package net.n2oapp.security.admin.auth.server.esia;

import java.text.SimpleDateFormat;
import java.util.Date;
import java.util.TreeMap;
import java.util.UUID;
import org.springframework.http.HttpHeaders;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserApprovalRequiredException;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:net/n2oapp/security/admin/auth/server/esia/EsiaAccessTokenProvider.class */
public class EsiaAccessTokenProvider extends AuthorizationCodeAccessTokenProvider {
    private final Pkcs7Util pkcs7Util;

    public EsiaAccessTokenProvider(Pkcs7Util pkcs7Util) {
        this.pkcs7Util = pkcs7Util;
    }

    public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AccessTokenRequest accessTokenRequest) throws UserRedirectRequiredException, UserApprovalRequiredException, AccessDeniedException, OAuth2AccessDeniedException {
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails = (AuthorizationCodeResourceDetails) oAuth2ProtectedResourceDetails;
        if (accessTokenRequest.getAuthorizationCode() == null) {
            if (accessTokenRequest.getStateKey() == null) {
                throw getRedirectForAuthorization(authorizationCodeResourceDetails, accessTokenRequest);
            }
            obtainAuthorizationCode(authorizationCodeResourceDetails, accessTokenRequest);
        }
        return retrieveToken(accessTokenRequest, authorizationCodeResourceDetails, getParametersForTokenRequest(authorizationCodeResourceDetails, accessTokenRequest), new HttpHeaders());
    }

    private UserRedirectRequiredException getRedirectForAuthorization(AuthorizationCodeResourceDetails authorizationCodeResourceDetails, AccessTokenRequest accessTokenRequest) {
        TreeMap treeMap = new TreeMap();
        treeMap.put("response_type", "code");
        treeMap.put("client_id", authorizationCodeResourceDetails.getClientId());
        String redirectUri = authorizationCodeResourceDetails.getRedirectUri(accessTokenRequest);
        if (redirectUri != null) {
            treeMap.put("redirect_uri", redirectUri);
        }
        String uuid = UUID.randomUUID().toString();
        String format = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss Z").format(new Date());
        String collectionToDelimitedString = StringUtils.collectionToDelimitedString(authorizationCodeResourceDetails.getScope(), " ");
        String urlSafeSign = this.pkcs7Util.getUrlSafeSign(collectionToDelimitedString + format + authorizationCodeResourceDetails.getClientId() + uuid);
        treeMap.put("scope", collectionToDelimitedString);
        treeMap.put("timestamp", format);
        treeMap.put("access_type", "online");
        treeMap.put("client_secret", urlSafeSign);
        UserRedirectRequiredException userRedirectRequiredException = new UserRedirectRequiredException(authorizationCodeResourceDetails.getUserAuthorizationUri(), treeMap);
        userRedirectRequiredException.setStateKey(uuid);
        accessTokenRequest.setStateKey(uuid);
        userRedirectRequiredException.setStateToPreserve(redirectUri);
        accessTokenRequest.setPreservedState(redirectUri);
        return userRedirectRequiredException;
    }

    private MultiValueMap<String, String> getParametersForTokenRequest(AuthorizationCodeResourceDetails authorizationCodeResourceDetails, AccessTokenRequest accessTokenRequest) {
        String format = new SimpleDateFormat("yyyy.MM.dd HH:mm:ss Z").format(new Date());
        String collectionToDelimitedString = StringUtils.collectionToDelimitedString(authorizationCodeResourceDetails.getScope(), " ");
        String urlSafeSign = this.pkcs7Util.getUrlSafeSign(collectionToDelimitedString + format + authorizationCodeResourceDetails.getClientId() + accessTokenRequest.getStateKey());
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.set("client_id", authorizationCodeResourceDetails.getClientId());
        linkedMultiValueMap.set("code", accessTokenRequest.getAuthorizationCode());
        linkedMultiValueMap.set("grant_type", "authorization_code");
        linkedMultiValueMap.set("client_secret", urlSafeSign);
        linkedMultiValueMap.set("state", accessTokenRequest.getStateKey());
        linkedMultiValueMap.set("scope", collectionToDelimitedString);
        linkedMultiValueMap.set("timestamp", format);
        linkedMultiValueMap.set("token_type", "Bearer");
        Object preservedState = accessTokenRequest.getPreservedState();
        if (preservedState == null) {
            throw new InvalidRequestException("Possible CSRF detected - state parameter was required but no state could be found");
        }
        String valueOf = preservedState instanceof String ? String.valueOf(preservedState) : authorizationCodeResourceDetails.getRedirectUri(accessTokenRequest);
        if (valueOf != null && !"NONE".equals(valueOf)) {
            linkedMultiValueMap.set("redirect_uri", valueOf);
        }
        return linkedMultiValueMap;
    }
}
