package org.springframework.security.oauth2.server.authorization.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.List;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2DeviceVerificationAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2DeviceVerificationAuthenticationConverter.class */
public final class OAuth2DeviceVerificationAuthenticationConverter implements AuthenticationConverter {
    private static final String ERROR_URI = "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2";
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));

    public Authentication convert(HttpServletRequest httpServletRequest) {
        if ((!"GET".equals(httpServletRequest.getMethod()) && !"POST".equals(httpServletRequest.getMethod())) || httpServletRequest.getParameter("state") != null || httpServletRequest.getParameter("user_code") == null) {
            return null;
        }
        MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(httpServletRequest);
        String str = (String) parameters.getFirst("user_code");
        if (!OAuth2EndpointUtils.validateUserCode(str) || ((List) parameters.get("user_code")).size() != 1) {
            OAuth2EndpointUtils.throwError("invalid_request", "user_code", ERROR_URI);
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        HashMap hashMap = new HashMap();
        parameters.forEach((str2, list) -> {
            if (str2.equals("user_code")) {
                return;
            }
            hashMap.put(str2, list.size() == 1 ? list.get(0) : list.toArray(new String[0]));
        });
        return new OAuth2DeviceVerificationAuthenticationToken(authentication, OAuth2EndpointUtils.normalizeUserCode(str), hashMap);
    }
}
