package org.keycloak.testsuite.authorization;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Map;
import javax.ws.rs.client.Entity;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import org.apache.commons.collections.map.HashedMap;
import org.junit.Assert;
import org.junit.Test;
import org.keycloak.authorization.Decision;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.DefaultEvaluation;
import org.keycloak.representations.idm.authorization.DecisionStrategy;
import org.keycloak.representations.idm.authorization.PolicyRepresentation;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/authorization/ResourcePermissionManagementTest.class */
public class ResourcePermissionManagementTest extends AbstractPhotozAdminTest {
    @Test
    public void testCreateForTypeWithSinglePolicy() throws Exception {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName("Admin Resource Policy");
        policyRepresentation.setType("resource");
        HashedMap hashedMap = new HashedMap();
        hashedMap.put("defaultResourceType", "http://photoz.com/admin");
        hashedMap.put("applyPolicies", JsonSerialization.writeValueAsString(new String[]{this.administrationPolicy.getId()}));
        policyRepresentation.setConfig(hashedMap);
        Response post = newPermissionRequest(new String[0]).post(Entity.entity(policyRepresentation, MediaType.APPLICATION_JSON_TYPE));
        Assert.assertEquals(Response.Status.CREATED.getStatusCode(), post.getStatus());
        PolicyRepresentation policyRepresentation2 = (PolicyRepresentation) post.readEntity(PolicyRepresentation.class);
        onAuthorizationSession(authorizationProvider -> {
            Policy findById = authorizationProvider.getStoreFactory().getPolicyStore().findById(policyRepresentation2.getId());
            Assert.assertNotNull(findById);
            Assert.assertEquals(policyRepresentation2.getId(), findById.getId());
            Assert.assertEquals(policyRepresentation.getName(), findById.getName());
            Assert.assertEquals(policyRepresentation.getType(), findById.getType());
            Assert.assertEquals(this.resourceServer.getId(), findById.getResourceServer().getId());
        });
        HashSet hashSet = new HashSet();
        hashSet.add("admin");
        Map<String, DefaultEvaluation> performEvaluation = performEvaluation(Arrays.asList(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation.size());
        Assert.assertTrue(performEvaluation.containsKey(this.administrationPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation.get(this.administrationPolicy.getId()).getEffect());
        Map<String, DefaultEvaluation> performEvaluation2 = performEvaluation(Arrays.asList(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.10"));
        Assert.assertEquals(1L, performEvaluation2.size());
        Assert.assertTrue(performEvaluation2.containsKey(this.administrationPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation2.get(this.administrationPolicy.getId()).getEffect());
        hashSet.clear();
        hashSet.add("user");
        Map<String, DefaultEvaluation> performEvaluation3 = performEvaluation(Arrays.asList(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation3.size());
        Assert.assertTrue(performEvaluation3.containsKey(this.administrationPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation3.get(this.administrationPolicy.getId()).getEffect());
    }

    @Test
    public void testCreateForTypeWithMultiplePolicies() throws Exception {
        createAlbumResourceTypePermission();
        HashSet hashSet = new HashSet();
        hashSet.add("admin");
        Map<String, DefaultEvaluation> performEvaluation = performEvaluation(Arrays.asList(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(2L, performEvaluation.size());
        Assert.assertTrue(performEvaluation.containsKey(this.administrationPolicy.getId()));
        Assert.assertTrue(performEvaluation.containsKey(this.anyUserPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation.get(this.anyUserPolicy.getId()).getEffect());
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation.get(this.administrationPolicy.getId()).getEffect());
        Map<String, DefaultEvaluation> performEvaluation2 = performEvaluation(Arrays.asList(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.10"));
        Assert.assertEquals(2L, performEvaluation2.size());
        Assert.assertTrue(performEvaluation2.containsKey(this.administrationPolicy.getId()));
        Assert.assertTrue(performEvaluation2.containsKey(this.anyUserPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation2.get(this.anyUserPolicy.getId()).getEffect());
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation2.get(this.administrationPolicy.getId()).getEffect());
        hashSet.clear();
        hashSet.add("user");
        Map<String, DefaultEvaluation> performEvaluation3 = performEvaluation(Arrays.asList(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(2L, performEvaluation3.size());
        Assert.assertTrue(performEvaluation3.containsKey(this.administrationPolicy.getId()));
        Assert.assertTrue(performEvaluation3.containsKey(this.anyUserPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation3.get(this.anyUserPolicy.getId()).getEffect());
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation3.get(this.administrationPolicy.getId()).getEffect());
    }

    @Test
    public void testUpdate() throws Exception {
        PolicyRepresentation createAlbumResourceTypePermission = createAlbumResourceTypePermission();
        Map config = createAlbumResourceTypePermission.getConfig();
        config.put("applyPolicies", JsonSerialization.writeValueAsString(new String[]{this.anyUserPolicy.getId()}));
        createAlbumResourceTypePermission.setConfig(config);
        newPermissionRequest(createAlbumResourceTypePermission.getId()).put(Entity.entity(createAlbumResourceTypePermission, MediaType.APPLICATION_JSON_TYPE));
        HashSet hashSet = new HashSet();
        hashSet.add("admin");
        Map<String, DefaultEvaluation> performEvaluation = performEvaluation(Arrays.asList(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation.size());
        Assert.assertTrue(performEvaluation.containsKey(this.anyUserPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation.get(this.anyUserPolicy.getId()).getEffect());
    }

    @Test
    public void testDelete() throws Exception {
        Assert.assertEquals(Response.Status.NO_CONTENT.getStatusCode(), newPermissionRequest(createAlbumResourceTypePermission().getId()).delete().getStatus());
    }

    @Test
    public void testFindById() throws Exception {
        PolicyRepresentation createAlbumResourceTypePermission = createAlbumResourceTypePermission();
        PolicyRepresentation policyRepresentation = (PolicyRepresentation) newPermissionRequest(createAlbumResourceTypePermission.getId()).get().readEntity(PolicyRepresentation.class);
        Assert.assertEquals(createAlbumResourceTypePermission.getId(), policyRepresentation.getId());
        Assert.assertEquals(createAlbumResourceTypePermission.getName(), policyRepresentation.getName());
        Assert.assertEquals(createAlbumResourceTypePermission.getType(), policyRepresentation.getType());
    }

    @Test
    public void testCreatePolicyForResource() throws Exception {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName("Multiple Resource Policy");
        policyRepresentation.setType("resource");
        HashedMap hashedMap = new HashedMap();
        hashedMap.put("resources", JsonSerialization.writeValueAsString(new String[]{this.albumResource.getId(), this.adminResource.getId()}));
        hashedMap.put("applyPolicies", JsonSerialization.writeValueAsString(new String[]{this.onlyFromSpecificAddressPolicy.getId()}));
        policyRepresentation.setConfig(hashedMap);
        Assert.assertEquals(Response.Status.CREATED.getStatusCode(), newPermissionRequest(new String[0]).post(Entity.entity(policyRepresentation, MediaType.APPLICATION_JSON_TYPE)).getStatus());
        ArrayList arrayList = new ArrayList();
        arrayList.add(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer));
        Map<String, DefaultEvaluation> performEvaluation = performEvaluation(arrayList, createAccessToken(Collections.emptySet()), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation.size());
        Assert.assertTrue(performEvaluation.containsKey(this.onlyFromSpecificAddressPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation.get(this.onlyFromSpecificAddressPolicy.getId()).getEffect());
        ArrayList arrayList2 = new ArrayList();
        arrayList2.add(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer));
        Map<String, DefaultEvaluation> performEvaluation2 = performEvaluation(arrayList2, createAccessToken(Collections.emptySet()), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation2.size());
        Assert.assertTrue(performEvaluation2.containsKey(this.onlyFromSpecificAddressPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation2.get(this.onlyFromSpecificAddressPolicy.getId()).getEffect());
        ArrayList arrayList3 = new ArrayList();
        arrayList3.add(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer));
        arrayList3.add(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer));
        Map<String, DefaultEvaluation> performEvaluation3 = performEvaluation(arrayList3, createAccessToken(Collections.emptySet()), createClientConnection("127.0.0.1"));
        Assert.assertEquals(1L, performEvaluation3.size());
        Assert.assertTrue(performEvaluation3.containsKey(this.onlyFromSpecificAddressPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation3.get(this.onlyFromSpecificAddressPolicy.getId()).getEffect());
        ArrayList arrayList4 = new ArrayList();
        arrayList4.add(new ResourcePermission(this.adminResource, Collections.emptyList(), this.resourceServer));
        arrayList4.add(new ResourcePermission(this.albumResource, Collections.emptyList(), this.resourceServer));
        Map<String, DefaultEvaluation> performEvaluation4 = performEvaluation(arrayList4, createAccessToken(Collections.emptySet()), createClientConnection("127.0.0.10"));
        Assert.assertEquals(1L, performEvaluation4.size());
        Assert.assertTrue(performEvaluation4.containsKey(this.onlyFromSpecificAddressPolicy.getId()));
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation4.get(this.onlyFromSpecificAddressPolicy.getId()).getEffect());
    }

    @Test
    public void testInheritPoliciesBasedOnResourceType() throws Exception {
        createAlbumResourceTypePermission();
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setName("Alice Family Album");
        resourceRepresentation.setType(this.albumResource.getType());
        Resource createResource = createResource(resourceRepresentation);
        HashSet hashSet = new HashSet();
        hashSet.add("user");
        Map<String, DefaultEvaluation> performEvaluation = performEvaluation(Arrays.asList(new ResourcePermission(createResource, Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1"));
        Assert.assertEquals(2L, performEvaluation.size());
        Assert.assertTrue(performEvaluation.containsKey(this.administrationPolicy.getId()));
        Assert.assertTrue(performEvaluation.containsKey(this.anyUserPolicy.getId()));
        Assert.assertEquals(Decision.Effect.PERMIT, performEvaluation.get(this.anyUserPolicy.getId()).getEffect());
        Assert.assertEquals(Decision.Effect.DENY, performEvaluation.get(this.administrationPolicy.getId()).getEffect());
        ResourceRepresentation resourceRepresentation2 = new ResourceRepresentation();
        resourceRepresentation2.setName("Some Resource");
        resourceRepresentation2.setType("Some non-existent type");
        Assert.assertEquals(0L, performEvaluation(Arrays.asList(new ResourcePermission(createResource(resourceRepresentation2), Collections.emptyList(), this.resourceServer)), createAccessToken(hashSet), createClientConnection("127.0.0.1")).size());
    }

    private PolicyRepresentation createAlbumResourceTypePermission() throws Exception {
        PolicyRepresentation policyRepresentation = new PolicyRepresentation();
        policyRepresentation.setName("Album Resource Policy");
        policyRepresentation.setType("resource");
        policyRepresentation.setDecisionStrategy(DecisionStrategy.AFFIRMATIVE);
        HashedMap hashedMap = new HashedMap();
        hashedMap.put("defaultResourceType", this.albumResource.getType());
        String writeValueAsString = JsonSerialization.writeValueAsString(new String[]{this.anyUserPolicy.getId(), this.administrationPolicy.getId()});
        hashedMap.put("applyPolicies", writeValueAsString);
        policyRepresentation.setConfig(hashedMap);
        Response post = newPermissionRequest(new String[0]).post(Entity.entity(policyRepresentation, MediaType.APPLICATION_JSON_TYPE));
        Assert.assertEquals(Response.Status.CREATED.getStatusCode(), post.getStatus());
        PolicyRepresentation policyRepresentation2 = (PolicyRepresentation) post.readEntity(PolicyRepresentation.class);
        onAuthorizationSession(authorizationProvider -> {
            Policy findById = authorizationProvider.getStoreFactory().getPolicyStore().findById(policyRepresentation2.getId());
            Assert.assertNotNull(findById);
            Assert.assertEquals(policyRepresentation2.getId(), findById.getId());
            Assert.assertEquals(policyRepresentation2.getName(), findById.getName());
            Assert.assertEquals(policyRepresentation2.getType(), findById.getType());
            Assert.assertTrue(policyRepresentation2.getConfig().containsValue(this.albumResource.getType()));
            Assert.assertTrue(policyRepresentation2.getConfig().containsValue(writeValueAsString));
            Assert.assertEquals(this.resourceServer.getId(), findById.getResourceServer().getId());
        });
        return policyRepresentation2;
    }
}
