package org.springframework.security.oauth2.provider.code;

import java.util.Map;
import java.util.Set;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientCredentialsChecker;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.TokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

/* loaded from: input_file:org/springframework/security/oauth2/provider/code/AuthorizationCodeTokenGranter.class */
public class AuthorizationCodeTokenGranter implements TokenGranter {
    private static final String GRANT_TYPE = "authorization_code";
    private final AuthorizationCodeServices authorizationCodeServices;
    private final ClientCredentialsChecker clientCredentialsChecker;
    private final AuthorizationServerTokenServices tokenServices;

    public AuthorizationCodeTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, AuthorizationCodeServices authorizationCodeServices, ClientDetailsService clientDetailsService) {
        this.tokenServices = authorizationServerTokenServices;
        this.clientCredentialsChecker = new ClientCredentialsChecker(clientDetailsService);
        this.authorizationCodeServices = authorizationCodeServices;
    }

    @Override // org.springframework.security.oauth2.provider.TokenGranter
    public OAuth2AccessToken grant(String str, Map<String, String> map, String str2, Set<String> set) {
        if (!GRANT_TYPE.equals(str)) {
            return null;
        }
        String str3 = map.get("code");
        String str4 = map.get("redirect_uri");
        if (str3 == null) {
            throw new OAuth2Exception("An authorization code must be supplied.");
        }
        AuthorizationRequestHolder consumeAuthorizationCode = this.authorizationCodeServices.consumeAuthorizationCode(str3);
        if (consumeAuthorizationCode == null) {
            throw new InvalidGrantException("Invalid authorization code: " + str3);
        }
        AuthorizationRequest authenticationRequest = consumeAuthorizationCode.getAuthenticationRequest();
        if (authenticationRequest.getRedirectUri() != null && !authenticationRequest.getRedirectUri().equals(str4)) {
            throw new RedirectMismatchException("Redirect URI mismatch.");
        }
        if (str2 != null && !str2.equals(authenticationRequest.getClientId())) {
            throw new InvalidClientException("Client ID mismatch");
        }
        AuthorizationRequest validateCredentials = this.clientCredentialsChecker.validateCredentials(str, str2, authenticationRequest.getScope());
        if (validateCredentials == null) {
            return null;
        }
        return this.tokenServices.createAccessToken(new OAuth2Authentication(validateCredentials, consumeAuthorizationCode.getUserAuthentication()));
    }
}
