package org.springframework.security.oauth2.client.authentication;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.jwt.Jwt;
import org.springframework.security.jwt.JwtDecoder;
import org.springframework.security.oauth2.client.authentication.jwt.ProviderJwtDecoderRegistry;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.token.SecurityTokenRepository;
import org.springframework.security.oauth2.client.user.OAuth2UserService;
import org.springframework.security.oauth2.client.web.AuthorizationGrantTokenExchanger;
import org.springframework.security.oauth2.core.AccessToken;
import org.springframework.security.oauth2.core.endpoint.TokenResponseAttributes;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.oidc.core.IdToken;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/client/authentication/AuthorizationCodeAuthenticationProvider.class */
public class AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
    private final AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationCodeTokenExchanger;
    private final SecurityTokenRepository<AccessToken> accessTokenRepository;
    private final ProviderJwtDecoderRegistry providerJwtDecoderRegistry;
    private final OAuth2UserService userInfoService;
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();

    public AuthorizationCodeAuthenticationProvider(AuthorizationGrantTokenExchanger<AuthorizationCodeAuthenticationToken> authorizationGrantTokenExchanger, SecurityTokenRepository<AccessToken> securityTokenRepository, ProviderJwtDecoderRegistry providerJwtDecoderRegistry, OAuth2UserService oAuth2UserService) {
        Assert.notNull(authorizationGrantTokenExchanger, "authorizationCodeTokenExchanger cannot be null");
        Assert.notNull(securityTokenRepository, "accessTokenRepository cannot be null");
        Assert.notNull(providerJwtDecoderRegistry, "providerJwtDecoderRegistry cannot be null");
        Assert.notNull(oAuth2UserService, "userInfoService cannot be null");
        this.authorizationCodeTokenExchanger = authorizationGrantTokenExchanger;
        this.accessTokenRepository = securityTokenRepository;
        this.providerJwtDecoderRegistry = providerJwtDecoderRegistry;
        this.userInfoService = oAuth2UserService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken = (AuthorizationCodeAuthenticationToken) authentication;
        ClientRegistration clientRegistration = authorizationCodeAuthenticationToken.getClientRegistration();
        TokenResponseAttributes exchange = this.authorizationCodeTokenExchanger.exchange(authorizationCodeAuthenticationToken);
        AccessToken accessToken = new AccessToken(exchange.getTokenType(), exchange.getTokenValue(), exchange.getIssuedAt(), exchange.getExpiresAt(), exchange.getScopes());
        IdToken idToken = null;
        if (exchange.getAdditionalParameters().containsKey("id_token")) {
            JwtDecoder jwtDecoder = this.providerJwtDecoderRegistry.getJwtDecoder(clientRegistration.getProviderDetails().getJwkSetUri());
            if (jwtDecoder == null) {
                throw new IllegalArgumentException("Unable to find a registered JwtDecoder for the provider '" + clientRegistration.getProviderDetails().getTokenUri() + "'. Check to ensure you have configured the JwkSet URI property.");
            }
            Jwt decode = jwtDecoder.decode((String) exchange.getAdditionalParameters().get("id_token"));
            idToken = new IdToken(decode.getTokenValue(), decode.getIssuedAt(), decode.getExpiresAt(), decode.getClaims());
        }
        OAuth2AuthenticationToken oAuth2AuthenticationToken = new OAuth2AuthenticationToken(clientRegistration, accessToken, idToken);
        oAuth2AuthenticationToken.setDetails(authorizationCodeAuthenticationToken.getDetails());
        OAuth2User loadUser = this.userInfoService.loadUser(oAuth2AuthenticationToken);
        OAuth2AuthenticationToken oAuth2AuthenticationToken2 = new OAuth2AuthenticationToken(loadUser, this.authoritiesMapper.mapAuthorities(loadUser.getAuthorities()), oAuth2AuthenticationToken.getClientRegistration(), oAuth2AuthenticationToken.getAccessToken(), oAuth2AuthenticationToken.getIdToken());
        oAuth2AuthenticationToken2.setDetails(oAuth2AuthenticationToken.getDetails());
        this.accessTokenRepository.saveSecurityToken(accessToken, oAuth2AuthenticationToken2);
        return oAuth2AuthenticationToken2;
    }

    public final void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        Assert.notNull(grantedAuthoritiesMapper, "authoritiesMapper cannot be null");
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public boolean supports(Class<?> cls) {
        return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(cls);
    }
}
