package org.keycloak.testsuite.broker;

import com.google.common.collect.ImmutableMap;
import java.io.FileInputStream;
import java.lang.invoke.SerializedLambda;
import java.util.List;
import java.util.Properties;
import javax.ws.rs.client.Client;
import javax.ws.rs.client.Entity;
import javax.ws.rs.client.WebTarget;
import javax.ws.rs.core.Form;
import javax.ws.rs.core.Response;
import org.jboss.arquillian.graphene.Graphene;
import org.jboss.arquillian.graphene.page.Page;
import org.jboss.resteasy.client.jaxrs.ResteasyClient;
import org.junit.After;
import org.junit.Assert;
import org.junit.Assume;
import org.junit.Before;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.resource.IdentityProviderResource;
import org.keycloak.authorization.model.Policy;
import org.keycloak.common.Profile;
import org.keycloak.models.ClientModel;
import org.keycloak.models.IdentityProviderMapperSyncMode;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.idm.IdentityProviderMapperRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.ClientPolicyRepresentation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.services.resources.admin.permissions.AdminPermissionManagement;
import org.keycloak.services.resources.admin.permissions.AdminPermissions;
import org.keycloak.testsuite.AbstractKeycloakTest;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;
import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
import org.keycloak.testsuite.arquillian.annotation.UncaughtServerErrorExpected;
import org.keycloak.testsuite.auth.page.login.UpdateAccount;
import org.keycloak.testsuite.pages.LoginPage;
import org.keycloak.testsuite.pages.social.AbstractSocialLoginPage;
import org.keycloak.testsuite.pages.social.BitbucketLoginPage;
import org.keycloak.testsuite.pages.social.FacebookLoginPage;
import org.keycloak.testsuite.pages.social.GitHubLoginPage;
import org.keycloak.testsuite.pages.social.GitLabLoginPage;
import org.keycloak.testsuite.pages.social.GoogleLoginPage;
import org.keycloak.testsuite.pages.social.InstagramLoginPage;
import org.keycloak.testsuite.pages.social.LinkedInLoginPage;
import org.keycloak.testsuite.pages.social.MicrosoftLoginPage;
import org.keycloak.testsuite.pages.social.OpenShiftLoginPage;
import org.keycloak.testsuite.pages.social.PayPalLoginPage;
import org.keycloak.testsuite.pages.social.StackOverflowLoginPage;
import org.keycloak.testsuite.pages.social.TwitterLoginPage;
import org.keycloak.testsuite.util.AdminClientUtil;
import org.keycloak.testsuite.util.IdentityProviderBuilder;
import org.keycloak.testsuite.util.OAuthClient;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.URLUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.util.BasicAuthHelper;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
@DisableFeature(value = Profile.Feature.ACCOUNT2, skipRestart = true)
/* loaded from: input_file:org/keycloak/testsuite/broker/SocialLoginTest.class */
public class SocialLoginTest extends AbstractKeycloakTest {
    public static final String SOCIAL_CONFIG = "social.config";
    public static final String REALM = "social";
    public static final String EXCHANGE_CLIENT = "exchange-client";
    private static final Properties config = new Properties();

    @Page
    private LoginPage loginPage;

    @Page
    private UpdateAccount updateAccountPage;
    private Provider currentTestProvider = null;
    private AbstractSocialLoginPage currentSocialLoginPage = null;

    /* loaded from: input_file:org/keycloak/testsuite/broker/SocialLoginTest$Provider.class */
    public enum Provider {
        GOOGLE("google", GoogleLoginPage.class),
        GOOGLE_HOSTED_DOMAIN("google", "google-hosted-domain", GoogleLoginPage.class),
        GOOGLE_NON_MATCHING_HOSTED_DOMAIN("google", "google-hosted-domain", GoogleLoginPage.class),
        FACEBOOK("facebook", FacebookLoginPage.class),
        FACEBOOK_INCLUDE_BIRTHDAY("facebook", FacebookLoginPage.class),
        GITHUB("github", GitHubLoginPage.class),
        GITHUB_PRIVATE_EMAIL("github", "github-private-email", GitHubLoginPage.class),
        TWITTER("twitter", TwitterLoginPage.class),
        LINKEDIN("linkedin", LinkedInLoginPage.class),
        MICROSOFT("microsoft", MicrosoftLoginPage.class),
        PAYPAL("paypal", PayPalLoginPage.class),
        STACKOVERFLOW("stackoverflow", StackOverflowLoginPage.class),
        OPENSHIFT("openshift-v3", OpenShiftLoginPage.class),
        OPENSHIFT4("openshift-v4", OpenShiftLoginPage.class),
        OPENSHIFT4_KUBE_ADMIN("openshift-v4", "openshift-v4-admin", OpenShiftLoginPage.class),
        GITLAB("gitlab", GitLabLoginPage.class),
        BITBUCKET("bitbucket", BitbucketLoginPage.class),
        INSTAGRAM("instagram", InstagramLoginPage.class);

        private final String id;
        private final Class<? extends AbstractSocialLoginPage> pageObjectClazz;
        private String configId;

        Provider(String str, Class cls) {
            this.configId = null;
            this.id = str;
            this.pageObjectClazz = cls;
        }

        Provider(String str, String str2, Class cls) {
            this.configId = null;
            this.id = str;
            this.pageObjectClazz = cls;
            this.configId = str2;
        }

        public String id() {
            return this.id;
        }

        public Class<? extends AbstractSocialLoginPage> pageObjectClazz() {
            return this.pageObjectClazz;
        }

        public String configId() {
            return this.configId != null ? this.configId : this.id;
        }
    }

    @BeforeClass
    public static void loadConfig() throws Exception {
        Assume.assumeTrue(System.getProperties().containsKey(SOCIAL_CONFIG));
        config.load(new FileInputStream(System.getProperty(SOCIAL_CONFIG)));
    }

    @Before
    public void beforeSocialLoginTest() {
        this.accountPage.setAuthRealm(REALM);
    }

    @After
    public void afterSocialLoginTest() {
        this.currentTestProvider = null;
    }

    private void removeUser() {
        for (UserRepresentation userRepresentation : this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null)) {
            if (userRepresentation.getServiceAccountClientId() == null) {
                this.log.infof("removing test user '%s'", userRepresentation.getUsername());
                this.adminClient.realm(REALM).users().get(userRepresentation.getId()).remove();
            }
        }
    }

    private void setTestProvider(Provider provider) {
        this.adminClient.realm(REALM).identityProviders().create(buildIdp(provider));
        this.log.infof("added '%s' identity provider", provider.id());
        this.currentTestProvider = provider;
        this.currentSocialLoginPage = (AbstractSocialLoginPage) Graphene.createPageFragment(this.currentTestProvider.pageObjectClazz(), this.driver.findElement(By.tagName("html")));
        if (provider == Provider.OPENSHIFT4 || provider == Provider.OPENSHIFT4_KUBE_ADMIN) {
            this.currentSocialLoginPage.setUserLoginLinkTitle(getConfig(this.currentTestProvider, "loginBtnTitle"));
        }
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        list.add(RealmBuilder.create().name(REALM).build());
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    protected boolean isImportAfterEachMethod() {
        return true;
    }

    public static void setupClientExchangePermissions(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName(REALM);
        if (keycloakSession.clients().getClientByClientId(realmByName, EXCHANGE_CLIENT) != null) {
            return;
        }
        ClientModel addClient = realmByName.addClient(EXCHANGE_CLIENT);
        addClient.setSecret("secret");
        addClient.setPublicClient(false);
        addClient.setProtocol("openid-connect");
        addClient.setEnabled(true);
        addClient.setDirectAccessGrantsEnabled(true);
        ClientPolicyRepresentation clientPolicyRepresentation = new ClientPolicyRepresentation();
        clientPolicyRepresentation.setName("client-policy");
        clientPolicyRepresentation.addClient(new String[]{addClient.getId()});
        AdminPermissionManagement management = AdminPermissions.management(keycloakSession, realmByName);
        management.users().setPermissionsEnabled(true);
        Policy create = management.authz().getStoreFactory().getPolicyStore().create(clientPolicyRepresentation, management.realmResourceServer());
        management.users().adminImpersonatingPermission().addAssociatedPolicy(create);
        management.users().adminImpersonatingPermission().setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        realmByName.getIdentityProvidersStream().forEach(identityProviderModel -> {
            management.idps().setPermissionsEnabled(identityProviderModel, true);
            management.idps().exchangeToPermission(identityProviderModel).addAssociatedPolicy(create);
        });
    }

    @Test
    @UncaughtServerErrorExpected
    public void openshiftLogin() {
        setTestProvider(Provider.OPENSHIFT);
        performLogin();
        assertUpdateProfile(false, false, true);
        assertAccount();
        testTokenExchange();
    }

    @Test
    @UncaughtServerErrorExpected
    public void openshift4Login() {
        setTestProvider(Provider.OPENSHIFT4);
        performLogin();
        assertUpdateProfile(false, false, true);
        assertAccount();
        testTokenExchange();
    }

    @Test
    public void openshift4KubeAdminLogin() {
        setTestProvider(Provider.OPENSHIFT4_KUBE_ADMIN);
        performLogin();
        assertUpdateProfile(true, true, true);
        assertAccount();
    }

    @Test
    @UncaughtServerErrorExpected
    public void openshift4LoginWithGroupsMapper() {
        setTestProvider(Provider.OPENSHIFT4);
        addAttributeMapper("ocp-groups", "groups");
        performLogin();
        assertUpdateProfile(false, false, true);
        assertAccount();
        assertAttribute("ocp-groups", getConfig("groups"));
    }

    @Test
    @UncaughtServerErrorExpected
    public void googleLogin() throws InterruptedException {
        setTestProvider(Provider.GOOGLE);
        performLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    @UncaughtServerErrorExpected
    public void googleHostedDomainLogin() throws InterruptedException {
        setTestProvider(Provider.GOOGLE_HOSTED_DOMAIN);
        navigateToLoginPage();
        Assert.assertTrue(this.driver.getCurrentUrl().contains("hd=" + getConfig(Provider.GOOGLE_HOSTED_DOMAIN, "hostedDomain")));
        doLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    public void googleNonMatchingHostedDomainLogin() throws InterruptedException {
        setTestProvider(Provider.GOOGLE_NON_MATCHING_HOSTED_DOMAIN);
        navigateToLoginPage();
        Assert.assertTrue(this.driver.getCurrentUrl().contains("hd=non-matching-hosted-domain"));
        doLogin();
        WaitUtils.waitForPageToLoad();
        WebElement findElement = this.driver.findElement(By.xpath(".//p[@class='instruction']"));
        Assert.assertTrue(findElement.isDisplayed());
        Assert.assertEquals("Unexpected error when authenticating with identity provider", findElement.getText());
    }

    @Test
    @UncaughtServerErrorExpected
    public void bitbucketLogin() throws InterruptedException {
        setTestProvider(Provider.BITBUCKET);
        performLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    @UncaughtServerErrorExpected
    public void gitlabLogin() throws InterruptedException {
        setTestProvider(Provider.GITLAB);
        performLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    @UncaughtServerErrorExpected
    public void facebookLogin() throws InterruptedException {
        setTestProvider(Provider.FACEBOOK);
        performLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    @UncaughtServerErrorExpected
    public void facebookLoginWithEnhancedScope() throws InterruptedException {
        setTestProvider(Provider.FACEBOOK_INCLUDE_BIRTHDAY);
        addAttributeMapper("birthday", "birthday");
        performLogin();
        assertAccount();
        assertAttribute("birthday", getConfig("profile.birthday"));
        testTokenExchange();
    }

    @Test
    public void instagramLogin() throws InterruptedException {
        setTestProvider(Provider.INSTAGRAM);
        performLogin();
        assertUpdateProfile(true, true, true);
        assertAccount();
    }

    @Test
    @UncaughtServerErrorExpected
    public void githubLogin() throws InterruptedException {
        setTestProvider(Provider.GITHUB);
        performLogin();
        assertAccount();
        testTokenExchange();
    }

    @Test
    public void githubPrivateEmailLogin() throws InterruptedException {
        setTestProvider(Provider.GITHUB_PRIVATE_EMAIL);
        performLogin();
        assertAccount();
    }

    @Test
    public void twitterLogin() {
        setTestProvider(Provider.TWITTER);
        performLogin();
        assertUpdateProfile(false, false, true);
        assertAccount();
    }

    @Test
    public void linkedinLogin() {
        setTestProvider(Provider.LINKEDIN);
        performLogin();
        assertAccount();
    }

    @Test
    public void microsoftLogin() {
        setTestProvider(Provider.MICROSOFT);
        performLogin();
        assertAccount();
    }

    @Test
    public void paypalLogin() {
        setTestProvider(Provider.PAYPAL);
        performLogin();
        assertAccount();
    }

    @Test
    public void stackoverflowLogin() throws InterruptedException {
        setTestProvider(Provider.STACKOVERFLOW);
        performLogin();
        assertUpdateProfile(false, false, true);
        assertAccount();
    }

    public IdentityProviderRepresentation buildIdp(Provider provider) {
        IdentityProviderRepresentation build = IdentityProviderBuilder.create().alias(provider.id()).providerId(provider.id()).build();
        build.setEnabled(true);
        build.setStoreToken(true);
        build.getConfig().put("clientId", getConfig(provider, "clientId"));
        build.getConfig().put("clientSecret", getConfig(provider, "clientSecret"));
        if (provider == Provider.GOOGLE_HOSTED_DOMAIN) {
            String config2 = getConfig(provider, "hostedDomain");
            if (config2 == null) {
                throw new IllegalArgumentException("'hostedDomain' for Google IdP must be specified");
            }
            build.getConfig().put("hostedDomain", config2);
        }
        if (provider == Provider.GOOGLE_NON_MATCHING_HOSTED_DOMAIN) {
            build.getConfig().put("hostedDomain", "non-matching-hosted-domain");
        }
        if (provider == Provider.STACKOVERFLOW) {
            build.getConfig().put("key", getConfig(provider, "clientKey"));
        }
        if (provider == Provider.OPENSHIFT || provider == Provider.OPENSHIFT4 || provider == Provider.OPENSHIFT4_KUBE_ADMIN) {
            build.getConfig().put("baseUrl", getConfig(provider, "baseUrl"));
        }
        if (provider == Provider.PAYPAL) {
            build.getConfig().put("sandbox", getConfig(provider, "sandbox"));
        }
        if (provider == Provider.FACEBOOK_INCLUDE_BIRTHDAY) {
            build.getConfig().put("defaultScope", "public_profile,email,user_birthday");
            build.getConfig().put("fetchedFields", "birthday");
        }
        return build;
    }

    private void addAttributeMapper(String str, String str2) {
        IdentityProviderResource identityProviderResource = this.adminClient.realm(REALM).identityProviders().get(this.currentTestProvider.id);
        IdentityProviderRepresentation representation = identityProviderResource.toRepresentation();
        IdentityProviderMapperRepresentation identityProviderMapperRepresentation = new IdentityProviderMapperRepresentation();
        identityProviderMapperRepresentation.setName(str);
        identityProviderMapperRepresentation.setIdentityProviderAlias(representation.getAlias());
        identityProviderMapperRepresentation.setIdentityProviderMapper(this.currentTestProvider.id + "-user-attribute-mapper");
        identityProviderMapperRepresentation.setConfig(ImmutableMap.builder().put("syncMode", IdentityProviderMapperSyncMode.IMPORT.toString()).put("jsonField", str2).put("userAttribute", str).build());
        identityProviderResource.addMapper(identityProviderMapperRepresentation).close();
    }

    private String getConfig(Provider provider, String str) {
        String str2 = provider.configId() + "." + str;
        return System.getProperty("social." + str2, config.getProperty(str2, config.getProperty("common." + str)));
    }

    private String getConfig(String str) {
        return getConfig(this.currentTestProvider, str);
    }

    private void performLogin() {
        navigateToLoginPage();
        doLogin();
    }

    private void navigateToLoginPage() {
        this.currentSocialLoginPage.logout();
        this.accountPage.navigateTo();
        this.loginPage.clickSocial(this.currentTestProvider.id());
        WaitUtils.pause(3000L);
        WaitUtils.waitForPageToLoad();
    }

    private void doLogin() {
        if (URLUtils.currentUrlDoesntStartWith(getAuthServerRoot().toASCIIString())) {
            this.log.infof("current URL: %s", this.driver.getCurrentUrl());
            this.log.infof("performing log in to '%s' ...", this.currentTestProvider.id());
            this.currentSocialLoginPage.login(getConfig("username"), getConfig("password"));
        } else {
            this.log.infof("already logged in to '%s'; skipping the login process", this.currentTestProvider.id());
        }
        WaitUtils.pause(3000L);
        WaitUtils.waitForPageToLoad();
    }

    private void assertAccount() {
        Assert.assertTrue(URLUtils.currentUrlStartsWith(this.accountPage.toString()));
        Assert.assertEquals(getConfig("profile.firstName"), this.accountPage.getFirstName());
        Assert.assertEquals(getConfig("profile.lastName"), this.accountPage.getLastName());
        Assert.assertEquals(getConfig("profile.email"), this.accountPage.getEmail());
    }

    private void assertAttribute(String str, String str2) {
        List search = this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        Assert.assertNotNull(((UserRepresentation) search.get(0)).getAttributes());
        Assert.assertNotNull(((UserRepresentation) search.get(0)).getAttributes().get(str));
        Assert.assertEquals(str2, ((List) ((UserRepresentation) search.get(0)).getAttributes().get(str)).get(0));
    }

    private void assertUpdateProfile(boolean z, boolean z2, boolean z3) {
        Assert.assertTrue(URLUtils.currentUrlDoesntStartWith(this.accountPage.toString()));
        if (z) {
            Assert.assertTrue(this.updateAccountPage.fields().getFirstName().isEmpty());
            this.updateAccountPage.fields().setFirstName(getConfig("profile.firstName"));
        } else {
            Assert.assertEquals(getConfig("profile.firstName"), this.updateAccountPage.fields().getFirstName());
        }
        if (z2) {
            Assert.assertTrue(this.updateAccountPage.fields().getLastName().isEmpty());
            this.updateAccountPage.fields().setLastName(getConfig("profile.lastName"));
        } else {
            Assert.assertEquals(getConfig("profile.lastName"), this.updateAccountPage.fields().getLastName());
        }
        if (z3) {
            Assert.assertTrue(this.updateAccountPage.fields().getEmail().isEmpty());
            this.updateAccountPage.fields().setEmail(getConfig("profile.email"));
        } else {
            Assert.assertEquals(getConfig("profile.email"), this.updateAccountPage.fields().getEmail());
        }
        this.updateAccountPage.submit();
    }

    private WebTarget getExchangeUrl(Client client) {
        return client.target(OAuthClient.AUTH_SERVER_ROOT).path("/realms").path(REALM).path("protocol/openid-connect/token");
    }

    private AccessTokenResponse checkFeature(int i, String str) {
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        Response response = null;
        try {
            this.testingClient.server().run(SocialLoginTest::setupClientExchangePermissions);
            response = getExchangeUrl(createResteasyClient).request().header("Authorization", BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("requested_subject", str).param("requested_token_type", "urn:ietf:params:oauth:token-type:access_token").param("requested_issuer", this.currentTestProvider.id())));
            Assert.assertEquals(i, response.getStatus());
            if (i != Response.Status.OK.getStatusCode()) {
                if (response != null) {
                    response.close();
                }
                createResteasyClient.close();
                return null;
            }
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) response.readEntity(AccessTokenResponse.class);
            if (response != null) {
                response.close();
            }
            createResteasyClient.close();
            return accessTokenResponse;
        } catch (Throwable th) {
            if (response != null) {
                response.close();
            }
            createResteasyClient.close();
            throw th;
        }
    }

    protected void testTokenExchange() {
        List search = this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null);
        Assert.assertEquals(1L, search.size());
        String username = ((UserRepresentation) search.get(0)).getUsername();
        checkFeature(501, username);
        Assert.assertEquals(200L, this.testingClient.testing().enableFeature(Profile.Feature.TOKEN_EXCHANGE.toString()).getStatus());
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.TOKEN_EXCHANGE);
        ResteasyClient createResteasyClient = AdminClientUtil.createResteasyClient();
        try {
            AccessTokenResponse checkFeature = checkFeature(200, username);
            Assert.assertNotNull(checkFeature);
            String token = checkFeature.getToken();
            Assert.assertNotNull(token);
            removeUser();
            Assert.assertEquals(0L, this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null).size());
            Response post = getExchangeUrl(createResteasyClient).request().header("Authorization", BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("subject_token", token).param("subject_token_type", "urn:ietf:params:oauth:token-type:access_token").param("subject_issuer", this.currentTestProvider.id())));
            Assert.assertEquals(200L, post.getStatus());
            post.close();
            List search2 = this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null);
            Assert.assertEquals(1L, search2.size());
            Assert.assertEquals(username, ((UserRepresentation) search2.get(0)).getUsername());
            removeUser();
            Assert.assertEquals(0L, this.adminClient.realm(REALM).users().search((String) null, (Integer) null, (Integer) null).size());
            IdentityProviderRepresentation representation = this.adminClient.realm(REALM).identityProviders().get(this.currentTestProvider.id).toRepresentation();
            representation.setStoreToken(false);
            this.adminClient.realm(REALM).identityProviders().get(representation.getAlias()).update(representation);
            Response post2 = getExchangeUrl(createResteasyClient).request().header("Authorization", BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("subject_token", token).param("subject_token_type", "urn:ietf:params:oauth:token-type:access_token").param("subject_issuer", this.currentTestProvider.id())));
            Assert.assertEquals(200L, post2.getStatus());
            String token2 = ((AccessTokenResponse) post2.readEntity(AccessTokenResponse.class)).getToken();
            post2.close();
            Response post3 = getExchangeUrl(createResteasyClient).request().header("Authorization", BasicAuthHelper.createHeader(EXCHANGE_CLIENT, "secret")).post(Entity.form(new Form().param("grant_type", "urn:ietf:params:oauth:grant-type:token-exchange").param("subject_token", token2).param("subject_token_type", "urn:ietf:params:oauth:token-type:access_token").param("requested_token_type", "urn:ietf:params:oauth:token-type:access_token").param("requested_issuer", this.currentTestProvider.id())));
            Assert.assertEquals(200L, post3.getStatus());
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) post3.readEntity(AccessTokenResponse.class);
            post3.close();
            Assert.assertEquals(token, accessTokenResponse.getToken());
            IdentityProviderRepresentation representation2 = this.adminClient.realm(REALM).identityProviders().get(this.currentTestProvider.id).toRepresentation();
            representation2.setStoreToken(true);
            this.adminClient.realm(REALM).identityProviders().get(representation2.getAlias()).update(representation2);
            createResteasyClient.close();
            Assert.assertEquals(200L, this.testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString()).getStatus());
            checkFeature(501, username);
        } catch (Throwable th) {
            createResteasyClient.close();
            Assert.assertEquals(200L, this.testingClient.testing().disableFeature(Profile.Feature.TOKEN_EXCHANGE.toString()).getStatus());
            checkFeature(501, username);
            throw th;
        }
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case -1411393383:
                if (implMethodName.equals("setupClientExchangePermissions")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/broker/SocialLoginTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return SocialLoginTest::setupClientExchangePermissions;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
