package org.keycloak.testsuite.services.clientpolicy.executor;

import org.jboss.logging.Logger;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.representations.idm.ClientPolicyExecutorConfigurationRepresentation;
import org.keycloak.services.clientpolicy.ClientPolicyContext;
import org.keycloak.services.clientpolicy.ClientPolicyEvent;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.context.TokenResponseContext;
import org.keycloak.services.clientpolicy.executor.ClientPolicyExecutorProvider;

/* loaded from: input_file:org/keycloak/testsuite/services/clientpolicy/executor/TestEnhancedPluggableTokenManagerExecutor.class */
public class TestEnhancedPluggableTokenManagerExecutor implements ClientPolicyExecutorProvider<ClientPolicyExecutorConfigurationRepresentation> {
    private static final Logger logger = Logger.getLogger(TestEnhancedPluggableTokenManagerExecutor.class);
    protected final KeycloakSession session;

    public TestEnhancedPluggableTokenManagerExecutor(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
    }

    public String getProviderId() {
        return TestEnhancedPluggableTokenManagerExecutorFactory.PROVIDER_ID;
    }

    public void executeOnEvent(ClientPolicyContext clientPolicyContext) throws ClientPolicyException {
        if (clientPolicyContext.getEvent().equals(ClientPolicyEvent.TOKEN_RESPONSE)) {
            dropSubClaimAndBuildTokenResponse(((TokenResponseContext) clientPolicyContext).getAccessTokenResponseBuilder());
        }
    }

    private void dropSubClaimAndBuildTokenResponse(TokenManager.AccessTokenResponseBuilder accessTokenResponseBuilder) throws ClientPolicyException {
        accessTokenResponseBuilder.getAccessToken().subject((String) null);
        accessTokenResponseBuilder.build();
    }
}
