package org.keycloak.testsuite.broker;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.idm.RealmRepresentation;
import org.keycloak.testsuite.oauth.BackchannelLogoutTest;

/* loaded from: input_file:org/keycloak/testsuite/broker/OidcBackchannelLogoutBrokerConfiguration.class */
public class OidcBackchannelLogoutBrokerConfiguration implements NestedBrokerConfiguration {
    public static final OidcBackchannelLogoutBrokerConfiguration INSTANCE = new OidcBackchannelLogoutBrokerConfiguration();
    protected static final String ATTRIBUTE_TO_MAP_NAME = "user-attribute";
    protected static final String ATTRIBUTE_TO_MAP_NAME_2 = "user-attribute-2";
    public static final String USER_INFO_CLAIM = "user-claim";
    public static final String HARDOCDED_CLAIM = "test";
    public static final String HARDOCDED_VALUE = "value";
    public static final String REALM_SUB_CONS_NAME = "subconsumer";
    public static final String CONSUMER_CLIENT_ID = "consumer-brokerapp";
    public static final String CONSUMER_CLIENT_SECRET = "consumer-secret";
    public static final String SUB_CONSUMER_IDP_OIDC_ALIAS = "consumer-kc-oidc-idp";
    public static final String SUB_CONSUMER_IDP_OIDC_PROVIDER_ID = "keycloak-oidc";

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public RealmRepresentation createProviderRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm("provider");
        realmRepresentation.setEnabled(true);
        realmRepresentation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        realmRepresentation.setEventsEnabled(true);
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public RealmRepresentation createConsumerRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm("consumer");
        realmRepresentation.setEnabled(true);
        realmRepresentation.setResetPasswordAllowed(true);
        realmRepresentation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        realmRepresentation.setEventsEnabled(true);
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public List<ClientRepresentation> createProviderClients() {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(getIDPClientIdInProviderRealm());
        clientRepresentation.setName(BackchannelLogoutTest.BROKER_CLIENT_ID);
        clientRepresentation.setSecret("secret");
        clientRepresentation.setEnabled(true);
        OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation);
        fromClientRepresentation.setBackchannelLogoutSessionRequired(true);
        fromClientRepresentation.setBackchannelLogoutRevokeOfflineTokens(false);
        fromClientRepresentation.setBackchannelLogoutUrl(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/logout/backchannel-logout");
        clientRepresentation.setRedirectUris(Collections.singletonList(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-oidc-idp/endpoint/*"));
        clientRepresentation.setAdminUrl(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/broker/kc-oidc-idp/endpoint");
        ProtocolMapperRepresentation protocolMapperRepresentation = new ProtocolMapperRepresentation();
        protocolMapperRepresentation.setName("email");
        protocolMapperRepresentation.setProtocol("openid-connect");
        protocolMapperRepresentation.setProtocolMapper("oidc-usermodel-property-mapper");
        Map config = protocolMapperRepresentation.getConfig();
        config.put("user.attribute", "email");
        config.put("claim.name", "email");
        config.put("jsonType.label", "String");
        config.put("access.token.claim", "true");
        config.put("id.token.claim", "true");
        config.put("userinfo.token.claim", "true");
        ProtocolMapperRepresentation protocolMapperRepresentation2 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation2.setName("attribute - nested claim");
        protocolMapperRepresentation2.setProtocol("openid-connect");
        protocolMapperRepresentation2.setProtocolMapper("oidc-usermodel-attribute-mapper");
        Map config2 = protocolMapperRepresentation2.getConfig();
        config2.put("user.attribute", "nested.email");
        config2.put("claim.name", "nested.email");
        config2.put("jsonType.label", "String");
        config2.put("access.token.claim", "true");
        config2.put("id.token.claim", "true");
        config2.put("userinfo.token.claim", "true");
        ProtocolMapperRepresentation protocolMapperRepresentation3 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation3.setName("attribute - claim with dot in name");
        protocolMapperRepresentation3.setProtocol("openid-connect");
        protocolMapperRepresentation3.setProtocolMapper("oidc-usermodel-attribute-mapper");
        Map config3 = protocolMapperRepresentation3.getConfig();
        config3.put("user.attribute", "dotted.email");
        config3.put("claim.name", "dotted\\.email");
        config3.put("jsonType.label", "String");
        config3.put("access.token.claim", "true");
        config3.put("id.token.claim", "true");
        config3.put("userinfo.token.claim", "true");
        ProtocolMapperRepresentation protocolMapperRepresentation4 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation4.setName("attribute - name");
        protocolMapperRepresentation4.setProtocol("openid-connect");
        protocolMapperRepresentation4.setProtocolMapper("oidc-usermodel-attribute-mapper");
        Map config4 = protocolMapperRepresentation4.getConfig();
        config4.put("user.attribute", "user-attribute");
        config4.put("claim.name", "user-attribute");
        config4.put("jsonType.label", "String");
        config4.put("access.token.claim", "true");
        config4.put("id.token.claim", "true");
        config4.put("userinfo.token.claim", "true");
        config4.put("multivalued", "true");
        ProtocolMapperRepresentation protocolMapperRepresentation5 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation5.setName("attribute - name - 2");
        protocolMapperRepresentation5.setProtocol("openid-connect");
        protocolMapperRepresentation5.setProtocolMapper("oidc-usermodel-attribute-mapper");
        Map config5 = protocolMapperRepresentation5.getConfig();
        config5.put("user.attribute", ATTRIBUTE_TO_MAP_NAME_2);
        config5.put("claim.name", ATTRIBUTE_TO_MAP_NAME_2);
        config5.put("jsonType.label", "String");
        config5.put("access.token.claim", "true");
        config5.put("id.token.claim", "true");
        config5.put("userinfo.token.claim", "true");
        config5.put("multivalued", "true");
        ProtocolMapperRepresentation protocolMapperRepresentation6 = new ProtocolMapperRepresentation();
        protocolMapperRepresentation6.setName("json-mapper");
        protocolMapperRepresentation6.setProtocol("openid-connect");
        protocolMapperRepresentation6.setProtocolMapper("oidc-hardcoded-claim-mapper");
        Map config6 = protocolMapperRepresentation6.getConfig();
        config6.put("claim.name", "user-claim");
        config6.put("jsonType.label", "JSON");
        config6.put("id.token.claim", "true");
        config6.put("claim.value", "{\"test\": \"value\"}");
        clientRepresentation.setProtocolMappers(Arrays.asList(protocolMapperRepresentation, protocolMapperRepresentation4, protocolMapperRepresentation5, protocolMapperRepresentation2, protocolMapperRepresentation3, protocolMapperRepresentation6));
        return Collections.singletonList(clientRepresentation);
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public List<ClientRepresentation> createConsumerClients() {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(CONSUMER_CLIENT_ID);
        clientRepresentation.setName(CONSUMER_CLIENT_ID);
        clientRepresentation.setSecret(CONSUMER_CLIENT_SECRET);
        clientRepresentation.setEnabled(true);
        clientRepresentation.setDirectAccessGrantsEnabled(true);
        clientRepresentation.setRedirectUris(Collections.singletonList(BrokerTestTools.getConsumerRoot() + "/auth/realms/" + REALM_SUB_CONS_NAME + "/broker/" + SUB_CONSUMER_IDP_OIDC_ALIAS + "/endpoint/*"));
        clientRepresentation.setBaseUrl(BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/app");
        OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation);
        fromClientRepresentation.setBackchannelLogoutSessionRequired(true);
        fromClientRepresentation.setBackchannelLogoutRevokeOfflineTokens(false);
        fromClientRepresentation.setBackchannelLogoutUrl(BrokerTestTools.getConsumerRoot() + "/auth/realms/" + REALM_SUB_CONS_NAME + "/protocol/openid-connect/logout/backchannel-logout");
        return Collections.singletonList(clientRepresentation);
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode identityProviderSyncMode) {
        IdentityProviderRepresentation createIdentityProvider = BrokerTestTools.createIdentityProvider("kc-oidc-idp", SUB_CONSUMER_IDP_OIDC_PROVIDER_ID);
        applyDefaultConfiguration(createIdentityProvider.getConfig(), identityProviderSyncMode);
        return createIdentityProvider;
    }

    protected void applyDefaultConfiguration(Map<String, String> map, IdentityProviderSyncMode identityProviderSyncMode) {
        map.put("syncMode", identityProviderSyncMode.toString());
        map.put("clientId", BackchannelLogoutTest.BROKER_CLIENT_ID);
        map.put("clientSecret", "secret");
        map.put("prompt", "login");
        map.put("issuer", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider");
        map.put("authorizationUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider/protocol/openid-connect/auth");
        map.put("tokenUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider/protocol/openid-connect/token");
        map.put("logoutUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider/protocol/openid-connect/logout");
        map.put("userInfoUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider/protocol/openid-connect/userinfo");
        map.put("defaultScope", "email profile");
        map.put("backchannelSupported", "true");
        map.put("jwksUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/provider/protocol/openid-connect/certs");
        map.put("useJwksUrl", "true");
        map.put("validateSignature", "true");
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserLogin() {
        return "testuser";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getIDPClientIdInProviderRealm() {
        return BackchannelLogoutTest.BROKER_CLIENT_ID;
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserPassword() {
        return "password";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getUserEmail() {
        return "user@localhost.com";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String providerRealmName() {
        return "provider";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String consumerRealmName() {
        return "consumer";
    }

    @Override // org.keycloak.testsuite.broker.BrokerConfiguration
    public String getIDPAlias() {
        return "kc-oidc-idp";
    }

    @Override // org.keycloak.testsuite.broker.NestedBrokerConfiguration
    public RealmRepresentation createSubConsumerRealm() {
        RealmRepresentation realmRepresentation = new RealmRepresentation();
        realmRepresentation.setRealm(REALM_SUB_CONS_NAME);
        realmRepresentation.setEnabled(true);
        realmRepresentation.setResetPasswordAllowed(true);
        realmRepresentation.setEventsListeners(Arrays.asList("jboss-logging", "event-queue"));
        realmRepresentation.setEventsEnabled(true);
        return realmRepresentation;
    }

    @Override // org.keycloak.testsuite.broker.NestedBrokerConfiguration
    public String subConsumerRealmName() {
        return REALM_SUB_CONS_NAME;
    }

    @Override // org.keycloak.testsuite.broker.NestedBrokerConfiguration
    public IdentityProviderRepresentation setUpConsumerIdentityProvider() {
        IdentityProviderRepresentation createIdentityProvider = BrokerTestTools.createIdentityProvider(SUB_CONSUMER_IDP_OIDC_ALIAS, SUB_CONSUMER_IDP_OIDC_PROVIDER_ID);
        Map config = createIdentityProvider.getConfig();
        config.put("syncMode", IdentityProviderSyncMode.IMPORT.toString());
        config.put("clientId", CONSUMER_CLIENT_ID);
        config.put("clientSecret", CONSUMER_CLIENT_SECRET);
        config.put("prompt", "login");
        config.put("issuer", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer");
        config.put("authorizationUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/auth");
        config.put("tokenUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/token");
        config.put("logoutUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/logout");
        config.put("userInfoUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/userinfo");
        config.put("defaultScope", "email profile");
        config.put("backchannelSupported", "true");
        config.put("jwksUrl", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/certs");
        config.put("useJwksUrl", "true");
        config.put("validateSignature", "true");
        return createIdentityProvider;
    }

    @Override // org.keycloak.testsuite.broker.NestedBrokerConfiguration
    public String getSubConsumerIDPDisplayName() {
        return SUB_CONSUMER_IDP_OIDC_ALIAS;
    }
}
