package org.keycloak.testsuite.adapter.example.authorization;

import java.io.File;
import java.io.FileNotFoundException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.List;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.junit.Assert;
import org.junit.BeforeClass;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.ResourcePermissionsResource;
import org.keycloak.common.Profile;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.authorization.ResourcePermissionRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.testsuite.ProfileAssume;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.util.ServerURLs;
import org.keycloak.testsuite.util.UIUtils;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.testsuite.utils.io.IOUtil;
import org.openqa.selenium.By;

/* loaded from: input_file:org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest.class */
public class AbstractServletPolicyEnforcerTest extends AbstractExampleAdapterTest {
    protected static final String REALM_NAME = "servlet-policy-enforcer-authz";
    protected static final String RESOURCE_SERVER_ID = "servlet-policy-enforcer";

    @ArquillianResource
    private Deployer deployer;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/keycloak/testsuite/adapter/example/authorization/AbstractServletPolicyEnforcerTest$ExceptionRunnable.class */
    public interface ExceptionRunnable {
        void run() throws Exception;
    }

    @BeforeClass
    public static void enabled() {
        ProfileAssume.assumeFeatureEnabled(Profile.Feature.AUTHORIZATION);
    }

    @Override // org.keycloak.testsuite.adapter.AbstractAdapterTest
    public void addAdapterTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm(new File(TEST_APPS_HOME_DIR + "/servlet-policy-enforcer/servlet-policy-enforcer-authz-realm.json")));
    }

    @Test
    public void testPattern1() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource/a/b");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 1 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource/a/b");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 1 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource/a/b");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern2() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/a/resource-a");
            Assert.assertFalse(wasDenied());
            navigateTo("/b/resource-a");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 2 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/a/resource-a");
            Assert.assertTrue(wasDenied());
            navigateTo("/b/resource-a");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 2 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/b/resource-a");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern3() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/a/resource-b");
            Assert.assertFalse(wasDenied());
            navigateTo("/b/resource-b");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 3 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/a/resource-b");
            Assert.assertTrue(wasDenied());
            navigateTo("/b/resource-b");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 3 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/b/resource-b");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 2 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/b/resource-a");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 3 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/a/resource-b");
            Assert.assertTrue(wasDenied());
            navigateTo("/b/resource-a");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern4() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource-c");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 4 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource-c");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 4 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource-c");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern5() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/a/a/resource-d");
            Assert.assertFalse(wasDenied());
            navigateTo("/resource/b/resource-d");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 5 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/a/a/resource-d");
            Assert.assertTrue(wasDenied());
            navigateTo("/a/b/resource-d");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 5 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/a/b/resource-d");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern6() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource/a");
            Assert.assertFalse(wasDenied());
            navigateTo("/resource/b");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 6 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource/a");
            Assert.assertTrue(wasDenied());
            navigateTo("/resource/b");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 6 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource/b");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern7() throws Exception {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource/a/f/b");
            Assert.assertFalse(wasDenied());
            navigateTo("/resource/c/f/d");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 7 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource/a/f/b");
            Assert.assertTrue(wasDenied());
            navigateTo("/resource/c/f/d");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 7 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource/c/f/d");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern8() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 8 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 8 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern9() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/file/*.suffix");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 9 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/file/*.suffix");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 9 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/file/*.suffix");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern10() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/resource/a/i/b/c/d/e");
            Assert.assertFalse(wasDenied());
            navigateTo("/resource/a/i/b/c/");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 10 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/resource/a/i/b/c/d/e");
            Assert.assertTrue(wasDenied());
            navigateTo("/resource/a/i/b/c/d");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 10 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/resource/a/i/b/c/d");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPattern11UsingResourceInstancePermission() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/api/v1/resource-a");
            Assert.assertFalse(wasDenied());
            navigateTo("/api/v1/resource-b");
            Assert.assertFalse(wasDenied());
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation("/api/v1/resource-c", new String[0]);
            resourceRepresentation.setUri(resourceRepresentation.getName());
            getAuthorizationResource().resources().create(resourceRepresentation);
            createResourcePermission(resourceRepresentation.getName() + " permission", resourceRepresentation.getName(), "Default Policy");
            login("alice", "alice");
            navigateTo(resourceRepresentation.getUri());
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies(resourceRepresentation.getName() + " permission", "Deny Policy");
            login("alice", "alice");
            navigateTo(resourceRepresentation.getUri());
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies(resourceRepresentation.getName() + " permission", "Default Policy");
            login("alice", "alice");
            navigateTo(resourceRepresentation.getUri());
            Assert.assertFalse(wasDenied());
            navigateTo("/api/v1");
            Assert.assertTrue(wasDenied());
            navigateTo("/api/v1/");
            Assert.assertTrue(wasDenied());
            navigateTo("/api");
            Assert.assertTrue(wasDenied());
            navigateTo("/api/");
            Assert.assertTrue(wasDenied());
        });
    }

    @Test
    public void testPathWithPatternSlashAllAndResourceInstance() {
        performTests(() -> {
            ResourceRepresentation resourceRepresentation = new ResourceRepresentation("Pattern 15 Instance", new String[0]);
            resourceRepresentation.setType("pattern-15");
            resourceRepresentation.setUri("/keycloak-7148/1");
            resourceRepresentation.setOwner("alice");
            getAuthorizationResource().resources().create(resourceRepresentation).close();
            login("alice", "alice");
            navigateTo("/keycloak-7148/1");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a/2");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 15 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-7148/1");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a/2");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7148/1/sub-a/2/sub-b");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7148/2");
            Assert.assertTrue(wasDenied());
        });
    }

    @Test
    public void testPriorityOfURIForResource() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/realm_uri");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak_json_uri");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 12 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/realm_uri");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak_json_uri");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 12 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/realm_uri");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak_json_uri");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testPathOrderWithAllPaths() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/keycloak-6623");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-6623/sub-resource");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 13 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-6623");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-6623/sub-resource");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 14 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-6623");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-6623/sub-resource/resource");
            Assert.assertTrue(wasDenied());
        });
    }

    @Test
    public void testMultipleUriForResourceJSONConfig() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/keycloak-7269/sub-resource1");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource1/whatever/specialSuffix");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2/w/h/a/t/e/v/e/r");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 16 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-7269/sub-resource1");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7269/sub-resource1/whatever/specialSuffix");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2/w/h/a/t/e/v/e/r");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 16 Permission", "Default Policy");
            navigateTo("/keycloak-7269/sub-resource1");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource1/whatever/specialSuffix");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-7269/sub-resource2/w/h/a/t/e/v/e/r");
            Assert.assertFalse(wasDenied());
        });
    }

    @Test
    public void testOverloadedTemplateUri() {
        performTests(() -> {
            login("alice", "alice");
            navigateTo("/keycloak-8823/resource/v1/subresource/123/entities");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-8823/resource/v1/subresource/123/someother");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 17 Entities Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-8823/resource/v1/subresource/123/entities");
            Assert.assertTrue(wasDenied());
            navigateTo("/keycloak-8823/resource/v1/subresource/123/someother");
            Assert.assertFalse(wasDenied());
            updatePermissionPolicies("Pattern 17 Entities Permission", "Default Policy");
            updatePermissionPolicies("Pattern 17 Permission", "Deny Policy");
            login("alice", "alice");
            navigateTo("/keycloak-8823/resource/v1/subresource/123/entities");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-8823/resource/v1/subresource/123/someother");
            Assert.assertTrue(wasDenied());
            updatePermissionPolicies("Pattern 17 Entities Permission", "Default Policy");
            updatePermissionPolicies("Pattern 17 Permission", "Default Policy");
            login("alice", "alice");
            navigateTo("/keycloak-8823/resource/v1/subresource/123/entities");
            Assert.assertFalse(wasDenied());
            navigateTo("/keycloak-8823/resource/v1/subresource/123/someother");
            Assert.assertFalse(wasDenied());
        });
    }

    private void navigateTo(String str) {
        this.driver.navigate().to(getResourceServerUrl() + str);
    }

    private void performTests(ExceptionRunnable exceptionRunnable) {
        performTests(() -> {
        }, exceptionRunnable);
    }

    private void performTests(ExceptionRunnable exceptionRunnable, ExceptionRunnable exceptionRunnable2) {
        try {
            try {
                exceptionRunnable.run();
                this.deployer.deploy(RESOURCE_SERVER_ID);
                exceptionRunnable2.run();
                this.deployer.undeploy(RESOURCE_SERVER_ID);
            } catch (FileNotFoundException e) {
                throw new RuntimeException("Failed to import authorization settings", e);
            } catch (Exception e2) {
                throw new RuntimeException("Error while executing tests", e2);
            }
        } catch (Throwable th) {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
            throw th;
        }
    }

    private AuthorizationResource getAuthorizationResource() {
        return getClientResource(RESOURCE_SERVER_ID).authorization();
    }

    private ClientResource getClientResource(String str) {
        ClientsResource clients = realmsResouce().realm(REALM_NAME).clients();
        return clients.get(((ClientRepresentation) clients.findByClientId(str).get(0)).getId());
    }

    private void logOut() {
        navigateTo();
        UIUtils.clickLink(this.driver.findElement(By.xpath("//a[text() = 'Sign Out']")));
    }

    private void login(String str, String str2) {
        try {
            navigateTo();
            if (this.driver.getCurrentUrl().startsWith(getResourceServerUrl().toString())) {
                logOut();
                navigateTo();
            }
            this.loginPage.form().login(str, str2);
            navigateTo();
            Assert.assertFalse(wasDenied());
        } catch (Exception e) {
            throw new RuntimeException("Login failed", e);
        }
    }

    private void navigateTo() {
        this.driver.navigate().to(getResourceServerUrl() + "/");
        WaitUtils.waitForPageToLoad();
    }

    private boolean wasDenied() {
        return this.driver.getPageSource().contains("You can not access this resource");
    }

    private URL getResourceServerUrl() {
        try {
            return new URL(ServerURLs.getAppServerContextRoot() + "/" + RESOURCE_SERVER_ID);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Could not obtain resource server url.", e);
        }
    }

    private void updatePermissionPolicies(String str, String... strArr) {
        ResourcePermissionsResource resource = getAuthorizationResource().permissions().resource();
        ResourcePermissionRepresentation findByName = resource.findByName(str);
        findByName.addPolicy(strArr);
        resource.findById(findByName.getId()).update(findByName);
    }

    private void createResourcePermission(String str, String str2, String... strArr) {
        ResourcePermissionRepresentation resourcePermissionRepresentation = new ResourcePermissionRepresentation();
        resourcePermissionRepresentation.setName(str);
        resourcePermissionRepresentation.addResource(str2);
        resourcePermissionRepresentation.addPolicy(strArr);
        getAuthorizationResource().permissions().resource().create(resourcePermissionRepresentation);
    }
}
