package org.keycloak.testsuite.broker;

import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.keycloak.models.IdentityProviderSyncMode;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.IdentityProviderRepresentation;
import org.keycloak.representations.idm.KeysMetadataRepresentation;
import org.keycloak.testsuite.util.KeyUtils;

/* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPrivateKeyJwtTest.class */
public class KcOidcBrokerPrivateKeyJwtTest extends AbstractBrokerTest {

    /* loaded from: input_file:org/keycloak/testsuite/broker/KcOidcBrokerPrivateKeyJwtTest$KcOidcBrokerConfigurationWithJWTAuthentication.class */
    private class KcOidcBrokerConfigurationWithJWTAuthentication extends KcOidcBrokerConfiguration {
        private KcOidcBrokerConfigurationWithJWTAuthentication() {
        }

        @Override // org.keycloak.testsuite.broker.KcOidcBrokerConfiguration, org.keycloak.testsuite.broker.BrokerConfiguration
        public List<ClientRepresentation> createProviderClients() {
            List<ClientRepresentation> createProviderClients = super.createProviderClients();
            KcOidcBrokerPrivateKeyJwtTest.this.log.info("Update provider clients to accept JWT authentication");
            KeysMetadataRepresentation.KeyMetadataRepresentation activeSigningKey = KeyUtils.getActiveSigningKey(KcOidcBrokerPrivateKeyJwtTest.this.adminClient.realm(consumerRealmName()).keys().getKeyMetadata(), "RS256");
            for (ClientRepresentation clientRepresentation : createProviderClients) {
                clientRepresentation.setClientAuthenticatorType("client-jwt");
                if (clientRepresentation.getAttributes() == null) {
                    clientRepresentation.setAttributes(new HashMap());
                }
                clientRepresentation.getAttributes().put("jwt.credential.certificate", activeSigningKey.getCertificate());
            }
            return createProviderClients;
        }

        @Override // org.keycloak.testsuite.broker.KcOidcBrokerConfiguration, org.keycloak.testsuite.broker.BrokerConfiguration
        public IdentityProviderRepresentation setUpIdentityProvider(IdentityProviderSyncMode identityProviderSyncMode) {
            IdentityProviderRepresentation createIdentityProvider = BrokerTestTools.createIdentityProvider("kc-oidc-idp", OidcBackchannelLogoutBrokerConfiguration.SUB_CONSUMER_IDP_OIDC_PROVIDER_ID);
            Map<String, String> config = createIdentityProvider.getConfig();
            applyDefaultConfiguration(config, identityProviderSyncMode);
            config.put("clientSecret", null);
            config.put("clientAuthMethod", "private_key_jwt");
            return createIdentityProvider;
        }
    }

    @Override // org.keycloak.testsuite.broker.AbstractBaseBrokerTest
    protected BrokerConfiguration getBrokerConfiguration() {
        return new KcOidcBrokerConfigurationWithJWTAuthentication();
    }
}
