package org.springframework.security.oauth2.client.endpoint;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.io.IOException;
import java.net.URI;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.util.CollectionUtils;

/* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.class */
public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
    private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";

    @Override // org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
    public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest) throws OAuth2AuthenticationException {
        ClientRegistration clientRegistration = oAuth2AuthorizationCodeGrantRequest.getClientRegistration();
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(new AuthorizationCode(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode()), toURI(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri()));
        URI uri = toURI(clientRegistration.getProviderDetails().getTokenUri());
        ClientID clientID = new ClientID(clientRegistration.getClientId());
        Secret secret = new Secret(clientRegistration.getClientSecret());
        try {
            HTTPRequest hTTPRequest = new TokenRequest(uri, ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod()) ? new ClientSecretPost(clientID, secret) : new ClientSecretBasic(clientID, secret), authorizationCodeGrant).toHTTPRequest();
            hTTPRequest.setAccept("application/json");
            hTTPRequest.setConnectTimeout(30000);
            hTTPRequest.setReadTimeout(30000);
            TokenErrorResponse parse = TokenResponse.parse(hTTPRequest.send());
            if (!parse.indicatesSuccess()) {
                ErrorObject errorObject = parse.getErrorObject();
                OAuth2Error oAuth2Error = new OAuth2Error(errorObject.getCode(), errorObject.getDescription(), errorObject.getURI() != null ? errorObject.getURI().toString() : null);
                throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
            }
            AccessTokenResponse accessTokenResponse = (AccessTokenResponse) parse;
            String value = accessTokenResponse.getTokens().getAccessToken().getValue();
            OAuth2AccessToken.TokenType tokenType = null;
            if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
                tokenType = OAuth2AccessToken.TokenType.BEARER;
            }
            return OAuth2AccessTokenResponse.withToken(value).tokenType(tokenType).expiresIn(accessTokenResponse.getTokens().getAccessToken().getLifetime()).scopes(CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope()) ? new LinkedHashSet(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes()) : new LinkedHashSet(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList())).additionalParameters(new LinkedHashMap(accessTokenResponse.getCustomParameters())).build();
        } catch (IOException e) {
            throw new AuthenticationServiceException("An error occurred while sending the Access Token Request: " + e.getMessage(), e);
        } catch (ParseException e2) {
            OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred parsing the Access Token response: " + e2.getMessage(), (String) null);
            throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString(), e2);
        }
    }

    private static URI toURI(String str) {
        try {
            return new URI(str);
        } catch (Exception e) {
            throw new IllegalArgumentException("An error occurred parsing URI: " + str, e);
        }
    }
}
