package org.springframework.security.oauth2.client.endpoint;

import com.nimbusds.oauth2.sdk.AccessTokenResponse;
import com.nimbusds.oauth2.sdk.AuthorizationCode;
import com.nimbusds.oauth2.sdk.AuthorizationCodeGrant;
import com.nimbusds.oauth2.sdk.AuthorizationGrant;
import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.TokenErrorResponse;
import com.nimbusds.oauth2.sdk.TokenRequest;
import com.nimbusds.oauth2.sdk.TokenResponse;
import com.nimbusds.oauth2.sdk.auth.ClientAuthentication;
import com.nimbusds.oauth2.sdk.auth.ClientSecretBasic;
import com.nimbusds.oauth2.sdk.auth.ClientSecretPost;
import com.nimbusds.oauth2.sdk.auth.Secret;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import java.io.IOException;
import java.net.URI;
import java.util.LinkedHashMap;
import java.util.LinkedHashSet;
import java.util.Set;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.util.CollectionUtils;

@Deprecated
/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.7.3.jar:org/springframework/security/oauth2/client/endpoint/NimbusAuthorizationCodeTokenResponseClient.class */
public class NimbusAuthorizationCodeTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> {
    private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";

    @Override // org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
    public OAuth2AccessTokenResponse getTokenResponse(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest) {
        ClientRegistration clientRegistration = oAuth2AuthorizationCodeGrantRequest.getClientRegistration();
        AuthorizationCodeGrant authorizationCodeGrant = new AuthorizationCodeGrant(new AuthorizationCode(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationResponse().getCode()), toURI(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getRedirectUri()));
        URI uri = toURI(clientRegistration.getProviderDetails().getTokenUri());
        ClientID clientID = new ClientID(clientRegistration.getClientId());
        Secret secret = new Secret(clientRegistration.getClientSecret());
        TokenResponse tokenResponse = getTokenResponse(authorizationCodeGrant, uri, ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientRegistration.getClientAuthenticationMethod()) || ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod()) ? new ClientSecretPost(clientID, secret) : new ClientSecretBasic(clientID, secret));
        if (!tokenResponse.indicatesSuccess()) {
            throw new OAuth2AuthorizationException(getOAuthError(((TokenErrorResponse) tokenResponse).getErrorObject()));
        }
        AccessTokenResponse accessTokenResponse = (AccessTokenResponse) tokenResponse;
        String value = accessTokenResponse.getTokens().getAccessToken().getValue();
        OAuth2AccessToken.TokenType tokenType = null;
        if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(accessTokenResponse.getTokens().getAccessToken().getType().getValue())) {
            tokenType = OAuth2AccessToken.TokenType.BEARER;
        }
        long lifetime = accessTokenResponse.getTokens().getAccessToken().getLifetime();
        Set<String> scopes = getScopes(oAuth2AuthorizationCodeGrantRequest, accessTokenResponse);
        String str = null;
        if (accessTokenResponse.getTokens().getRefreshToken() != null) {
            str = accessTokenResponse.getTokens().getRefreshToken().getValue();
        }
        return OAuth2AccessTokenResponse.withToken(value).tokenType(tokenType).expiresIn(lifetime).scopes(scopes).refreshToken(str).additionalParameters(new LinkedHashMap(accessTokenResponse.getCustomParameters())).build();
    }

    private TokenResponse getTokenResponse(AuthorizationGrant authorizationGrant, URI uri, ClientAuthentication clientAuthentication) {
        try {
            HTTPRequest hTTPRequest = new TokenRequest(uri, clientAuthentication, authorizationGrant).toHTTPRequest();
            hTTPRequest.setAccept("application/json");
            hTTPRequest.setConnectTimeout(30000);
            hTTPRequest.setReadTimeout(30000);
            return TokenResponse.parse(hTTPRequest.send());
        } catch (ParseException | IOException e) {
            throw new OAuth2AuthorizationException(new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: " + e.getMessage(), null), e);
        }
    }

    private Set<String> getScopes(OAuth2AuthorizationCodeGrantRequest oAuth2AuthorizationCodeGrantRequest, AccessTokenResponse accessTokenResponse) {
        return CollectionUtils.isEmpty(accessTokenResponse.getTokens().getAccessToken().getScope()) ? new LinkedHashSet(oAuth2AuthorizationCodeGrantRequest.getAuthorizationExchange().getAuthorizationRequest().getScopes()) : new LinkedHashSet(accessTokenResponse.getTokens().getAccessToken().getScope().toStringList());
    }

    private OAuth2Error getOAuthError(ErrorObject errorObject) {
        if (errorObject == null) {
            return new OAuth2Error("server_error");
        }
        return new OAuth2Error(errorObject.getCode() != null ? errorObject.getCode() : "server_error", errorObject.getDescription(), errorObject.getURI() != null ? errorObject.getURI().toString() : null);
    }

    private static URI toURI(String str) {
        try {
            return new URI(str);
        } catch (Exception e) {
            throw new IllegalArgumentException("An error occurred parsing URI: " + str, e);
        }
    }
}
