From 337a337bf9ff62d47797b91026330a0c296a80ee Mon Sep 17 00:00:00 2001
From: mposolda <mposolda@gmail.com>
Date: Mon, 22 Apr 2024 14:04:10 +0200
Subject: [PATCH] Grant urn:ietf:params:oauth:grant-type:pre-authorized_code
 was enabled even if oid4vc_vci feature is disabled closes #28968

Signed-off-by: mposolda <mposolda@gmail.com>
---
 .../oidc/grants/OAuth2GrantTypeSpi.java       |  2 +-
 .../grants/PreAuthorizedCodeGrantType.java    |  8 +--
 .../PreAuthorizedCodeGrantTypeFactory.java    |  9 ++-
 .../signing/OID4VCGrantFeatureTest.java       | 56 +++++++++++++++++++
 4 files changed, 66 insertions(+), 9 deletions(-)
 create mode 100644 testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java

diff --git a/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java b/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java
index 7f04e491e5..aec3100d49 100644
--- a/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java
+++ b/server-spi-private/src/main/java/org/keycloak/protocol/oidc/grants/OAuth2GrantTypeSpi.java
@@ -28,7 +28,7 @@ import org.keycloak.provider.Spi;
  */
 public class OAuth2GrantTypeSpi implements Spi {
 
-    private static final String SPI_NAME = "oauth2-grant-type";
+    public static final String SPI_NAME = "oauth2-grant-type";
 
     @Override
     public boolean isInternal() {
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java
index 7781d2ac9e..d93c3f6824 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantType.java
@@ -40,7 +40,7 @@ import org.keycloak.utils.MediaType;
 
 import java.util.UUID;
 
-public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase implements EnvironmentDependentProviderFactory {
+public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase {
 
     private static final Logger LOGGER = Logger.getLogger(PreAuthorizedCodeGrantType.class);
 
@@ -96,12 +96,6 @@ public class PreAuthorizedCodeGrantType extends OAuth2GrantTypeBase implements E
         return cors.allowAllOrigins().builder(Response.ok(tokenResponse).type(MediaType.APPLICATION_JSON_TYPE)).build();
     }
 
-
-    @Override
-    public boolean isSupported(Config.Scope config) {
-        return Profile.isFeatureEnabled(Profile.Feature.OID4VC_VCI);
-    }
-
     @Override
     public EventType getEventType() {
         return EventType.CODE_TO_TOKEN;
diff --git a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java
index ec742ad3df..72425fa8f0 100644
--- a/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java
+++ b/services/src/main/java/org/keycloak/protocol/oidc/grants/PreAuthorizedCodeGrantTypeFactory.java
@@ -18,15 +18,17 @@
 package org.keycloak.protocol.oidc.grants;
 
 import org.keycloak.Config;
+import org.keycloak.common.Profile;
 import org.keycloak.models.KeycloakSession;
 import org.keycloak.models.KeycloakSessionFactory;
+import org.keycloak.provider.EnvironmentDependentProviderFactory;
 
 /**
  * Factory for Pre-Authorized Code Grant
  *
  * @author <a href="https://github.com/wistefan">Stefan Wiedemann</a>
  */
-public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory {
+public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory, EnvironmentDependentProviderFactory {
 
     public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:pre-authorized_code";
 
@@ -52,4 +54,9 @@ public class PreAuthorizedCodeGrantTypeFactory implements OAuth2GrantTypeFactory
         return GRANT_TYPE;
     }
 
+    @Override
+    public boolean isSupported(Config.Scope config) {
+        return Profile.isFeatureEnabled(Profile.Feature.OID4VC_VCI);
+    }
+
 }
diff --git a/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java
new file mode 100644
index 0000000000..f4eafef1ed
--- /dev/null
+++ b/testsuite/integration-arquillian/tests/base/src/test/java/org/keycloak/testsuite/oid4vc/issuance/signing/OID4VCGrantFeatureTest.java
@@ -0,0 +1,56 @@
+/*
+ * Copyright 2024 Red Hat, Inc. and/or its affiliates
+ *  and other contributors as indicated by the @author tags.
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *  http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.keycloak.testsuite.oid4vc.issuance.signing;
+
+import org.junit.Test;
+import org.keycloak.common.Profile;
+import org.keycloak.protocol.oidc.grants.OAuth2GrantTypeSpi;
+import org.keycloak.protocol.oidc.grants.PreAuthorizedCodeGrantTypeFactory;
+import org.keycloak.testsuite.arquillian.annotation.DisableFeature;
+import org.keycloak.testsuite.arquillian.annotation.EnableFeature;
+import org.keycloak.testsuite.feature.AbstractFeatureStateTest;
+
+/**
+ * @author <a href="mailto:mposolda@redhat.com">Marek Posolda</a>
+ */
+public class OID4VCGrantFeatureTest extends AbstractFeatureStateTest {
+
+    @Override
+    public String getFeatureProviderId() {
+        return PreAuthorizedCodeGrantTypeFactory.GRANT_TYPE;
+    }
+
+    @Override
+    public String getFeatureSpiName() {
+        return OAuth2GrantTypeSpi.SPI_NAME;
+    }
+
+    @Test
+    @EnableFeature(value = Profile.Feature.OID4VC_VCI, skipRestart = true)
+    public void featureEnabled() {
+        testFeatureAvailability(true);
+    }
+
+    @Test
+    @DisableFeature(value = Profile.Feature.OID4VC_VCI, skipRestart = true)
+    public void featureDisabled() {
+        testFeatureAvailability(false);
+    }
+}