package org.springframework.security.oauth2.client;

import java.time.Clock;
import java.time.Duration;
import java.time.temporal.TemporalAmount;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

@Deprecated
/* loaded from: input_file:META-INF/rewrite/classpath/spring-security-oauth2-client-5.8.8.jar:org/springframework/security/oauth2/client/PasswordOAuth2AuthorizedClientProvider.class */
public final class PasswordOAuth2AuthorizedClientProvider implements OAuth2AuthorizedClientProvider {
    private OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> accessTokenResponseClient = new DefaultPasswordTokenResponseClient();
    private Duration clockSkew = Duration.ofSeconds(60);
    private Clock clock = Clock.systemUTC();

    @Override // org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider
    @Nullable
    public OAuth2AuthorizedClient authorize(OAuth2AuthorizationContext oAuth2AuthorizationContext) {
        Assert.notNull(oAuth2AuthorizationContext, "context cannot be null");
        ClientRegistration clientRegistration = oAuth2AuthorizationContext.getClientRegistration();
        OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizationContext.getAuthorizedClient();
        if (!AuthorizationGrantType.PASSWORD.equals(clientRegistration.getAuthorizationGrantType())) {
            return null;
        }
        String str = (String) oAuth2AuthorizationContext.getAttribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME);
        String str2 = (String) oAuth2AuthorizationContext.getAttribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME);
        if (!StringUtils.hasText(str) || !StringUtils.hasText(str2)) {
            return null;
        }
        if (authorizedClient != null && !hasTokenExpired(authorizedClient.getAccessToken())) {
            return null;
        }
        if (authorizedClient != null && hasTokenExpired(authorizedClient.getAccessToken()) && authorizedClient.getRefreshToken() != null) {
            return null;
        }
        OAuth2AccessTokenResponse tokenResponse = getTokenResponse(clientRegistration, new OAuth2PasswordGrantRequest(clientRegistration, str, str2));
        return new OAuth2AuthorizedClient(clientRegistration, oAuth2AuthorizationContext.getPrincipal().getName(), tokenResponse.getAccessToken(), tokenResponse.getRefreshToken());
    }

    private OAuth2AccessTokenResponse getTokenResponse(ClientRegistration clientRegistration, OAuth2PasswordGrantRequest oAuth2PasswordGrantRequest) {
        try {
            return this.accessTokenResponseClient.getTokenResponse(oAuth2PasswordGrantRequest);
        } catch (OAuth2AuthorizationException e) {
            throw new ClientAuthorizationException(e.getError(), clientRegistration.getRegistrationId(), (Throwable) e);
        }
    }

    private boolean hasTokenExpired(OAuth2Token oAuth2Token) {
        return this.clock.instant().isAfter(oAuth2Token.getExpiresAt().minus((TemporalAmount) this.clockSkew));
    }

    public void setAccessTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> oAuth2AccessTokenResponseClient) {
        Assert.notNull(oAuth2AccessTokenResponseClient, "accessTokenResponseClient cannot be null");
        this.accessTokenResponseClient = oAuth2AccessTokenResponseClient;
    }

    public void setClockSkew(Duration duration) {
        Assert.notNull(duration, "clockSkew cannot be null");
        Assert.isTrue(duration.getSeconds() >= 0, "clockSkew must be >= 0");
        this.clockSkew = duration;
    }

    public void setClock(Clock clock) {
        Assert.notNull(clock, "clock cannot be null");
        this.clock = clock;
    }
}
