package de.governikus.autent.eudiwallet.keycloak.provider.granttypes;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriInfo;
import java.util.Map;
import java.util.Optional;
import java.util.function.Function;
import java.util.stream.Stream;
import org.keycloak.OAuthErrorException;
import org.keycloak.broker.oidc.OIDCIdentityProvider;
import org.keycloak.common.ClientConnection;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.events.EventBuilder;
import org.keycloak.http.HttpRequest;
import org.keycloak.jose.jws.JWSInputException;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.oidc.LogoutTokenValidationCode;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.oidc.grants.AuthorizationCodeGrantType;
import org.keycloak.protocol.oidc.grants.OAuth2GrantType;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.IDToken;
import org.keycloak.representations.LogoutToken;
import org.keycloak.representations.RefreshToken;
import org.keycloak.services.clientpolicy.ClientPolicyContext;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/granttypes/AuthorizationCodeOverrideGrantType.class */
public class AuthorizationCodeOverrideGrantType extends AuthorizationCodeGrantType {
    private final String cNonce = SecretGenerator.getInstance().randomString();

    /* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/granttypes/AuthorizationCodeOverrideGrantType$TokenManagerWrapper.class */
    public class TokenManagerWrapper extends TokenManager {
        private final TokenManager tokenManager;

        public AccessToken createClientAccessToken(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, UserModel userModel, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            AccessToken createClientAccessToken = this.tokenManager.createClientAccessToken(keycloakSession, realmModel, clientModel, userModel, userSessionModel, clientSessionContext);
            createClientAccessToken.getOtherClaims().put(Constants.ProtocolAttributes.C_NONCE, AuthorizationCodeOverrideGrantType.this.cNonce);
            createClientAccessToken.getOtherClaims().put("grant_type", "authorization_code");
            return createClientAccessToken;
        }

        public TokenManagerWrapper(TokenManager tokenManager) {
            this.tokenManager = tokenManager;
        }

        public TokenManager.TokenValidation validateToken(KeycloakSession keycloakSession, UriInfo uriInfo, ClientConnection clientConnection, RealmModel realmModel, RefreshToken refreshToken, HttpHeaders httpHeaders, String str) throws OAuthErrorException {
            return this.tokenManager.validateToken(keycloakSession, uriInfo, clientConnection, realmModel, refreshToken, httpHeaders, str);
        }

        public AccessToken checkTokenValidForIntrospection(KeycloakSession keycloakSession, RealmModel realmModel, AccessToken accessToken, EventBuilder eventBuilder) {
            return this.tokenManager.checkTokenValidForIntrospection(keycloakSession, realmModel, accessToken, eventBuilder);
        }

        public UserSessionModel getValidUserSessionIfTokenIsValid(KeycloakSession keycloakSession, RealmModel realmModel, AccessToken accessToken, EventBuilder eventBuilder) {
            return this.tokenManager.getValidUserSessionIfTokenIsValid(keycloakSession, realmModel, accessToken, eventBuilder);
        }

        public TokenManager.AccessTokenResponseBuilder refreshAccessToken(KeycloakSession keycloakSession, UriInfo uriInfo, ClientConnection clientConnection, RealmModel realmModel, ClientModel clientModel, String str, EventBuilder eventBuilder, HttpHeaders httpHeaders, HttpRequest httpRequest, String str2) throws OAuthErrorException {
            return this.tokenManager.refreshAccessToken(keycloakSession, uriInfo, clientConnection, realmModel, clientModel, str, eventBuilder, httpHeaders, httpRequest, str2);
        }

        public RefreshToken verifyRefreshToken(KeycloakSession keycloakSession, RealmModel realmModel, ClientModel clientModel, HttpRequest httpRequest, String str, boolean z) throws OAuthErrorException {
            return this.tokenManager.verifyRefreshToken(keycloakSession, realmModel, clientModel, httpRequest, str, z);
        }

        public RefreshToken toRefreshToken(KeycloakSession keycloakSession, String str) throws JWSInputException, OAuthErrorException {
            return this.tokenManager.toRefreshToken(keycloakSession, str);
        }

        public IDToken verifyIDToken(KeycloakSession keycloakSession, RealmModel realmModel, String str) throws OAuthErrorException {
            return this.tokenManager.verifyIDToken(keycloakSession, realmModel, str);
        }

        public IDToken verifyIDTokenSignature(KeycloakSession keycloakSession, String str) throws OAuthErrorException {
            return this.tokenManager.verifyIDTokenSignature(keycloakSession, str);
        }

        public AccessToken transformAccessToken(KeycloakSession keycloakSession, AccessToken accessToken, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.transformAccessToken(keycloakSession, accessToken, userSessionModel, clientSessionContext);
        }

        public AccessTokenResponse transformAccessTokenResponse(KeycloakSession keycloakSession, AccessTokenResponse accessTokenResponse, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.transformAccessTokenResponse(keycloakSession, accessTokenResponse, userSessionModel, clientSessionContext);
        }

        public AccessToken transformUserInfoAccessToken(KeycloakSession keycloakSession, AccessToken accessToken, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.transformUserInfoAccessToken(keycloakSession, accessToken, userSessionModel, clientSessionContext);
        }

        public AccessToken transformIntrospectionAccessToken(KeycloakSession keycloakSession, AccessToken accessToken, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.transformIntrospectionAccessToken(keycloakSession, accessToken, userSessionModel, clientSessionContext);
        }

        public Map<String, Object> generateUserInfoClaims(AccessToken accessToken, UserModel userModel) {
            return this.tokenManager.generateUserInfoClaims(accessToken, userModel);
        }

        public IDToken transformIDToken(KeycloakSession keycloakSession, IDToken iDToken, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.transformIDToken(keycloakSession, iDToken, userSessionModel, clientSessionContext);
        }

        public TokenManager.AccessTokenResponseBuilder responseBuilder(RealmModel realmModel, ClientModel clientModel, EventBuilder eventBuilder, KeycloakSession keycloakSession, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
            return this.tokenManager.responseBuilder(realmModel, clientModel, eventBuilder, keycloakSession, userSessionModel, clientSessionContext);
        }

        public LogoutTokenValidationCode verifyLogoutToken(KeycloakSession keycloakSession, RealmModel realmModel, String str) {
            return this.tokenManager.verifyLogoutToken(keycloakSession, realmModel, str);
        }

        public Optional<LogoutToken> toLogoutToken(String str) {
            return this.tokenManager.toLogoutToken(str);
        }

        public Stream<OIDCIdentityProvider> getValidOIDCIdentityProvidersForBackchannelLogout(RealmModel realmModel, KeycloakSession keycloakSession, String str, LogoutToken logoutToken) {
            return this.tokenManager.getValidOIDCIdentityProvidersForBackchannelLogout(realmModel, keycloakSession, str, logoutToken);
        }

        public Stream<OIDCIdentityProvider> validateLogoutTokenAgainstIdpProvider(Stream<OIDCIdentityProvider> stream, String str, LogoutToken logoutToken) {
            return this.tokenManager.validateLogoutTokenAgainstIdpProvider(stream, str, logoutToken);
        }
    }

    protected void setContext(OAuth2GrantType.Context context) {
        super.setContext(context);
        this.tokenManager = new TokenManagerWrapper(this.tokenManager);
    }

    protected Response createTokenResponse(UserModel userModel, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext, String str, boolean z, Function<TokenManager.AccessTokenResponseBuilder, ClientPolicyContext> function) {
        Response createTokenResponse = super.createTokenResponse(userModel, userSessionModel, clientSessionContext, str, z, function);
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) createTokenResponse.getEntity();
        if (Response.Status.OK.getStatusCode() == createTokenResponse.getStatus()) {
            accessTokenResponse.setOtherClaims(Constants.ProtocolAttributes.C_NONCE, this.cNonce);
        }
        return this.context.getCors().add(Response.status(createTokenResponse.getStatus()).entity(accessTokenResponse).type(createTokenResponse.getMediaType()));
    }
}
