package org.keycloak.protocol.oidc.grants;

import jakarta.ws.rs.core.Response;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.keycloak.broker.oidc.OIDCIdentityProvider;
import org.keycloak.common.util.SecretGenerator;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.protocol.oidc.grants.OAuth2GrantType;
import org.keycloak.protocol.oidc.utils.OAuth2Code;
import org.keycloak.protocol.oidc.utils.OAuth2CodeParser;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.services.CorsErrorResponseException;
import org.keycloak.services.util.DefaultClientSessionContext;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.class */
public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase {
    private static final Logger LOGGER = Logger.getLogger(PreAuthorizedCodeGrantType.class);
    public static final String VC_ISSUANCE_FLOW = "VC-Issuance-Flow";

    public Response process(OAuth2GrantType.Context context) {
        LOGGER.debug("Process grant request for preauthorized.");
        setContext(context);
        String str = (String) this.formParams.getFirst(PreAuthorizedCodeGrantTypeFactory.CODE_REQUEST_PARAM);
        if (str == null) {
            this.event.detail("reason", "Missing parameter: pre-authorized_code");
            this.event.error("invalid_code");
            throw new CorsErrorResponseException(this.cors, "invalid_request", "Missing parameter: pre-authorized_code", Response.Status.BAD_REQUEST);
        }
        OAuth2CodeParser.ParseResult parseCode = OAuth2CodeParser.parseCode(this.session, str, this.realm, this.event);
        if (parseCode.isIllegalCode()) {
            this.event.error("invalid_code");
            throw new CorsErrorResponseException(this.cors, "invalid_grant", "Code not valid", Response.Status.BAD_REQUEST);
        }
        if (parseCode.isExpiredCode()) {
            this.event.error("expired_code");
            throw new CorsErrorResponseException(this.cors, "invalid_grant", "Code is expired", Response.Status.BAD_REQUEST);
        }
        AuthenticatedClientSessionModel clientSession = parseCode.getClientSession();
        DefaultClientSessionContext fromClientSessionAndScopeParameter = DefaultClientSessionContext.fromClientSessionAndScopeParameter(clientSession, OIDCIdentityProvider.SCOPE_OPENID, this.session);
        clientSession.setNote(VC_ISSUANCE_FLOW, PreAuthorizedCodeGrantTypeFactory.GRANT_TYPE);
        this.session.getContext().setClient(parseCode.getClientSession().getClient());
        AccessTokenResponse build = this.tokenManager.responseBuilder(clientSession.getRealm(), clientSession.getClient(), this.event, this.session, clientSession.getUserSession(), fromClientSessionAndScopeParameter).accessToken(this.tokenManager.createClientAccessToken(this.session, clientSession.getRealm(), clientSession.getClient(), clientSession.getUserSession().getUser(), clientSession.getUserSession(), fromClientSessionAndScopeParameter)).build();
        this.event.success();
        return this.cors.allowAllOrigins().add(Response.ok(build).type(MediaType.APPLICATION_JSON_TYPE));
    }

    public EventType getEventType() {
        return EventType.CODE_TO_TOKEN;
    }

    public static String getPreAuthorizedCode(KeycloakSession keycloakSession, AuthenticatedClientSessionModel authenticatedClientSessionModel, int i) {
        return OAuth2CodeParser.persistCode(keycloakSession, authenticatedClientSessionModel, new OAuth2Code(UUID.randomUUID().toString(), i, SecretGenerator.getInstance().randomString(), null, null, null, null, null, authenticatedClientSessionModel.getUserSession().getId()));
    }
}
