package cn.herodotus.engine.oauth2.authentication.provider;

import cn.herodotus.engine.oauth2.authentication.utils.OAuth2EndpointUtils;
import cn.herodotus.engine.protect.core.exception.SessionInvalidException;
import cn.herodotus.engine.protect.web.crypto.processor.HttpCryptoProcessor;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.ObjectUtils;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authentication/provider/OAuth2ResourceOwnerPasswordAuthenticationConverter.class */
public final class OAuth2ResourceOwnerPasswordAuthenticationConverter implements AuthenticationConverter {
    private final HttpCryptoProcessor httpCryptoProcessor;

    public OAuth2ResourceOwnerPasswordAuthenticationConverter(HttpCryptoProcessor httpCryptoProcessor) {
        this.httpCryptoProcessor = httpCryptoProcessor;
    }

    @Nullable
    public Authentication convert(HttpServletRequest httpServletRequest) {
        if (!AuthorizationGrantType.PASSWORD.getValue().equals(httpServletRequest.getParameter("grant_type"))) {
            return null;
        }
        MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(httpServletRequest);
        String checkOptionalParameter = OAuth2EndpointUtils.checkOptionalParameter(parameters, "scope");
        HashSet hashSet = null;
        if (StringUtils.hasText(checkOptionalParameter)) {
            hashSet = new HashSet(Arrays.asList(StringUtils.delimitedListToStringArray(checkOptionalParameter, " ")));
        }
        OAuth2EndpointUtils.checkRequiredParameter(parameters, "username");
        OAuth2EndpointUtils.checkRequiredParameter(parameters, "password");
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            OAuth2EndpointUtils.throwError("invalid_request", "invalid_client", OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
        }
        String header = httpServletRequest.getHeader("X-Herodotus-Session");
        return new OAuth2ResourceOwnerPasswordAuthenticationToken(authentication, hashSet, (Map) parameters.entrySet().stream().filter(entry -> {
            return (((String) entry.getKey()).equals("grant_type") || ((String) entry.getKey()).equals("scope")) ? false : true;
        }).collect(Collectors.toMap((v0) -> {
            return v0.getKey();
        }, entry2 -> {
            return parameterDecrypt(((List) entry2.getValue()).get(0), header);
        })));
    }

    private Object parameterDecrypt(Object obj, String str) {
        if (org.apache.commons.lang3.StringUtils.isNotBlank(str) && ObjectUtils.isNotEmpty(obj) && (obj instanceof String)) {
            try {
                return this.httpCryptoProcessor.decrypt(str, obj.toString());
            } catch (SessionInvalidException e) {
                OAuth2EndpointUtils.throwError("SessionExpiredException", e.getMessage(), OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
            }
        }
        return obj;
    }
}
