package org.keycloak.services.clientregistration.oidc;

import com.google.common.collect.Streams;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.keycloak.authentication.ClientAuthenticator;
import org.keycloak.authentication.ClientAuthenticatorFactory;
import org.keycloak.authentication.authenticators.client.ClientIdAndSecretAuthenticator;
import org.keycloak.authentication.authenticators.client.JWTClientAuthenticator;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.jose.jwk.JSONWebKeySet;
import org.keycloak.jose.jwk.JWK;
import org.keycloak.jose.jwk.JWKParser;
import org.keycloak.jose.jws.Algorithm;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCAdvancedConfigWrapper;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.mappers.PairwiseSubMapperHelper;
import org.keycloak.protocol.oidc.utils.AuthorizeClientUtil;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.protocol.oidc.utils.PairwiseSubMapperUtils;
import org.keycloak.protocol.oidc.utils.SubjectType;
import org.keycloak.provider.Provider;
import org.keycloak.representations.idm.CertificateRepresentation;
import org.keycloak.representations.idm.ClientRepresentation;
import org.keycloak.representations.idm.ProtocolMapperRepresentation;
import org.keycloak.representations.oidc.OIDCClientRepresentation;
import org.keycloak.services.clientregistration.ClientRegistrationException;
import org.keycloak.services.util.CertificateInfoHelper;
import org.keycloak.util.JWKSUtils;
import org.keycloak.util.JsonSerialization;
import org.keycloak.utils.StringUtil;

/* loaded from: input_file:org/keycloak/services/clientregistration/oidc/DescriptionConverter.class */
public class DescriptionConverter {
    public static ClientRepresentation toInternal(KeycloakSession keycloakSession, OIDCClientRepresentation oIDCClientRepresentation) throws ClientRegistrationException {
        ClientRepresentation clientRepresentation = new ClientRepresentation();
        clientRepresentation.setClientId(oIDCClientRepresentation.getClientId());
        clientRepresentation.setName(oIDCClientRepresentation.getClientName());
        clientRepresentation.setRedirectUris(oIDCClientRepresentation.getRedirectUris());
        clientRepresentation.setBaseUrl(oIDCClientRepresentation.getClientUri());
        clientRepresentation.setProtocol("openid-connect");
        String scope = oIDCClientRepresentation.getScope();
        if (scope != null) {
            clientRepresentation.setOptionalClientScopes(new ArrayList(Arrays.asList(scope.split(" "))));
        }
        List responseTypes = oIDCClientRepresentation.getResponseTypes();
        if (responseTypes == null || responseTypes.isEmpty()) {
            responseTypes = Collections.singletonList("code");
        }
        List grantTypes = oIDCClientRepresentation.getGrantTypes();
        try {
            OIDCResponseType parse = OIDCResponseType.parse((List<String>) responseTypes);
            clientRepresentation.setStandardFlowEnabled(Boolean.valueOf(parse.hasResponseType("code")));
            clientRepresentation.setImplicitFlowEnabled(Boolean.valueOf(parse.isImplicitOrHybridFlow()));
            if (grantTypes != null) {
                clientRepresentation.setDirectAccessGrantsEnabled(Boolean.valueOf(grantTypes.contains("password")));
                clientRepresentation.setServiceAccountsEnabled(Boolean.valueOf(grantTypes.contains("client_credentials")));
                setOidcCibaGrantEnabled(clientRepresentation, Boolean.valueOf(grantTypes.contains("urn:openid:params:grant-type:ciba")));
            }
            String tokenEndpointAuthMethod = oIDCClientRepresentation.getTokenEndpointAuthMethod();
            clientRepresentation.setPublicClient(Boolean.FALSE);
            if ("none".equals(tokenEndpointAuthMethod)) {
                clientRepresentation.setClientAuthenticatorType("none");
                clientRepresentation.setPublicClient(Boolean.TRUE);
            } else {
                ClientAuthenticatorFactory findClientAuthenticatorForOIDCAuthMethod = tokenEndpointAuthMethod == null ? (ClientAuthenticatorFactory) keycloakSession.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, KeycloakModelUtils.getDefaultClientAuthenticatorType()) : AuthorizeClientUtil.findClientAuthenticatorForOIDCAuthMethod(keycloakSession, tokenEndpointAuthMethod);
                if (findClientAuthenticatorForOIDCAuthMethod == null) {
                    throw new ClientRegistrationException("Not found clientAuthenticator for requested token_endpoint_auth_method");
                }
                clientRepresentation.setClientAuthenticatorType(findClientAuthenticatorForOIDCAuthMethod.getId());
            }
            boolean publicKey = setPublicKey(oIDCClientRepresentation, clientRepresentation);
            if (tokenEndpointAuthMethod != null && tokenEndpointAuthMethod.equals(OIDCLoginProtocol.PRIVATE_KEY_JWT) && !publicKey) {
                throw new ClientRegistrationException("Didn't find key of supported keyType for use " + JWK.Use.SIG.asString());
            }
            OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation);
            if (oIDCClientRepresentation.getUserinfoSignedResponseAlg() != null) {
                fromClientRepresentation.setUserInfoSignedResponseAlg((Algorithm) Enum.valueOf(Algorithm.class, oIDCClientRepresentation.getUserinfoSignedResponseAlg()));
            }
            if (oIDCClientRepresentation.getRequestObjectSigningAlg() != null) {
                fromClientRepresentation.setRequestObjectSignatureAlg((Algorithm) Enum.valueOf(Algorithm.class, oIDCClientRepresentation.getRequestObjectSigningAlg()));
            }
            Boolean tlsClientCertificateBoundAccessTokens = oIDCClientRepresentation.getTlsClientCertificateBoundAccessTokens();
            if (tlsClientCertificateBoundAccessTokens != null) {
                if (tlsClientCertificateBoundAccessTokens.booleanValue()) {
                    fromClientRepresentation.setUseMtlsHoKToken(true);
                } else {
                    fromClientRepresentation.setUseMtlsHoKToken(false);
                }
            }
            if (oIDCClientRepresentation.getTlsClientAuthSubjectDn() != null) {
                fromClientRepresentation.setTlsClientAuthSubjectDn(oIDCClientRepresentation.getTlsClientAuthSubjectDn());
                fromClientRepresentation.setAllowRegexPatternComparison(false);
            }
            if (oIDCClientRepresentation.getIdTokenSignedResponseAlg() != null) {
                fromClientRepresentation.setIdTokenSignedResponseAlg(oIDCClientRepresentation.getIdTokenSignedResponseAlg());
            }
            if (oIDCClientRepresentation.getIdTokenEncryptedResponseAlg() != null) {
                fromClientRepresentation.setIdTokenEncryptedResponseAlg(oIDCClientRepresentation.getIdTokenEncryptedResponseAlg());
            }
            if (oIDCClientRepresentation.getIdTokenEncryptedResponseEnc() != null) {
                fromClientRepresentation.setIdTokenEncryptedResponseEnc(oIDCClientRepresentation.getIdTokenEncryptedResponseEnc());
            }
            fromClientRepresentation.setAuthorizationSignedResponseAlg(oIDCClientRepresentation.getAuthorizationSignedResponseAlg());
            fromClientRepresentation.setAuthorizationEncryptedResponseAlg(oIDCClientRepresentation.getAuthorizationEncryptedResponseAlg());
            fromClientRepresentation.setAuthorizationEncryptedResponseEnc(oIDCClientRepresentation.getAuthorizationEncryptedResponseEnc());
            if (oIDCClientRepresentation.getRequestUris() != null) {
                fromClientRepresentation.setRequestUris(oIDCClientRepresentation.getRequestUris());
            }
            fromClientRepresentation.setTokenEndpointAuthSigningAlg(oIDCClientRepresentation.getTokenEndpointAuthSigningAlg());
            fromClientRepresentation.setBackchannelLogoutUrl(oIDCClientRepresentation.getBackchannelLogoutUri());
            if (oIDCClientRepresentation.getBackchannelLogoutSessionRequired() == null) {
                fromClientRepresentation.setBackchannelLogoutSessionRequired(true);
            } else {
                fromClientRepresentation.setBackchannelLogoutSessionRequired(oIDCClientRepresentation.getBackchannelLogoutSessionRequired().booleanValue());
            }
            if (oIDCClientRepresentation.getBackchannelLogoutRevokeOfflineTokens() == null) {
                fromClientRepresentation.setBackchannelLogoutRevokeOfflineTokens(false);
            } else {
                fromClientRepresentation.setBackchannelLogoutRevokeOfflineTokens(oIDCClientRepresentation.getBackchannelLogoutRevokeOfflineTokens().booleanValue());
            }
            if (oIDCClientRepresentation.getLogoUri() != null) {
                fromClientRepresentation.setLogoUri(oIDCClientRepresentation.getLogoUri());
            }
            if (oIDCClientRepresentation.getPolicyUri() != null) {
                fromClientRepresentation.setPolicyUri(oIDCClientRepresentation.getPolicyUri());
            }
            if (oIDCClientRepresentation.getTosUri() != null) {
                fromClientRepresentation.setTosUri(oIDCClientRepresentation.getTosUri());
            }
            String backchannelTokenDeliveryMode = oIDCClientRepresentation.getBackchannelTokenDeliveryMode();
            if (backchannelTokenDeliveryMode != null) {
                Map map = (Map) Optional.ofNullable(clientRepresentation.getAttributes()).orElse(new HashMap());
                map.put("ciba.backchannel.token.delivery.mode", backchannelTokenDeliveryMode);
                clientRepresentation.setAttributes(map);
            }
            String backchannelClientNotificationEndpoint = oIDCClientRepresentation.getBackchannelClientNotificationEndpoint();
            if (backchannelClientNotificationEndpoint != null) {
                Map map2 = (Map) Optional.ofNullable(clientRepresentation.getAttributes()).orElse(new HashMap());
                map2.put("ciba.backchannel.client.notification.endpoint", backchannelClientNotificationEndpoint);
                clientRepresentation.setAttributes(map2);
            }
            String backchannelAuthenticationRequestSigningAlg = oIDCClientRepresentation.getBackchannelAuthenticationRequestSigningAlg();
            if (backchannelAuthenticationRequestSigningAlg != null) {
                Map map3 = (Map) Optional.ofNullable(clientRepresentation.getAttributes()).orElse(new HashMap());
                map3.put("ciba.backchannel.auth.request.signing.alg", backchannelAuthenticationRequestSigningAlg);
                clientRepresentation.setAttributes(map3);
            }
            Boolean requirePushedAuthorizationRequests = oIDCClientRepresentation.getRequirePushedAuthorizationRequests();
            if (requirePushedAuthorizationRequests != null) {
                Map map4 = (Map) Optional.ofNullable(clientRepresentation.getAttributes()).orElse(new HashMap());
                map4.put("require.pushed.authorization.requests", requirePushedAuthorizationRequests.toString());
                clientRepresentation.setAttributes(map4);
            }
            fromClientRepresentation.setFrontChannelLogoutUrl((String) Optional.ofNullable(oIDCClientRepresentation.getFrontChannelLogoutUri()).orElse(null));
            return clientRepresentation;
        } catch (IllegalArgumentException e) {
            throw new ClientRegistrationException(e.getMessage(), e);
        }
    }

    private static void setOidcCibaGrantEnabled(ClientRepresentation clientRepresentation, Boolean bool) {
        if (bool == null) {
            return;
        }
        Map map = (Map) Optional.ofNullable(clientRepresentation.getAttributes()).orElse(new HashMap());
        map.put("oidc.ciba.grant.enabled", bool.toString());
        clientRepresentation.setAttributes(map);
    }

    private static List<String> getSupportedAlgorithms(KeycloakSession keycloakSession, Class<? extends Provider> cls, boolean z) {
        Stream map = keycloakSession.getKeycloakSessionFactory().getProviderFactoriesStream(cls).map((v0) -> {
            return v0.getId();
        });
        if (z) {
            map = Streams.concat(new Stream[]{map, Stream.of("none")});
        }
        return (List) map.collect(Collectors.toList());
    }

    private static boolean setPublicKey(OIDCClientRepresentation oIDCClientRepresentation, ClientRepresentation clientRepresentation) {
        OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation);
        if (oIDCClientRepresentation.getJwks() == null) {
            if (oIDCClientRepresentation.getJwksUri() == null) {
                return false;
            }
            fromClientRepresentation.setUseJwksUrl(true);
            fromClientRepresentation.setJwksUrl(oIDCClientRepresentation.getJwksUri());
            fromClientRepresentation.setUseJwksString(false);
            return true;
        }
        if (oIDCClientRepresentation.getJwksUri() != null) {
            throw new ClientRegistrationException("Illegal to use both jwks_uri and jwks");
        }
        JWK keyForUse = JWKSUtils.getKeyForUse(oIDCClientRepresentation.getJwks(), JWK.Use.SIG);
        try {
            fromClientRepresentation.setJwksString(JsonSerialization.writeValueAsPrettyString(oIDCClientRepresentation.getJwks()));
            fromClientRepresentation.setUseJwksString(true);
            fromClientRepresentation.setUseJwksUrl(false);
            if (keyForUse == null) {
                return false;
            }
            String pemFromKey = KeycloakModelUtils.getPemFromKey(JWKParser.create(keyForUse).toPublicKey());
            CertificateRepresentation certificateRepresentation = new CertificateRepresentation();
            certificateRepresentation.setPublicKey(pemFromKey);
            certificateRepresentation.setKid(keyForUse.getKeyId());
            CertificateInfoHelper.updateClientRepresentationCertificateInfo(clientRepresentation, certificateRepresentation, JWTClientAuthenticator.ATTR_PREFIX);
            return true;
        } catch (IOException e) {
            throw new ClientRegistrationException("Illegal jwks format");
        }
    }

    public static OIDCClientRepresentation toExternalResponse(KeycloakSession keycloakSession, ClientRepresentation clientRepresentation, URI uri) {
        OIDCClientRepresentation oIDCClientRepresentation = new OIDCClientRepresentation();
        oIDCClientRepresentation.setClientId(clientRepresentation.getClientId());
        if ("none".equals(clientRepresentation.getClientAuthenticatorType())) {
            oIDCClientRepresentation.setTokenEndpointAuthMethod("none");
        } else {
            Set protocolAuthenticatorMethods = keycloakSession.getKeycloakSessionFactory().getProviderFactory(ClientAuthenticator.class, clientRepresentation.getClientAuthenticatorType()).getProtocolAuthenticatorMethods("openid-connect");
            if (protocolAuthenticatorMethods != null && !protocolAuthenticatorMethods.isEmpty()) {
                oIDCClientRepresentation.setTokenEndpointAuthMethod((String) protocolAuthenticatorMethods.iterator().next());
            }
        }
        if (clientRepresentation.getClientAuthenticatorType().equals(ClientIdAndSecretAuthenticator.PROVIDER_ID)) {
            oIDCClientRepresentation.setClientSecret(clientRepresentation.getSecret());
            oIDCClientRepresentation.setClientSecretExpiresAt(0);
        }
        oIDCClientRepresentation.setClientName(clientRepresentation.getName());
        oIDCClientRepresentation.setClientUri(clientRepresentation.getBaseUrl());
        oIDCClientRepresentation.setRedirectUris(clientRepresentation.getRedirectUris());
        oIDCClientRepresentation.setRegistrationAccessToken(clientRepresentation.getRegistrationAccessToken());
        oIDCClientRepresentation.setRegistrationClientUri(uri.toString());
        oIDCClientRepresentation.setResponseTypes(getOIDCResponseTypes(clientRepresentation));
        oIDCClientRepresentation.setGrantTypes(getOIDCGrantTypes(clientRepresentation));
        List optionalClientScopes = clientRepresentation.getOptionalClientScopes();
        if (optionalClientScopes != null) {
            oIDCClientRepresentation.setScope((String) optionalClientScopes.stream().collect(Collectors.joining(" ")));
        }
        OIDCAdvancedConfigWrapper fromClientRepresentation = OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation);
        if (fromClientRepresentation.isUserInfoSignatureRequired()) {
            oIDCClientRepresentation.setUserinfoSignedResponseAlg(fromClientRepresentation.getUserInfoSignedResponseAlg().toString());
        }
        if (fromClientRepresentation.getRequestObjectSignatureAlg() != null) {
            oIDCClientRepresentation.setRequestObjectSigningAlg(fromClientRepresentation.getRequestObjectSignatureAlg().toString());
        }
        if (fromClientRepresentation.getRequestObjectEncryptionAlg() != null) {
            oIDCClientRepresentation.setRequestObjectEncryptionAlg(fromClientRepresentation.getRequestObjectEncryptionAlg());
        }
        if (fromClientRepresentation.getRequestObjectEncryptionEnc() != null) {
            oIDCClientRepresentation.setRequestObjectEncryptionEnc(fromClientRepresentation.getRequestObjectEncryptionEnc());
        }
        if (fromClientRepresentation.isUseJwksUrl()) {
            oIDCClientRepresentation.setJwksUri(fromClientRepresentation.getJwksUrl());
        }
        if (fromClientRepresentation.isUseJwksString()) {
            try {
                oIDCClientRepresentation.setJwks((JSONWebKeySet) JsonSerialization.readValue(fromClientRepresentation.getJwksString(), JSONWebKeySet.class));
            } catch (IOException e) {
                throw new ClientRegistrationException("Illegal jwks format");
            }
        }
        if (fromClientRepresentation.isUseMtlsHokToken()) {
            oIDCClientRepresentation.setTlsClientCertificateBoundAccessTokens(Boolean.TRUE);
        } else {
            oIDCClientRepresentation.setTlsClientCertificateBoundAccessTokens(Boolean.FALSE);
        }
        if (fromClientRepresentation.getTlsClientAuthSubjectDn() != null) {
            oIDCClientRepresentation.setTlsClientAuthSubjectDn(fromClientRepresentation.getTlsClientAuthSubjectDn());
        }
        if (fromClientRepresentation.getIdTokenSignedResponseAlg() != null) {
            oIDCClientRepresentation.setIdTokenSignedResponseAlg(fromClientRepresentation.getIdTokenSignedResponseAlg());
        }
        if (fromClientRepresentation.getIdTokenEncryptedResponseAlg() != null) {
            oIDCClientRepresentation.setIdTokenEncryptedResponseAlg(fromClientRepresentation.getIdTokenEncryptedResponseAlg());
        }
        if (fromClientRepresentation.getIdTokenEncryptedResponseEnc() != null) {
            oIDCClientRepresentation.setIdTokenEncryptedResponseEnc(fromClientRepresentation.getIdTokenEncryptedResponseEnc());
        }
        if (fromClientRepresentation.getAuthorizationSignedResponseAlg() != null) {
            oIDCClientRepresentation.setAuthorizationSignedResponseAlg(fromClientRepresentation.getAuthorizationSignedResponseAlg());
        }
        if (fromClientRepresentation.getAuthorizationEncryptedResponseAlg() != null) {
            oIDCClientRepresentation.setAuthorizationEncryptedResponseAlg(fromClientRepresentation.getAuthorizationEncryptedResponseAlg());
        }
        if (fromClientRepresentation.getAuthorizationEncryptedResponseEnc() != null) {
            oIDCClientRepresentation.setAuthorizationEncryptedResponseEnc(fromClientRepresentation.getAuthorizationEncryptedResponseEnc());
        }
        if (fromClientRepresentation.getRequestUris() != null) {
            oIDCClientRepresentation.setRequestUris(fromClientRepresentation.getRequestUris());
        }
        if (fromClientRepresentation.getTokenEndpointAuthSigningAlg() != null) {
            oIDCClientRepresentation.setTokenEndpointAuthSigningAlg(fromClientRepresentation.getTokenEndpointAuthSigningAlg());
        }
        oIDCClientRepresentation.setBackchannelLogoutUri(fromClientRepresentation.getBackchannelLogoutUrl());
        oIDCClientRepresentation.setBackchannelLogoutSessionRequired(Boolean.valueOf(fromClientRepresentation.isBackchannelLogoutSessionRequired()));
        oIDCClientRepresentation.setBackchannelLogoutSessionRequired(Boolean.valueOf(fromClientRepresentation.getBackchannelLogoutRevokeOfflineTokens()));
        if (clientRepresentation.getAttributes() != null) {
            String str = (String) clientRepresentation.getAttributes().get("ciba.backchannel.token.delivery.mode");
            if (StringUtil.isNotBlank(str)) {
                oIDCClientRepresentation.setBackchannelTokenDeliveryMode(str);
            }
            String str2 = (String) clientRepresentation.getAttributes().get("ciba.backchannel.client.notification.endpoint");
            if (StringUtil.isNotBlank(str2)) {
                oIDCClientRepresentation.setBackchannelClientNotificationEndpoint(str2);
            }
            String str3 = (String) clientRepresentation.getAttributes().get("ciba.backchannel.auth.request.signing.alg");
            if (StringUtil.isNotBlank(str3)) {
                oIDCClientRepresentation.setBackchannelAuthenticationRequestSigningAlg(str3);
            }
            oIDCClientRepresentation.setRequirePushedAuthorizationRequests(Boolean.valueOf(Boolean.valueOf((String) clientRepresentation.getAttributes().get("require.pushed.authorization.requests")).booleanValue()));
        }
        List<ProtocolMapperRepresentation> pairwiseSubMappers = PairwiseSubMapperUtils.getPairwiseSubMappers(clientRepresentation);
        SubjectType subjectType = pairwiseSubMappers.isEmpty() ? SubjectType.PUBLIC : SubjectType.PAIRWISE;
        oIDCClientRepresentation.setSubjectType(subjectType.toString().toLowerCase());
        if (subjectType.equals(SubjectType.PAIRWISE)) {
            oIDCClientRepresentation.setSectorIdentifierUri(PairwiseSubMapperHelper.getSectorIdentifierUri(pairwiseSubMappers.get(0)));
        }
        oIDCClientRepresentation.setFrontChannelLogoutUri(fromClientRepresentation.getFrontChannelLogoutUrl());
        return oIDCClientRepresentation;
    }

    private static List<String> getOIDCResponseTypes(ClientRepresentation clientRepresentation) {
        ArrayList arrayList = new ArrayList();
        if (clientRepresentation.isStandardFlowEnabled().booleanValue()) {
            arrayList.add("code");
            arrayList.add("none");
        }
        if (clientRepresentation.isImplicitFlowEnabled().booleanValue()) {
            arrayList.add(OIDCResponseType.ID_TOKEN);
            arrayList.add("id_token token");
        }
        if (clientRepresentation.isStandardFlowEnabled().booleanValue() && clientRepresentation.isImplicitFlowEnabled().booleanValue()) {
            arrayList.add("code id_token");
            arrayList.add("code token");
            arrayList.add("code id_token token");
        }
        return arrayList;
    }

    private static List<String> getOIDCGrantTypes(ClientRepresentation clientRepresentation) {
        ArrayList arrayList = new ArrayList();
        if (clientRepresentation.isStandardFlowEnabled().booleanValue()) {
            arrayList.add(AbstractOAuth2IdentityProvider.OAUTH2_GRANT_TYPE_AUTHORIZATION_CODE);
        }
        if (clientRepresentation.isImplicitFlowEnabled().booleanValue()) {
            arrayList.add("implicit");
        }
        if (clientRepresentation.isDirectAccessGrantsEnabled().booleanValue()) {
            arrayList.add("password");
        }
        if (clientRepresentation.isServiceAccountsEnabled().booleanValue()) {
            arrayList.add("client_credentials");
        }
        if (clientRepresentation.getAttributes() != null && Boolean.parseBoolean((String) clientRepresentation.getAttributes().get("oauth2.device.authorization.grant.enabled"))) {
            arrayList.add("urn:ietf:params:oauth:grant-type:device_code");
        }
        if (clientRepresentation.getAttributes() != null && Boolean.parseBoolean((String) clientRepresentation.getAttributes().get("oidc.ciba.grant.enabled"))) {
            arrayList.add("urn:openid:params:grant-type:ciba");
        }
        if (clientRepresentation.getAuthorizationServicesEnabled() != null && clientRepresentation.getAuthorizationServicesEnabled().booleanValue()) {
            arrayList.add("urn:ietf:params:oauth:grant-type:uma-ticket");
        }
        if (OIDCAdvancedConfigWrapper.fromClientRepresentation(clientRepresentation).isUseRefreshToken()) {
            arrayList.add(AbstractOAuth2IdentityProvider.OAUTH2_GRANT_TYPE_REFRESH_TOKEN);
        }
        return arrayList;
    }
}
