package org.springframework.security.oauth2.consumer.webserver;

import java.util.Iterator;
import java.util.List;
import java.util.TreeMap;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.consumer.OAuth2AccessTokenSupport;
import org.springframework.security.oauth2.consumer.OAuth2Profile;
import org.springframework.security.oauth2.consumer.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.consumer.OAuth2SecurityContext;
import org.springframework.security.oauth2.consumer.OAuth2SecurityContextHolder;
import org.springframework.security.oauth2.consumer.UserRedirectRequiredException;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:org/springframework/security/oauth2/consumer/webserver/WebServerProfile.class */
public class WebServerProfile extends OAuth2AccessTokenSupport implements OAuth2Profile {
    @Override // org.springframework.security.oauth2.consumer.OAuth2Profile
    public OAuth2AccessToken obtainNewAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) throws UserRedirectRequiredException, AccessDeniedException {
        String str;
        WebServerProfileResourceDetails webServerProfileResourceDetails = (WebServerProfileResourceDetails) oAuth2ProtectedResourceDetails;
        OAuth2SecurityContext context = OAuth2SecurityContextHolder.getContext();
        String str2 = null;
        if (context != null) {
            str2 = context.getVerificationCode();
        }
        if (context != null && context.getErrorParameters() != null) {
            throw getSerializationService().deserializeError(context.getErrorParameters());
        }
        if (str2 != null) {
            MultiValueMap<String, String> linkedMultiValueMap = new LinkedMultiValueMap<>();
            linkedMultiValueMap.add("grant_type", "authorization_code");
            linkedMultiValueMap.add("client_id", webServerProfileResourceDetails.getClientId());
            linkedMultiValueMap.add("code", str2);
            Object preservedState = context == null ? null : context.getPreservedState();
            if (preservedState == null) {
                preservedState = webServerProfileResourceDetails.getPreEstablishedRedirectUri();
            }
            if (preservedState == null) {
                preservedState = context == null ? null : context.getUserAuthorizationRedirectUri();
            }
            linkedMultiValueMap.add("redirect_uri", String.valueOf(preservedState));
            return retrieveToken(linkedMultiValueMap, webServerProfileResourceDetails);
        }
        TreeMap treeMap = new TreeMap();
        treeMap.put("response_type", "code");
        treeMap.put("client_id", webServerProfileResourceDetails.getClientId());
        if (webServerProfileResourceDetails.getPreEstablishedRedirectUri() != null) {
            str = null;
        } else {
            if (context == null) {
                throw new IllegalStateException("No OAuth 2 security context has been established: unable to determine the redirect URI for the current context.");
            }
            str = context.getUserAuthorizationRedirectUri();
            if (str == null) {
                throw new IllegalStateException("No redirect URI has been established for the current OAuth 2 security context.");
            }
            treeMap.put("redirect_uri", str);
        }
        if (webServerProfileResourceDetails.isScoped()) {
            StringBuilder sb = new StringBuilder();
            List<String> scope = webServerProfileResourceDetails.getScope();
            if (scope != null) {
                Iterator<String> it = scope.iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    if (it.hasNext()) {
                        sb.append(' ');
                    }
                }
            }
            treeMap.put("scope", sb.toString());
        }
        String state = webServerProfileResourceDetails.getState();
        if (state != null) {
            treeMap.put("state", state);
        }
        UserRedirectRequiredException userRedirectRequiredException = new UserRedirectRequiredException(webServerProfileResourceDetails.getUserAuthorizationUri(), treeMap);
        if (str != null) {
            userRedirectRequiredException.setStateKey(webServerProfileResourceDetails.getState());
            userRedirectRequiredException.setStateToPreserve(str);
        }
        throw userRedirectRequiredException;
    }

    @Override // org.springframework.security.oauth2.consumer.OAuth2Profile
    public boolean supportsResource(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return (oAuth2ProtectedResourceDetails instanceof WebServerProfileResourceDetails) && "authorization_code".equals(oAuth2ProtectedResourceDetails.getGrantType());
    }
}
