresentationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return UmaRepresentationTest::testCanRepresentResourceBeanOfResourceOwnedByUser;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/authz/UmaRepresentationTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return UmaRepresentationTest::testCanRepresentResourceBeanOfResourceOwnedByClient;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
