package org.springframework.security.oauth2.client.web;

import java.util.Base64;
import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.util.Assert;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizationRequestResolver.class */
public final class DefaultOAuth2AuthorizationRequestResolver implements OAuth2AuthorizationRequestResolver {
    private static final String REGISTRATION_ID_URI_VARIABLE_NAME = "registrationId";
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final AntPathRequestMatcher authorizationRequestMatcher;
    private final StringKeyGenerator stateGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder());

    public DefaultOAuth2AuthorizationRequestResolver(ClientRegistrationRepository clientRegistrationRepository, String str) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.hasText(str, "authorizationRequestBaseUri cannot be empty");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizationRequestMatcher = new AntPathRequestMatcher(str + "/{" + REGISTRATION_ID_URI_VARIABLE_NAME + "}");
    }

    @Override // org.springframework.security.oauth2.client.web.OAuth2AuthorizationRequestResolver
    public OAuth2AuthorizationRequest resolve(HttpServletRequest httpServletRequest) {
        OAuth2AuthorizationRequest.Builder implicit;
        String resolveRegistrationId = resolveRegistrationId(httpServletRequest);
        if (resolveRegistrationId == null) {
            return null;
        }
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(resolveRegistrationId);
        if (findByRegistrationId == null) {
            throw new IllegalArgumentException("Invalid Client Registration with Id: " + resolveRegistrationId);
        }
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(findByRegistrationId.getAuthorizationGrantType())) {
            implicit = OAuth2AuthorizationRequest.authorizationCode();
        } else {
            if (!AuthorizationGrantType.IMPLICIT.equals(findByRegistrationId.getAuthorizationGrantType())) {
                throw new IllegalArgumentException("Invalid Authorization Grant Type (" + findByRegistrationId.getAuthorizationGrantType().getValue() + ") for Client Registration with Id: " + findByRegistrationId.getRegistrationId());
            }
            implicit = OAuth2AuthorizationRequest.implicit();
        }
        String expandRedirectUri = expandRedirectUri(httpServletRequest, findByRegistrationId, resolveRedirectUriAction(httpServletRequest, findByRegistrationId));
        HashMap hashMap = new HashMap();
        hashMap.put("registration_id", findByRegistrationId.getRegistrationId());
        return implicit.clientId(findByRegistrationId.getClientId()).authorizationUri(findByRegistrationId.getProviderDetails().getAuthorizationUri()).redirectUri(expandRedirectUri).scopes(findByRegistrationId.getScopes()).state(this.stateGenerator.generateKey()).additionalParameters(hashMap).build();
    }

    private String resolveRegistrationId(HttpServletRequest httpServletRequest) {
        ClientAuthorizationRequiredException clientAuthorizationRequiredException = (ClientAuthorizationRequiredException) httpServletRequest.getAttribute(OAuth2AuthorizationRequestRedirectFilter.AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME);
        if (clientAuthorizationRequiredException != null) {
            return clientAuthorizationRequiredException.getClientRegistrationId();
        }
        if (this.authorizationRequestMatcher.matches(httpServletRequest)) {
            return (String) this.authorizationRequestMatcher.extractUriTemplateVariables(httpServletRequest).get(REGISTRATION_ID_URI_VARIABLE_NAME);
        }
        return null;
    }

    private String resolveRedirectUriAction(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration) {
        String str = null;
        if (AuthorizationGrantType.AUTHORIZATION_CODE.equals(clientRegistration.getAuthorizationGrantType())) {
            String parameter = httpServletRequest.getParameter("action");
            str = httpServletRequest.getAttribute(OAuth2AuthorizationRequestRedirectFilter.AUTHORIZATION_REQUIRED_EXCEPTION_ATTR_NAME) != null ? "authorize" : parameter == null ? "login" : parameter.equalsIgnoreCase("login") ? "login" : "authorize";
        }
        return str;
    }

    private String expandRedirectUri(HttpServletRequest httpServletRequest, ClientRegistration clientRegistration, String str) {
        HashMap hashMap = new HashMap();
        hashMap.put(REGISTRATION_ID_URI_VARIABLE_NAME, clientRegistration.getRegistrationId());
        hashMap.put("baseUrl", UriComponentsBuilder.fromHttpUrl(UrlUtils.buildFullRequestUrl(httpServletRequest)).replaceQuery((String) null).replacePath(httpServletRequest.getContextPath()).build().toUriString());
        if (str != null) {
            hashMap.put("action", str);
        }
        return UriComponentsBuilder.fromUriString(clientRegistration.getRedirectUriTemplate()).buildAndExpand(hashMap).toUriString();
    }
}
