package org.keycloak.protocol.oidc;

import javax.ws.rs.core.Response;
import javax.ws.rs.core.UriBuilder;
import javax.ws.rs.core.UriInfo;
import org.jboss.logging.Logger;
import org.jboss.resteasy.client.core.executors.ApacheHttpClient4Executor;
import org.keycloak.OAuth2Constants;
import org.keycloak.models.ApplicationModel;
import org.keycloak.models.ClientSessionModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.services.managers.ClientSessionCode;
import org.keycloak.services.managers.ResourceAdminManager;
import twitter4j.internal.http.HttpResponseCode;

/* loaded from: input_file:WEB-INF/lib/keycloak-services-1.1.0.Beta1.jar:org/keycloak/protocol/oidc/OpenIDConnect.class */
public class OpenIDConnect implements LoginProtocol {
    public static final String LOGIN_PROTOCOL = "openid-connect";
    public static final String STATE_PARAM = "state";
    public static final String SCOPE_PARAM = "scope";
    public static final String RESPONSE_TYPE_PARAM = "response_type";
    public static final String REDIRECT_URI_PARAM = "redirect_uri";
    public static final String CLIENT_ID_PARAM = "client_id";
    public static final String PROMPT_PARAM = "prompt";
    public static final String LOGIN_HINT_PARAM = "login_hint";
    private static final Logger log = Logger.getLogger((Class<?>) OpenIDConnect.class);
    protected KeycloakSession session;
    protected RealmModel realm;
    protected UriInfo uriInfo;

    public OpenIDConnect(KeycloakSession keycloakSession, RealmModel realmModel, UriInfo uriInfo) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.uriInfo = uriInfo;
    }

    public OpenIDConnect() {
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public OpenIDConnect setSession(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        return this;
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public OpenIDConnect setRealm(RealmModel realmModel) {
        this.realm = realmModel;
        return this;
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public OpenIDConnect setUriInfo(UriInfo uriInfo) {
        this.uriInfo = uriInfo;
        return this;
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public Response cancelLogin(ClientSessionModel clientSessionModel) {
        String redirectUri = clientSessionModel.getRedirectUri();
        String note = clientSessionModel.getNote("state");
        UriBuilder queryParam = UriBuilder.fromUri(redirectUri).queryParam("error", new Object[]{"access_denied"});
        if (note != null) {
            queryParam.queryParam("state", new Object[]{note});
        }
        return Response.status(HttpResponseCode.FOUND).location(queryParam.build(new Object[0])).build();
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public Response authenticated(UserSessionModel userSessionModel, ClientSessionCode clientSessionCode) {
        ClientSessionModel clientSession = clientSessionCode.getClientSession();
        String redirectUri = clientSession.getRedirectUri();
        String note = clientSession.getNote("state");
        clientSessionCode.setAction(ClientSessionModel.Action.CODE_TO_TOKEN);
        UriBuilder queryParam = UriBuilder.fromUri(redirectUri).queryParam(OAuth2Constants.CODE, new Object[]{clientSessionCode.getCode()});
        log.debugv("redirectAccessCode: state: {0}", note);
        if (note != null) {
            queryParam.queryParam("state", new Object[]{note});
        }
        return Response.status(HttpResponseCode.FOUND).location(queryParam.build(new Object[0])).build();
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public Response consentDenied(ClientSessionModel clientSessionModel) {
        String redirectUri = clientSessionModel.getRedirectUri();
        String note = clientSessionModel.getNote("state");
        UriBuilder queryParam = UriBuilder.fromUri(redirectUri).queryParam("error", new Object[]{"access_denied"});
        if (note != null) {
            queryParam.queryParam("state", new Object[]{note});
        }
        return Response.status(HttpResponseCode.FOUND).location(queryParam.build(new Object[0])).build();
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public Response invalidSessionError(ClientSessionModel clientSessionModel) {
        String redirectUri = clientSessionModel.getRedirectUri();
        String note = clientSessionModel.getNote("state");
        UriBuilder queryParam = UriBuilder.fromUri(redirectUri).queryParam("error", new Object[]{"access_denied"});
        if (note != null) {
            queryParam.queryParam("state", new Object[]{note});
        }
        return Response.status(HttpResponseCode.FOUND).location(queryParam.build(new Object[0])).build();
    }

    @Override // org.keycloak.protocol.LoginProtocol
    public void backchannelLogout(UserSessionModel userSessionModel, ClientSessionModel clientSessionModel) {
        if (clientSessionModel.getClient() instanceof ApplicationModel) {
            ApplicationModel applicationModel = (ApplicationModel) clientSessionModel.getClient();
            ApacheHttpClient4Executor createExecutor = ResourceAdminManager.createExecutor();
            try {
                new ResourceAdminManager().logoutClientSession(this.uriInfo.getRequestUri(), this.realm, applicationModel, clientSessionModel, createExecutor);
                createExecutor.getHttpClient().getConnectionManager().shutdown();
            } catch (Throwable th) {
                createExecutor.getHttpClient().getConnectionManager().shutdown();
                throw th;
            }
        }
    }

    @Override // org.keycloak.provider.Provider
    public void close() {
    }
}
