package org.keycloak.protocol.oidc.grants.ciba.channel;

import com.fasterxml.jackson.annotation.JsonIgnore;
import com.fasterxml.jackson.annotation.JsonProperty;
import java.io.UnsupportedEncodingException;
import org.keycloak.crypto.KeyUse;
import org.keycloak.crypto.SignatureProvider;
import org.keycloak.jose.jwe.JWEException;
import org.keycloak.jose.jws.JWSBuilder;
import org.keycloak.models.ClientModel;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.UserModel;
import org.keycloak.models.utils.KeycloakModelUtils;
import org.keycloak.protocol.oidc.OIDCLoginProtocol;
import org.keycloak.protocol.oidc.grants.ciba.CibaGrantType;
import org.keycloak.representations.JsonWebToken;
import org.keycloak.services.Urls;
import org.keycloak.util.TokenUtil;

/* loaded from: input_file:org/keycloak/protocol/oidc/grants/ciba/channel/CIBAAuthenticationRequest.class */
public class CIBAAuthenticationRequest extends JsonWebToken {
    public static final String SESSION_STATE = "session_state";
    public static final String AUTH_RESULT_ID = "auth_result_id";

    @JsonProperty("scope")
    protected String scope;

    @JsonProperty(AUTH_RESULT_ID)
    protected String authResultId;

    @JsonProperty(CibaGrantType.BINDING_MESSAGE)
    protected String bindingMessage;

    @JsonProperty(OIDCLoginProtocol.ACR_PARAM)
    protected String acrValues;

    @JsonIgnore
    protected ClientModel client;

    @JsonIgnore
    protected UserModel user;

    public static CIBAAuthenticationRequest deserialize(KeycloakSession keycloakSession, String str) {
        try {
            return keycloakSession.tokens().decode(new String(TokenUtil.jweDirectVerifyAndDecode(keycloakSession.keys().getActiveKey(keycloakSession.getContext().getRealm(), KeyUse.ENC, "AES").getSecretKey(), keycloakSession.keys().getActiveKey(keycloakSession.getContext().getRealm(), KeyUse.SIG, "HS256").getSecretKey(), str), "UTF-8"), CIBAAuthenticationRequest.class);
        } catch (JWEException | UnsupportedEncodingException e) {
            throw new RuntimeException("Error decoding auth_req_id.", e);
        }
    }

    public CIBAAuthenticationRequest() {
    }

    public CIBAAuthenticationRequest(KeycloakSession keycloakSession, UserModel userModel, ClientModel clientModel) {
        id(KeycloakModelUtils.generateId());
        issuedNow();
        issuer(Urls.realmIssuer(keycloakSession.getContext().getUri().getBaseUri(), keycloakSession.getContext().getRealm().getName()));
        audience(new String[]{getIssuer()});
        subject(userModel.getId());
        issuedFor(clientModel.getClientId());
        setAuthResultId(KeycloakModelUtils.generateId());
        setClient(clientModel);
        setUser(userModel);
    }

    public String getScope() {
        return this.scope;
    }

    public void setScope(String str) {
        this.scope = str;
    }

    public String getAuthResultId() {
        return this.authResultId;
    }

    public void setAuthResultId(String str) {
        this.authResultId = str;
    }

    public String getBindingMessage() {
        return this.bindingMessage;
    }

    public void setBindingMessage(String str) {
        this.bindingMessage = str;
    }

    public String getAcrValues() {
        return this.acrValues;
    }

    public void setAcrValues(String str) {
        this.acrValues = str;
    }

    public String serialize(KeycloakSession keycloakSession) {
        try {
            return TokenUtil.jweDirectEncode(keycloakSession.keys().getActiveKey(keycloakSession.getContext().getRealm(), KeyUse.ENC, "AES").getSecretKey(), keycloakSession.keys().getActiveKey(keycloakSession.getContext().getRealm(), KeyUse.SIG, "HS256").getSecretKey(), new JWSBuilder().type("JWT").jsonContent(this).sign(keycloakSession.getProvider(SignatureProvider.class, "HS256").signer()).getBytes("UTF-8"));
        } catch (JWEException | UnsupportedEncodingException e) {
            throw new RuntimeException("Error encoding auth_req_id.", e);
        }
    }

    public void setClient(ClientModel clientModel) {
        this.client = clientModel;
    }

    public ClientModel getClient() {
        return this.client;
    }

    public void setUser(UserModel userModel) {
        this.user = userModel;
    }

    public UserModel getUser() {
        return this.user;
    }
}
