package org.keycloak.protocol.oidc;

import jakarta.ws.rs.core.HttpHeaders;
import jakarta.ws.rs.core.Response;
import jakarta.ws.rs.core.UriBuilder;
import jakarta.ws.rs.core.UriInfo;
import java.io.IOException;
import java.util.Optional;
import java.util.UUID;
import org.jboss.logging.Logger;
import org.keycloak.TokenIdGenerator;
import org.keycloak.WebAuthnConstants;
import org.keycloak.authentication.AuthenticationProcessor;
import org.keycloak.authentication.RequiredActionProvider;
import org.keycloak.broker.oidc.AbstractOAuth2IdentityProvider;
import org.keycloak.common.util.Time;
import org.keycloak.connections.httpclient.HttpClientProvider;
import org.keycloak.events.EventBuilder;
import org.keycloak.events.EventType;
import org.keycloak.models.AuthenticatedClientSessionModel;
import org.keycloak.models.ClientModel;
import org.keycloak.models.ClientSessionContext;
import org.keycloak.models.KeycloakSession;
import org.keycloak.models.RealmModel;
import org.keycloak.models.UserSessionModel;
import org.keycloak.protocol.ClientData;
import org.keycloak.protocol.LoginProtocol;
import org.keycloak.protocol.oidc.TokenManager;
import org.keycloak.protocol.oidc.endpoints.AuthorizationEndpointChecker;
import org.keycloak.protocol.oidc.endpoints.request.AuthorizationEndpointRequest;
import org.keycloak.protocol.oidc.grants.ciba.channel.CIBAAuthenticationRequest;
import org.keycloak.protocol.oidc.grants.device.DeviceGrantType;
import org.keycloak.protocol.oidc.utils.LogoutUtil;
import org.keycloak.protocol.oidc.utils.OAuth2Code;
import org.keycloak.protocol.oidc.utils.OAuth2CodeParser;
import org.keycloak.protocol.oidc.utils.OIDCRedirectUriBuilder;
import org.keycloak.protocol.oidc.utils.OIDCResponseMode;
import org.keycloak.protocol.oidc.utils.OIDCResponseType;
import org.keycloak.representations.AccessTokenResponse;
import org.keycloak.representations.adapters.action.PushNotBeforeAction;
import org.keycloak.representations.idm.OAuth2ErrorRepresentation;
import org.keycloak.services.ServicesLogger;
import org.keycloak.services.Urls;
import org.keycloak.services.clientpolicy.ClientPolicyException;
import org.keycloak.services.clientpolicy.context.ImplicitHybridTokenResponse;
import org.keycloak.services.managers.AuthenticationManager;
import org.keycloak.services.managers.AuthenticationSessionManager;
import org.keycloak.services.managers.ResourceAdminManager;
import org.keycloak.sessions.AuthenticationSessionModel;
import org.keycloak.sessions.CommonClientSessionModel;
import org.keycloak.userprofile.DeclarativeUserProfileProviderFactory;
import org.keycloak.util.TokenUtil;

/* loaded from: input_file:org/keycloak/protocol/oidc/OIDCLoginProtocol.class */
public class OIDCLoginProtocol implements LoginProtocol {
    public static final String LOGIN_PROTOCOL = "openid-connect";
    public static final String STATE_PARAM = "state";
    public static final String SCOPE_PARAM = "scope";
    public static final String AUTHORIZATION_DETAILS_PARAM = "authorization_details";
    public static final String CODE_PARAM = "code";
    public static final String RESPONSE_TYPE_PARAM = "response_type";
    public static final String GRANT_TYPE_PARAM = "grant_type";
    public static final String REDIRECT_URI_PARAM = "redirect_uri";
    public static final String POST_LOGOUT_REDIRECT_URI_PARAM = "post_logout_redirect_uri";
    public static final String CLIENT_ID_PARAM = "client_id";
    public static final String NONCE_PARAM = "nonce";
    public static final String MAX_AGE_PARAM = "max_age";
    public static final String PROMPT_PARAM = "prompt";
    public static final String LOGIN_HINT_PARAM = "login_hint";
    public static final String REQUEST_PARAM = "request";
    public static final String REQUEST_URI_PARAM = "request_uri";
    public static final String UI_LOCALES_PARAM = "ui_locales";
    public static final String CLAIMS_PARAM = "claims";
    public static final String ACR_PARAM = "acr_values";
    public static final String ID_TOKEN_HINT = "id_token_hint";
    public static final String LOGOUT_STATE_PARAM = "OIDC_LOGOUT_STATE_PARAM";
    public static final String LOGOUT_REDIRECT_URI = "OIDC_LOGOUT_REDIRECT_URI";
    public static final String LOGOUT_VALIDATED_ID_TOKEN_SESSION_STATE = "OIDC_LOGOUT_VALIDATED_ID_TOKEN_SESSION_STATE";
    public static final String LOGOUT_VALIDATED_ID_TOKEN_ISSUED_AT = "OIDC_LOGOUT_VALIDATED_ID_TOKEN_ISSUED_AT";
    public static final String ISSUER = "iss";
    public static final String RESPONSE_MODE_PARAM = "response_mode";
    public static final String PROMPT_VALUE_NONE = "none";
    public static final String PROMPT_VALUE_LOGIN = "login";
    public static final String PROMPT_VALUE_CONSENT = "consent";
    public static final String PROMPT_VALUE_CREATE = "create";
    public static final String PROMPT_VALUE_SELECT_ACCOUNT = "select_account";
    public static final String CLIENT_SECRET_BASIC = "client_secret_basic";
    public static final String CLIENT_SECRET_POST = "client_secret_post";
    public static final String CLIENT_SECRET_JWT = "client_secret_jwt";
    public static final String PRIVATE_KEY_JWT = "private_key_jwt";
    public static final String TLS_CLIENT_AUTH = "tls_client_auth";
    public static final String CODE_CHALLENGE_PARAM = "code_challenge";
    public static final String CODE_CHALLENGE_METHOD_PARAM = "code_challenge_method";
    public static final int PKCE_CODE_CHALLENGE_MIN_LENGTH = 43;
    public static final int PKCE_CODE_CHALLENGE_MAX_LENGTH = 128;
    public static final int PKCE_CODE_VERIFIER_MIN_LENGTH = 43;
    public static final int PKCE_CODE_VERIFIER_MAX_LENGTH = 128;
    public static final String PKCE_METHOD_PLAIN = "plain";
    public static final String PKCE_METHOD_S256 = "S256";
    public static final String DPOP_JKT = "dpop_jkt";
    private static final Logger logger = Logger.getLogger(OIDCLoginProtocol.class);
    protected KeycloakSession session;
    protected RealmModel realm;
    protected UriInfo uriInfo;
    protected HttpHeaders headers;
    protected EventBuilder event;
    protected OIDCResponseType responseType;
    protected OIDCResponseMode responseMode;
    protected OIDCProviderConfig providerConfig;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: org.keycloak.protocol.oidc.OIDCLoginProtocol$1, reason: invalid class name */
    /* loaded from: input_file:org/keycloak/protocol/oidc/OIDCLoginProtocol$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$keycloak$protocol$LoginProtocol$Error = new int[LoginProtocol.Error.values().length];

        static {
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.CANCELLED_AIA_SILENT.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.CANCELLED_AIA.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.CANCELLED_BY_USER.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.CONSENT_DENIED.ordinal()] = 4;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.PASSIVE_INTERACTION_REQUIRED.ordinal()] = 5;
            } catch (NoSuchFieldError e5) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.PASSIVE_LOGIN_REQUIRED.ordinal()] = 6;
            } catch (NoSuchFieldError e6) {
            }
            try {
                $SwitchMap$org$keycloak$protocol$LoginProtocol$Error[LoginProtocol.Error.ALREADY_LOGGED_IN.ordinal()] = 7;
            } catch (NoSuchFieldError e7) {
            }
        }
    }

    public OIDCLoginProtocol(KeycloakSession keycloakSession, RealmModel realmModel, UriInfo uriInfo, HttpHeaders httpHeaders, EventBuilder eventBuilder) {
        this.session = keycloakSession;
        this.realm = realmModel;
        this.uriInfo = uriInfo;
        this.headers = httpHeaders;
        this.event = eventBuilder;
    }

    public OIDCLoginProtocol(OIDCProviderConfig oIDCProviderConfig) {
        this.providerConfig = oIDCProviderConfig;
    }

    private void setupResponseTypeAndMode(String str, String str2) {
        this.responseType = OIDCResponseType.parse(str);
        this.responseMode = OIDCResponseMode.parse(str2, this.responseType);
        this.event.detail("response_type", str);
        this.event.detail(RESPONSE_MODE_PARAM, this.responseMode.toString().toLowerCase());
    }

    /* renamed from: setSession, reason: merged with bridge method [inline-methods] */
    public OIDCLoginProtocol m408setSession(KeycloakSession keycloakSession) {
        this.session = keycloakSession;
        return this;
    }

    /* renamed from: setRealm, reason: merged with bridge method [inline-methods] */
    public OIDCLoginProtocol m407setRealm(RealmModel realmModel) {
        this.realm = realmModel;
        return this;
    }

    /* renamed from: setUriInfo, reason: merged with bridge method [inline-methods] */
    public OIDCLoginProtocol m406setUriInfo(UriInfo uriInfo) {
        this.uriInfo = uriInfo;
        return this;
    }

    /* renamed from: setHttpHeaders, reason: merged with bridge method [inline-methods] */
    public OIDCLoginProtocol m405setHttpHeaders(HttpHeaders httpHeaders) {
        this.headers = httpHeaders;
        return this;
    }

    /* renamed from: setEventBuilder, reason: merged with bridge method [inline-methods] */
    public OIDCLoginProtocol m404setEventBuilder(EventBuilder eventBuilder) {
        this.event = eventBuilder;
        return this;
    }

    public OIDCProviderConfig getConfig() {
        return this.providerConfig;
    }

    public Response authenticated(AuthenticationSessionModel authenticationSessionModel, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        AuthenticatedClientSessionModel clientSession = clientSessionContext.getClientSession();
        if (DeviceGrantType.isOAuth2DeviceVerificationFlow(authenticationSessionModel)) {
            return DeviceGrantType.approveOAuth2DeviceAuthorization(authenticationSessionModel, clientSession, this.session);
        }
        setupResponseTypeAndMode(authenticationSessionModel.getClientNote("response_type"), authenticationSessionModel.getClientNote(RESPONSE_MODE_PARAM));
        OIDCRedirectUriBuilder fromUri = OIDCRedirectUriBuilder.fromUri(authenticationSessionModel.getRedirectUri(), this.responseMode, this.session, clientSession);
        String clientNote = authenticationSessionModel.getClientNote("state");
        logger.debugv("redirectAccessCode: state: {0}", clientNote);
        if (clientNote != null) {
            fromUri.addParam("state", clientNote);
        }
        OIDCAdvancedConfigWrapper fromClientModel = OIDCAdvancedConfigWrapper.fromClientModel(clientSession.getClient());
        if (!fromClientModel.isExcludeSessionStateFromAuthResponse()) {
            fromUri.addParam(CIBAAuthenticationRequest.SESSION_STATE, userSessionModel.getId());
        }
        if (!fromClientModel.isExcludeIssuerFromAuthResponse()) {
            fromUri.addParam("iss", clientSession.getNote("iss"));
        }
        String clientNote2 = authenticationSessionModel.getClientNote(NONCE_PARAM);
        clientSessionContext.setAttribute(NONCE_PARAM, clientNote2);
        String clientNote3 = authenticationSessionModel.getClientNote("kc_action_status");
        if (clientNote3 != null) {
            String authNote = authenticationSessionModel.getAuthNote(AuthenticationProcessor.LAST_PROCESSED_EXECUTION);
            if (authNote != null) {
                fromUri.addParam("kc_action", authNote);
            }
            fromUri.addParam("kc_action_status", clientNote3);
        }
        String str = null;
        if (this.responseType.hasResponseType("code")) {
            str = OAuth2CodeParser.persistCode(this.session, clientSession, new OAuth2Code(UUID.randomUUID().toString(), Time.currentTime() + userSessionModel.getRealm().getAccessCodeLifespan(), clientNote2, authenticationSessionModel.getClientNote("scope"), authenticationSessionModel.getClientNote("redirect_uri"), authenticationSessionModel.getClientNote(CODE_CHALLENGE_PARAM), authenticationSessionModel.getClientNote(CODE_CHALLENGE_METHOD_PARAM), authenticationSessionModel.getClientNote(DPOP_JKT), userSessionModel.getId()));
            fromUri.addParam("code", str);
        }
        if (this.responseType.isImplicitOrHybridFlow()) {
            TokenManager.AccessTokenResponseBuilder generateAccessToken = new TokenManager().responseBuilder(this.realm, clientSession.getClient(), this.event, this.session, userSessionModel, clientSessionContext).generateAccessToken();
            if (this.responseType.hasResponseType(OIDCResponseType.ID_TOKEN)) {
                generateAccessToken.generateIDToken(isIdTokenAsDetachedSignature(clientSession.getClient()));
                if (this.responseType.hasResponseType("token")) {
                    generateAccessToken.generateAccessTokenHash();
                }
                if (this.responseType.hasResponseType("code")) {
                    generateAccessToken.generateCodeHash(str);
                }
                if (clientNote != null && !clientNote.isEmpty()) {
                    generateAccessToken.generateStateHash(clientNote);
                }
            }
            try {
                this.session.clientPolicy().triggerOnEvent(new ImplicitHybridTokenResponse(authenticationSessionModel, clientSessionContext, generateAccessToken));
                AccessTokenResponse build = generateAccessToken.build();
                if (this.responseType.hasResponseType(OIDCResponseType.ID_TOKEN)) {
                    fromUri.addParam(OIDCResponseType.ID_TOKEN, build.getIdToken());
                }
                if (this.responseType.hasResponseType("token")) {
                    fromUri.addParam("access_token", build.getToken());
                    fromUri.addParam("token_type", build.getTokenType());
                    fromUri.addParam("expires_in", String.valueOf(build.getExpiresIn()));
                }
            } catch (ClientPolicyException e) {
                this.event.detail("reason", "client_policy_error");
                this.event.detail("client_policy_error", e.getError());
                this.event.detail("client_policy_error_detail", e.getErrorDetail());
                this.event.error(e.getError());
                new AuthenticationSessionManager(this.session).removeTabIdInAuthenticationSession(this.realm, authenticationSessionModel);
                fromUri.addParam("error_description", e.getError());
                if (!fromClientModel.isExcludeIssuerFromAuthResponse()) {
                    fromUri.addParam("iss", clientSession.getNote("iss"));
                }
                return buildRedirectUri(fromUri, authenticationSessionModel, userSessionModel, clientSessionContext, e, null);
            }
        }
        return buildRedirectUri(fromUri, authenticationSessionModel, userSessionModel, clientSessionContext);
    }

    public Response buildRedirectUri(OIDCRedirectUriBuilder oIDCRedirectUriBuilder, AuthenticationSessionModel authenticationSessionModel, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext) {
        return oIDCRedirectUriBuilder.build();
    }

    public Response buildRedirectUri(OIDCRedirectUriBuilder oIDCRedirectUriBuilder, AuthenticationSessionModel authenticationSessionModel, UserSessionModel userSessionModel, ClientSessionContext clientSessionContext, Exception exc, LoginProtocol.Error error) {
        return oIDCRedirectUriBuilder.build();
    }

    private boolean isIdTokenAsDetachedSignature(ClientModel clientModel) {
        if (clientModel == null) {
            return false;
        }
        return Boolean.valueOf((String) Optional.ofNullable(clientModel.getAttribute("id.token.as.detached.signature")).orElse(Boolean.FALSE.toString())).booleanValue();
    }

    public Response sendError(AuthenticationSessionModel authenticationSessionModel, LoginProtocol.Error error, String str) {
        if (DeviceGrantType.isOAuth2DeviceVerificationFlow(authenticationSessionModel)) {
            return DeviceGrantType.denyOAuth2DeviceAuthorization(authenticationSessionModel, error, this.session);
        }
        setupResponseTypeAndMode(authenticationSessionModel.getClientNote("response_type"), authenticationSessionModel.getClientNote(RESPONSE_MODE_PARAM));
        OIDCRedirectUriBuilder buildErrorRedirectUri = buildErrorRedirectUri(authenticationSessionModel.getRedirectUri(), authenticationSessionModel.getClientNote("state"), error, str);
        new AuthenticationSessionManager(this.session).removeTabIdInAuthenticationSession(this.realm, authenticationSessionModel);
        return buildRedirectUri(buildErrorRedirectUri, authenticationSessionModel, null, null, null, error);
    }

    private OIDCRedirectUriBuilder buildErrorRedirectUri(String str, String str2, LoginProtocol.Error error, String str3) {
        OIDCRedirectUriBuilder fromUri = OIDCRedirectUriBuilder.fromUri(str, this.responseMode, this.session, null);
        OAuth2ErrorRepresentation translateError = translateError(error, str3);
        if (translateError.getError() != null) {
            fromUri.addParam(WebAuthnConstants.ERROR, translateError.getError());
        }
        if (translateError.getErrorDescription() != null) {
            fromUri.addParam("error_description", translateError.getErrorDescription());
        }
        if (str2 != null) {
            fromUri.addParam("state", str2);
        }
        if (!OIDCAdvancedConfigWrapper.fromClientModel(this.session.getContext().getClient()).isExcludeIssuerFromAuthResponse()) {
            fromUri.addParam("iss", Urls.realmIssuer(this.session.getContext().getUri().getBaseUri(), this.realm.getName()));
        }
        return fromUri;
    }

    public ClientData getClientData(AuthenticationSessionModel authenticationSessionModel) {
        return new ClientData(authenticationSessionModel.getRedirectUri(), authenticationSessionModel.getClientNote("response_type"), authenticationSessionModel.getClientNote(RESPONSE_MODE_PARAM), authenticationSessionModel.getClientNote("state"));
    }

    public Response sendError(ClientModel clientModel, ClientData clientData, LoginProtocol.Error error) {
        logger.tracef("Calling sendError with clientData when authenticating with client '%s' in realm '%s'. Error: %s", clientModel.getClientId(), this.realm.getName(), error);
        AuthorizationEndpointChecker session = new AuthorizationEndpointChecker().event(this.event).client(clientModel).realm(this.realm).request(AuthorizationEndpointRequest.fromClientData(clientData)).session(this.session);
        try {
            session.checkResponseType();
            session.checkRedirectUri();
        } catch (AuthorizationEndpointChecker.AuthorizationCheckException e) {
            e.throwAsErrorPageException(null);
        }
        setupResponseTypeAndMode(clientData.getResponseType(), clientData.getResponseMode());
        return buildRedirectUri(buildErrorRedirectUri(clientData.getRedirectUri(), clientData.getState(), error, null), null, null, null, null, error);
    }

    private OAuth2ErrorRepresentation translateError(LoginProtocol.Error error, String str) {
        switch (AnonymousClass1.$SwitchMap$org$keycloak$protocol$LoginProtocol$Error[error.ordinal()]) {
            case DeclarativeUserProfileProviderFactory.PROVIDER_PRIORITY /* 1 */:
                return new OAuth2ErrorRepresentation((String) null, (String) null);
            case 2:
                return new OAuth2ErrorRepresentation(AbstractOAuth2IdentityProvider.ACCESS_DENIED, "User cancelled application-initiated action.");
            case 3:
            case 4:
                return new OAuth2ErrorRepresentation(AbstractOAuth2IdentityProvider.ACCESS_DENIED, str);
            case 5:
                return new OAuth2ErrorRepresentation("interaction_required", (String) null);
            case 6:
                return new OAuth2ErrorRepresentation("login_required", (String) null);
            case 7:
                return new OAuth2ErrorRepresentation("temporarily_unavailable", "authentication_expired");
            default:
                ServicesLogger.LOGGER.untranslatedProtocol(error.name());
                return new OAuth2ErrorRepresentation("server_error", (String) null);
        }
    }

    public Response backchannelLogout(UserSessionModel userSessionModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        ClientModel client = authenticatedClientSessionModel.getClient();
        return OIDCAdvancedConfigWrapper.fromClientModel(authenticatedClientSessionModel.getClient()).getBackchannelLogoutUrl() != null ? new ResourceAdminManager(this.session).logoutClientSessionWithBackchannelLogoutUrl(client, authenticatedClientSessionModel) : new ResourceAdminManager(this.session).logoutClientSession(this.realm, client, authenticatedClientSessionModel);
    }

    public Response frontchannelLogout(UserSessionModel userSessionModel, AuthenticatedClientSessionModel authenticatedClientSessionModel) {
        if (authenticatedClientSessionModel == null) {
            return null;
        }
        ClientModel client = authenticatedClientSessionModel.getClient();
        if (OIDCAdvancedConfigWrapper.fromClientModel(client).isFrontChannelLogoutEnabled()) {
            FrontChannelLogoutHandler.currentOrCreate(this.session, authenticatedClientSessionModel).addClient(client);
        }
        authenticatedClientSessionModel.setAction(CommonClientSessionModel.Action.LOGGED_OUT.name());
        return null;
    }

    public Response finishBrowserLogout(UserSessionModel userSessionModel, AuthenticationSessionModel authenticationSessionModel) {
        this.event.event(EventType.LOGOUT);
        this.event.client(authenticationSessionModel.getClient());
        String authNote = authenticationSessionModel.getAuthNote(LOGOUT_REDIRECT_URI);
        if (authNote != null) {
            this.event.detail("redirect_uri", authNote);
        }
        this.event.user(userSessionModel.getUser()).session(userSessionModel).success();
        FrontChannelLogoutHandler current = FrontChannelLogoutHandler.current(this.session);
        if (current != null) {
            return current.renderLogoutPage(authNote == null ? null : LogoutUtil.getRedirectUriWithAttachedState(authNote, authenticationSessionModel).toString());
        }
        return LogoutUtil.sendResponseAfterLogoutFinished(this.session, authenticationSessionModel);
    }

    public boolean requireReauthentication(UserSessionModel userSessionModel, AuthenticationSessionModel authenticationSessionModel) {
        return isPromptLogin(authenticationSessionModel) || isAuthTimeExpired(userSessionModel, authenticationSessionModel) || isReAuthRequiredForKcAction(userSessionModel, authenticationSessionModel);
    }

    protected boolean isPromptLogin(AuthenticationSessionModel authenticationSessionModel) {
        return TokenUtil.hasPrompt(authenticationSessionModel.getClientNote(PROMPT_PARAM), PROMPT_VALUE_LOGIN);
    }

    protected boolean isAuthTimeExpired(UserSessionModel userSessionModel, AuthenticationSessionModel authenticationSessionModel) {
        if (userSessionModel == null) {
            return false;
        }
        String note = userSessionModel.getNote(AuthenticationManager.AUTH_TIME);
        String clientNote = authenticationSessionModel.getClientNote(MAX_AGE_PARAM);
        if (clientNote == null) {
            return false;
        }
        int parseInt = note == null ? 0 : Integer.parseInt(note);
        int parseInt2 = Integer.parseInt(clientNote);
        if (parseInt + parseInt2 >= Time.currentTime()) {
            return false;
        }
        logger.debugf("Authentication time is expired, needs to reauthenticate. userSession=%s, clientId=%s, maxAge=%d, authTime=%d", new Object[]{userSessionModel.getId(), authenticationSessionModel.getClient().getId(), Integer.valueOf(parseInt2), Integer.valueOf(parseInt)});
        return true;
    }

    protected boolean isReAuthRequiredForKcAction(UserSessionModel userSessionModel, AuthenticationSessionModel authenticationSessionModel) {
        if (userSessionModel == null || authenticationSessionModel.getClientNote("kc_action") == null) {
            return false;
        }
        RequiredActionProvider provider = this.session.getProvider(RequiredActionProvider.class, authenticationSessionModel.getClientNote("kc_action"));
        String note = userSessionModel.getNote(AuthenticationManager.AUTH_TIME);
        return (note == null ? 0 : Integer.parseInt(note)) + provider.getMaxAuthAge() < Time.currentTime();
    }

    public boolean sendPushRevocationPolicyRequest(RealmModel realmModel, ClientModel clientModel, int i, String str) {
        String encode = this.session.tokens().encode(new PushNotBeforeAction(TokenIdGenerator.generateId(), Time.currentTime() + 30, clientModel.getClientId(), i));
        logger.debugv("pushRevocation resource: {0} url: {1}", clientModel.getClientId(), str);
        try {
            int postText = this.session.getProvider(HttpClientProvider.class).postText(UriBuilder.fromUri(str).path("k_push_not_before").build(new Object[0]).toString(), encode);
            boolean z = postText == 204 || postText == 200;
            logger.debugf("pushRevocation success for %s: %s", str, Boolean.valueOf(z));
            return z;
        } catch (IOException e) {
            ServicesLogger.LOGGER.failedToSendRevocation(e);
            return false;
        }
    }

    public void close() {
    }
}
