package org.springframework.security.oauth2.provider;

import java.util.Set;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;

/* loaded from: input_file:org/springframework/security/oauth2/provider/ClientCredentialsChecker.class */
public class ClientCredentialsChecker {
    private final ClientDetailsService clientDetailsService;

    public ClientCredentialsChecker(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public AuthorizationRequest validateCredentials(String str, String str2) {
        return validateCredentials(str, str2, null);
    }

    public AuthorizationRequest validateCredentials(String str, String str2, Set<String> set) {
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str2);
        validateGrantType(str, loadClientByClientId);
        if (set != null) {
            validateScope(loadClientByClientId, set);
        }
        return new AuthorizationRequest(str2, set, loadClientByClientId.getAuthorities(), loadClientByClientId.getResourceIds());
    }

    private void validateScope(ClientDetails clientDetails, Set<String> set) {
        if (clientDetails.isScoped()) {
            Set<String> scope = clientDetails.getScope();
            if (set.isEmpty()) {
                throw new InvalidScopeException("Invalid scope (none)", scope);
            }
            for (String str : set) {
                if (!scope.contains(str)) {
                    throw new InvalidScopeException("Invalid scope: " + str, scope);
                }
            }
        }
    }

    private void validateGrantType(String str, ClientDetails clientDetails) {
        Set<String> authorizedGrantTypes = clientDetails.getAuthorizedGrantTypes();
        if (authorizedGrantTypes != null && !authorizedGrantTypes.isEmpty() && !authorizedGrantTypes.contains(str)) {
            throw new InvalidGrantException("Unauthorized grant type: " + str);
        }
    }
}
