package org.keycloak.testsuite.admin.event;

import java.util.Collections;
import java.util.List;
import org.junit.Before;
import org.junit.ComparisonFailure;
import org.junit.Rule;
import org.junit.Test;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.admin.client.resource.RealmResource;
import org.keycloak.events.admin.OperationType;
import org.keycloak.events.admin.ResourceType;
import org.keycloak.models.AdminRoles;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.idm.UserRepresentation;
import org.keycloak.testsuite.AbstractAuthTest;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.arquillian.AuthServerTestEnricher;
import org.keycloak.testsuite.util.AdminEventPaths;
import org.keycloak.testsuite.util.AssertAdminEvents;
import org.keycloak.testsuite.util.ClientBuilder;
import org.keycloak.testsuite.util.RealmBuilder;
import org.keycloak.testsuite.util.UserBuilder;

/* loaded from: input_file:org/keycloak/testsuite/admin/event/AdminEventAuthDetailsTest.class */
public class AdminEventAuthDetailsTest extends AbstractAuthTest {

    @Rule
    public AssertAdminEvents assertAdminEvents = new AssertAdminEvents(this);
    private String masterAdminCliUuid;
    private String masterAdminUserId;
    private String masterAdminUser2Id;
    private String realmUuid;
    private String client1Uuid;
    private String adminCliUuid;
    private String admin1Id;
    private String admin2Id;
    private String appUserId;

    @Override // org.keycloak.testsuite.AbstractAuthTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        RealmBuilder testEventListener = RealmBuilder.create().name("test").testEventListener();
        this.client1Uuid = KeycloakModelUtils.generateId();
        testEventListener.client(ClientBuilder.create().id(this.client1Uuid).clientId("client1").publicClient().directAccessGrants());
        this.admin1Id = KeycloakModelUtils.generateId();
        testEventListener.user(UserBuilder.create().id(this.admin1Id).username("admin1").password("password").role("realm-management", AdminRoles.REALM_ADMIN));
        this.admin2Id = KeycloakModelUtils.generateId();
        testEventListener.user(UserBuilder.create().id(this.admin2Id).username("admin2").password("password").role("realm-management", AdminRoles.REALM_ADMIN));
        this.appUserId = KeycloakModelUtils.generateId();
        testEventListener.user(UserBuilder.create().id(this.appUserId).username("app-user").password("password"));
        list.add(testEventListener.build());
    }

    @Before
    public void initConfig() {
        RealmResource realm = this.adminClient.realm("master");
        this.masterAdminCliUuid = ApiUtil.findClientByClientId(realm, "admin-cli").toRepresentation().getId();
        this.masterAdminUserId = ApiUtil.findUserByUsername(realm, "admin").getId();
        this.masterAdminUser2Id = ApiUtil.createUserAndResetPasswordWithAdminClient(realm, UserBuilder.create().username("admin2").build(), "password");
        realm.users().get(this.masterAdminUser2Id).roles().realmLevel().add(Collections.singletonList(realm.roles().get("admin").toRepresentation()));
        RealmResource realm2 = this.adminClient.realm("test");
        this.realmUuid = realm2.toRepresentation().getId();
        this.adminCliUuid = ApiUtil.findClientByClientId(realm2, "admin-cli").toRepresentation().getId();
    }

    @Test
    public void testAuth() {
        testClient("master", "admin", "admin", "admin-cli", "master", this.masterAdminCliUuid, this.masterAdminUserId);
        testClient("master", "admin2", "password", "admin-cli", "master", this.masterAdminCliUuid, this.masterAdminUser2Id);
        testClient("test", "admin1", "password", "admin-cli", this.realmUuid, this.adminCliUuid, this.admin1Id);
        testClient("test", "admin2", "password", "admin-cli", this.realmUuid, this.adminCliUuid, this.admin2Id);
        testClient("test", "admin1", "password", "client1", this.realmUuid, this.client1Uuid, this.admin1Id);
        testClient("test", "admin2", "password", "client1", this.realmUuid, this.client1Uuid, this.admin2Id);
        try {
            testClient("test", "admin1", "password", "client1", this.realmUuid, this.adminCliUuid, this.admin1Id);
            Assert.fail("Not expected to pass");
        } catch (ComparisonFailure e) {
        }
        try {
            testClient("test", "admin1", "password", "client1", this.realmUuid, this.client1Uuid, this.admin2Id);
            Assert.fail("Not expected to pass");
        } catch (ComparisonFailure e2) {
        }
    }

    private void testClient(String str, String str2, String str3, String str4, String str5, String str6, String str7) {
        Keycloak keycloak = Keycloak.getInstance(AuthServerTestEnricher.getAuthServerContextRoot() + "/auth", str, str2, str3, str4);
        try {
            UserRepresentation build = UserBuilder.create().id(this.appUserId).username("app-user").email("foo@email.org").build();
            keycloak.realm("test").users().get(this.appUserId).update(build);
            this.assertAdminEvents.expect().realmId(this.realmUuid).operationType(OperationType.UPDATE).resourcePath(AdminEventPaths.userResourcePath(this.appUserId)).resourceType(ResourceType.USER).representation(build).authDetails(str5, str6, str7).assertEvent();
            keycloak.close();
        } catch (Throwable th) {
            keycloak.close();
            throw th;
        }
    }
}
