package org.keycloak.testsuite.client;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.List;
import java.util.Objects;
import java.util.stream.Collectors;
import org.junit.Before;
import org.junit.Test;
import org.keycloak.admin.client.resource.ClientsResource;
import org.keycloak.client.registration.Auth;
import org.keycloak.client.registration.ClientRegistrationException;
import org.keycloak.client.registration.HttpErrorException;
import org.keycloak.common.util.CollectionUtil;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.idm.ClientInitialAccessCreatePresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.testsuite.Assert;
import org.keycloak.testsuite.admin.ApiUtil;
import org.keycloak.testsuite.util.KeycloakModelUtils;

/* loaded from: input_file:org/keycloak/testsuite/client/OIDCClientRegistrationTest.class */
public class OIDCClientRegistrationTest extends AbstractClientRegistrationTest {
    private static final String PRIVATE_KEY = "MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=";
    private static final String PUBLIC_KEY = "MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB";
    private static final String ERR_MSG_CLIENT_REG_FAIL = "Failed to send request";

    @Override // org.keycloak.testsuite.client.AbstractClientRegistrationTest, org.keycloak.testsuite.AbstractKeycloakTest
    public void addTestRealms(List<RealmRepresentation> list) {
        super.addTestRealms(list);
        RealmRepresentation realmRepresentation = list.get(0);
        realmRepresentation.setPrivateKey("MIICXAIBAAKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQABAoGAfmO8gVhyBxdqlxmIuglbz8bcjQbhXJLR2EoS8ngTXmN1bo2L90M0mUKSdc7qF10LgETBzqL8jYlQIbt+e6TH8fcEpKCjUlyq0Mf/vVbfZSNaVycY13nTzo27iPyWQHK5NLuJzn1xvxxrUeXI6A2WFpGEBLbHjwpx5WQG9A+2scECQQDvdn9NE75HPTVPxBqsEd2z10TKkl9CZxu10Qby3iQQmWLEJ9LNmy3acvKrE3gMiYNWb6xHPKiIqOR1as7L24aTAkEAtyvQOlCvr5kAjVqrEKXalj0Tzewjweuxc0pskvArTI2Oo070h65GpoIKLc9jf+UA69cRtquwP93aZKtW06U8dQJAF2Y44ks/mK5+eyDqik3koCI08qaC8HYq2wVl7G2QkJ6sbAaILtcvD92ToOvyGyeE0flvmDZxMYlvaZnaQ0lcSQJBAKZU6umJi3/xeEbkJqMfeLclD27XGEFoPeNrmdx0q10Azp4NfJAY+Z8KRyQCR2BEG+oNitBOZ+YXF9KCpH3cdmECQHEigJhYg+ykOvr1aiZUMFT72HU0jnmQe2FVekuG+LJUt2Tm7GtMjTFoGpf0JwrVuZN39fOYAlo+nTixgeW7X8Y=");
        realmRepresentation.setPublicKey("MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCrVrCuTtArbgaZzL1hvh0xtL5mc7o0NqPVnYXkLvgcwiC3BjLGw1tGEGoJaXDuSaRllobm53JBhjx33UNv+5z/UMG4kytBWxheNVKnL6GgqlNabMaFfPLPCF8kAgKnsi79NMo+n6KnSY8YeUmec/p2vjO2NjsSAVcWEQMVhJ31LwIDAQAB");
        ClientRepresentation createClient = KeycloakModelUtils.createClient(realmRepresentation, "saml-client");
        createClient.setSecret("secret");
        createClient.setServiceAccountsEnabled(true);
        createClient.setDirectAccessGrantsEnabled(true);
    }

    @Override // org.keycloak.testsuite.client.AbstractClientRegistrationTest
    @Before
    public void before() throws Exception {
        super.before();
        this.reg.auth(Auth.token(this.adminClient.realm("test").clientInitialAccess().create(new ClientInitialAccessCreatePresentation(0, 10))));
    }

    private OIDCClientRepresentation createRep() {
        OIDCClientRepresentation oIDCClientRepresentation = new OIDCClientRepresentation();
        oIDCClientRepresentation.setClientName("RegistrationAccessTokenTest");
        oIDCClientRepresentation.setClientUri("http://root");
        oIDCClientRepresentation.setRedirectUris(Collections.singletonList("http://redirect"));
        return oIDCClientRepresentation;
    }

    public OIDCClientRepresentation create() throws ClientRegistrationException {
        return this.reg.oidc().create(createRep());
    }

    private void assertCreateFail(OIDCClientRepresentation oIDCClientRepresentation, int i) {
        assertCreateFail(oIDCClientRepresentation, i, null);
    }

    private void assertCreateFail(OIDCClientRepresentation oIDCClientRepresentation, int i, String str) {
        try {
            this.reg.oidc().create(oIDCClientRepresentation);
            Assert.fail("Not expected to successfuly register client");
        } catch (ClientRegistrationException e) {
            HttpErrorException cause = e.getCause();
            Assert.assertEquals(i, cause.getStatusLine().getStatusCode());
            if (str != null) {
                org.junit.Assert.assertTrue("Error response doesn't contain expected text", cause.getErrorResponse().contains(str));
            }
        }
    }

    private void assertGetFail(String str, int i, String str2) {
        try {
            this.reg.oidc().get(str);
            Assert.fail("Not expected to successfully get client");
        } catch (ClientRegistrationException e) {
            HttpErrorException cause = e.getCause();
            Assert.assertEquals(i, cause.getStatusLine().getStatusCode());
            if (str2 != null) {
                org.junit.Assert.assertTrue("Error response doesn't contain expected text", cause.getErrorResponse().contains(str2));
            }
        }
    }

    @Test
    public void createClientWithUriFragment() {
        OIDCClientRepresentation createRep = createRep();
        createRep.setRedirectUris(Arrays.asList("http://localhost/auth", "http://localhost/auth#fragment", "http://localhost/auth*"));
        assertCreateFail(createRep, 400, "URI fragment");
    }

    @Test
    public void createClient() throws ClientRegistrationException {
        OIDCClientRepresentation create = create();
        org.junit.Assert.assertNotNull(create.getRegistrationAccessToken());
        org.junit.Assert.assertNotNull(create.getClientIdIssuedAt());
        org.junit.Assert.assertNotNull(create.getClientId());
        org.junit.Assert.assertNotNull(create.getClientSecret());
        org.junit.Assert.assertEquals(0L, create.getClientSecretExpiresAt().intValue());
        org.junit.Assert.assertNotNull(create.getRegistrationClientUri());
        org.junit.Assert.assertEquals("RegistrationAccessTokenTest", create.getClientName());
        org.junit.Assert.assertEquals("http://root", create.getClientUri());
        org.junit.Assert.assertEquals(1L, create.getRedirectUris().size());
        org.junit.Assert.assertEquals("http://redirect", create.getRedirectUris().get(0));
        org.junit.Assert.assertEquals(Arrays.asList("code", "none"), create.getResponseTypes());
        org.junit.Assert.assertEquals(Arrays.asList("authorization_code", "refresh_token"), create.getGrantTypes());
        org.junit.Assert.assertEquals("client_secret_basic", create.getTokenEndpointAuthMethod());
        Assert.assertNull(create.getUserinfoSignedResponseAlg());
    }

    @Test
    public void getClient() throws ClientRegistrationException {
        OIDCClientRepresentation create = create();
        this.reg.auth(Auth.token(create));
        OIDCClientRepresentation oIDCClientRepresentation = this.reg.oidc().get(create.getClientId());
        org.junit.Assert.assertNotNull(oIDCClientRepresentation);
        org.junit.Assert.assertEquals(create.getRegistrationAccessToken(), oIDCClientRepresentation.getRegistrationAccessToken());
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none"), create.getResponseTypes()));
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Arrays.asList("authorization_code", "refresh_token"), create.getGrantTypes()));
        org.junit.Assert.assertNotNull(create.getClientSecret());
        org.junit.Assert.assertEquals(0L, create.getClientSecretExpiresAt().intValue());
        org.junit.Assert.assertEquals("client_secret_basic", create.getTokenEndpointAuthMethod());
    }

    @Test
    public void updateClient() throws ClientRegistrationException {
        OIDCClientRepresentation create = create();
        this.reg.auth(Auth.token(create));
        create.setRedirectUris(Collections.singletonList("http://newredirect"));
        create.setResponseTypes(Arrays.asList("code", "id_token token", "code id_token token"));
        create.setGrantTypes(Arrays.asList("authorization_code", "refresh_token", "password"));
        OIDCClientRepresentation update = this.reg.oidc().update(create);
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Collections.singletonList("http://newredirect"), update.getRedirectUris()));
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Arrays.asList("authorization_code", "implicit", "refresh_token", "password"), update.getGrantTypes()));
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Arrays.asList("code", "none", "id_token", "id_token token", "code id_token", "code token", "code id_token token"), update.getResponseTypes()));
    }

    @Test
    public void updateClientError() throws ClientRegistrationException {
        try {
            OIDCClientRepresentation create = create();
            this.reg.auth(Auth.token(create));
            create.setResponseTypes(Arrays.asList("code", "tokenn"));
            this.reg.oidc().update(create);
            org.junit.Assert.fail("Not expected to end with success");
        } catch (ClientRegistrationException e) {
        }
    }

    @Test
    public void deleteClient() throws ClientRegistrationException {
        OIDCClientRepresentation create = create();
        this.reg.auth(Auth.token(create));
        this.reg.oidc().delete(create);
    }

    @Test
    public void testSignaturesRequired() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            oIDCClientRepresentation = createRep();
            oIDCClientRepresentation.setUserinfoSignedResponseAlg(Algorithm.ES256.toString());
            oIDCClientRepresentation.setRequestObjectSigningAlg(Algorithm.ES256.toString());
            OIDCClientRepresentation create = this.reg.oidc().create(oIDCClientRepresentation);
            Assert.assertEquals(Algorithm.ES256.toString(), create.getUserinfoSignedResponseAlg());
            Assert.assertEquals(Algorithm.ES256.toString(), create.getRequestObjectSigningAlg());
            Assert.assertNotNull(create.getClientSecret());
            OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId()));
            Assert.assertEquals(fromClientRepresentation.getUserInfoSignedResponseAlg(), Algorithm.ES256);
            Assert.assertEquals(fromClientRepresentation.getRequestObjectSignatureAlg(), Algorithm.ES256);
            oIDCClientRepresentation.setUserinfoSignedResponseAlg(Algorithm.PS256.toString());
            oIDCClientRepresentation.setRequestObjectSigningAlg(Algorithm.PS256.toString());
            OIDCClientRepresentation create2 = this.reg.oidc().create(oIDCClientRepresentation);
            Assert.assertEquals(Algorithm.PS256.toString(), create2.getUserinfoSignedResponseAlg());
            Assert.assertEquals(Algorithm.PS256.toString(), create2.getRequestObjectSigningAlg());
            OIDCAdvancedConfigWrapper fromClientRepresentation2 = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create2.getClientId()));
            Assert.assertEquals(fromClientRepresentation2.getUserInfoSignedResponseAlg(), Algorithm.PS256);
            Assert.assertEquals(fromClientRepresentation2.getRequestObjectSignatureAlg(), Algorithm.PS256);
            oIDCClientRepresentation.setUserinfoSignedResponseAlg(Algorithm.RS256.toString());
            oIDCClientRepresentation.setRequestObjectSigningAlg(Algorithm.RS256.toString());
            this.reg.oidc().create(oIDCClientRepresentation);
        } catch (Throwable th) {
            oIDCClientRepresentation.setUserinfoSignedResponseAlg(Algorithm.RS256.toString());
            oIDCClientRepresentation.setRequestObjectSigningAlg(Algorithm.RS256.toString());
            this.reg.oidc().create(oIDCClientRepresentation);
            throw th;
        }
    }

    @Test
    public void createClientImplicitFlow() throws ClientRegistrationException {
        OIDCClientRepresentation createRep = createRep();
        createRep.setResponseTypes(Arrays.asList("id_token token"));
        ClientRepresentation keycloakClient = getKeycloakClient(this.reg.oidc().create(createRep).getClientId());
        Assert.assertFalse(keycloakClient.isPublicClient().booleanValue());
        Assert.assertNull(keycloakClient.getSecret());
    }

    @Test
    public void createPublicClient() throws ClientRegistrationException {
        OIDCClientRepresentation createRep = createRep();
        createRep.setTokenEndpointAuthMethod("none");
        OIDCClientRepresentation create = this.reg.oidc().create(createRep);
        Assert.assertEquals("none", create.getTokenEndpointAuthMethod());
        ClientRepresentation keycloakClient = getKeycloakClient(create.getClientId());
        Assert.assertTrue(keycloakClient.isPublicClient().booleanValue());
        Assert.assertNull(keycloakClient.getSecret());
    }

    @Test
    public void testMtlsHoKTokenEnabled() throws Exception {
        OIDCClientRepresentation create = this.reg.oidc().create(createRep());
        Assert.assertEquals(Boolean.FALSE, create.getTlsClientCertificateBoundAccessTokens());
        Assert.assertNotNull(create.getClientSecret());
        org.junit.Assert.assertTrue(!OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId())).isUseMtlsHokToken());
        this.reg.auth(Auth.token(create));
        create.setTlsClientCertificateBoundAccessTokens(Boolean.TRUE);
        OIDCClientRepresentation update = this.reg.oidc().update(create);
        org.junit.Assert.assertTrue(update.getTlsClientCertificateBoundAccessTokens().booleanValue());
        org.junit.Assert.assertTrue(OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(update.getClientId())).isUseMtlsHokToken());
        this.reg.auth(Auth.token(update));
        update.setTlsClientCertificateBoundAccessTokens(Boolean.FALSE);
        OIDCClientRepresentation update2 = this.reg.oidc().update(update);
        org.junit.Assert.assertTrue(!update2.getTlsClientCertificateBoundAccessTokens().booleanValue());
        org.junit.Assert.assertTrue(!OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(update2.getClientId())).isUseMtlsHokToken());
    }

    @Test
    public void testIdTokenEncryptedResponse() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            OIDCClientRepresentation create = this.reg.oidc().create(createRep());
            Assert.assertEquals(Boolean.FALSE, create.getTlsClientCertificateBoundAccessTokens());
            Assert.assertNotNull(create.getClientSecret());
            OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId()));
            Assert.assertNull(fromClientRepresentation.getIdTokenEncryptedResponseAlg());
            Assert.assertNull(fromClientRepresentation.getIdTokenEncryptedResponseEnc());
            this.reg.auth(Auth.token(create));
            create.setIdTokenEncryptedResponseAlg("RSA1_5");
            create.setIdTokenEncryptedResponseEnc("A128CBC-HS256");
            oIDCClientRepresentation = this.reg.oidc().update(create);
            Assert.assertEquals("RSA1_5", oIDCClientRepresentation.getIdTokenEncryptedResponseAlg());
            Assert.assertEquals("A128CBC-HS256", oIDCClientRepresentation.getIdTokenEncryptedResponseEnc());
            OIDCAdvancedConfigWrapper fromClientRepresentation2 = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(oIDCClientRepresentation.getClientId()));
            Assert.assertEquals("RSA1_5", fromClientRepresentation2.getIdTokenEncryptedResponseAlg());
            Assert.assertEquals("A128CBC-HS256", fromClientRepresentation2.getIdTokenEncryptedResponseEnc());
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setIdTokenEncryptedResponseAlg((String) null);
            oIDCClientRepresentation.setIdTokenEncryptedResponseEnc((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
        } catch (Throwable th) {
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setIdTokenEncryptedResponseAlg((String) null);
            oIDCClientRepresentation.setIdTokenEncryptedResponseEnc((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
            throw th;
        }
    }

    @Test
    public void testTokenEndpointSigningAlg() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            OIDCClientRepresentation createRep = createRep();
            createRep.setTokenEndpointAuthSigningAlg(Algorithm.ES256.toString());
            OIDCClientRepresentation create = this.reg.oidc().create(createRep);
            Assert.assertEquals(Algorithm.ES256.toString(), create.getTokenEndpointAuthSigningAlg());
            Assert.assertEquals(Algorithm.ES256.toString(), OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId())).getTokenEndpointAuthSigningAlg());
            this.reg.auth(Auth.token(create));
            create.setTokenEndpointAuthSigningAlg((String) null);
            oIDCClientRepresentation = this.reg.oidc().update(create);
            Assert.assertEquals(null, create.getTokenEndpointAuthSigningAlg());
            Assert.assertEquals(null, OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(oIDCClientRepresentation.getClientId())).getTokenEndpointAuthSigningAlg());
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setTokenEndpointAuthSigningAlg((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
        } catch (Throwable th) {
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setTokenEndpointAuthSigningAlg((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
            throw th;
        }
    }

    @Test
    public void testAuthorizationResponseSigningAlg() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            OIDCClientRepresentation createRep = createRep();
            createRep.setAuthorizationSignedResponseAlg(Algorithm.PS256.toString());
            OIDCClientRepresentation create = this.reg.oidc().create(createRep);
            Assert.assertEquals(Algorithm.PS256.toString(), create.getAuthorizationSignedResponseAlg());
            Assert.assertEquals(Algorithm.PS256.toString(), OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId())).getAuthorizationSignedResponseAlg());
            this.reg.auth(Auth.token(create));
            create.setAuthorizationSignedResponseAlg((String) null);
            oIDCClientRepresentation = this.reg.oidc().update(create);
            Assert.assertEquals(null, create.getAuthorizationSignedResponseAlg());
            Assert.assertEquals(null, OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(oIDCClientRepresentation.getClientId())).getAuthorizationSignedResponseAlg());
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setAuthorizationSignedResponseAlg((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
        } catch (Throwable th) {
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setAuthorizationSignedResponseAlg((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
            throw th;
        }
    }

    @Test
    public void testAuthorizationEncryptedResponse() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            OIDCClientRepresentation createRep = createRep();
            createRep.setAuthorizationEncryptedResponseAlg("RSA1_5");
            createRep.setAuthorizationEncryptedResponseEnc("A128CBC-HS256");
            OIDCClientRepresentation create = this.reg.oidc().create(createRep);
            Assert.assertEquals("RSA1_5", create.getAuthorizationEncryptedResponseAlg());
            Assert.assertEquals("A128CBC-HS256", create.getAuthorizationEncryptedResponseEnc());
            OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId()));
            Assert.assertEquals("RSA1_5", fromClientRepresentation.getAuthorizationEncryptedResponseAlg());
            Assert.assertEquals("A128CBC-HS256", fromClientRepresentation.getAuthorizationEncryptedResponseEnc());
            this.reg.auth(Auth.token(create));
            create.setAuthorizationEncryptedResponseAlg((String) null);
            create.setAuthorizationEncryptedResponseEnc((String) null);
            oIDCClientRepresentation = this.reg.oidc().update(create);
            Assert.assertNull(oIDCClientRepresentation.getAuthorizationEncryptedResponseAlg());
            Assert.assertNull(oIDCClientRepresentation.getAuthorizationEncryptedResponseEnc());
            OIDCAdvancedConfigWrapper fromClientRepresentation2 = OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(oIDCClientRepresentation.getClientId()));
            Assert.assertNull(fromClientRepresentation2.getAuthorizationEncryptedResponseAlg());
            Assert.assertNull(fromClientRepresentation2.getAuthorizationEncryptedResponseEnc());
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setAuthorizationEncryptedResponseAlg((String) null);
            oIDCClientRepresentation.setAuthorizationEncryptedResponseEnc((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
        } catch (Throwable th) {
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setAuthorizationEncryptedResponseAlg((String) null);
            oIDCClientRepresentation.setAuthorizationEncryptedResponseEnc((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
            throw th;
        }
    }

    @Test
    public void testCIBASettings() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setBackchannelTokenDeliveryMode("poll");
        OIDCClientRepresentation create = this.reg.oidc().create(createRep);
        Assert.assertEquals("poll", create.getBackchannelTokenDeliveryMode());
        Assert.assertEquals("poll", getClient(create.getClientId()).getAttributes().get("ciba.backchannel.token.delivery.mode"));
        createRep.setBackchannelTokenDeliveryMode("ping");
        try {
            this.reg.oidc().create(createRep);
            org.junit.Assert.fail();
        } catch (ClientRegistrationException e) {
            org.junit.Assert.assertEquals(ERR_MSG_CLIENT_REG_FAIL, e.getMessage());
        }
        createRep.setBackchannelClientNotificationEndpoint("https://foo/bar");
        OIDCClientRepresentation create2 = this.reg.oidc().create(createRep);
        Assert.assertEquals("ping", create2.getBackchannelTokenDeliveryMode());
        Assert.assertEquals("https://foo/bar", create2.getBackchannelClientNotificationEndpoint());
        createRep.setBackchannelTokenDeliveryMode("push");
        try {
            this.reg.oidc().create(createRep);
            org.junit.Assert.fail();
        } catch (ClientRegistrationException e2) {
            org.junit.Assert.assertEquals(ERR_MSG_CLIENT_REG_FAIL, e2.getMessage());
        }
    }

    @Test
    public void testOIDCEndpointCreateWithSamlClient() throws Exception {
        ClientsResource clients = this.adminClient.realm("test").clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId("saml-client").get(0);
        String id = clients.get(clientRepresentation.getId()).getServiceAccountUser().getId();
        String id2 = ((ClientRepresentation) clients.findByClientId("realm-management").get(0)).getId();
        this.adminClient.realm("test").users().get(id).roles().clientLevel(id2).add(Arrays.asList(clients.get(id2).roles().get("create-client").toRepresentation()));
        this.reg.auth(Auth.token(this.oauth.clientId("saml-client").doClientCredentialsGrantAccessTokenRequest("secret").getAccessToken()));
        clientRepresentation.setProtocol("saml");
        clients.get(clientRepresentation.getId()).update(clientRepresentation);
        assertCreateFail(createRep(), 400, "invalid_client");
        clientRepresentation.setProtocol("openid-connect");
        clients.get(clientRepresentation.getId()).update(clientRepresentation);
    }

    @Test
    public void testOIDCEndpointGetWithSamlClient() throws Exception {
        OIDCClientRepresentation create = create();
        this.reg.auth(Auth.token(create));
        org.junit.Assert.assertNotNull(this.reg.oidc().get(create.getClientId()));
        ClientsResource clients = this.adminClient.realm("test").clients();
        ClientRepresentation clientRepresentation = (ClientRepresentation) clients.findByClientId(create.getClientId()).get(0);
        clientRepresentation.setProtocol("saml");
        clients.get(clientRepresentation.getId()).update(clientRepresentation);
        assertGetFail(clientRepresentation.getClientId(), 400, "invalid_client");
    }

    @Test
    public void testOIDCEndpointGetWithToken() throws Exception {
        OIDCClientRepresentation create = create();
        this.reg.auth(Auth.token(create));
        org.junit.Assert.assertNotNull(this.reg.oidc().get(create.getClientId()));
    }

    @Test
    public void testOIDCEndpointGetWithoutToken() throws Exception {
        assertGetFail(create().getClientId(), 401, null);
    }

    @Test
    public void testTlsClientAuthSubjectDn() throws Exception {
        OIDCClientRepresentation oIDCClientRepresentation = null;
        try {
            OIDCClientRepresentation createRep = createRep();
            createRep.setTokenEndpointAuthMethod("tls_client_auth");
            createRep.setTlsClientAuthSubjectDn("Ein");
            OIDCClientRepresentation create = this.reg.oidc().create(createRep);
            Assert.assertEquals("tls_client_auth", create.getTokenEndpointAuthMethod());
            Assert.assertEquals("Ein", create.getTlsClientAuthSubjectDn());
            ClientRepresentation client = getClient(create.getClientId());
            OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(client);
            Assert.assertEquals("client-x509", client.getClientAuthenticatorType());
            Assert.assertEquals("Ein", fromClientRepresentation.getTlsClientAuthSubjectDn());
            this.reg.auth(Auth.token(create));
            create.setTlsClientAuthSubjectDn("(.*?)(?:$)");
            oIDCClientRepresentation = this.reg.oidc().update(create);
            Assert.assertEquals("tls_client_auth", oIDCClientRepresentation.getTokenEndpointAuthMethod());
            Assert.assertEquals("(.*?)(?:$)", oIDCClientRepresentation.getTlsClientAuthSubjectDn());
            ClientRepresentation client2 = getClient(oIDCClientRepresentation.getClientId());
            OIDCAdvancedConfigWrapper fromClientRepresentation2 = OIDCAdvancedConfigWrapper.fromClientRepresentation(client2);
            Assert.assertEquals("client-x509", client2.getClientAuthenticatorType());
            Assert.assertEquals("(.*?)(?:$)", fromClientRepresentation2.getTlsClientAuthSubjectDn());
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setTokenEndpointAuthMethod((String) null);
            oIDCClientRepresentation.setTlsClientAuthSubjectDn((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
        } catch (Throwable th) {
            this.reg.auth(Auth.token(oIDCClientRepresentation));
            oIDCClientRepresentation.setTokenEndpointAuthMethod((String) null);
            oIDCClientRepresentation.setTlsClientAuthSubjectDn((String) null);
            this.reg.oidc().update(oIDCClientRepresentation);
            throw th;
        }
    }

    private ClientRepresentation getKeycloakClient(String str) {
        return ApiUtil.findClientByClientId(this.adminClient.realms().realm("test"), str).toRepresentation();
    }

    @Test
    public void testClientWithScope() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setScope("phone address");
        OIDCClientRepresentation create = this.reg.oidc().create(createRep);
        org.junit.Assert.assertTrue(new HashSet(Arrays.asList("phone address".split(" "))).equals(new HashSet(Arrays.asList(create.getScope().split(" ")))));
        org.junit.Assert.assertTrue(this.adminClient.realm("test").clients().get(create.getClientId()).toRepresentation().getDefaultClientScopes().isEmpty());
    }

    @Test
    public void testClientWithNotDefinedScope() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setScope("notdefinedscope address");
        try {
            this.reg.oidc().create(createRep);
            org.junit.Assert.fail("Expected 403");
        } catch (ClientRegistrationException e) {
            org.junit.Assert.assertEquals(403L, e.getCause().getStatusLine().getStatusCode());
        }
    }

    @Test
    public void testClientWithoutScope() throws ClientRegistrationException {
        HashSet hashSet = new HashSet((Collection) this.adminClient.realm("test").getDefaultOptionalClientScopes().stream().filter(clientScopeRepresentation -> {
            return Objects.equals(clientScopeRepresentation.getProtocol(), "openid-connect");
        }).map(clientScopeRepresentation2 -> {
            return clientScopeRepresentation2.getName();
        }).collect(Collectors.toList()));
        OIDCClientRepresentation create = this.reg.oidc().create(createRep());
        org.junit.Assert.assertTrue(hashSet.equals(new HashSet(new HashSet(Arrays.asList(create.getScope().split(" "))))));
        org.junit.Assert.assertTrue(new HashSet((Collection) this.adminClient.realm("test").getDefaultDefaultClientScopes().stream().filter(clientScopeRepresentation3 -> {
            return Objects.equals(clientScopeRepresentation3.getProtocol(), "openid-connect");
        }).map(clientScopeRepresentation4 -> {
            return clientScopeRepresentation4.getName();
        }).collect(Collectors.toList())).equals(new HashSet(new HashSet(this.adminClient.realm("test").clients().get(create.getClientId()).toRepresentation().getDefaultClientScopes()))));
    }

    @Test
    public void testRequestUris() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setRequestUris(Arrays.asList("http://host/foo", "https://host2/bar"));
        OIDCClientRepresentation create = this.reg.oidc().create(createRep);
        Assert.assertNames(create.getRequestUris(), "http://host/foo", "https://host2/bar");
        Assert.assertNames(OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId())).getRequestUris(), "http://host/foo", "https://host2/bar");
    }

    @Test
    public void testClientWithoutRefreshToken() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setGrantTypes(Arrays.asList("authorization_code"));
        Assert.assertFalse(OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(this.reg.oidc().create(createRep).getClientId())).isUseRefreshToken());
    }

    @Test
    public void testClientWithRefreshToken() throws Exception {
        OIDCClientRepresentation createRep = createRep();
        createRep.setGrantTypes(Arrays.asList("authorization_code", "refresh_token"));
        Assert.assertTrue(OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(this.reg.oidc().create(createRep).getClientId())).isUseRefreshToken());
    }

    @Test
    public void testClientWithoutGrantTypes() throws Exception {
        OIDCClientRepresentation create = create();
        org.junit.Assert.assertTrue(CollectionUtil.collectionEquals(Arrays.asList("authorization_code", "refresh_token"), create.getGrantTypes()));
        Assert.assertTrue(OIDCAdvancedConfigWrapper.fromClientRepresentation(getClient(create.getClientId())).isUseRefreshToken());
    }
}
