package org.springframework.security.oauth2.client.token.grant.implicit;

import java.io.IOException;
import java.net.URI;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.springframework.http.HttpHeaders;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.ResponseExtractor;

/* JADX WARN: Classes with same name are omitted:
  input_file:WEB-INF/lib/spring-security-oauth2-2.1.1.RELEASE.jar:org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.class
 */
/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.2.0.RELEASE.jar:org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider.class */
public class ImplicitAccessTokenProvider extends OAuth2AccessTokenSupport implements AccessTokenProvider {

    /* JADX WARN: Classes with same name are omitted:
      input_file:WEB-INF/lib/spring-security-oauth2-2.1.1.RELEASE.jar:org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider$ImplicitResponseExtractor.class
     */
    /* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.2.0.RELEASE.jar:org/springframework/security/oauth2/client/token/grant/implicit/ImplicitAccessTokenProvider$ImplicitResponseExtractor.class */
    private final class ImplicitResponseExtractor implements ResponseExtractor<OAuth2AccessToken> {
        private ImplicitResponseExtractor() {
        }

        /* JADX WARN: Can't rename method to resolve collision */
        @Override // org.springframework.web.client.ResponseExtractor
        public OAuth2AccessToken extractData(ClientHttpResponse clientHttpResponse) throws IOException {
            URI location = clientHttpResponse.getHeaders().getLocation();
            if (location == null) {
                return null;
            }
            OAuth2AccessToken valueOf = DefaultOAuth2AccessToken.valueOf(OAuth2Utils.extractMap(location.getFragment()));
            if (valueOf.getValue() == null) {
                throw new UserRedirectRequiredException(location.toString(), Collections.emptyMap());
            }
            return valueOf;
        }
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public boolean supportsResource(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return (oAuth2ProtectedResourceDetails instanceof ImplicitResourceDetails) && "implicit".equals(oAuth2ProtectedResourceDetails.getGrantType());
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public boolean supportsRefresh(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        return false;
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public OAuth2AccessToken refreshAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2RefreshToken oAuth2RefreshToken, AccessTokenRequest accessTokenRequest) throws UserRedirectRequiredException {
        return null;
    }

    @Override // org.springframework.security.oauth2.client.token.AccessTokenProvider
    public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AccessTokenRequest accessTokenRequest) throws UserRedirectRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
        ImplicitResourceDetails implicitResourceDetails = (ImplicitResourceDetails) oAuth2ProtectedResourceDetails;
        try {
            OAuth2AccessToken retrieveToken = retrieveToken(accessTokenRequest, implicitResourceDetails, getParametersForTokenRequest(implicitResourceDetails, accessTokenRequest), getHeadersForTokenRequest(accessTokenRequest));
            if (retrieveToken == null) {
                throw new UserRedirectRequiredException(implicitResourceDetails.getUserAuthorizationUri(), accessTokenRequest.toSingleValueMap());
            }
            return retrieveToken;
        } catch (UserRedirectRequiredException e) {
            throw new UserRedirectRequiredException(e.getRedirectUri(), accessTokenRequest.toSingleValueMap());
        }
    }

    @Override // org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport
    protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
        return new ImplicitResponseExtractor();
    }

    private HttpHeaders getHeadersForTokenRequest(AccessTokenRequest accessTokenRequest) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.putAll(accessTokenRequest.getHeaders());
        if (accessTokenRequest.getCookie() != null) {
            httpHeaders.set("Cookie", accessTokenRequest.getCookie());
        }
        return httpHeaders;
    }

    private MultiValueMap<String, String> getParametersForTokenRequest(ImplicitResourceDetails implicitResourceDetails, AccessTokenRequest accessTokenRequest) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.set(OAuth2Utils.RESPONSE_TYPE, "token");
        linkedMultiValueMap.set("client_id", implicitResourceDetails.getClientId());
        if (implicitResourceDetails.isScoped()) {
            StringBuilder sb = new StringBuilder();
            List<String> scope = implicitResourceDetails.getScope();
            if (scope != null) {
                Iterator<String> it = scope.iterator();
                while (it.hasNext()) {
                    sb.append(it.next());
                    if (it.hasNext()) {
                        sb.append(' ');
                    }
                }
            }
            linkedMultiValueMap.set("scope", sb.toString());
        }
        for (String str : accessTokenRequest.keySet()) {
            linkedMultiValueMap.put((LinkedMultiValueMap) str, (String) accessTokenRequest.get(str));
        }
        String redirectUri = implicitResourceDetails.getRedirectUri(accessTokenRequest);
        if (redirectUri == null) {
            throw new IllegalStateException("No redirect URI available in request");
        }
        linkedMultiValueMap.set(OAuth2Utils.REDIRECT_URI, redirectUri);
        return linkedMultiValueMap;
    }
}
