package org.keycloak.testsuite.admin;

import java.lang.invoke.SerializedLambda;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.stream.Collectors;
import javax.ws.rs.ClientErrorException;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.Response;
import org.hamcrest.Matcher;
import org.hamcrest.Matchers;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.common.Profile;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.ClientModel;
import org.keycloak.models.GroupModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserCredentialModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.models.utils.RepresentationToModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ClientScopeRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.RoleRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.UserPolicyRepresentation;
import org.keycloak.services.resources.admin.permissions.AdminPermissionEvaluator;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.services.resources.admin.permissions.ClientPermissionManagement;
import org.keycloak.services.resources.admin.permissions.GroupPermissionManagement;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.broker.AbstractBrokerTest;
import org.keycloak.testsuite.cli.KcinitTest;
import org.keycloak.testsuite.oauth.RefreshTokenTest;
import org.keycloak.testsuite.saml.ConcurrentAuthnRequestTest;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.GroupBuilder;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.utils.tls.TLSUtils;

@EnableFeature(Profile.Feature.ADMIN_FINE_GRAINED_AUTHZ)
/* loaded from: input_file:org/keycloak/testsuite/admin/FineGrainAdminUnitTest.class */
public class FineGrainAdminUnitTest extends AbstractKeycloakTest {
    public static final String CLIENT_NAME = "application";

    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setId("test");
        realmRepresentation.setRealm("test");
        realmRepresentation.setEnabled(true);
        list.add(realmRepresentation);
        realmRepresentation.setGroups(Arrays.asList(GroupBuilder.create().name("restricted-group").build()));
    }

    public static void setupDemo(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        realmByName.addRole("realm-role");
        ClientModel addClient = realmByName.addClient("sales-application");
        addClient.addRole("admin");
        addClient.addRole("leader-creator");
        addClient.addRole("viewLeads");
        GroupModel createGroup = realmByName.createGroup("sales");
        UserModel addUser = keycloakSession.users().addUser(realmByName, "salesManager");
        addUser.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
        UserModel addUser2 = keycloakSession.users().addUser(realmByName, "sales-admin");
        addUser2.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser2, UserCredentialModel.password("password"));
        UserModel addUser3 = keycloakSession.users().addUser(realmByName, "salesman");
        addUser3.setEnabled(true);
        addUser3.joinGroup(createGroup);
        keycloakSession.users().addUser(realmByName, "saleswoman").setEnabled(true);
    }

    public static void setupPolices(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        RoleModel addRole = realmByName.addRole("realm-role");
        RoleModel addRole2 = realmByName.addRole("realm-role2");
        ClientModel addClient = realmByName.addClient("application");
        realmByName.addClientScope("scope");
        addClient.setFullScopeAllowed(false);
        RoleModel addRole3 = addClient.addRole("client-role");
        GroupModel createGroup = realmByName.createGroup("top");
        RoleModel addRole4 = realmByName.addRole("mapper");
        RoleModel addRole5 = realmByName.addRole(AbstractBrokerTest.ROLE_MANAGER);
        RoleModel addRole6 = realmByName.addRole("composite-role");
        addRole6.addCompositeRole(addRole4);
        addRole6.addCompositeRole(addRole5);
        management.roles().setPermissionsEnabled(addRole3, true);
        management.roles().mapRolePermission(addRole3).addAssociatedPolicy(management.roles().rolePolicy(management.roles().resourceServer(addRole3), addRole4));
        management.roles().setPermissionsEnabled(addRole, true);
        management.roles().mapRolePermission(addRole).addAssociatedPolicy(management.roles().rolePolicy(management.roles().resourceServer(addRole), addRole4));
        management.roles().setPermissionsEnabled(addRole2, true);
        management.users().setPermissionsEnabled(true);
        Policy rolePolicy = management.roles().rolePolicy(management.realmResourceServer(), addRole5);
        Policy managePermission = management.users().managePermission();
        managePermission.addAssociatedPolicy(rolePolicy);
        managePermission.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        management.groups().setPermissionsEnabled(createGroup, true);
        management.clients().setPermissionsEnabled(addClient, true);
        RoleModel role = realmByName.getClientByClientId("realm-management").getRole(AdminRoles.REALM_ADMIN);
        management.users().setPermissionsEnabled(true);
        Policy rolePolicy2 = management.roles().rolePolicy(management.realmResourceServer(), role);
        rolePolicy2.setLogic(Logic.NEGATIVE);
        Policy userImpersonatedPermission = management.users().userImpersonatedPermission();
        userImpersonatedPermission.addAssociatedPolicy(rolePolicy2);
        userImpersonatedPermission.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
    }

    public static void setupUsers(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        ClientModel clientByClientId = realmByName.getClientByClientId("application");
        realmByName.getRole("realm-role");
        realmByName.getRole("realm-role2");
        clientByClientId.getRole("client-role");
        RoleModel role = realmByName.getRole("mapper");
        RoleModel role2 = realmByName.getRole(AbstractBrokerTest.ROLE_MANAGER);
        RoleModel role3 = realmByName.getRole("composite-role");
        ClientModel clientByClientId2 = realmByName.getClientByClientId("realm-management");
        RoleModel role4 = clientByClientId2.getRole(AdminRoles.REALM_ADMIN);
        RoleModel role5 = clientByClientId2.getRole(AdminRoles.QUERY_GROUPS);
        RoleModel role6 = clientByClientId2.getRole(AdminRoles.QUERY_USERS);
        RoleModel role7 = clientByClientId2.getRole(AdminRoles.QUERY_CLIENTS);
        UserModel addUser = keycloakSession.users().addUser(realmByName, "nomap-admin");
        addUser.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
        addUser.grantRole(role4);
        UserModel addUser2 = keycloakSession.users().addUser(realmByName, "anotherAdmin");
        addUser2.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser2, UserCredentialModel.password("password"));
        addUser2.grantRole(role4);
        UserModel addUser3 = keycloakSession.users().addUser(realmByName, "authorized");
        addUser3.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser3, UserCredentialModel.password("password"));
        addUser3.grantRole(role);
        addUser3.grantRole(role2);
        UserModel addUser4 = keycloakSession.users().addUser(realmByName, "authorizedComposite");
        addUser4.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser4, UserCredentialModel.password("password"));
        addUser4.grantRole(role3);
        UserModel addUser5 = keycloakSession.users().addUser(realmByName, "unauthorized");
        addUser5.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser5, UserCredentialModel.password("password"));
        UserModel addUser6 = keycloakSession.users().addUser(realmByName, "unauthorizedMapper");
        addUser6.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser6, UserCredentialModel.password("password"));
        addUser6.grantRole(role2);
        keycloakSession.users().addUser(realmByName, "user1").setEnabled(true);
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        GroupModel findGroupByPath = KeycloakModelUtils.findGroupByPath(realmByName, "top");
        UserModel addUser7 = keycloakSession.users().addUser(realmByName, "groupMember");
        addUser7.joinGroup(findGroupByPath);
        addUser7.setEnabled(true);
        UserModel addUser8 = keycloakSession.users().addUser(realmByName, "groupManager");
        addUser8.grantRole(role5);
        addUser8.grantRole(role6);
        addUser8.setEnabled(true);
        addUser8.grantRole(role);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser8, UserCredentialModel.password("password"));
        UserModel addUser9 = keycloakSession.users().addUser(realmByName, "noMapperGroupManager");
        addUser9.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser9, UserCredentialModel.password("password"));
        addUser9.grantRole(role5);
        addUser9.grantRole(role6);
        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
        userPolicyRepresentation.setName("groupManagers");
        userPolicyRepresentation.addUser("groupManager");
        userPolicyRepresentation.addUser("noMapperGroupManager");
        ResourceServer realmResourceServer = management.realmResourceServer();
        Policy create = management.authz().getStoreFactory().getPolicyStore().create(userPolicyRepresentation, realmResourceServer);
        management.groups().manageMembersPermission(findGroupByPath).addAssociatedPolicy(create);
        management.groups().manageMembershipPermission(findGroupByPath).addAssociatedPolicy(create);
        management.groups().viewPermission(findGroupByPath).addAssociatedPolicy(create);
        UserModel addUser10 = keycloakSession.users().addUser(realmByName, "clientMapper");
        addUser10.setEnabled(true);
        addUser10.grantRole(role2);
        addUser10.grantRole(role6);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser10, UserCredentialModel.password("password"));
        Policy mapRolesPermission = management.clients().mapRolesPermission(clientByClientId);
        UserPolicyRepresentation userPolicyRepresentation2 = new UserPolicyRepresentation();
        userPolicyRepresentation2.setName("userClientMapper");
        userPolicyRepresentation2.addUser("clientMapper");
        mapRolesPermission.addAssociatedPolicy(management.authz().getStoreFactory().getPolicyStore().create(userPolicyRepresentation2, management.clients().resourceServer(clientByClientId)));
        UserModel addUser11 = keycloakSession.users().addUser(realmByName, "clientManager");
        addUser11.setEnabled(true);
        addUser11.grantRole(role7);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser11, UserCredentialModel.password("password"));
        Policy managePermission = management.clients().managePermission(clientByClientId);
        UserPolicyRepresentation userPolicyRepresentation3 = new UserPolicyRepresentation();
        userPolicyRepresentation3.setName("clientManager");
        userPolicyRepresentation3.addUser("clientManager");
        managePermission.addAssociatedPolicy(management.authz().getStoreFactory().getPolicyStore().create(userPolicyRepresentation3, management.clients().resourceServer(clientByClientId)));
        UserModel addUser12 = keycloakSession.users().addUser(realmByName, "clientConfigurer");
        addUser12.setEnabled(true);
        addUser12.grantRole(role7);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser12, UserCredentialModel.password("password"));
        Policy configurePermission = management.clients().configurePermission(clientByClientId);
        UserPolicyRepresentation userPolicyRepresentation4 = new UserPolicyRepresentation();
        userPolicyRepresentation4.setName("clientConfigure");
        userPolicyRepresentation4.addUser("clientConfigurer");
        configurePermission.addAssociatedPolicy(management.authz().getStoreFactory().getPolicyStore().create(userPolicyRepresentation4, management.clients().resourceServer(clientByClientId)));
        UserModel addUser13 = keycloakSession.users().addUser(realmByName, "groupViewer");
        addUser13.grantRole(role5);
        addUser13.grantRole(role6);
        addUser13.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser13, UserCredentialModel.password("password"));
        UserPolicyRepresentation userPolicyRepresentation5 = new UserPolicyRepresentation();
        userPolicyRepresentation5.setName("groupMemberViewers");
        userPolicyRepresentation5.addUser("groupViewer");
        management.groups().viewMembersPermission(findGroupByPath).addAssociatedPolicy(management.authz().getStoreFactory().getPolicyStore().create(userPolicyRepresentation5, realmResourceServer));
    }

    public static void evaluateLocally(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        RoleModel role = realmByName.getRole("realm-role");
        RoleModel role2 = realmByName.getRole("realm-role2");
        RoleModel role3 = realmByName.getClientByClientId("application").getRole("client-role");
        AdminPermissionEvaluator evaluator = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "authorized"));
        Assert.assertTrue(evaluator.users().canManage());
        Assert.assertTrue(evaluator.roles().canMapRole(role));
        Assert.assertFalse(evaluator.roles().canMapRole(role2));
        Assert.assertTrue(evaluator.roles().canMapRole(role3));
        AdminPermissionEvaluator evaluator2 = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "authorizedComposite"));
        Assert.assertTrue(evaluator2.users().canManage());
        Assert.assertTrue(evaluator2.roles().canMapRole(role));
        Assert.assertFalse(evaluator2.roles().canMapRole(role2));
        Assert.assertTrue(evaluator2.roles().canMapRole(role3));
        AdminPermissionEvaluator evaluator3 = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "unauthorized"));
        Assert.assertFalse(evaluator3.users().canManage());
        Assert.assertFalse(evaluator3.roles().canMapRole(role));
        Assert.assertFalse(evaluator3.roles().canMapRole(role3));
        Assert.assertFalse(evaluator3.roles().canMapRole(role2));
        AdminPermissionEvaluator evaluator4 = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "unauthorizedMapper"));
        Assert.assertTrue(evaluator4.users().canManage());
        Assert.assertFalse(evaluator4.roles().canMapRole(role));
        Assert.assertFalse(evaluator4.roles().canMapRole(role3));
        Assert.assertFalse(evaluator4.roles().canMapRole(role2));
        AdminPermissionEvaluator evaluator5 = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "groupManager"));
        UserModel userByUsername = keycloakSession.users().getUserByUsername(realmByName, "authorized");
        Assert.assertFalse(evaluator5.users().canManage(userByUsername));
        Assert.assertFalse(evaluator5.users().canView(userByUsername));
        UserModel userByUsername2 = keycloakSession.users().getUserByUsername(realmByName, "groupMember");
        Assert.assertTrue(evaluator5.users().canManage(userByUsername2));
        Assert.assertTrue(evaluator5.users().canManageGroupMembership(userByUsername2));
        Assert.assertTrue(evaluator5.users().canView(userByUsername2));
        Assert.assertTrue(evaluator5.roles().canMapRole(role));
        Assert.assertTrue(evaluator5.roles().canMapRole(role3));
        Assert.assertFalse(evaluator5.roles().canMapRole(role2));
        AdminPermissionEvaluator evaluator6 = AdminPermissions.evaluator(keycloakSession, realmByName, realmByName, keycloakSession.users().getUserByUsername(realmByName, "clientMapper"));
        Assert.assertTrue(evaluator6.users().canManage(keycloakSession.users().getUserByUsername(realmByName, "authorized")));
        Assert.assertFalse(evaluator6.roles().canMapRole(role));
        Assert.assertTrue(evaluator6.roles().canMapRole(role3));
        Assert.assertFalse(evaluator6.roles().canMapRole(role2));
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    protected boolean isImportAfterEachMethod() {
        return true;
    }

    public void testDemo() throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setupDemo);
        Thread.sleep(1000000000L);
    }

    public void testEvaluationLocal() throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setupPolices);
        this.testingClient.server().run(FineGrainAdminUnitTest::setupUsers);
        this.testingClient.server().run(FineGrainAdminUnitTest::evaluateLocally);
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testRestEvaluation() throws Exception {
        Keycloak createAdminClient;
        Throwable th;
        Throwable th2;
        this.testingClient.server().run(FineGrainAdminUnitTest::setupPolices);
        this.testingClient.server().run(FineGrainAdminUnitTest::setupUsers);
        UserRepresentation userRepresentation = (UserRepresentation) this.adminClient.realm("test").users().search("user1").get(0);
        UserRepresentation userRepresentation2 = (UserRepresentation) this.adminClient.realm("test").users().search("anotherAdmin").get(0);
        UserRepresentation userRepresentation3 = (UserRepresentation) this.adminClient.realm("test").users().search("groupMember").get(0);
        RoleRepresentation representation = this.adminClient.realm("test").roles().get("realm-role").toRepresentation();
        LinkedList linkedList = new LinkedList();
        linkedList.add(representation);
        RoleRepresentation representation2 = this.adminClient.realm("test").roles().get("realm-role2").toRepresentation();
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(representation2);
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm("test").clients().findByClientId("application").get(0);
        ClientScopeRepresentation clientScopeRepresentation = (ClientScopeRepresentation) this.adminClient.realm("test").clientScopes().findAll().get(0);
        RoleRepresentation representation3 = this.adminClient.realm("test").clients().get(clientRepresentation.getId()).roles().get("client-role").toRepresentation();
        LinkedList linkedList3 = new LinkedList();
        linkedList3.add(representation3);
        Keycloak createAdminClient2 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "clientConfigurer", "password", "admin-cli", (String) null);
        Throwable th3 = null;
        try {
            try {
                clientRepresentation.setAdminUrl("http://nowhere");
                createAdminClient2.realm("test").clients().get(clientRepresentation.getId()).update(clientRepresentation);
                clientRepresentation.setFullScopeAllowed(true);
                try {
                    createAdminClient2.realm("test").clients().get(clientRepresentation.getId()).update(clientRepresentation);
                    Assert.fail("should fail with forbidden exception");
                } catch (ClientErrorException e) {
                    Assert.assertEquals(403L, e.getResponse().getStatus());
                }
                clientRepresentation.setFullScopeAllowed(false);
                createAdminClient2.realm("test").clients().get(clientRepresentation.getId()).update(clientRepresentation);
                try {
                    createAdminClient2.realm("test").clients().get(clientRepresentation.getId()).addDefaultClientScope(clientScopeRepresentation.getId());
                    Assert.fail("should fail with forbidden exception");
                } catch (ClientErrorException e2) {
                    Assert.assertEquals(403L, e2.getResponse().getStatus());
                }
                try {
                    createAdminClient2.realm("test").clients().get(clientRepresentation.getId()).getScopeMappings().realmLevel().add(linkedList);
                    Assert.fail("should fail with forbidden exception");
                } catch (ClientErrorException e3) {
                    Assert.assertEquals(403L, e3.getResponse().getStatus());
                }
                if (createAdminClient2 != null) {
                    if (0 != 0) {
                        try {
                            createAdminClient2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        createAdminClient2.close();
                    }
                }
                if (!ImpersonationDisabledTest.IMPERSONATION_DISABLED) {
                    Keycloak createAdminClient3 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "nomap-admin", "password", "admin-cli", (String) null);
                    try {
                        createAdminClient3.realm("test").users().get(userRepresentation.getId()).impersonate();
                        createAdminClient3.close();
                        createAdminClient3 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "nomap-admin", "password", "admin-cli", (String) null);
                        try {
                            createAdminClient3.realm("test").users().get(userRepresentation2.getId()).impersonate();
                            Assert.fail("should fail with forbidden exception");
                        } catch (ClientErrorException e4) {
                            Assert.assertEquals(403L, e4.getResponse().getStatus());
                        }
                        createAdminClient3.close();
                    } catch (Throwable th5) {
                        createAdminClient3.close();
                        throw th5;
                    }
                }
                Keycloak createAdminClient4 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "authorized", "password", "admin-cli", (String) null);
                Throwable th6 = null;
                try {
                    createAdminClient4.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                    Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().anyMatch(roleRepresentation -> {
                        return roleRepresentation.getName().equals("realm-role");
                    }));
                    createAdminClient4.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().remove(linkedList);
                    Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().noneMatch(roleRepresentation2 -> {
                        return roleRepresentation2.getName().equals("realm-role");
                    }));
                    createAdminClient4.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).add(linkedList3);
                    Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().anyMatch(roleRepresentation3 -> {
                        return roleRepresentation3.getName().equals("client-role");
                    }));
                    createAdminClient4.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).remove(linkedList3);
                    Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().noneMatch(roleRepresentation4 -> {
                        return roleRepresentation4.getName().equals("client-role");
                    }));
                    if (createAdminClient4 != null) {
                        if (0 != 0) {
                            try {
                                createAdminClient4.close();
                            } catch (Throwable th7) {
                                th6.addSuppressed(th7);
                            }
                        } else {
                            createAdminClient4.close();
                        }
                    }
                    Keycloak createAdminClient5 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "authorizedComposite", "password", "admin-cli", (String) null);
                    Throwable th8 = null;
                    try {
                        try {
                            createAdminClient5.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                            Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().anyMatch(roleRepresentation5 -> {
                                return roleRepresentation5.getName().equals("realm-role");
                            }));
                            createAdminClient5.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().remove(linkedList);
                            Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().noneMatch(roleRepresentation6 -> {
                                return roleRepresentation6.getName().equals("realm-role");
                            }));
                            createAdminClient5.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).add(linkedList3);
                            Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().anyMatch(roleRepresentation7 -> {
                                return roleRepresentation7.getName().equals("client-role");
                            }));
                            createAdminClient5.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).remove(linkedList3);
                            Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().noneMatch(roleRepresentation8 -> {
                                return roleRepresentation8.getName().equals("client-role");
                            }));
                            if (createAdminClient5 != null) {
                                if (0 != 0) {
                                    try {
                                        createAdminClient5.close();
                                    } catch (Throwable th9) {
                                        th8.addSuppressed(th9);
                                    }
                                } else {
                                    createAdminClient5.close();
                                }
                            }
                            try {
                                createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "unauthorized", "password", "admin-cli", (String) null);
                                th2 = null;
                            } catch (ClientErrorException e5) {
                                Assert.assertEquals(403L, e5.getResponse().getStatus());
                            }
                            try {
                                try {
                                    createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                                    Assert.fail("should fail with forbidden exception");
                                    if (createAdminClient != null) {
                                        if (0 != 0) {
                                            try {
                                                createAdminClient.close();
                                            } catch (Throwable th10) {
                                                th2.addSuppressed(th10);
                                            }
                                        } else {
                                            createAdminClient.close();
                                        }
                                    }
                                    try {
                                        createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "unauthorizedMapper", "password", "admin-cli", (String) null);
                                        th = null;
                                    } catch (ClientErrorException e6) {
                                        Assert.assertEquals(403L, e6.getResponse().getStatus());
                                    }
                                } catch (Throwable th11) {
                                    th2 = th11;
                                    throw th11;
                                }
                            } finally {
                                if (createAdminClient != null) {
                                    if (th2 != null) {
                                        try {
                                            createAdminClient.close();
                                        } catch (Throwable th12) {
                                            th2.addSuppressed(th12);
                                        }
                                    } else {
                                        createAdminClient.close();
                                    }
                                }
                            }
                        } catch (Throwable th13) {
                            th8 = th13;
                            throw th13;
                        }
                    } finally {
                    }
                } catch (Throwable th14) {
                    if (createAdminClient4 != null) {
                        if (0 != 0) {
                            try {
                                createAdminClient4.close();
                            } catch (Throwable th15) {
                                th6.addSuppressed(th15);
                            }
                        } else {
                            createAdminClient4.close();
                        }
                    }
                    throw th14;
                }
            } catch (Throwable th16) {
                th3 = th16;
                throw th16;
            }
            try {
                try {
                    createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                    Assert.fail("should fail with forbidden exception");
                    if (createAdminClient != null) {
                        if (0 != 0) {
                            try {
                                createAdminClient.close();
                            } catch (Throwable th17) {
                                th.addSuppressed(th17);
                            }
                        } else {
                            createAdminClient.close();
                        }
                    }
                    Keycloak createAdminClient6 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "groupManager", "password", "admin-cli", (String) null);
                    Throwable th18 = null;
                    try {
                        createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().clientLevel(clientRepresentation.getId()).add(linkedList3);
                        Assert.assertTrue(createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().anyMatch(roleRepresentation9 -> {
                            return roleRepresentation9.getName().equals("client-role");
                        }));
                        createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().clientLevel(clientRepresentation.getId()).remove(linkedList3);
                        Assert.assertEquals(1L, createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().realmLevel().listAvailable().size());
                        createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().realmLevel().add(linkedList);
                        createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().realmLevel().remove(linkedList);
                        try {
                            createAdminClient6.realm("test").users().get(userRepresentation3.getId()).roles().realmLevel().add(linkedList2);
                            Assert.fail("should fail with forbidden exception");
                        } catch (ClientErrorException e7) {
                            Assert.assertEquals(403L, e7.getResponse().getStatus());
                        }
                        try {
                            createAdminClient6.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                            Assert.fail("should fail with forbidden exception");
                        } catch (ClientErrorException e8) {
                            Assert.assertEquals(403L, e8.getResponse().getStatus());
                        }
                        Keycloak createAdminClient7 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "clientMapper", "password", "admin-cli", (String) null);
                        Throwable th19 = null;
                        try {
                            Assert.assertTrue(createAdminClient7.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().isEmpty());
                            createAdminClient7.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).add(linkedList3);
                            Assert.assertTrue(createAdminClient7.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().anyMatch(roleRepresentation10 -> {
                                return roleRepresentation10.getName().equals("client-role");
                            }));
                            Assert.assertTrue(createAdminClient7.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAvailable().isEmpty());
                            try {
                                createAdminClient7.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                                Assert.fail("should fail with forbidden exception");
                            } catch (ClientErrorException e9) {
                                Assert.assertEquals(403L, e9.getResponse().getStatus());
                            }
                            createAdminClient2 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "groupViewer", "password", "admin-cli", (String) null);
                            Throwable th20 = null;
                            try {
                                try {
                                    List list = createAdminClient2.realm("test").users().list();
                                    Assert.assertEquals(list.size(), 1L);
                                    Assert.assertEquals("groupmember", ((UserRepresentation) list.get(0)).getUsername());
                                    Iterator it = list.iterator();
                                    while (it.hasNext()) {
                                        System.out.println(((UserRepresentation) it.next()).getUsername());
                                    }
                                    if (createAdminClient2 != null) {
                                        if (0 != 0) {
                                            try {
                                                createAdminClient2.close();
                                            } catch (Throwable th21) {
                                                th20.addSuppressed(th21);
                                            }
                                        } else {
                                            createAdminClient2.close();
                                        }
                                    }
                                    Keycloak createAdminClient8 = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "noMapperGroupManager", "password", "admin-cli", (String) null);
                                    Throwable th22 = null;
                                    try {
                                        Assert.assertEquals(1L, createAdminClient8.realm("test").users().list().size());
                                        try {
                                            ApiUtil.createUserWithAdminClient(createAdminClient8.realm("test"), createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", true));
                                            Assert.fail("should fail with HTTP response code 403 Forbidden");
                                        } catch (WebApplicationException e10) {
                                            Assert.assertEquals(403L, e10.getResponse().getStatus());
                                        }
                                        UserRepresentation createUserRepresentation = createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", true);
                                        createUserRepresentation.setGroups(Collections.emptyList());
                                        try {
                                            ApiUtil.createUserWithAdminClient(createAdminClient8.realm("test"), createUserRepresentation);
                                            Assert.fail("should fail with HTTP response code 403 Forbidden");
                                        } catch (WebApplicationException e11) {
                                            Assert.assertEquals(403L, e11.getResponse().getStatus());
                                        }
                                        try {
                                            ApiUtil.createUserWithAdminClient(createAdminClient8.realm("test"), createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", (List<String>) Arrays.asList("wrong-group"), true));
                                            Assert.fail("should fail with HTTP response code 403 Forbidden");
                                        } catch (WebApplicationException e12) {
                                            Assert.assertEquals(403L, e12.getResponse().getStatus());
                                        }
                                        try {
                                            ApiUtil.createUserWithAdminClient(createAdminClient8.realm("test"), createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", (List<String>) Arrays.asList("restricted-group"), true));
                                            Assert.fail("should fail with HTTP response code 403 Forbidden");
                                        } catch (WebApplicationException e13) {
                                            Assert.assertEquals(403L, e13.getResponse().getStatus());
                                        }
                                        ApiUtil.createUserWithAdminClient(createAdminClient8.realm("test"), createUserRepresentation("new-group-member", "new-group-member@keycloak.org", "New", "Member", (List<String>) Arrays.asList("top"), true));
                                        Assert.assertEquals(2L, createAdminClient8.realm("test").users().list().size());
                                        if (createAdminClient8 != null) {
                                            if (0 == 0) {
                                                createAdminClient8.close();
                                                return;
                                            }
                                            try {
                                                createAdminClient8.close();
                                            } catch (Throwable th23) {
                                                th22.addSuppressed(th23);
                                            }
                                        }
                                    } catch (Throwable th24) {
                                        if (createAdminClient8 != null) {
                                            if (0 != 0) {
                                                try {
                                                    createAdminClient8.close();
                                                } catch (Throwable th25) {
                                                    th22.addSuppressed(th25);
                                                }
                                            } else {
                                                createAdminClient8.close();
                                            }
                                        }
                                        throw th24;
                                    }
                                } catch (Throwable th26) {
                                    th20 = th26;
                                    throw th26;
                                }
                            } finally {
                            }
                        } finally {
                            if (createAdminClient7 != null) {
                                if (0 != 0) {
                                    try {
                                        createAdminClient7.close();
                                    } catch (Throwable th27) {
                                        th19.addSuppressed(th27);
                                    }
                                } else {
                                    createAdminClient7.close();
                                }
                            }
                        }
                    } finally {
                        if (createAdminClient6 != null) {
                            if (0 != 0) {
                                try {
                                    createAdminClient6.close();
                                } catch (Throwable th28) {
                                    th18.addSuppressed(th28);
                                }
                            } else {
                                createAdminClient6.close();
                            }
                        }
                    }
                } catch (Throwable th29) {
                    th = th29;
                    throw th29;
                }
            } finally {
            }
        } finally {
            if (createAdminClient2 != null) {
                if (th3 != null) {
                    try {
                        createAdminClient2.close();
                    } catch (Throwable th30) {
                        th3.addSuppressed(th30);
                    }
                } else {
                    createAdminClient2.close();
                }
            }
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testMasterRealm() throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setupPolices);
        this.testingClient.server().run(FineGrainAdminUnitTest::setupUsers);
        UserRepresentation userRepresentation = (UserRepresentation) this.adminClient.realm("test").users().search("user1").get(0);
        RoleRepresentation representation = this.adminClient.realm("test").roles().get("realm-role").toRepresentation();
        LinkedList linkedList = new LinkedList();
        linkedList.add(representation);
        this.adminClient.realm("test").roles().get("realm-role2").toRepresentation();
        new LinkedList().add(representation);
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm("test").clients().findByClientId("application").get(0);
        RoleRepresentation representation2 = this.adminClient.realm("test").clients().get(clientRepresentation.getId()).roles().get("client-role").toRepresentation();
        LinkedList linkedList2 = new LinkedList();
        linkedList2.add(representation2);
        Keycloak createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting());
        Throwable th = null;
        try {
            try {
                createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().add(linkedList);
                Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().anyMatch(roleRepresentation -> {
                    return roleRepresentation.getName().equals("realm-role");
                }));
                createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().remove(linkedList);
                Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().realmLevel().listAll().stream().noneMatch(roleRepresentation2 -> {
                    return roleRepresentation2.getName().equals("realm-role");
                }));
                createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).add(linkedList2);
                Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().anyMatch(roleRepresentation3 -> {
                    return roleRepresentation3.getName().equals("client-role");
                }));
                createAdminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).remove(linkedList2);
                Assert.assertTrue(this.adminClient.realm("test").users().get(userRepresentation.getId()).roles().clientLevel(clientRepresentation.getId()).listAll().stream().noneMatch(roleRepresentation4 -> {
                    return roleRepresentation4.getName().equals("client-role");
                }));
                if (createAdminClient != null) {
                    if (0 == 0) {
                        createAdminClient.close();
                        return;
                    }
                    try {
                        createAdminClient.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (createAdminClient != null) {
                if (th != null) {
                    try {
                        createAdminClient.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    createAdminClient.close();
                }
            }
            throw th4;
        }
    }

    @Test
    public void testMasterRealmWithComposites() throws Exception {
        RoleRepresentation roleRepresentation = new RoleRepresentation();
        roleRepresentation.setName("composite");
        roleRepresentation.setComposite(true);
        this.adminClient.realm("test").roles().create(roleRepresentation);
        RoleRepresentation representation = this.adminClient.realm("test").roles().get("composite").toRepresentation();
        ClientRepresentation clientRepresentation = (ClientRepresentation) this.adminClient.realm("test").clients().findByClientId("realm-management").get(0);
        RoleRepresentation representation2 = this.adminClient.realm("test").clients().get(clientRepresentation.getId()).roles().get(AdminRoles.CREATE_CLIENT).toRepresentation();
        RoleRepresentation representation3 = this.adminClient.realm("test").clients().get(clientRepresentation.getId()).roles().get(AdminRoles.QUERY_REALMS).toRepresentation();
        LinkedList linkedList = new LinkedList();
        linkedList.add(representation2);
        linkedList.add(representation3);
        this.adminClient.realm("test").rolesById().addComposites(representation.getId(), linkedList);
    }

    public static void setup5152(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        RoleModel role = realmByName.getClientByClientId("realm-management").getRole(AdminRoles.REALM_ADMIN);
        UserModel addUser = keycloakSession.users().addUser(realmByName, "realm-admin");
        addUser.grantRole(role);
        addUser.setEnabled(true);
        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testRealmWithComposites() throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setup5152);
        Keycloak createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "test", "realm-admin", "password", "admin-cli", (String) null);
        Throwable th = null;
        try {
            RoleRepresentation roleRepresentation = new RoleRepresentation();
            roleRepresentation.setName("composite");
            roleRepresentation.setComposite(true);
            createAdminClient.realm("test").roles().create(roleRepresentation);
            RoleRepresentation representation = this.adminClient.realm("test").roles().get("composite").toRepresentation();
            RoleRepresentation representation2 = this.adminClient.realm("test").clients().get(((ClientRepresentation) this.adminClient.realm("test").clients().findByClientId("realm-management").get(0)).getId()).roles().get(AdminRoles.CREATE_CLIENT).toRepresentation();
            LinkedList linkedList = new LinkedList();
            linkedList.add(representation2);
            createAdminClient.realm("test").rolesById().addComposites(representation.getId(), linkedList);
            if (createAdminClient != null) {
                if (0 == 0) {
                    createAdminClient.close();
                    return;
                }
                try {
                    createAdminClient.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (createAdminClient != null) {
                if (0 != 0) {
                    try {
                        createAdminClient.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    createAdminClient.close();
                }
            }
            throw th3;
        }
    }

    public static void setupDeleteTest(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        RoleModel addRole = realmByName.addRole("removedRole");
        ClientModel addClient = realmByName.addClient("removedClient");
        RoleModel addRole2 = addClient.addRole("removedClientRole");
        GroupModel createGroup = realmByName.createGroup("removedGroup");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        management.roles().setPermissionsEnabled(addRole, true);
        management.roles().setPermissionsEnabled(addRole2, true);
        management.groups().setPermissionsEnabled(createGroup, true);
        management.clients().setPermissionsEnabled(addClient, true);
        management.users().setPermissionsEnabled(true);
    }

    public static void invokeDelete(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        Assert.assertEquals(5L, management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId()).size());
        realmByName.removeRole(realmByName.getRole("removedRole"));
        ClientModel clientByClientId = realmByName.getClientByClientId("removedClient");
        clientByClientId.removeRole(clientByClientId.getRole("removedClientRole"));
        realmByName.removeGroup(KeycloakModelUtils.findGroupByPath(realmByName, "removedGroup"));
        Assert.assertEquals(2L, management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId()).size());
        realmByName.removeClient(clientByClientId.getId());
        Assert.assertEquals(1L, management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId()).size());
        management.users().setPermissionsEnabled(false);
        Assert.assertNull(management.authz().getStoreFactory().getResourceStore().findByName("Users", management.realmResourceServer().getId()));
        Assert.assertEquals(0L, management.authz().getStoreFactory().getResourceStore().findByResourceServer(management.realmResourceServer().getId()).size());
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testRemoveCleanup() throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setupDeleteTest);
        this.testingClient.server().run(FineGrainAdminUnitTest::invokeDelete);
    }

    @Test
    public void testCreateRealmCreateClient() throws Exception {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName("fullScopedClient");
        clientRepresentation.setClientId("fullScopedClient");
        clientRepresentation.setFullScopeAllowed(true);
        clientRepresentation.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setEnabled(true);
        this.adminClient.realm("master").clients().create(clientRepresentation);
        Keycloak createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
        try {
            RealmRepresentation realmRepresentation = new RealmRepresentation();
            realmRepresentation.setRealm("anotherRealm");
            realmRepresentation.setId("anotherRealm");
            realmRepresentation.setEnabled(true);
            createAdminClient.realms().create(realmRepresentation);
            ClientRepresentation clientRepresentation2 = new ClientRepresentation();
            clientRepresentation2.setName("newClient");
            clientRepresentation2.setClientId("newClient");
            clientRepresentation2.setFullScopeAllowed(true);
            clientRepresentation2.setSecret("secret");
            clientRepresentation2.setProtocol("openid-connect");
            clientRepresentation2.setPublicClient(false);
            clientRepresentation2.setEnabled(true);
            Response create = createAdminClient.realm("anotherRealm").clients().create(clientRepresentation2);
            Assert.assertEquals(403L, create.getStatus());
            create.close();
            createAdminClient.close();
            createAdminClient = AdminClientUtil.createAdminClient(this.suiteContext.isAdapterCompatTesting(), "master", "admin", "admin", "fullScopedClient", "618268aa-51e6-4e64-93c4-3c0bc65b8171");
            Assert.assertThat(createAdminClient.realms().findAll().stream().map((v0) -> {
                return v0.getRealm();
            }).collect(Collectors.toSet()), Matchers.hasItem("anotherRealm"));
            Response create2 = createAdminClient.realm("anotherRealm").clients().create(clientRepresentation2);
            Assert.assertEquals(201L, create2.getStatus());
            create2.close();
            this.adminClient.realm("anotherRealm").remove();
            createAdminClient.close();
        } catch (Throwable th) {
            this.adminClient.realm("anotherRealm").remove();
            createAdminClient.close();
            throw th;
        }
    }

    @Test
    public void testCreateRealmCreateClientWithMaster() throws Exception {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setName("fullScopedClient");
        clientRepresentation.setClientId("fullScopedClient");
        clientRepresentation.setFullScopeAllowed(true);
        clientRepresentation.setSecret("618268aa-51e6-4e64-93c4-3c0bc65b8171");
        clientRepresentation.setProtocol("openid-connect");
        clientRepresentation.setPublicClient(false);
        clientRepresentation.setEnabled(true);
        this.adminClient.realm("master").clients().create(clientRepresentation);
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm("anotherRealm");
        realmRepresentation.setId("anotherRealm");
        realmRepresentation.setEnabled(true);
        this.adminClient.realms().create(realmRepresentation);
        try {
            ClientRepresentation clientRepresentation2 = new ClientRepresentation();
            clientRepresentation2.setName("newClient");
            clientRepresentation2.setClientId("newClient");
            clientRepresentation2.setFullScopeAllowed(true);
            clientRepresentation2.setSecret("secret");
            clientRepresentation2.setProtocol("openid-connect");
            clientRepresentation2.setPublicClient(false);
            clientRepresentation2.setEnabled(true);
            Response create = this.adminClient.realm("anotherRealm").clients().create(clientRepresentation2);
            Assert.assertEquals(201L, create.getStatus());
            create.close();
            this.adminClient.realm("anotherRealm").remove();
        } catch (Throwable th) {
            this.adminClient.realm("anotherRealm").remove();
            throw th;
        }
    }

    @Test
    @UncaughtServerErrorExpected
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testTokenExchangeDisabled() throws Exception {
        checkTokenExchange(false);
    }

    @UncaughtServerErrorExpected
    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    @EnableFeature(value = Profile.Feature.TOKEN_EXCHANGE, skipRestart = true)
    public void testWithTokenExchange() throws Exception {
        String checkTokenExchange = checkTokenExchange(true);
        Assert.assertNotNull(checkTokenExchange);
        Keycloak keycloak = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "master", "admin-cli", checkTokenExchange, TLSUtils.initializeTLS());
        Throwable th = null;
        try {
            try {
                Assert.assertNotNull(keycloak.realm("master").roles().get("offline_access"));
                if (keycloak != null) {
                    if (0 == 0) {
                        keycloak.close();
                        return;
                    }
                    try {
                        keycloak.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                }
            } catch (Throwable th3) {
                th = th3;
                throw th3;
            }
        } catch (Throwable th4) {
            if (keycloak != null) {
                if (th != null) {
                    try {
                        keycloak.close();
                    } catch (Throwable th5) {
                        th.addSuppressed(th5);
                    }
                } else {
                    keycloak.close();
                }
            }
            throw th4;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testUserPagination() {
        this.testingClient.server().run(keycloakSession -> {
            RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
            keycloakSession.getContext().setRealm(realmByName);
            GroupModel createGroup = keycloakSession.groups().createGroup(realmByName, "Customer A");
            UserModel addUser = keycloakSession.users().addUser(realmByName, "customer-a-manager");
            keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
            ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
            addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_USERS));
            addUser.setEnabled(true);
            UserModel addUser2 = keycloakSession.users().addUser(realmByName, "regular-admin-user");
            keycloakSession.userCredentialManager().updateCredential(realmByName, addUser2, UserCredentialModel.password("password"));
            addUser2.grantRole(clientByClientId.getRole(AdminRoles.VIEW_USERS));
            addUser2.setEnabled(true);
            AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
            GroupPermissionManagement groups = management.groups();
            groups.setPermissionsEnabled(createGroup, true);
            UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
            userPolicyRepresentation.setName("Only " + addUser.getUsername());
            userPolicyRepresentation.addUser(addUser.getId());
            Policy viewMembersPermission = groups.viewMembersPermission(createGroup);
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            viewMembersPermission.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer())));
            for (int i = 0; i < 20; i++) {
                keycloakSession.users().addUser(realmByName, "a" + i).setFirstName("test");
            }
            for (int i2 = 20; i2 < 40; i2++) {
                UserModel addUser3 = keycloakSession.users().addUser(realmByName, "b" + i2);
                addUser3.setFirstName("test");
                addUser3.joinGroup(createGroup);
            }
        });
        Keycloak keycloak = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", "admin-cli", TLSUtils.initializeTLS());
        Throwable th = null;
        try {
            List search = keycloak.realm("test").users().search((String) null, "test", (String) null, (String) null, -1, 20);
            Assert.assertEquals(20L, search.size());
            Assert.assertThat(search, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
            Assert.assertEquals(0L, keycloak.realm("test").users().search((String) null, "test", (String) null, (String) null, 20, 40).size());
            if (keycloak != null) {
                if (0 != 0) {
                    try {
                        keycloak.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    keycloak.close();
                }
            }
            Keycloak keycloak2 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
            Throwable th3 = null;
            try {
                List search2 = keycloak2.realm("test").users().search((String) null, "test", (String) null, (String) null, -1, 20);
                Assert.assertEquals(20L, search2.size());
                Assert.assertThat(search2, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
                keycloak2.realm("test").users().search((String) null, (String) null, (String) null, (String) null, -1, -1);
                Assert.assertEquals(20L, search2.size());
                Assert.assertThat(search2, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("a"))));
                if (keycloak2 != null) {
                    if (0 != 0) {
                        try {
                            keycloak2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        keycloak2.close();
                    }
                }
                Keycloak keycloak3 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "customer-a-manager", "password", "admin-cli", TLSUtils.initializeTLS());
                Throwable th5 = null;
                try {
                    List search3 = keycloak3.realm("test").users().search((String) null, (String) null, (String) null, (String) null, -1, 20);
                    Assert.assertEquals(20L, search3.size());
                    Assert.assertThat(search3, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
                    List search4 = keycloak3.realm("test").users().search("test", -1, 20, false);
                    Assert.assertEquals(20L, search4.size());
                    Assert.assertThat(search4, Matchers.everyItem(Matchers.hasProperty("username", Matchers.startsWith("b"))));
                    Assert.assertEquals(0L, keycloak3.realm("test").users().search("a", -1, 20, false).size());
                    if (keycloak3 != null) {
                        if (0 == 0) {
                            keycloak3.close();
                            return;
                        }
                        try {
                            keycloak3.close();
                        } catch (Throwable th6) {
                            th5.addSuppressed(th6);
                        }
                    }
                } catch (Throwable th7) {
                    if (keycloak3 != null) {
                        if (0 != 0) {
                            try {
                                keycloak3.close();
                            } catch (Throwable th8) {
                                th5.addSuppressed(th8);
                            }
                        } else {
                            keycloak3.close();
                        }
                    }
                    throw th7;
                }
            } catch (Throwable th9) {
                if (keycloak2 != null) {
                    if (0 != 0) {
                        try {
                            keycloak2.close();
                        } catch (Throwable th10) {
                            th3.addSuppressed(th10);
                        }
                    } else {
                        keycloak2.close();
                    }
                }
                throw th9;
            }
        } catch (Throwable th11) {
            if (keycloak != null) {
                if (0 != 0) {
                    try {
                        keycloak.close();
                    } catch (Throwable th12) {
                        th.addSuppressed(th12);
                    }
                } else {
                    keycloak.close();
                }
            }
            throw th11;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testClientsSearch() {
        this.testingClient.server().run(keycloakSession -> {
            RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
            keycloakSession.getContext().setRealm(realmByName);
            ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
            UserModel addUser = keycloakSession.users().addUser(realmByName, "regular-admin-user");
            keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
            addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_CLIENTS));
            addUser.setEnabled(true);
            UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
            userPolicyRepresentation.setName("Only " + addUser.getUsername());
            userPolicyRepresentation.addUser(addUser.getId());
            int i = 0;
            while (i < 30) {
                realmByName.addClient("client-search-" + (i < 10 ? "0" + i : Integer.valueOf(i)));
                i++;
            }
            AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
            ClientPermissionManagement clients = management.clients();
            ClientModel clientByClientId2 = realmByName.getClientByClientId("client-search-09");
            clients.setPermissionsEnabled(clientByClientId2, true);
            Policy viewPermission = clients.viewPermission(clientByClientId2);
            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
            viewPermission.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer())));
        });
        Keycloak keycloak = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
        Throwable th = null;
        try {
            List findAll = keycloak.realm("test").clients().findAll("client-search-", true, true, 0, 5);
            Assert.assertEquals(1L, findAll.size());
            Assert.assertEquals("client-search-09", ((ClientRepresentation) findAll.get(0)).getClientId());
            if (keycloak != null) {
                if (0 != 0) {
                    try {
                        keycloak.close();
                    } catch (Throwable th2) {
                        th.addSuppressed(th2);
                    }
                } else {
                    keycloak.close();
                }
            }
            this.testingClient.server().run(keycloakSession2 -> {
                RealmModel realmByName = keycloakSession2.realms().getRealmByName("test");
                keycloakSession2.getContext().setRealm(realmByName);
                ClientPermissionManagement clients = AdminPermissions.management(keycloakSession2, realmByName).clients();
                ClientModel clientByClientId = realmByName.getClientByClientId("client-search-10");
                clients.setPermissionsEnabled(clientByClientId, true);
                clients.viewPermission(clientByClientId).addAssociatedPolicy(keycloakSession2.getProvider(AuthorizationProvider.class).getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmByName.getClientByClientId("realm-management").getId()));
            });
            Keycloak keycloak2 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
            Throwable th3 = null;
            try {
                Assert.assertEquals(2L, keycloak2.realm("test").clients().findAll("client-search-", true, true, -1, -1).size());
                if (keycloak2 != null) {
                    if (0 != 0) {
                        try {
                            keycloak2.close();
                        } catch (Throwable th4) {
                            th3.addSuppressed(th4);
                        }
                    } else {
                        keycloak2.close();
                    }
                }
                Keycloak keycloak3 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
                Throwable th5 = null;
                try {
                    Assert.assertEquals(2L, keycloak3.realm("test").clients().findAll((String) null, true, false, 0, 5).size());
                    if (keycloak3 != null) {
                        if (0 != 0) {
                            try {
                                keycloak3.close();
                            } catch (Throwable th6) {
                                th5.addSuppressed(th6);
                            }
                        } else {
                            keycloak3.close();
                        }
                    }
                    Keycloak keycloak4 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
                    Throwable th7 = null;
                    try {
                        List findAll2 = keycloak4.realm("test").clients().findAll((String) null, true, false, 0, 1);
                        Assert.assertEquals(1L, findAll2.size());
                        Assert.assertThat(findAll2, Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-09"))));
                        Assert.assertThat(keycloak4.realm("test").clients().findAll((String) null, true, false, 1, 1), Matchers.hasItem(Matchers.hasProperty("clientId", Matchers.is("client-search-10"))));
                        Assert.assertEquals(1L, r0.size());
                        Assert.assertTrue(keycloak4.realm("test").clients().findAll((String) null, true, false, 2, 1).isEmpty());
                        if (keycloak4 != null) {
                            if (0 != 0) {
                                try {
                                    keycloak4.close();
                                } catch (Throwable th8) {
                                    th7.addSuppressed(th8);
                                }
                            } else {
                                keycloak4.close();
                            }
                        }
                        Keycloak keycloak5 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
                        Throwable th9 = null;
                        try {
                            Assert.assertEquals(2L, keycloak5.realm("test").clients().findAll((String) null, true, false, -1, -1).size());
                            if (keycloak5 != null) {
                                if (0 != 0) {
                                    try {
                                        keycloak5.close();
                                    } catch (Throwable th10) {
                                        th9.addSuppressed(th10);
                                    }
                                } else {
                                    keycloak5.close();
                                }
                            }
                            this.testingClient.server().run(keycloakSession3 -> {
                                RealmModel realmByName = keycloakSession3.realms().getRealmByName("test");
                                keycloakSession3.getContext().setRealm(realmByName);
                                ClientPermissionManagement clients = AdminPermissions.management(keycloakSession3, realmByName).clients();
                                for (int i = 11; i < 30; i++) {
                                    ClientModel clientByClientId = realmByName.getClientByClientId("client-search-" + i);
                                    clients.setPermissionsEnabled(clientByClientId, true);
                                    clients.viewPermission(clientByClientId).addAssociatedPolicy(keycloakSession3.getProvider(AuthorizationProvider.class).getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmByName.getClientByClientId("realm-management").getId()));
                                }
                            });
                            Keycloak keycloak6 = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
                            Throwable th11 = null;
                            try {
                                ArrayList arrayList = new ArrayList();
                                List findAll3 = keycloak6.realm("test").clients().findAll("client-search-", true, true, 0, 10);
                                arrayList.addAll(findAll3);
                                Assert.assertEquals(10L, findAll3.size());
                                Assert.assertThat(findAll3.stream().map(clientRepresentation -> {
                                    return clientRepresentation.getClientId();
                                }).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-09", "client-search-10", "client-search-11", "client-search-12", "client-search-13", "client-search-14", "client-search-15", "client-search-16", "client-search-17", "client-search-18")));
                                List findAll4 = keycloak6.realm("test").clients().findAll("client-search-", true, true, 10, 10);
                                arrayList.addAll(findAll4);
                                Assert.assertEquals(10L, findAll4.size());
                                Assert.assertThat(findAll4.stream().map(clientRepresentation2 -> {
                                    return clientRepresentation2.getClientId();
                                }).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-19", "client-search-20", "client-search-21", "client-search-22", "client-search-23", "client-search-24", "client-search-25", "client-search-26", "client-search-27", "client-search-28")));
                                List findAll5 = keycloak6.realm("test").clients().findAll("client-search-", true, true, 20, 10);
                                arrayList.addAll(findAll5);
                                Assert.assertEquals(1L, findAll5.size());
                                Assert.assertThat(findAll5, Matchers.hasItems(new Matcher[]{Matchers.hasProperty("clientId", Matchers.isOneOf(new String[]{"client-search-29"}))}));
                                if (keycloak6 != null) {
                                    if (0 == 0) {
                                        keycloak6.close();
                                        return;
                                    }
                                    try {
                                        keycloak6.close();
                                    } catch (Throwable th12) {
                                        th11.addSuppressed(th12);
                                    }
                                }
                            } catch (Throwable th13) {
                                if (keycloak6 != null) {
                                    if (0 != 0) {
                                        try {
                                            keycloak6.close();
                                        } catch (Throwable th14) {
                                            th11.addSuppressed(th14);
                                        }
                                    } else {
                                        keycloak6.close();
                                    }
                                }
                                throw th13;
                            }
                        } catch (Throwable th15) {
                            if (keycloak5 != null) {
                                if (0 != 0) {
                                    try {
                                        keycloak5.close();
                                    } catch (Throwable th16) {
                                        th9.addSuppressed(th16);
                                    }
                                } else {
                                    keycloak5.close();
                                }
                            }
                            throw th15;
                        }
                    } catch (Throwable th17) {
                        if (keycloak4 != null) {
                            if (0 != 0) {
                                try {
                                    keycloak4.close();
                                } catch (Throwable th18) {
                                    th7.addSuppressed(th18);
                                }
                            } else {
                                keycloak4.close();
                            }
                        }
                        throw th17;
                    }
                } catch (Throwable th19) {
                    if (keycloak3 != null) {
                        if (0 != 0) {
                            try {
                                keycloak3.close();
                            } catch (Throwable th20) {
                                th5.addSuppressed(th20);
                            }
                        } else {
                            keycloak3.close();
                        }
                    }
                    throw th19;
                }
            } catch (Throwable th21) {
                if (keycloak2 != null) {
                    if (0 != 0) {
                        try {
                            keycloak2.close();
                        } catch (Throwable th22) {
                            th3.addSuppressed(th22);
                        }
                    } else {
                        keycloak2.close();
                    }
                }
                throw th21;
            }
        } catch (Throwable th23) {
            if (keycloak != null) {
                if (0 != 0) {
                    try {
                        keycloak.close();
                    } catch (Throwable th24) {
                        th.addSuppressed(th24);
                    }
                } else {
                    keycloak.close();
                }
            }
            throw th23;
        }
    }

    @Test
    @AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
    public void testClientsSearchAfterFirstPage() {
        this.testingClient.server().run(keycloakSession -> {
            RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
            keycloakSession.getContext().setRealm(realmByName);
            ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
            UserModel addUser = keycloakSession.users().addUser(realmByName, "regular-admin-user");
            keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
            addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_CLIENTS));
            addUser.setEnabled(true);
            UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
            userPolicyRepresentation.setName("Only " + addUser.getUsername());
            userPolicyRepresentation.addUser(addUser.getId());
            AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
            ClientPermissionManagement clients = management.clients();
            int i = 15;
            while (i < 30) {
                ClientModel addClient = realmByName.addClient("client-search-" + (i < 10 ? "0" + i : Integer.valueOf(i)));
                clients.setPermissionsEnabled(addClient, true);
                Policy viewPermission = clients.viewPermission(addClient);
                AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
                if (i == 15) {
                    provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
                }
                viewPermission.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", clientByClientId.getId()));
                i++;
            }
        });
        Keycloak keycloak = Keycloak.getInstance(ServerURLs.getAuthServerContextRoot() + "/auth", "test", "regular-admin-user", "password", "admin-cli", TLSUtils.initializeTLS());
        Throwable th = null;
        try {
            ArrayList arrayList = new ArrayList();
            List findAll = keycloak.realm("test").clients().findAll("client-search-", true, true, 0, 10);
            arrayList.addAll(findAll);
            Assert.assertEquals(10L, findAll.size());
            Assert.assertThat(findAll.stream().map(clientRepresentation -> {
                return clientRepresentation.getClientId();
            }).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-15", "client-search-16", "client-search-17", "client-search-18", "client-search-19", "client-search-20", "client-search-21", "client-search-22", "client-search-23", "client-search-24")));
            List findAll2 = keycloak.realm("test").clients().findAll("client-search-", true, true, 10, 10);
            arrayList.addAll(findAll2);
            Assert.assertEquals(5L, findAll2.size());
            Assert.assertThat(findAll2.stream().map(clientRepresentation2 -> {
                return clientRepresentation2.getClientId();
            }).collect(Collectors.toList()), Matchers.is(Arrays.asList("client-search-25", "client-search-26", "client-search-27", "client-search-28", "client-search-29")));
            List findAll3 = keycloak.realm("test").clients().findAll("client-search-", true, true, 20, 10);
            arrayList.addAll(findAll3);
            Assert.assertTrue(findAll3.isEmpty());
            if (keycloak != null) {
                if (0 == 0) {
                    keycloak.close();
                    return;
                }
                try {
                    keycloak.close();
                } catch (Throwable th2) {
                    th.addSuppressed(th2);
                }
            }
        } catch (Throwable th3) {
            if (keycloak != null) {
                if (0 != 0) {
                    try {
                        keycloak.close();
                    } catch (Throwable th4) {
                        th.addSuppressed(th4);
                    }
                } else {
                    keycloak.close();
                }
            }
            throw th3;
        }
    }

    private String checkTokenExchange(boolean z) throws Exception {
        this.testingClient.server().run(FineGrainAdminUnitTest::setupTokenExchange);
        this.oauth.realm("master");
        this.oauth.clientId(KcinitTest.KCINIT_CLIENT);
        String str = null;
        String accessToken = this.oauth.doGrantAccessTokenRequest("password", "admin", "admin").getAccessToken();
        Assert.assertNotNull(accessToken);
        try {
            str = this.oauth.doTokenExchange("master", accessToken, "admin-cli", KcinitTest.KCINIT_CLIENT, "password").getAccessToken();
        } catch (AssertionError e) {
            this.log.info("Error message is expected from oauth: " + e.getMessage());
        }
        if (z) {
            Assert.assertNotNull(str);
        } else {
            Assert.assertNull(str);
        }
        return str;
    }

    private static void setupTokenExchange(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("master");
        if (keycloakSession.clients().getClientByClientId(realmByName, KcinitTest.KCINIT_CLIENT) != null) {
            return;
        }
        ClientModel addClient = realmByName.addClient(KcinitTest.KCINIT_CLIENT);
        addClient.setEnabled(true);
        addClient.addRedirectUri("http://localhost:*");
        addClient.setPublicClient(false);
        addClient.setSecret("password");
        addClient.setDirectAccessGrantsEnabled(true);
        ClientModel clientByClientId = realmByName.getClientByClientId("admin-cli");
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        management.clients().setPermissionsEnabled(clientByClientId, true);
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setName("to");
        clientPolicyRepresentation.addClient(new String[]{addClient.getId()});
        management.clients().exchangeToPermission(clientByClientId).addAssociatedPolicy(management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRepresentation, management.realmResourceServer()));
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1959206369:
                if (implMethodName.equals("lambda$testUserPagination$26a8868a$1")) {
                    z = 5;
                    break;
                }
                break;
            case -1637463105:
                if (implMethodName.equals("setupTokenExchange")) {
                    z = 9;
                    break;
                }
                break;
            case -1005989838:
                if (implMethodName.equals("lambda$testClientsSearch$26a8868a$1")) {
                    z = 11;
                    break;
                }
                break;
            case -1005989837:
                if (implMethodName.equals("lambda$testClientsSearch$26a8868a$2")) {
                    z = 10;
                    break;
                }
                break;
            case -1005989836:
                if (implMethodName.equals("lambda$testClientsSearch$26a8868a$3")) {
                    z = 12;
                    break;
                }
                break;
            case -916030397:
                if (implMethodName.equals("invokeDelete")) {
                    z = 2;
                    break;
                }
                break;
            case 363745082:
                if (implMethodName.equals("setupDeleteTest")) {
                    z = 7;
                    break;
                }
                break;
            case 1061251467:
                if (implMethodName.equals("setupUsers")) {
                    z = 6;
                    break;
                }
                break;
            case 1557236278:
                if (implMethodName.equals("setup5152")) {
                    z = 4;
                    break;
                }
                break;
            case 1557734912:
                if (implMethodName.equals("setupDemo")) {
                    z = 8;
                    break;
                }
                break;
            case 1704527320:
                if (implMethodName.equals("setupPolices")) {
                    z = true;
                    break;
                }
                break;
            case 1828322143:
                if (implMethodName.equals("evaluateLocally")) {
                    z = 3;
                    break;
                }
                break;
            case 1963937551:
                if (implMethodName.equals("lambda$testClientsSearchAfterFirstPage$26a8868a$1")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession -> {
                        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
                        keycloakSession.getContext().setRealm(realmByName);
                        ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
                        UserModel addUser = keycloakSession.users().addUser(realmByName, "regular-admin-user");
                        keycloakSession.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
                        addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_CLIENTS));
                        addUser.setEnabled(true);
                        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
                        userPolicyRepresentation.setName("Only " + addUser.getUsername());
                        userPolicyRepresentation.addUser(addUser.getId());
                        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
                        ClientPermissionManagement clients = management.clients();
                        int i = 15;
                        while (i < 30) {
                            ClientModel addClient = realmByName.addClient("client-search-" + (i < 10 ? "0" + i : Integer.valueOf(i)));
                            clients.setPermissionsEnabled(addClient, true);
                            Policy viewPermission = clients.viewPermission(addClient);
                            AuthorizationProvider provider = keycloakSession.getProvider(AuthorizationProvider.class);
                            if (i == 15) {
                                provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer());
                            }
                            viewPermission.addAssociatedPolicy(provider.getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", clientByClientId.getId()));
                            i++;
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupPolices;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupPolices;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupPolices;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::invokeDelete;
                }
                break;
            case RefreshTokenTest.ALLOWED_CLOCK_SKEW /* 3 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::evaluateLocally;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setup5152;
                }
                break;
            case ConcurrentAuthnRequestTest.CONCURRENT_THREADS /* 5 */:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession2 -> {
                        RealmModel realmByName = keycloakSession2.realms().getRealmByName("test");
                        keycloakSession2.getContext().setRealm(realmByName);
                        GroupModel createGroup = keycloakSession2.groups().createGroup(realmByName, "Customer A");
                        UserModel addUser = keycloakSession2.users().addUser(realmByName, "customer-a-manager");
                        keycloakSession2.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
                        ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
                        addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_USERS));
                        addUser.setEnabled(true);
                        UserModel addUser2 = keycloakSession2.users().addUser(realmByName, "regular-admin-user");
                        keycloakSession2.userCredentialManager().updateCredential(realmByName, addUser2, UserCredentialModel.password("password"));
                        addUser2.grantRole(clientByClientId.getRole(AdminRoles.VIEW_USERS));
                        addUser2.setEnabled(true);
                        AdminPermissionManagement management = AdminPermissions.management(keycloakSession2, realmByName);
                        GroupPermissionManagement groups = management.groups();
                        groups.setPermissionsEnabled(createGroup, true);
                        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
                        userPolicyRepresentation.setName("Only " + addUser.getUsername());
                        userPolicyRepresentation.addUser(addUser.getId());
                        Policy viewMembersPermission = groups.viewMembersPermission(createGroup);
                        AuthorizationProvider provider = keycloakSession2.getProvider(AuthorizationProvider.class);
                        viewMembersPermission.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer())));
                        for (int i = 0; i < 20; i++) {
                            keycloakSession2.users().addUser(realmByName, "a" + i).setFirstName("test");
                        }
                        for (int i2 = 20; i2 < 40; i2++) {
                            UserModel addUser3 = keycloakSession2.users().addUser(realmByName, "b" + i2);
                            addUser3.setFirstName("test");
                            addUser3.joinGroup(createGroup);
                        }
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupUsers;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupUsers;
                }
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupUsers;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupDeleteTest;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupDemo;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return FineGrainAdminUnitTest::setupTokenExchange;
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession22 -> {
                        RealmModel realmByName = keycloakSession22.realms().getRealmByName("test");
                        keycloakSession22.getContext().setRealm(realmByName);
                        ClientPermissionManagement clients = AdminPermissions.management(keycloakSession22, realmByName).clients();
                        ClientModel clientByClientId = realmByName.getClientByClientId("client-search-10");
                        clients.setPermissionsEnabled(clientByClientId, true);
                        clients.viewPermission(clientByClientId).addAssociatedPolicy(keycloakSession22.getProvider(AuthorizationProvider.class).getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmByName.getClientByClientId("realm-management").getId()));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession3 -> {
                        RealmModel realmByName = keycloakSession3.realms().getRealmByName("test");
                        keycloakSession3.getContext().setRealm(realmByName);
                        ClientModel clientByClientId = realmByName.getClientByClientId("realm-management");
                        UserModel addUser = keycloakSession3.users().addUser(realmByName, "regular-admin-user");
                        keycloakSession3.userCredentialManager().updateCredential(realmByName, addUser, UserCredentialModel.password("password"));
                        addUser.grantRole(clientByClientId.getRole(AdminRoles.QUERY_CLIENTS));
                        addUser.setEnabled(true);
                        UserPolicyRepresentation userPolicyRepresentation = new UserPolicyRepresentation();
                        userPolicyRepresentation.setName("Only " + addUser.getUsername());
                        userPolicyRepresentation.addUser(addUser.getId());
                        int i = 0;
                        while (i < 30) {
                            realmByName.addClient("client-search-" + (i < 10 ? "0" + i : Integer.valueOf(i)));
                            i++;
                        }
                        AdminPermissionManagement management = AdminPermissions.management(keycloakSession3, realmByName);
                        ClientPermissionManagement clients = management.clients();
                        ClientModel clientByClientId2 = realmByName.getClientByClientId("client-search-09");
                        clients.setPermissionsEnabled(clientByClientId2, true);
                        Policy viewPermission = clients.viewPermission(clientByClientId2);
                        AuthorizationProvider provider = keycloakSession3.getProvider(AuthorizationProvider.class);
                        viewPermission.addAssociatedPolicy(RepresentationToModel.toModel(userPolicyRepresentation, provider, provider.getStoreFactory().getPolicyStore().create(userPolicyRepresentation, management.realmResourceServer())));
                    };
                }
                break;
            case true:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/admin/FineGrainAdminUnitTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return keycloakSession32 -> {
                        RealmModel realmByName = keycloakSession32.realms().getRealmByName("test");
                        keycloakSession32.getContext().setRealm(realmByName);
                        ClientPermissionManagement clients = AdminPermissions.management(keycloakSession32, realmByName).clients();
                        for (int i = 11; i < 30; i++) {
                            ClientModel clientByClientId = realmByName.getClientByClientId("client-search-" + i);
                            clients.setPermissionsEnabled(clientByClientId, true);
                            clients.viewPermission(clientByClientId).addAssociatedPolicy(keycloakSession32.getProvider(AuthorizationProvider.class).getStoreFactory().getPolicyStore().findByName("Only regular-admin-user", realmByName.getClientByClientId("realm-management").getId()));
                        }
                    };
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
