package org.springframework.security.oauth2.client.authentication;

import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.5.1.jar:org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeAuthenticationProvider.class */
public class OAuth2AuthorizationCodeAuthenticationProvider implements AuthenticationProvider {
    private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
    private final OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;

    public OAuth2AuthorizationCodeAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> oAuth2AccessTokenResponseClient) {
        Assert.notNull(oAuth2AccessTokenResponseClient, "accessTokenResponseClient cannot be null");
        this.accessTokenResponseClient = oAuth2AccessTokenResponseClient;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
        OAuth2AuthorizationResponse authorizationResponse = oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange().getAuthorizationResponse();
        if (authorizationResponse.statusError()) {
            throw new OAuth2AuthorizationException(authorizationResponse.getError());
        }
        if (!authorizationResponse.getState().equals(oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getState())) {
            throw new OAuth2AuthorizationException(new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE));
        }
        OAuth2AccessTokenResponse tokenResponse = this.accessTokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange()));
        OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken2 = new OAuth2AuthorizationCodeAuthenticationToken(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange(), tokenResponse.getAccessToken(), tokenResponse.getRefreshToken(), tokenResponse.getAdditionalParameters());
        oAuth2AuthorizationCodeAuthenticationToken2.setDetails(oAuth2AuthorizationCodeAuthenticationToken.getDetails());
        return oAuth2AuthorizationCodeAuthenticationToken2;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return OAuth2AuthorizationCodeAuthenticationToken.class.isAssignableFrom(cls);
    }
}
