package org.springframework.security.oauth2.client.token.grant.code;

import java.util.Iterator;
import java.util.List;
import java.util.TreeMap;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.client.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.filter.state.DefaultStateKeyGenerator;
import org.springframework.security.oauth2.client.filter.state.StateKeyGenerator;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/springframework/security/oauth2/client/token/grant/code/AuthorizationCodeAccessTokenProvider.class */
public class AuthorizationCodeAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider {
    private StateKeyGenerator stateKeyGenerator = new DefaultStateKeyGenerator();

    public void setStateKeyGenerator(StateKeyGenerator stateKeyGenerator) {
        this.stateKeyGenerator = stateKeyGenerator;
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public boolean supportsResource(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return (oAuth2ProtectedResourceDetails instanceof AuthorizationCodeResourceDetails) && "authorization_code".equals(oAuth2ProtectedResourceDetails.getGrantType());
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public boolean supportsRefresh(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return supportsResource(oAuth2ProtectedResourceDetails);
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AccessTokenRequest accessTokenRequest) throws UserRedirectRequiredException, AccessDeniedException {
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails = (AuthorizationCodeResourceDetails) oAuth2ProtectedResourceDetails;
        if (accessTokenRequest.getAuthorizationCode() == null) {
            throw getRedirectForAuthorization(authorizationCodeResourceDetails, accessTokenRequest);
        }
        return retrieveToken(getParametersForTokenRequest(authorizationCodeResourceDetails, accessTokenRequest), authorizationCodeResourceDetails);
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2RefreshToken oAuth2RefreshToken, AccessTokenRequest accessTokenRequest) throws UserRedirectRequiredException {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "refresh_token");
        linkedMultiValueMap.add("refresh_token", oAuth2RefreshToken.getValue());
        try {
            return retrieveToken(linkedMultiValueMap, oAuth2ProtectedResourceDetails);
        } catch (OAuth2AccessDeniedException e) {
            throw getRedirectForAuthorization((AuthorizationCodeResourceDetails) oAuth2ProtectedResourceDetails, accessTokenRequest);
        }
    }

    private MultiValueMap<String, String> getParametersForTokenRequest(AuthorizationCodeResourceDetails authorizationCodeResourceDetails, AccessTokenRequest accessTokenRequest) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "authorization_code");
        linkedMultiValueMap.add("code", accessTokenRequest.getAuthorizationCode());
        String preEstablishedRedirectUri = authorizationCodeResourceDetails.getPreEstablishedRedirectUri();
        if (preEstablishedRedirectUri == null && accessTokenRequest.getPreservedState() != null) {
            preEstablishedRedirectUri = String.valueOf(accessTokenRequest.getPreservedState());
        }
        if (accessTokenRequest.getStateKey() != null) {
            linkedMultiValueMap.add("state", accessTokenRequest.getStateKey());
        }
        if (preEstablishedRedirectUri != null) {
            linkedMultiValueMap.add("redirect_uri", preEstablishedRedirectUri);
        }
        return linkedMultiValueMap;
    }

    private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails authorizationCodeResourceDetails, AccessTokenRequest accessTokenRequest) {
        TreeMap treeMap = new TreeMap();
        treeMap.put("response_type", "code");
        treeMap.put("client_id", authorizationCodeResourceDetails.getClientId());
        String preEstablishedRedirectUri = authorizationCodeResourceDetails.getPreEstablishedRedirectUri();
        String currentUri = accessTokenRequest.getCurrentUri();
        if (preEstablishedRedirectUri == null) {
            if (currentUri == null) {
                throw new IllegalStateException("No redirect URI has been established for the current request.");
            }
            treeMap.put("redirect_uri", currentUri);
        }
        if (authorizationCodeResourceDetails.isScoped()) {
            StringBuilder sb = new StringBuilder();
            List<String> scope = authorizationCodeResourceDetails.getScope();
            if (scope != null) {
                Iterator<String> it = scope.iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    if (it.hasNext()) {
                        sb.append(' ');
                    }
                }
            }
            treeMap.put("scope", sb.toString());
        }
        UserRedirectRequiredException userRedirectRequiredException = new UserRedirectRequiredException(authorizationCodeResourceDetails.getUserAuthorizationUri(), treeMap);
        String generateKey = this.stateKeyGenerator.generateKey(authorizationCodeResourceDetails);
        if (generateKey != null) {
            userRedirectRequiredException.setStateKey(generateKey);
            if (currentUri != null) {
                userRedirectRequiredException.setStateToPreserve(currentUri);
            }
        }
        return userRedirectRequiredException;
    }
}
