package org.cloudfoundry.identity.uaa.oauth;

import java.io.UnsupportedEncodingException;
import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.LinkedHashMap;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-common-1.7.1.jar:org/cloudfoundry/identity/uaa/oauth/UaaAuthenticationKeyGenerator.class */
public class UaaAuthenticationKeyGenerator implements AuthenticationKeyGenerator {
    private static final String CLIENT_ID = "client_id";
    private static final String SCOPE = "scope";
    private static final String ACCESS_TOKEN_VALIDITY = "access_token_validity";
    private static final String REFRESH_TOKEN_VALIDITY = "refresh_token_validity";
    private UserTokenConverter userTokenConverter = new UaaUserTokenConverter();
    private ClientDetailsService clientDetailsService;

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    @Override // org.springframework.security.oauth2.provider.token.AuthenticationKeyGenerator
    public String extractKey(OAuth2Authentication oAuth2Authentication) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        AuthorizationRequest authorizationRequest = oAuth2Authentication.getAuthorizationRequest();
        if (!oAuth2Authentication.isClientOnly()) {
            linkedHashMap.putAll(this.userTokenConverter.convertUserAuthentication(oAuth2Authentication.getUserAuthentication()));
        }
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(authorizationRequest.getClientId());
        linkedHashMap.put("client_id", loadClientByClientId.getClientId());
        if (authorizationRequest.getScope() != null) {
            linkedHashMap.put("scope", OAuth2Utils.formatParameterList(authorizationRequest.getScope()));
        }
        Integer accessTokenValiditySeconds = loadClientByClientId.getAccessTokenValiditySeconds();
        if (accessTokenValiditySeconds != null) {
            linkedHashMap.put(ACCESS_TOKEN_VALIDITY, accessTokenValiditySeconds);
        }
        Integer refreshTokenValiditySeconds = loadClientByClientId.getRefreshTokenValiditySeconds();
        if (refreshTokenValiditySeconds != null && loadClientByClientId.getAuthorizedGrantTypes().contains(OAuth2AccessToken.REFRESH_TOKEN)) {
            linkedHashMap.put(REFRESH_TOKEN_VALIDITY, refreshTokenValiditySeconds);
        }
        try {
            try {
                return String.format("%032x", new BigInteger(1, MessageDigest.getInstance("MD5").digest(linkedHashMap.toString().getBytes("UTF-8"))));
            } catch (UnsupportedEncodingException e) {
                throw new IllegalStateException("UTF-8 encoding not available.  Fatal (should be in the JDK).");
            }
        } catch (NoSuchAlgorithmException e2) {
            throw new IllegalStateException("MD5 algorithm not available.  Fatal (should be in the JDK).");
        }
    }
}
