package org.keycloak.testsuite.authz;

import java.lang.invoke.SerializedLambda;
import java.util.HashMap;
import java.util.List;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.model.Scope;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.DecisionEffect;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.Logic;
import org.keycloak.representations.idm.authorization.PolicyEvaluationRequest;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ScopePermissionRepresentation;
import org.keycloak.testsuite.arquillian.annotation.AuthServerContainerExclude;

@AuthServerContainerExclude({AuthServerContainerExclude.AuthServer.REMOTE})
/* loaded from: input_file:org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest.class */
public class PolicyEvaluationCompositeRoleTest extends AbstractAuthzTest {
    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setId("test");
        realmRepresentation.setRealm("test");
        realmRepresentation.setEnabled(true);
        list.add(realmRepresentation);
    }

    public static void setup(KeycloakSession keycloakSession) {
        RealmModel realmByName = keycloakSession.realms().getRealmByName("test");
        keycloakSession.getContext().setRealm(realmByName);
        ClientModel addClient = keycloakSession.clients().addClient(realmByName, "myclient");
        RoleModel addRole = addClient.addRole("client-role1");
        AuthorizationProvider create = keycloakSession.getKeycloakSessionFactory().getProviderFactory(AuthorizationProvider.class).create(keycloakSession, realmByName);
        ResourceServer create2 = create.getStoreFactory().getResourceServerStore().create(addClient.getId());
        Policy createRolePolicy = createRolePolicy(create, create2, addRole);
        addScopePermission(create, create2, "mypermission", create.getStoreFactory().getResourceStore().create("myresource", create2, create2.getId()), create.getStoreFactory().getScopeStore().create("myscope", create2), createRolePolicy);
        RoleModel addRole2 = realmByName.addRole("composite");
        addRole2.addCompositeRole(addRole);
        keycloakSession.users().addUser(realmByName, "user").grantRole(addRole2);
    }

    private static Policy addScopePermission(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, String str, Resource resource, Scope scope, Policy policy) {
        ScopePermissionRepresentation scopePermissionRepresentation = new ScopePermissionRepresentation();
        scopePermissionRepresentation.setName(str);
        scopePermissionRepresentation.setType("scope");
        scopePermissionRepresentation.addResource(resource.getName());
        scopePermissionRepresentation.addScope(new String[]{scope.getName()});
        scopePermissionRepresentation.addPolicy(new String[]{policy.getName()});
        scopePermissionRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        scopePermissionRepresentation.setLogic(Logic.POSITIVE);
        return authorizationProvider.getStoreFactory().getPolicyStore().create(scopePermissionRepresentation, resourceServer);
    }

    private static Policy createRolePolicy(AuthorizationProvider authorizationProvider, ResourceServer resourceServer, RoleModel roleModel) {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName(roleModel.getName());
        policyRepresentation.setType("role");
        policyRepresentation.setDecisionStrategy(DecisionStrategy.UNANIMOUS);
        policyRepresentation.setLogic(Logic.POSITIVE);
        String str = "[{\"id\":\"" + roleModel.getId() + "\",\"required\": true}]";
        HashMap hashMap = new HashMap();
        hashMap.put("roles", str);
        policyRepresentation.setConfig(hashMap);
        return authorizationProvider.getStoreFactory().getPolicyStore().create(policyRepresentation, resourceServer);
    }

    @Test
    public void testCreate() throws Exception {
        this.testingClient.server().run(PolicyEvaluationCompositeRoleTest::setup);
        RealmResource realm = this.adminClient.realm("test");
        String id = ((ClientRepresentation) realm.clients().findByClientId("myclient").get(0)).getId();
        UserRepresentation userRepresentation = (UserRepresentation) realm.users().search("user").get(0);
        PolicyEvaluationRequest policyEvaluationRequest = new PolicyEvaluationRequest();
        policyEvaluationRequest.setUserId(userRepresentation.getId());
        policyEvaluationRequest.setClientId(id);
        policyEvaluationRequest.addResource("myresource", new String[]{"myscope"});
        Assert.assertEquals(realm.clients().get(id).authorization().policies().evaluate(policyEvaluationRequest).getStatus(), DecisionEffect.PERMIT);
    }

    private static /* synthetic */ Object $deserializeLambda$(SerializedLambda serializedLambda) {
        String implMethodName = serializedLambda.getImplMethodName();
        boolean z = -1;
        switch (implMethodName.hashCode()) {
            case 109329021:
                if (implMethodName.equals("setup")) {
                    z = false;
                    break;
                }
                break;
        }
        switch (z) {
            case false:
                if (serializedLambda.getImplMethodKind() == 6 && serializedLambda.getFunctionalInterfaceClass().equals("org/keycloak/testsuite/runonserver/RunOnServer") && serializedLambda.getFunctionalInterfaceMethodName().equals("run") && serializedLambda.getFunctionalInterfaceMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V") && serializedLambda.getImplClass().equals("org/keycloak/testsuite/authz/PolicyEvaluationCompositeRoleTest") && serializedLambda.getImplMethodSignature().equals("(Lorg/keycloak/models/KeycloakSession;)V")) {
                    return PolicyEvaluationCompositeRoleTest::setup;
                }
                break;
        }
        throw new IllegalArgumentException("Invalid lambda deserialization");
    }
}
