package de.governikus.autent.eudiwallet.keycloak.provider.granttypes;

import de.governikus.autent.eudiwallet.keycloak.constants.Constants;
import de.governikus.autent.eudiwallet.keycloak.constants.UtilityMethods;
import de.governikus.autent.eudiwallet.keycloak.database.AuthenticationFlowRepository;
import java.util.Optional;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.models.AuthenticationFlowModel;
import org.keycloak.models.ClientModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.util.BasicAuthHelper;

/* loaded from: input_file:de/governikus/autent/eudiwallet/keycloak/provider/granttypes/PreAuthCodeFlowGrantType.class */
public class PreAuthCodeFlowGrantType extends AbstractOidc4vciGrantType {
    private final String cNonce;

    public PreAuthCodeFlowGrantType() {
        super(PreAuthCodeFlowGrantTypeFactory.PROVIDER_ID);
        this.cNonce = SecretGenerator.getInstance().randomString();
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.granttypes.AbstractOidc4vciGrantType
    protected AuthenticationFlowModel getAuthenticationFlow() {
        return AuthenticationFlowRepository.getAuthFlowByAlias(UtilityMethods.getEntityManager(this.session), this.realm, "pre-auth-code-flow").orElseThrow(() -> {
            return new IllegalArgumentException(String.format("No AuthenticationFlowModel found with name '%s'", "pre-auth-code-flow"));
        });
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.granttypes.AbstractOidc4vciGrantType
    protected ClientModel getClient() {
        if (this.client != null) {
            return this.client;
        }
        this.client = this.session.clients().getClientByClientId(this.realm, (String) Optional.ofNullable((String) this.formParams.getFirst("client_id")).orElseGet(() -> {
            return (String) Optional.ofNullable(this.context.getHeaders().getHeaderString("Authorization")).map(BasicAuthHelper.RFC6749::parseHeader).map(strArr -> {
                return strArr[0];
            }).orElse(null);
        }));
        return this.client;
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.granttypes.AbstractOidc4vciGrantType
    protected void addAdditionalAccessTokenClaims(AccessToken accessToken) {
        accessToken.getOtherClaims().put(Constants.ProtocolAttributes.C_NONCE, this.cNonce);
    }

    @Override // de.governikus.autent.eudiwallet.keycloak.provider.granttypes.AbstractOidc4vciGrantType
    protected void addAdditionalAccessTokenResponseClaims(AccessTokenResponse accessTokenResponse) {
        accessTokenResponse.getOtherClaims().put(Constants.ProtocolAttributes.C_NONCE, this.cNonce);
    }
}
