package org.keycloak.testsuite.adapter.example.authorization;

import java.io.File;
import java.io.FileInputStream;
import java.io.FileNotFoundException;
import java.io.IOException;
import java.net.MalformedURLException;
import java.net.URL;
import java.util.Arrays;
import java.util.HashMap;
import java.util.List;
import org.jboss.arquillian.container.test.api.Deployer;
import org.jboss.arquillian.container.test.api.Deployment;
import org.jboss.arquillian.test.api.ArquillianResource;
import org.jboss.shrinkwrap.api.spec.WebArchive;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.admin.client.resource.AuthorizationResource;
import org.keycloak.admin.client.resource.ClientResource;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.admin.client.resource.UsersResource;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceServerRepresentation;
import org.keycloak.testsuite.adapter.AbstractExampleAdapterTest;
import org.keycloak.testsuite.util.IOUtil;
import org.keycloak.testsuite.util.WaitUtils;
import org.keycloak.util.JsonSerialization;
import org.openqa.selenium.By;
import org.openqa.selenium.WebElement;

/* loaded from: input_file:org/keycloak/testsuite/adapter/example/authorization/AbstractServletAuthzAdapterTest.class */
public abstract class AbstractServletAuthzAdapterTest extends AbstractExampleAdapterTest {
    private static final String REALM_NAME = "servlet-authz";
    private static final String RESOURCE_SERVER_ID = "servlet-authz-app";

    @ArquillianResource
    private Deployer deployer;

    @Override // org.keycloak.testsuite.adapter.AbstractAdapterTest
    public void addAdapterTestRealms(List<RealmRepresentation> list) {
        list.add(IOUtil.loadRealm(new File(TEST_APPS_HOME_DIR + "/servlet-authz-app/servlet-authz-realm.json")));
    }

    @Deployment(name = RESOURCE_SERVER_ID, managed = false)
    public static WebArchive deployment() throws IOException {
        return exampleDeployment(RESOURCE_SERVER_ID);
    }

    @Override // org.keycloak.testsuite.AbstractKeycloakTest
    public void beforeAbstractKeycloakTest() throws Exception {
        super.beforeAbstractKeycloakTest();
        importResourceServerSettings();
    }

    @Test
    public void testRegularUserPermissions() throws Exception {
        try {
            this.deployer.deploy(RESOURCE_SERVER_ID);
            login("alice", "alice");
            Assert.assertFalse(wasDenied());
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertFalse(hasText("Do  user premium thing"));
            Assert.assertFalse(hasText("Do administration thing"));
            navigateToUserPremiumPage();
            Assert.assertTrue(wasDenied());
            navigateToAdminPage();
            Assert.assertTrue(wasDenied());
        } finally {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
        }
    }

    @Test
    public void testUserPremiumPermissions() throws Exception {
        try {
            this.deployer.deploy(RESOURCE_SERVER_ID);
            login("jdoe", "jdoe");
            Assert.assertFalse(wasDenied());
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertTrue(hasText("Do  user premium thing"));
            Assert.assertFalse(hasText("Do administration thing"));
            navigateToUserPremiumPage();
            Assert.assertFalse(wasDenied());
            navigateToAdminPage();
            Assert.assertTrue(wasDenied());
        } finally {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
        }
    }

    @Test
    public void testAdminPermissions() throws Exception {
        try {
            this.deployer.deploy(RESOURCE_SERVER_ID);
            login("admin", "admin");
            Assert.assertFalse(wasDenied());
            Assert.assertTrue(hasLink("User Premium"));
            Assert.assertTrue(hasLink("Administration"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForUser"));
            Assert.assertTrue(hasText("urn:servlet-authz:page:main:actionForAdmin"));
            Assert.assertFalse(hasText("urn:servlet-authz:page:main:actionForPremiumUser"));
            navigateToDynamicMenuPage();
            Assert.assertTrue(hasText("Do user thing"));
            Assert.assertTrue(hasText("Do administration thing"));
            Assert.assertFalse(hasText("Do  user premium thing"));
            navigateToUserPremiumPage();
            Assert.assertTrue(wasDenied());
            navigateToAdminPage();
            Assert.assertFalse(wasDenied());
        } finally {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
        }
    }

    @Test
    public void testGrantPremiumAccessToUser() throws Exception {
        try {
            this.deployer.deploy(RESOURCE_SERVER_ID);
            login("alice", "alice");
            Assert.assertFalse(wasDenied());
            navigateToUserPremiumPage();
            Assert.assertTrue(wasDenied());
            for (PolicyRepresentation policyRepresentation : getAuthorizationResource().policies().policies()) {
                if ("Premium Resource Permission".equals(policyRepresentation.getName())) {
                    policyRepresentation.getConfig().put("applyPolicies", "[\"Any User Policy\"]");
                    getAuthorizationResource().policies().policy(policyRepresentation.getId()).update(policyRepresentation);
                }
            }
            login("alice", "alice");
            navigateToUserPremiumPage();
            Assert.assertFalse(wasDenied());
            for (PolicyRepresentation policyRepresentation2 : getAuthorizationResource().policies().policies()) {
                if ("Premium Resource Permission".equals(policyRepresentation2.getName())) {
                    policyRepresentation2.getConfig().put("applyPolicies", "[\"Only Premium User Policy\"]");
                    getAuthorizationResource().policies().policy(policyRepresentation2.getId()).update(policyRepresentation2);
                }
            }
            login("alice", "alice");
            navigateToUserPremiumPage();
            Assert.assertTrue(wasDenied());
            PolicyRepresentation policyRepresentation3 = new PolicyRepresentation();
            policyRepresentation3.setName("Temporary Premium Access Policy");
            policyRepresentation3.setType("user");
            HashMap hashMap = new HashMap();
            List search = realmsResouce().realm(REALM_NAME).users().search("alice", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
            Assert.assertFalse(search.isEmpty());
            hashMap.put("users", JsonSerialization.writeValueAsString(Arrays.asList(((UserRepresentation) search.get(0)).getId())));
            policyRepresentation3.setConfig(hashMap);
            getAuthorizationResource().policies().create(policyRepresentation3);
            for (PolicyRepresentation policyRepresentation4 : getAuthorizationResource().policies().policies()) {
                if ("Premium Resource Permission".equals(policyRepresentation4.getName())) {
                    policyRepresentation4.getConfig().put("applyPolicies", "[\"Temporary Premium Access Policy\"]");
                    getAuthorizationResource().policies().policy(policyRepresentation4.getId()).update(policyRepresentation4);
                }
            }
            login("alice", "alice");
            navigateToUserPremiumPage();
            Assert.assertFalse(wasDenied());
            this.deployer.undeploy(RESOURCE_SERVER_ID);
        } catch (Throwable th) {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
            throw th;
        }
    }

    @Test
    public void testGrantAdministrativePermissions() throws Exception {
        try {
            this.deployer.deploy(RESOURCE_SERVER_ID);
            login("jdoe", "jdoe");
            navigateToAdminPage();
            Assert.assertTrue(wasDenied());
            RealmResource realm = realmsResouce().realm(REALM_NAME);
            UsersResource users = realm.users();
            List search = users.search("jdoe", (String) null, (String) null, (String) null, (Integer) null, (Integer) null);
            Assert.assertFalse(search.isEmpty());
            users.get(((UserRepresentation) search.get(0)).getId()).roles().realmLevel().add(Arrays.asList(realm.roles().get("admin").toRepresentation()));
            login("jdoe", "jdoe");
            navigateToAdminPage();
            Assert.assertFalse(wasDenied());
            this.deployer.undeploy(RESOURCE_SERVER_ID);
        } catch (Throwable th) {
            this.deployer.undeploy(RESOURCE_SERVER_ID);
            throw th;
        }
    }

    private boolean hasLink(String str) {
        return getLink(str) != null;
    }

    private boolean hasText(String str) {
        return this.driver.getPageSource().contains(str);
    }

    private WebElement getLink(String str) {
        return this.driver.findElement(By.xpath("//a[text() = '" + str + "']"));
    }

    private void importResourceServerSettings() throws FileNotFoundException {
        getAuthorizationResource().importSettings((ResourceServerRepresentation) IOUtil.loadJson(new FileInputStream(new File(TEST_APPS_HOME_DIR + "/servlet-authz-app/servlet-authz-app-authz-service.json")), ResourceServerRepresentation.class));
    }

    private AuthorizationResource getAuthorizationResource() throws FileNotFoundException {
        return getClientResource(RESOURCE_SERVER_ID).authorization();
    }

    private ClientResource getClientResource(String str) {
        ClientsResource clients = realmsResouce().realm(REALM_NAME).clients();
        return clients.get(((ClientRepresentation) clients.findByClientId(str).get(0)).getId());
    }

    private void logOut() {
        navigateTo();
        By xpath = By.xpath("//a[text() = 'Sign Out']");
        WaitUtils.waitUntilElement(xpath);
        this.driver.findElement(xpath).click();
        WaitUtils.pause(500L);
    }

    private void login(String str, String str2) throws InterruptedException {
        navigateTo();
        Thread.sleep(2000L);
        if (this.driver.getCurrentUrl().startsWith(getResourceServerUrl().toString())) {
            Thread.sleep(2000L);
            logOut();
            navigateTo();
        }
        Thread.sleep(2000L);
        this.loginPage.form().login(str, str2);
    }

    private void navigateTo() {
        this.driver.navigate().to(getResourceServerUrl());
        WaitUtils.waitUntilElement(By.xpath("//a[text() = 'Dynamic Menu']"));
    }

    private boolean wasDenied() {
        return this.driver.getPageSource().contains("You can not access this resource.");
    }

    private URL getResourceServerUrl() {
        try {
            return new URL(this.appServerContextRootPage + "/" + RESOURCE_SERVER_ID);
        } catch (MalformedURLException e) {
            throw new RuntimeException("Could not obtain resource server url.", e);
        }
    }

    private void navigateToDynamicMenuPage() {
        navigateTo();
        getLink("Dynamic Menu").click();
    }

    private void navigateToUserPremiumPage() {
        navigateTo();
        getLink("User Premium").click();
    }

    private void navigateToAdminPage() {
        navigateTo();
        getLink("Administration").click();
    }
}
