package cn.herodotus.engine.oauth2.authorization.utils;

import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthorizationCode;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authorization/utils/OAuth2AuthenticationProviderUtils.class */
public class OAuth2AuthenticationProviderUtils {
    private OAuth2AuthenticationProviderUtils() {
    }

    public static OAuth2ClientAuthenticationToken getAuthenticatedClientElseThrowInvalidClient(Authentication authentication) {
        OAuth2ClientAuthenticationToken oAuth2ClientAuthenticationToken = null;
        if (OAuth2ClientAuthenticationToken.class.isAssignableFrom(authentication.getPrincipal().getClass())) {
            oAuth2ClientAuthenticationToken = (OAuth2ClientAuthenticationToken) authentication.getPrincipal();
        }
        if (oAuth2ClientAuthenticationToken == null || !oAuth2ClientAuthenticationToken.isAuthenticated()) {
            throw new OAuth2AuthenticationException("invalid_client");
        }
        return oAuth2ClientAuthenticationToken;
    }

    public static <T extends AbstractOAuth2Token> OAuth2Authorization invalidate(OAuth2Authorization oAuth2Authorization, T t) {
        OAuth2Authorization.Builder builder = OAuth2Authorization.from(oAuth2Authorization).token(t, map -> {
            map.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true);
        });
        if (OAuth2RefreshToken.class.isAssignableFrom(t.getClass())) {
            builder.token(oAuth2Authorization.getAccessToken().getToken(), map2 -> {
                map2.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true);
            });
            OAuth2Authorization.Token token = oAuth2Authorization.getToken(OAuth2AuthorizationCode.class);
            if (token != null && !token.isInvalidated()) {
                builder.token(token.getToken(), map3 -> {
                    map3.put(OAuth2Authorization.Token.INVALIDATED_METADATA_NAME, true);
                });
            }
        }
        return builder.build();
    }
}
