package org.keycloak.testsuite.admin;

import java.lang.invoke.SerializedLambda;
import java.util.List;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.idm.authorization.RolePolicyRepresentation;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.util.JsonSerialization;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/admin/AuthzCleanupTest.class */
public class AuthzCleanupTest extends AbstractKeycloakTest {
    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(RealmBuilder.create().name("test").client(ClientBuilder.create().clientId("myclient").secret("secret").authorizationServicesEnabled(true).redirectUris("http://localhost/myclient").defaultRoles("client-role-1", "client-role-2", "Acme administrator", "Acme viewer", "tenant administrator", "tenant viewer", "tenant user").build()).build());
    }

    public static void setup(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        keycloakSession.getContext().setRealm(realmByName);
        AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
        ClientModel clientByClientId = realmByName.getClientByClientId("myclient");
        ResourceServer findById = provider.getStoreFactory().getResourceServerStore().findById(clientByClientId.getId());
        createRolePolicy(provider, findById, clientByClientId.getClientId() + "/client-role-1");
        createRolePolicy(provider, findById, clientByClientId.getClientId() + "/client-role-2");
    }

    private static Policy createRolePolicy(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, String str) {
        RolePolicyRepresentation rolePolicyRepresentation = new RolePolicyRepresentation();
        rolePolicyRepresentation.setName(str);
        rolePolicyRepresentation.setType("role");
        rolePolicyRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        rolePolicyRepresentation.setLogic(Logic.POSITIVE);
        rolePolicyRepresentation.addRole(str, true);
        return authorizationProvider.getStoreFactory().getPolicyStore().create(rolePolicyRepresentation, resourceServer);
    }

    @Test
    public void testCreate() throws Exception {
        ClientsResource clients = getAdminClient().realms().realm("test").clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId("myclient").get(0);
        clients.get(clientRepresentation.getId()).authorization().importSettings((ResourceServerRepresentation) JsonSerialization.readValue(getClass().getResourceAsStream("/authorization-test/acme-resource-server-cleanup-test.json"), ResourceServerRepresentation.class));
        this.testingClient.server().run(AuthzCleanupTest::setup);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 109329021:
                if (implMethodName.equals("setup")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/AuthzCleanupTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return AuthzCleanupTest::setup;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
