package org.keycloak.testsuite.model;

import java.util.List;
import org.junit.Assert;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ModelException;
import org.keycloak.models.ProtocolMapperModel;
import org.keycloak.models.RealmModel;
import org.keycloak.models.RoleContainerModel;
import org.keycloak.models.RoleModel;
import org.keycloak.models.UserConsentModel;
import org.keycloak.models.UserModel;

/* loaded from: input_file:org/keycloak/testsuite/model/UserConsentModelTest.class */
public class UserConsentModelTest extends AbstractModelTest {
    @Before
    public void setupEnv() {
        RealmModel createRealm = this.realmManager.createRealm("original");
        ClientModel addClient = createRealm.addClient("foo-client");
        ClientModel addClient2 = createRealm.addClient("bar-client");
        RoleModel addRole = createRealm.addRole("realm-role");
        RoleModel addRole2 = addClient2.addRole("bar-client-role");
        ProtocolMapperModel protocolMapperModel = new ProtocolMapperModel();
        protocolMapperModel.setName("foo");
        protocolMapperModel.setProtocol("openid-connect");
        protocolMapperModel.setProtocolMapper("oidc-usermodel-property-mapper");
        ProtocolMapperModel addProtocolMapper = addClient.addProtocolMapper(protocolMapperModel);
        ProtocolMapperModel protocolMapperModel2 = new ProtocolMapperModel();
        protocolMapperModel2.setName("bar");
        protocolMapperModel2.setProtocol("openid-connect");
        protocolMapperModel2.setProtocolMapper("oidc-usermodel-property-mapper");
        ProtocolMapperModel addProtocolMapper2 = addClient2.addProtocolMapper(protocolMapperModel2);
        UserModel addUser = this.session.users().addUser(createRealm, "john");
        UserModel addUser2 = this.session.users().addUser(createRealm, "mary");
        UserConsentModel userConsentModel = new UserConsentModel(addClient);
        userConsentModel.addGrantedRole(addRole);
        userConsentModel.addGrantedRole(addRole2);
        userConsentModel.addGrantedProtocolMapper(addProtocolMapper);
        this.realmManager.getSession().users().addConsent(createRealm, addUser, userConsentModel);
        UserConsentModel userConsentModel2 = new UserConsentModel(addClient2);
        userConsentModel2.addGrantedProtocolMapper(addProtocolMapper2);
        userConsentModel2.addGrantedRole(addRole);
        try {
            this.realmManager.getSession().users().updateConsent(createRealm, addUser, userConsentModel2);
            Assert.fail("Not expected to end here");
        } catch (ModelException e) {
        }
        this.realmManager.getSession().users().addConsent(createRealm, addUser, userConsentModel2);
        UserConsentModel userConsentModel3 = new UserConsentModel(addClient);
        userConsentModel3.addGrantedRole(addRole);
        userConsentModel3.addGrantedProtocolMapper(addProtocolMapper);
        this.realmManager.getSession().users().addConsent(createRealm, addUser2, userConsentModel3);
        commit();
    }

    @Test
    public void basicConsentTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm.getClientByClientId("foo-client");
        ClientModel clientByClientId2 = realm.getClientByClientId("bar-client");
        UserModel userByUsername = this.session.users().getUserByUsername("john", realm);
        UserModel userByUsername2 = this.session.users().getUserByUsername("mary", realm);
        UserConsentModel consentByClient = this.realmManager.getSession().users().getConsentByClient(realm, userByUsername, clientByClientId.getId());
        Assert.assertEquals(consentByClient.getGrantedRoles().size(), 2L);
        Assert.assertEquals(consentByClient.getGrantedProtocolMappers().size(), 1L);
        Assert.assertTrue(isRoleGranted(realm, "realm-role", consentByClient));
        Assert.assertTrue(isRoleGranted(clientByClientId2, "bar-client-role", consentByClient));
        Assert.assertTrue(isMapperGranted(clientByClientId, "foo", consentByClient));
        UserConsentModel consentByClient2 = this.realmManager.getSession().users().getConsentByClient(realm, userByUsername, clientByClientId2.getId());
        Assert.assertEquals(consentByClient2.getGrantedRoles().size(), 1L);
        Assert.assertEquals(consentByClient2.getGrantedProtocolMappers().size(), 1L);
        Assert.assertTrue(isRoleGranted(realm, "realm-role", consentByClient2));
        Assert.assertTrue(isMapperGranted(clientByClientId2, "bar", consentByClient2));
        UserConsentModel consentByClient3 = this.realmManager.getSession().users().getConsentByClient(realm, userByUsername2, clientByClientId.getId());
        Assert.assertEquals(consentByClient3.getGrantedRoles().size(), 1L);
        Assert.assertEquals(consentByClient3.getGrantedProtocolMappers().size(), 1L);
        Assert.assertTrue(isRoleGranted(realm, "realm-role", consentByClient3));
        Assert.assertFalse(isRoleGranted(clientByClientId2, "bar-client-role", consentByClient3));
        Assert.assertTrue(isMapperGranted(clientByClientId, "foo", consentByClient3));
        Assert.assertNull(this.realmManager.getSession().users().getConsentByClient(realm, userByUsername2, clientByClientId2.getId()));
    }

    @Test
    public void getAllConsentTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm.getClientByClientId("foo-client");
        UserModel userByUsername = this.session.users().getUserByUsername("john", realm);
        UserModel userByUsername2 = this.session.users().getUserByUsername("mary", realm);
        Assert.assertEquals(2L, this.realmManager.getSession().users().getConsents(realm, userByUsername).size());
        List consents = this.realmManager.getSession().users().getConsents(realm, userByUsername2);
        Assert.assertEquals(1L, consents.size());
        UserConsentModel userConsentModel = (UserConsentModel) consents.get(0);
        Assert.assertEquals(userConsentModel.getClient().getId(), clientByClientId.getId());
        Assert.assertEquals(userConsentModel.getGrantedRoles().size(), 1L);
        Assert.assertEquals(userConsentModel.getGrantedProtocolMappers().size(), 1L);
        Assert.assertTrue(isRoleGranted(realm, "realm-role", userConsentModel));
        Assert.assertTrue(isMapperGranted(clientByClientId, "foo", userConsentModel));
    }

    @Test
    public void updateWithRoleRemovalTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm.getClientByClientId("foo-client");
        UserModel userByUsername = this.session.users().getUserByUsername("john", realm);
        UserConsentModel consentByClient = this.realmManager.getSession().users().getConsentByClient(realm, userByUsername, clientByClientId.getId());
        consentByClient.getGrantedProtocolMappers().remove(clientByClientId.getProtocolMapperByName("openid-connect", "foo"));
        consentByClient.getGrantedRoles().remove(realm.getRole("realm-role"));
        consentByClient.addGrantedRole(realm.addRole("new-realm-role"));
        this.realmManager.getSession().users().updateConsent(realm, userByUsername, consentByClient);
        commit();
        RealmModel realm2 = this.realmManager.getRealm("original");
        ClientModel clientByClientId2 = realm2.getClientByClientId("foo-client");
        UserConsentModel consentByClient2 = this.realmManager.getSession().users().getConsentByClient(realm2, this.session.users().getUserByUsername("john", realm2), clientByClientId2.getId());
        Assert.assertEquals(consentByClient2.getGrantedRoles().size(), 2L);
        Assert.assertEquals(consentByClient2.getGrantedProtocolMappers().size(), 0L);
        Assert.assertFalse(isRoleGranted(realm2, "realm-role", consentByClient2));
        Assert.assertTrue(isRoleGranted(realm2, "new-realm-role", consentByClient2));
        Assert.assertFalse(isMapperGranted(clientByClientId2, "foo", consentByClient2));
    }

    @Test
    public void revokeTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm.getClientByClientId("foo-client");
        this.realmManager.getSession().users().revokeConsentForClient(realm, this.session.users().getUserByUsername("john", realm), clientByClientId.getId());
        commit();
        RealmModel realm2 = this.realmManager.getRealm("original");
        Assert.assertNull(this.realmManager.getSession().users().getConsentByClient(realm2, this.session.users().getUserByUsername("john", realm2), clientByClientId.getId()));
    }

    @Test
    public void deleteUserTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        this.session.users().removeUser(realm, this.session.users().getUserByUsername("john", realm));
    }

    @Test
    public void deleteProtocolMapperTest() {
        ClientModel clientByClientId = this.realmManager.getRealm("original").getClientByClientId("foo-client");
        ProtocolMapperModel protocolMapperByName = clientByClientId.getProtocolMapperByName("openid-connect", "foo");
        clientByClientId.removeProtocolMapper(protocolMapperByName);
        commit();
        RealmModel realm = this.realmManager.getRealm("original");
        UserConsentModel consentByClient = this.realmManager.getSession().users().getConsentByClient(realm, this.session.users().getUserByUsername("john", realm), realm.getClientByClientId("foo-client").getId());
        Assert.assertEquals(consentByClient.getGrantedRoles().size(), 2L);
        Assert.assertEquals(consentByClient.getGrantedProtocolMappers().size(), 0L);
        Assert.assertFalse(consentByClient.isProtocolMapperGranted(protocolMapperByName));
    }

    @Test
    public void deleteRoleTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        RoleModel role = realm.getRole("realm-role");
        realm.removeRole(role);
        commit();
        RealmModel realm2 = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm2.getClientByClientId("foo-client");
        ClientModel clientByClientId2 = realm2.getClientByClientId("bar-client");
        UserConsentModel consentByClient = this.realmManager.getSession().users().getConsentByClient(realm2, this.session.users().getUserByUsername("john", realm2), clientByClientId.getId());
        Assert.assertEquals(consentByClient.getGrantedRoles().size(), 1L);
        Assert.assertEquals(consentByClient.getGrantedProtocolMappers().size(), 1L);
        Assert.assertFalse(consentByClient.isRoleGranted(role));
        Assert.assertTrue(isRoleGranted(clientByClientId2, "bar-client-role", consentByClient));
    }

    @Test
    public void deleteClientTest() {
        RealmModel realm = this.realmManager.getRealm("original");
        ClientModel clientByClientId = realm.getClientByClientId("bar-client");
        realm.removeClient(clientByClientId.getId());
        commit();
        RealmModel realm2 = this.realmManager.getRealm("original");
        ClientModel clientByClientId2 = realm2.getClientByClientId("foo-client");
        Assert.assertNull(realm2.getClientByClientId("bar-client"));
        UserModel userByUsername = this.session.users().getUserByUsername("john", realm2);
        UserConsentModel consentByClient = this.realmManager.getSession().users().getConsentByClient(realm2, userByUsername, clientByClientId2.getId());
        Assert.assertEquals(consentByClient.getGrantedRoles().size(), 1L);
        Assert.assertEquals(consentByClient.getGrantedProtocolMappers().size(), 1L);
        Assert.assertTrue(isRoleGranted(realm2, "realm-role", consentByClient));
        Assert.assertTrue(isMapperGranted(clientByClientId2, "foo", consentByClient));
        Assert.assertNull(this.realmManager.getSession().users().getConsentByClient(realm2, userByUsername, clientByClientId.getId()));
    }

    private boolean isRoleGranted(RoleContainerModel roleContainerModel, String str, UserConsentModel userConsentModel) {
        return userConsentModel.isRoleGranted(roleContainerModel.getRole(str));
    }

    private boolean isMapperGranted(ClientModel clientModel, String str, UserConsentModel userConsentModel) {
        return userConsentModel.isProtocolMapperGranted(clientModel.getProtocolMapperByName("openid-connect", str));
    }
}
