package org.keycloak.protocol.oidc.grants.ciba.channel;

import java.io.IOException;
import java.util.Map;
import javax.ws.rs.core.MultivaluedMap;
import javax.ws.rs.core.Response;
import org.keycloak.broker.provider.util.SimpleHttp;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.representations.AccessToken;
import org.keycloak.services.resources.Cors;
import org.keycloak.utils.MediaType;

/* loaded from: input_file:org/keycloak/protocol/oidc/grants/ciba/channel/HttpAuthenticationChannelProvider.class */
public class HttpAuthenticationChannelProvider implements AuthenticationChannelProvider {
    public static final String AUTHENTICATION_CHANNEL_ID = "authentication_channel_id";
    protected KeycloakSession session;
    protected MultivaluedMap<String, String> formParams;
    protected RealmModel realm;
    protected Map<String, String> clientAuthAttributes;
    protected Cors cors;
    protected final String httpAuthenticationChannelUri;

    public HttpAuthenticationChannelProvider(KeycloakSession keycloakSession, String str) {
        this.session = keycloakSession;
        this.realm = keycloakSession.getContext().getRealm();
        this.httpAuthenticationChannelUri = str;
    }

    @Override // org.keycloak.protocol.oidc.grants.ciba.channel.AuthenticationChannelProvider
    public boolean requestAuthentication(CIBAAuthenticationRequest cIBAAuthenticationRequest, String str) {
        checkAuthenticationChannel();
        ClientModel client = cIBAAuthenticationRequest.getClient();
        try {
            AuthenticationChannelRequest authenticationChannelRequest = new AuthenticationChannelRequest();
            authenticationChannelRequest.setScope(cIBAAuthenticationRequest.getScope());
            authenticationChannelRequest.setBindingMessage(cIBAAuthenticationRequest.getBindingMessage());
            authenticationChannelRequest.setLoginHint(str);
            authenticationChannelRequest.setConsentRequired(Boolean.valueOf(client.isConsentRequired()));
            authenticationChannelRequest.setAcrValues(cIBAAuthenticationRequest.getAcrValues());
            authenticationChannelRequest.setAdditionalParameters(cIBAAuthenticationRequest.getOtherClaims());
            return completeDecoupledAuthnRequest(SimpleHttp.doPost(this.httpAuthenticationChannelUri, this.session).header("Content-Type", MediaType.APPLICATION_JSON).json(authenticationChannelRequest).auth(createBearerToken(cIBAAuthenticationRequest, client)), authenticationChannelRequest).asStatus() == Response.Status.CREATED.getStatusCode();
        } catch (IOException e) {
            throw new RuntimeException("Authentication Channel Access failed.", e);
        }
    }

    private String createBearerToken(CIBAAuthenticationRequest cIBAAuthenticationRequest, ClientModel clientModel) {
        AccessToken accessToken = new AccessToken();
        accessToken.type("Bearer");
        accessToken.issuer(cIBAAuthenticationRequest.getIssuer());
        accessToken.id(cIBAAuthenticationRequest.getAuthResultId());
        accessToken.issuedFor(clientModel.getClientId());
        accessToken.audience(new String[]{cIBAAuthenticationRequest.getIssuer()});
        accessToken.exp(cIBAAuthenticationRequest.getExp());
        accessToken.subject(cIBAAuthenticationRequest.getSubject());
        return this.session.tokens().encode(accessToken);
    }

    protected void checkAuthenticationChannel() {
        if (this.httpAuthenticationChannelUri == null) {
            throw new RuntimeException("Authentication Channel Request URI not set properly.");
        }
        if (!this.httpAuthenticationChannelUri.startsWith("http://") && !this.httpAuthenticationChannelUri.startsWith("https://")) {
            throw new RuntimeException("Authentication Channel Request URI not set properly.");
        }
    }

    protected SimpleHttp completeDecoupledAuthnRequest(SimpleHttp simpleHttp, AuthenticationChannelRequest authenticationChannelRequest) {
        return simpleHttp;
    }

    public void close() {
    }
}
