package org.keycloak.services.clientregistration.oidc;

import java.util.HashSet;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.utils.SubjectType;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.services.clientregistration.AbstractClientRegistrationContext;
import org.keycloak.services.clientregistration.ClientRegistrationProvider;
import org.keycloak.services.validation.PairwiseClientValidator;
import org.keycloak.services.validation.ValidationMessages;

/* loaded from: input_file:BOOT-INF/lib/keycloak-services-11.0.2.jar:org/keycloak/services/clientregistration/oidc/OIDCClientRegistrationContext.class */
public class OIDCClientRegistrationContext extends AbstractClientRegistrationContext {
    private final OIDCClientRepresentation oidcRep;

    public OIDCClientRegistrationContext(KeycloakSession keycloakSession, ClientRepresentation clientRepresentation, ClientRegistrationProvider clientRegistrationProvider, OIDCClientRepresentation oIDCClientRepresentation) {
        super(keycloakSession, clientRepresentation, clientRegistrationProvider);
        this.oidcRep = oIDCClientRepresentation;
    }

    @Override // org.keycloak.services.clientregistration.AbstractClientRegistrationContext, org.keycloak.services.clientregistration.ClientRegistrationContext
    public boolean validateClient(ValidationMessages validationMessages) {
        boolean validateClient = super.validateClient(validationMessages);
        String rootUrl = this.client.getRootUrl();
        HashSet hashSet = new HashSet();
        if (this.client.getRedirectUris() != null) {
            hashSet.addAll(this.client.getRedirectUris());
        }
        SubjectType parse = SubjectType.parse(this.oidcRep.getSubjectType());
        String sectorIdentifierUri = this.oidcRep.getSectorIdentifierUri();
        if (SubjectType.PAIRWISE == parse || (sectorIdentifierUri != null && !sectorIdentifierUri.isEmpty())) {
            validateClient = validateClient && PairwiseClientValidator.validate(this.session, rootUrl, hashSet, this.oidcRep.getSectorIdentifierUri(), validationMessages);
        }
        return validateClient;
    }
}
