package org.keycloak.testsuite.cli.registration;

import java.io.File;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.client.registration.cli.config.ConfigData;
import org.keycloak.client.registration.cli.config.FileConfigHandler;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyEnforcementMode;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.cli.KcRegExec;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.TempFileResource;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/cli/registration/KcRegCreateTest.class */
public class KcRegCreateTest extends AbstractRegCliTest {
    @Before
    public void assumeTLSEnabled() {
        Assume.assumeTrue(ServerURLs.AUTH_SERVER_SSL_REQUIRED);
    }

    @Test
    public void testCreateWithRealmOverride() throws IOException {
        initCustomConfigFile();
        TempFileResource tempFileResource = new TempFileResource(FileConfigHandler.getConfigFile());
        Throwable th = null;
        try {
            try {
                StringBuilder append = new StringBuilder().append("config credentials -x --config '").append(tempFileResource.getName()).append("' --insecure --server ");
                OAuthClient oAuthClient = this.oauth;
                assertExitCodeAndStreamSizes(KcRegExec.execute(append.append(OAuthClient.AUTH_SERVER_ROOT).append(" --realm master --user admin --password admin").toString()), 0, 0, 3);
                String issueInitialAccessToken = issueInitialAccessToken("test");
                StringBuilder append2 = new StringBuilder().append("create --config '").append(tempFileResource.getName()).append("' --insecure --server ");
                OAuthClient oAuthClient2 = this.oauth;
                assertExitCodeAndStreamSizes(KcRegExec.execute(append2.append(OAuthClient.AUTH_SERVER_ROOT).append(" --realm test -s clientId=my_first_client -t ").append(issueInitialAccessToken).toString()), 0, 0, 3);
                if (tempFileResource != null) {
                    if (0 == 0) {
                        tempFileResource.close();
                        return;
                    }
                    try {
                        tempFileResource.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (tempFileResource != null) {
                if (th != null) {
                    try {
                        tempFileResource.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    tempFileResource.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testCreateThoroughly() throws IOException {
        Throwable th;
        FileConfigHandler initCustomConfigFile = initCustomConfigFile();
        TempFileResource tempFileResource = new TempFileResource(FileConfigHandler.getConfigFile());
        Throwable th2 = null;
        try {
            String issueInitialAccessToken = issueInitialAccessToken("test");
            StringBuilder append = new StringBuilder().append("config initial-token -x --config '").append(tempFileResource.getName()).append("' --insecure --server ");
            OAuthClient oAuthClient = this.oauth;
            assertExitCodeAndStreamSizes(KcRegExec.execute(append.append(OAuthClient.AUTH_SERVER_ROOT).append(" --realm ").append("test").append(" ").append(issueInitialAccessToken).toString()), 0, 0, 0);
            ConfigData loadConfig = initCustomConfigFile.loadConfig();
            OAuthClient oAuthClient2 = this.oauth;
            Assert.assertEquals("Config serverUrl", OAuthClient.AUTH_SERVER_ROOT, loadConfig.getServerUrl());
            Assert.assertEquals("Config realm", "test", loadConfig.getRealm());
            OAuthClient oAuthClient3 = this.oauth;
            Assert.assertEquals("Config initial access token", issueInitialAccessToken, loadConfig.ensureRealmConfigData(OAuthClient.AUTH_SERVER_ROOT, "test").getInitialToken());
            TempFileResource tempFileResource2 = new TempFileResource(initTempFile(".json", "{\n        \"clientId\": \"my_client\",\n        \"enabled\": true,\n        \"redirectUris\": [\"http://localhost:8980/myapp/*\"],\n        \"serviceAccountsEnabled\": true,\n        \"name\": \"My Client App\",\n        \"implicitFlowEnabled\": false,\n        \"publicClient\": true,\n        \"protocol\": \"openid-connect\",\n        \"webOrigins\": [\"http://localhost:8980/myapp\"],\n        \"consentRequired\": false,\n        \"baseUrl\": \"http://localhost:8980/myapp\",\n        \"rootUrl\": \"http://localhost:8980/myapp\",\n        \"bearerOnly\": true,\n        \"standardFlowEnabled\": true\n}"));
            Throwable th3 = null;
            try {
                try {
                    KcRegExec execute = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -o -f - < '" + tempFileResource2.getName() + "'");
                    assertExitCodeAndStdErrSize(execute, 0, 2);
                    ClientRepresentation clientRepresentation = (ClientRepresentation) JsonSerialization.readValue(execute.stdout(), ClientRepresentation.class);
                    Assert.assertNotNull("id", clientRepresentation.getId());
                    Assert.assertEquals("clientId", "my_client", clientRepresentation.getClientId());
                    Assert.assertEquals("enabled", true, clientRepresentation.isEnabled());
                    Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp/*"), clientRepresentation.getRedirectUris());
                    Assert.assertEquals("serviceAccountsEnabled", true, clientRepresentation.isServiceAccountsEnabled());
                    Assert.assertEquals("name", "My Client App", clientRepresentation.getName());
                    Assert.assertEquals("implicitFlowEnabled", false, clientRepresentation.isImplicitFlowEnabled());
                    Assert.assertEquals("publicClient", true, clientRepresentation.isPublicClient());
                    Assert.assertEquals("protocol", "openid-connect", clientRepresentation.getProtocol());
                    Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp"), clientRepresentation.getWebOrigins());
                    Assert.assertEquals("consentRequired", false, clientRepresentation.isConsentRequired());
                    Assert.assertEquals("baseUrl", "http://localhost:8980/myapp", clientRepresentation.getBaseUrl());
                    Assert.assertEquals("rootUrl", "http://localhost:8980/myapp", clientRepresentation.getRootUrl());
                    Assert.assertEquals("bearerOnly", true, clientRepresentation.isStandardFlowEnabled());
                    Assert.assertNull("mappers are null", clientRepresentation.getProtocolMappers());
                    KcRegExec execute2 = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -o -f '" + tempFileResource2.getName() + "' -s clientId=my_client2 -s enabled=false -s 'redirectUris=[\"http://localhost:8980/myapp2/*\"]' -s 'name=My Client App II' -s protocol=openid-connect -s 'webOrigins=[\"http://localhost:8980/myapp2\"]' -s baseUrl=http://localhost:8980/myapp2 -s rootUrl=http://localhost:8980/myapp2");
                    assertExitCodeAndStdErrSize(execute2, 0, 2);
                    ClientRepresentation clientRepresentation2 = (ClientRepresentation) JsonSerialization.readValue(execute2.stdout(), ClientRepresentation.class);
                    Assert.assertNotNull("id", clientRepresentation2.getId());
                    Assert.assertEquals("clientId", "my_client2", clientRepresentation2.getClientId());
                    Assert.assertEquals("enabled", false, clientRepresentation2.isEnabled());
                    Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8980/myapp2/*"), clientRepresentation2.getRedirectUris());
                    Assert.assertEquals("serviceAccountsEnabled", true, clientRepresentation2.isServiceAccountsEnabled());
                    Assert.assertEquals("name", "My Client App II", clientRepresentation2.getName());
                    Assert.assertEquals("implicitFlowEnabled", false, clientRepresentation2.isImplicitFlowEnabled());
                    Assert.assertEquals("publicClient", true, clientRepresentation2.isPublicClient());
                    Assert.assertEquals("protocol", "openid-connect", clientRepresentation2.getProtocol());
                    Assert.assertEquals("webOrigins", Arrays.asList("http://localhost:8980/myapp2"), clientRepresentation2.getWebOrigins());
                    Assert.assertEquals("consentRequired", false, clientRepresentation2.isConsentRequired());
                    Assert.assertEquals("baseUrl", "http://localhost:8980/myapp2", clientRepresentation2.getBaseUrl());
                    Assert.assertEquals("rootUrl", "http://localhost:8980/myapp2", clientRepresentation2.getRootUrl());
                    Assert.assertEquals("bearerOnly", true, clientRepresentation2.isStandardFlowEnabled());
                    Assert.assertNull("mappers are null", clientRepresentation2.getProtocolMappers());
                    KcRegExec execute3 = KcRegExec.execute("create --config '" + tempFileResource.getName() + "' -o -f '" + tempFileResource2.getName() + "' -s client_id=my_client3");
                    assertExitCodeAndStreamSizes(execute3, 1, 0, 1);
                    Assert.assertEquals("Failed to set attribute 'client_id' on document type 'default'", execute3.stderrLines().get(0));
                    if (tempFileResource2 != null) {
                        if (0 != 0) {
                            try {
                                tempFileResource2.close();
                            } catch (Throwable th4) {
                                th3.addSuppressed(th4);
                            }
                        } else {
                            tempFileResource2.close();
                        }
                    }
                    KcRegExec execute4 = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -i -s clientId=my_client3");
                    assertExitCodeAndStreamSizes(execute4, 0, 1, 2);
                    Assert.assertEquals("only clientId returned", "my_client3", execute4.stdoutLines().get(0));
                    KcRegExec execute5 = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -s clientId=my_client4");
                    assertExitCodeAndStreamSizes(execute5, 0, 0, 3);
                    Assert.assertEquals("only clientId returned", "Registered new client with client_id 'my_client4'", execute5.stderrLines().get(2));
                    tempFileResource2 = new TempFileResource(initTempFile(".json", "        {\n            \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n            \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\" ],\n            \"response_types\" : [ \"code\", \"none\" ],\n            \"client_name\" : \"My Client App\",\n            \"client_uri\" : \"http://localhost:8980/myapp\"\n        }"));
                    th = null;
                } catch (Throwable th5) {
                    th3 = th5;
                    throw th5;
                }
                try {
                    try {
                        KcRegExec execute6 = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -s 'client_name=My Client App V'  -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5 -o -f - < '" + tempFileResource2.getName() + "'");
                        assertExitCodeAndStdErrSize(execute6, 0, 2);
                        OIDCClientRepresentation oIDCClientRepresentation = (OIDCClientRepresentation) JsonSerialization.readValue(execute6.stdout(), OIDCClientRepresentation.class);
                        Assert.assertNotNull("clientId", oIDCClientRepresentation.getClientId());
                        Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), oIDCClientRepresentation.getRedirectUris());
                        Assert.assertEquals("grant_types", Arrays.asList("authorization_code", "client_credentials", "refresh_token"), oIDCClientRepresentation.getGrantTypes());
                        Assert.assertEquals("response_types", Arrays.asList("code", "none"), oIDCClientRepresentation.getResponseTypes());
                        Assert.assertEquals("client_name", "My Client App V", oIDCClientRepresentation.getClientName());
                        Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", oIDCClientRepresentation.getClientUri());
                        KcRegExec execute7 = KcRegExec.execute("create --config '" + tempFileResource.getName() + "' -e default -f '" + tempFileResource2.getName() + "'");
                        assertExitCodeAndStreamSizes(execute7, 1, 0, 1);
                        Assert.assertEquals("Error message", "Attribute 'redirect_uris' not supported on document type 'default'", execute7.stderrLines().get(0));
                        if (tempFileResource2 != null) {
                            if (0 != 0) {
                                try {
                                    tempFileResource2.close();
                                } catch (Throwable th6) {
                                    th.addSuppressed(th6);
                                }
                            } else {
                                tempFileResource2.close();
                            }
                        }
                        File file = new File(System.getProperty("user.dir") + "/src/test/resources/cli/kcreg/saml-sp-metadata.xml");
                        Assert.assertTrue("saml-sp-metadata.xml exists", file.isFile());
                        KcRegExec execute8 = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -o -f - < '" + file.getAbsolutePath() + "'");
                        assertExitCodeAndStdErrSize(execute8, 0, 2);
                        ClientRepresentation clientRepresentation3 = (ClientRepresentation) JsonSerialization.readValue(execute8.stdout(), ClientRepresentation.class);
                        Assert.assertNotNull("id", clientRepresentation3.getId());
                        Assert.assertEquals("clientId", "http://localhost:8080/sales-post-enc/", clientRepresentation3.getClientId());
                        Assert.assertEquals("redirectUris", Arrays.asList("http://localhost:8081/sales-post-enc/saml"), clientRepresentation3.getRedirectUris());
                        Assert.assertEquals("attributes.saml_name_id_format", "username", clientRepresentation3.getAttributes().get("saml_name_id_format"));
                        Assert.assertEquals("attributes.saml_assertion_consumer_url_post", "http://localhost:8081/sales-post-enc/saml", clientRepresentation3.getAttributes().get("saml_assertion_consumer_url_post"));
                        Assert.assertEquals("attributes.saml.signature.algorithm", "RSA_SHA256", clientRepresentation3.getAttributes().get("saml.signature.algorithm"));
                        assertExitCodeAndStreamSizes(KcRegExec.execute("config initial-token --config '" + tempFileResource.getName() + "' --insecure --server " + this.serverUrl + " --realm test --delete"), 0, 0, 0);
                        Assert.assertNull("initial token == null", initCustomConfigFile.loadConfig().ensureRealmConfigData(this.serverUrl, "test").getInitialToken());
                        if (tempFileResource != null) {
                            if (0 == 0) {
                                tempFileResource.close();
                                return;
                            }
                            try {
                                tempFileResource.close();
                            } catch (Throwable th7) {
                                th2.addSuppressed(th7);
                            }
                        }
                    } catch (Throwable th8) {
                        th = th8;
                        throw th8;
                    }
                } finally {
                }
            } finally {
            }
        } catch (Throwable th9) {
            if (tempFileResource != null) {
                if (0 != 0) {
                    try {
                        tempFileResource.close();
                    } catch (Throwable th10) {
                        th2.addSuppressed(th10);
                    }
                } else {
                    tempFileResource.close();
                }
            }
            throw th9;
        }
    }

    @Test
    public void testCreateWithAuthorizationServices() throws IOException {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
        initCustomConfigFile();
        TempFileResource tempFileResource = new TempFileResource(FileConfigHandler.getConfigFile());
        Throwable th = null;
        try {
            StringBuilder append = new StringBuilder().append("config credentials -x --config '").append(tempFileResource.getName()).append("' --insecure --server ");
            OAuthClient oAuthClient = this.oauth;
            assertExitCodeAndStreamSizes(KcRegExec.execute(append.append(OAuthClient.AUTH_SERVER_ROOT).append(" --realm master --user admin --password admin").toString()), 0, 0, 3);
            String issueInitialAccessToken = issueInitialAccessToken("test");
            StringBuilder append2 = new StringBuilder().append("create --config '").append(tempFileResource.getName()).append("' --insecure --server ");
            OAuthClient oAuthClient2 = this.oauth;
            assertExitCodeAndStreamSizes(KcRegExec.execute(append2.append(OAuthClient.AUTH_SERVER_ROOT).append(" --realm test -s clientId=authz-client -s authorizationServicesEnabled=true -t ").append(issueInitialAccessToken).toString()), 0, 0, 3);
            RealmResource realm = this.adminClient.realm("test");
            ClientsResource clients = realm.clients();
            ClientResource clientResource = clients.get(((ClientRepresentation) clients.findByClientId("authz-client").get(0)).getId());
            Assert.assertTrue(clientResource.toRepresentation().getAuthorizationServicesEnabled().booleanValue());
            ResourceServerRepresentation settings = clientResource.authorization().getSettings();
            Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings.getPolicyEnforcementMode());
            Assert.assertTrue(settings.isAllowRemoteResourceManagement());
            List list = clientResource.roles().list();
            Assert.assertEquals(1L, list.size());
            Assert.assertEquals("uma_protection", ((RoleRepresentation) list.get(0)).getName());
            TempFileResource tempFileResource2 = new TempFileResource(initTempFile(".json", "        {\n            \"redirect_uris\" : [ \"http://localhost:8980/myapp/*\" ],\n            \"grant_types\" : [ \"authorization_code\", \"client_credentials\", \"refresh_token\", \"urn:ietf:params:oauth:grant-type:uma-ticket\" ],\n            \"response_types\" : [ \"code\", \"none\" ],\n            \"client_name\" : \"My Reg Authz\",\n            \"client_uri\" : \"http://localhost:8980/myapp\"\n        }"));
            Throwable th2 = null;
            try {
                try {
                    KcRegExec execute = KcRegExec.execute("create --insecure --config '" + tempFileResource.getName() + "' -s 'client_name=My Reg Authz' --realm test -t " + issueInitialAccessToken + " -s 'redirect_uris=[\"http://localhost:8980/myapp5/*\"]' -s client_uri=http://localhost:8980/myapp5 -o -f - < '" + tempFileResource2.getName() + "'");
                    assertExitCodeAndStdErrSize(execute, 0, 2);
                    OIDCClientRepresentation oIDCClientRepresentation = (OIDCClientRepresentation) JsonSerialization.readValue(execute.stdout(), OIDCClientRepresentation.class);
                    Assert.assertNotNull("clientId", oIDCClientRepresentation.getClientId());
                    Assert.assertEquals("redirect_uris", Arrays.asList("http://localhost:8980/myapp5/*"), oIDCClientRepresentation.getRedirectUris());
                    Assert.assertThat("grant_types", oIDCClientRepresentation.getGrantTypes(), Matchers.containsInAnyOrder(new String[]{"authorization_code", "client_credentials", "refresh_token", "urn:ietf:params:oauth:grant-type:uma-ticket"}));
                    Assert.assertEquals("response_types", Arrays.asList("code", "none"), oIDCClientRepresentation.getResponseTypes());
                    Assert.assertEquals("client_name", "My Reg Authz", oIDCClientRepresentation.getClientName());
                    Assert.assertEquals("client_uri", "http://localhost:8980/myapp5", oIDCClientRepresentation.getClientUri());
                    ClientResource clientResource2 = clients.get(oIDCClientRepresentation.getClientId());
                    ClientRepresentation representation = clientResource2.toRepresentation();
                    Assert.assertTrue(representation.getAuthorizationServicesEnabled().booleanValue());
                    ResourceServerRepresentation settings2 = clientResource2.authorization().getSettings();
                    Assert.assertEquals(PolicyEnforcementMode.ENFORCING, settings2.getPolicyEnforcementMode());
                    Assert.assertTrue(settings2.isAllowRemoteResourceManagement());
                    List list2 = clientResource2.roles().list();
                    Assert.assertEquals(1L, list2.size());
                    Assert.assertEquals("uma_protection", ((RoleRepresentation) list2.get(0)).getName());
                    UserRepresentation userRepresentation = (UserRepresentation) realm.users().search("service-account-" + representation.getClientId()).get(0);
                    Assert.assertNotNull(userRepresentation);
                    Assert.assertTrue(realm.users().get(userRepresentation.getId()).roles().clientLevel(representation.getId()).listAll().stream().anyMatch(roleRepresentation -> {
                        return "uma_protection".equals(roleRepresentation.getName());
                    }));
                    if (tempFileResource2 != null) {
                        if (0 != 0) {
                            try {
                                tempFileResource2.close();
                            } catch (Throwable th3) {
                                th2.addSuppressed(th3);
                            }
                        } else {
                            tempFileResource2.close();
                        }
                    }
                    if (tempFileResource != null) {
                        if (0 == 0) {
                            tempFileResource.close();
                            return;
                        }
                        try {
                            tempFileResource.close();
                        } catch (Throwable th4) {
                            th.addSuppressed(th4);
                        }
                    }
                } catch (Throwable th5) {
                    th2 = th5;
                    throw th5;
                }
            } catch (Throwable th6) {
                if (tempFileResource2 != null) {
                    if (th2 != null) {
                        try {
                            tempFileResource2.close();
                        } catch (Throwable th7) {
                            th2.addSuppressed(th7);
                        }
                    } else {
                        tempFileResource2.close();
                    }
                }
                throw th6;
            }
        } catch (Throwable th8) {
            if (tempFileResource != null) {
                if (0 != 0) {
                    try {
                        tempFileResource.close();
                    } catch (Throwable th9) {
                        th.addSuppressed(th9);
                    }
                } else {
                    tempFileResource.close();
                }
            }
            throw th8;
        }
    }
}
