package org.keycloak.testsuite.broker;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.admin.client.Keycloak;
import org.keycloak.common.util.MultivaluedHashMap;
import org.keycloak.keys.KeyProvider;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ComponentRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.testsuite.util.TokenSignatureUtil;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPrivateKeyJwtCustomSignAlgTest.class */
public class KcOidcBrokerPrivateKeyJwtCustomSignAlgTest extends AbstractBrokerTest {

    /* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPrivateKeyJwtCustomSignAlgTest$KcOidcBrokerConfigurationWithJWTAuthentication.class */
    private class KcOidcBrokerConfigurationWithJWTAuthentication extends KcOidcBrokerConfiguration {
        String signAlg;

        private KcOidcBrokerConfigurationWithJWTAuthentication() {
            this.signAlg = "ES256";
        }

        @Override // org.keycloak.testsuite.broker.KcOidcBrokerConfiguration, org.keycloak.testsuite.broker.BrokerConfiguration
        public List<ClientRepresentation> createProviderClients() {
            List<ClientRepresentation> createProviderClients = super.createProviderClients();
            KcOidcBrokerPrivateKeyJwtCustomSignAlgTest.this.log.info("Update provider clients to accept JWT authentication");
            for (ClientRepresentation clientRepresentation : createProviderClients) {
                clientRepresentation.setClientAuthenticatorType("client-jwt");
                if (clientRepresentation.getAttributes() == null) {
                    clientRepresentation.setAttributes(new HashMap());
                }
                clientRepresentation.getAttributes().put("token.endpoint.auth.signing.alg", this.signAlg);
                clientRepresentation.getAttributes().put("use.jwks.url", "true");
                clientRepresentation.getAttributes().put("jwks.url", BrokerTestTools.getConsumerRoot() + "/auth/realms/consumer/protocol/openid-connect/certs");
            }
            return createProviderClients;
        }

        @Override // org.keycloak.testsuite.broker.KcOidcBrokerConfiguration, org.keycloak.testsuite.broker.BrokerConfiguration
        public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode identityProviderSyncMode) {
            generateEcdsaKeyProvider("valid", this.signAlg, "consumer", KcOidcBrokerPrivateKeyJwtCustomSignAlgTest.this.adminClient);
            IdentityProviderRepresentation createIdentityProvider = BrokerTestTools.createIdentityProvider("kc-oidc-idp", OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID);
            Map<String, String> config = createIdentityProvider.getConfig();
            applyDefaultConfiguration(config, identityProviderSyncMode);
            config.put("clientSecret", null);
            config.put("clientAuthMethod", "private_key_jwt");
            config.put("clientAssertionSigningAlg", this.signAlg);
            return createIdentityProvider;
        }

        private void generateEcdsaKeyProvider(String str, String str2, String str3, Keycloak keycloak) {
            ComponentRepresentation createRep = createRep(str, keycloak.realm(str3).toRepresentation().getId(), "ecdsa-generated");
            createRep.getConfig().putSingle("priority", Long.toString(System.currentTimeMillis()));
            createRep.getConfig().putSingle("active", "true");
            createRep.getConfig().putSingle("enabled", "true");
            createRep.getConfig().putSingle("ecdsaEllipticCurveKey", TokenSignatureUtil.convertAlgorithmToECDomainParamNistRep(str2));
            keycloak.realm(str3).components().add(createRep).close();
        }

        protected ComponentRepresentation createRep(String str, String str2, String str3) {
            ComponentRepresentation componentRepresentation = new ComponentRepresentation();
            componentRepresentation.setName(str);
            componentRepresentation.setParentId(str2);
            componentRepresentation.setProviderId(str3);
            componentRepresentation.setProviderType(KeyProvider.class.getName());
            componentRepresentation.setConfig(new MultivaluedHashMap());
            return componentRepresentation;
        }
    }

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerConfigurationWithJWTAuthentication();
    }
}
