package org.keycloak.testsuite.authorization;

import java.io.IOException;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Locale;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import javax.ws.rs.client.Invocation;
import javax.ws.rs.core.Cookie;
import javax.ws.rs.core.HttpHeaders;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.commons.collections.map.HashedMap;
import org.jboss.resteasy.spi.ResteasyProviderFactory;
import org.junit.Before;
import org.keycloak.authorization.AuthorizationProvider;
import org.keycloak.authorization.Decision;
import org.keycloak.authorization.common.KeycloakEvaluationContext;
import org.keycloak.authorization.common.KeycloakIdentity;
import org.keycloak.authorization.model.Policy;
import org.keycloak.authorization.model.Resource;
import org.keycloak.authorization.model.ResourceServer;
import org.keycloak.authorization.permission.ResourcePermission;
import org.keycloak.authorization.policy.evaluation.DefaultEvaluation;
import org.keycloak.authorization.store.ScopeStore;
import org.keycloak.authorization.store.StoreFactory;
import org.keycloak.common.ClientConnection;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RoleModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.idm.authorization.ResourceRepresentation;
import org.keycloak.representations.idm.authorization.ScopeRepresentation;
import org.keycloak.util.JsonSerialization;

/* loaded from: input_file:org/keycloak/testsuite/authorization/AbstractPhotozAdminTest.class */
public abstract class AbstractPhotozAdminTest extends AbstractAuthorizationTest {
    protected ResourceServer resourceServer;
    protected Resource adminResource;
    protected Policy anyAdminPolicy;
    protected Policy onlyFromSpecificAddressPolicy;
    protected Policy administrationPolicy;
    protected Resource albumResource;
    protected Policy anyUserPolicy;

    @Override // org.keycloak.testsuite.authorization.AbstractAuthorizationTest
    @Before
    public void onBefore() {
        super.onBefore();
        this.resourceServer = createResourceServer();
        this.adminResource = createAdminAlbumResource();
        this.anyAdminPolicy = createAnyAdminPolicy();
        this.onlyFromSpecificAddressPolicy = createOnlyFromSpecificAddressPolicy();
        this.administrationPolicy = createAdministrationPolicy();
        this.albumResource = createAlbumResource();
        this.anyUserPolicy = createAnyUserPolicy();
    }

    protected ResourceServer createResourceServer() {
        return (ResourceServer) onAuthorizationSession(authorizationProvider -> {
            return authorizationProvider.getStoreFactory().getResourceServerStore().create(getClientByClientId("photoz-restful-api").getId());
        });
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, DefaultEvaluation> performEvaluation(List<ResourcePermission> list, AccessToken accessToken, ClientConnection clientConnection) {
        HashedMap hashedMap = new HashedMap();
        onAuthorizationSession(authorizationProvider -> {
            StoreFactory storeFactory = authorizationProvider.getStoreFactory();
            authorizationProvider.evaluators().from((List) list.stream().map(resourcePermission -> {
                return new ResourcePermission(storeFactory.getResourceStore().findById(resourcePermission.getResource().getId()), resourcePermission.getScopes(), resourcePermission.getResourceServer());
            }).collect(Collectors.toList()), createEvaluationContext(accessToken, clientConnection, authorizationProvider)).evaluate(new Decision<DefaultEvaluation>() { // from class: org.keycloak.testsuite.authorization.AbstractPhotozAdminTest.1
                public void onDecision(DefaultEvaluation defaultEvaluation) {
                    hashedMap.put(defaultEvaluation.getPolicy().getId(), defaultEvaluation);
                }

                public void onError(Throwable th) {
                    throw new RuntimeException("Permission evaluation failed.", th);
                }
            });
        });
        return hashedMap;
    }

    private KeycloakEvaluationContext createEvaluationContext(AccessToken accessToken, ClientConnection clientConnection, AuthorizationProvider authorizationProvider) {
        KeycloakSession keycloakSession = authorizationProvider.getKeycloakSession();
        keycloakSession.getContext().setConnection(clientConnection);
        keycloakSession.getContext().setClient(getClientByClientId("photoz-html5-client"));
        ResteasyProviderFactory.pushContext(HttpHeaders.class, createHttpHeaders());
        return new KeycloakEvaluationContext(new KeycloakIdentity(accessToken, keycloakSession), keycloakSession);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AccessToken createAccessToken(Set<String> set) {
        AccessToken accessToken = new AccessToken();
        accessToken.setRealmAccess(new AccessToken.Access());
        accessToken.getRealmAccess().roles(set);
        return accessToken;
    }

    private HttpHeaders createHttpHeaders() {
        return new HttpHeaders() { // from class: org.keycloak.testsuite.authorization.AbstractPhotozAdminTest.2
            public List<String> getRequestHeader(String str) {
                return null;
            }

            public String getHeaderString(String str) {
                return null;
            }

            public MultivaluedMap<String, String> getRequestHeaders() {
                return null;
            }

            public List<MediaType> getAcceptableMediaTypes() {
                return null;
            }

            public List<Locale> getAcceptableLanguages() {
                return null;
            }

            public MediaType getMediaType() {
                return null;
            }

            public Locale getLanguage() {
                return null;
            }

            public Map<String, Cookie> getCookies() {
                return null;
            }

            public Date getDate() {
                return null;
            }

            public int getLength() {
                return 0;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientConnection createClientConnection(final String str) {
        return new ClientConnection() { // from class: org.keycloak.testsuite.authorization.AbstractPhotozAdminTest.3
            public String getRemoteAddr() {
                return str;
            }

            public String getRemoteHost() {
                return "localhost";
            }

            public int getRemotePort() {
                return 0;
            }

            public String getLocalAddr() {
                return null;
            }

            public int getLocalPort() {
                return 0;
            }
        };
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Invocation.Builder newPermissionRequest(String... strArr) {
        return newClient(getClientByClientId("photoz-restful-api"), "/resource-server/policy" + (strArr.length != 0 ? "/" + strArr[0] : ""));
    }

    private Policy createAdministrationPolicy() {
        return (Policy) onAuthorizationSession(authorizationProvider -> {
            Policy create = authorizationProvider.getStoreFactory().getPolicyStore().create("Administration Policy", "aggregate", this.resourceServer);
            create.addAssociatedPolicy(this.anyAdminPolicy);
            create.addAssociatedPolicy(this.onlyFromSpecificAddressPolicy);
            return create;
        });
    }

    private Policy createOnlyFromSpecificAddressPolicy() {
        return (Policy) onAuthorizationSession(authorizationProvider -> {
            Policy create = authorizationProvider.getStoreFactory().getPolicyStore().create("Only From a Specific Client Address", "js", this.resourceServer);
            HashedMap hashedMap = new HashedMap();
            hashedMap.put("code", "var contextAttributes = $evaluation.getContext().getAttributes();var networkAddress = contextAttributes.getValue('kc.client.network.ip_address');if ('127.0.0.1'.equals(networkAddress.asInetAddress(0).getHostAddress())) {$evaluation.grant();}");
            create.setConfig(hashedMap);
            return create;
        });
    }

    private Policy createAnyAdminPolicy() {
        return (Policy) onAuthorizationSession(authorizationProvider -> {
            Policy create = authorizationProvider.getStoreFactory().getPolicyStore().create("Any Admin Policy", "role", this.resourceServer);
            HashedMap hashedMap = new HashedMap();
            RoleModel role = authorizationProvider.getKeycloakSession().realms().getRealmByName("photoz").getRole("admin");
            HashMap hashMap = new HashMap();
            hashMap.put("id", role.getId());
            try {
                hashedMap.put("roles", JsonSerialization.writeValueAsString(new Map[]{hashMap}));
                create.setConfig(hashedMap);
                return create;
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        });
    }

    private Resource createAdminAlbumResource() {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setName("Admin Resources");
        resourceRepresentation.setType("http://photoz.com/admin");
        resourceRepresentation.setUri("/admin/*");
        HashSet hashSet = new HashSet();
        hashSet.add(new ScopeRepresentation("urn:photoz.com:scopes:album:admin:manage"));
        resourceRepresentation.setScopes(hashSet);
        return createResource(resourceRepresentation);
    }

    private Resource createAlbumResource() {
        ResourceRepresentation resourceRepresentation = new ResourceRepresentation();
        resourceRepresentation.setName("Album Resource");
        resourceRepresentation.setType("http://photoz.com/album");
        resourceRepresentation.setUri("/album/*");
        HashSet hashSet = new HashSet();
        hashSet.add(new ScopeRepresentation("urn:photoz.com:scopes:album:view"));
        hashSet.add(new ScopeRepresentation("urn:photoz.com:scopes:album:create"));
        hashSet.add(new ScopeRepresentation("urn:photoz.com:scopes:album:delete"));
        resourceRepresentation.setScopes(hashSet);
        return createResource(resourceRepresentation);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Resource createResource(ResourceRepresentation resourceRepresentation) {
        return (Resource) onAuthorizationSession(authorizationProvider -> {
            StoreFactory storeFactory = authorizationProvider.getStoreFactory();
            ScopeStore scopeStore = storeFactory.getScopeStore();
            resourceRepresentation.getScopes().forEach(scopeRepresentation -> {
                scopeStore.create(scopeRepresentation.getName(), this.resourceServer);
            });
            Resource create = storeFactory.getResourceStore().create(resourceRepresentation.getName(), this.resourceServer, this.resourceServer.getId());
            create.setType(resourceRepresentation.getType());
            create.setUri(resourceRepresentation.getUri());
            create.setIconUri(resourceRepresentation.getIconUri());
            return create;
        });
    }

    private Policy createAnyUserPolicy() {
        return (Policy) onAuthorizationSession(authorizationProvider -> {
            Policy create = authorizationProvider.getStoreFactory().getPolicyStore().create("Any User Policy", "role", this.resourceServer);
            HashedMap hashedMap = new HashedMap();
            RoleModel role = authorizationProvider.getKeycloakSession().realms().getRealmByName("photoz").getRole("user");
            HashMap hashMap = new HashMap();
            hashMap.put("id", role.getId());
            try {
                hashedMap.put("roles", JsonSerialization.writeValueAsString(new Map[]{hashMap}));
                create.setConfig(hashedMap);
                return create;
            } catch (IOException e) {
                throw new RuntimeException(e);
            }
        });
    }
}
