package org.springframework.security.oauth2.provider;

import java.util.List;
import java.util.Set;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/provider/AccessGrantAuthenticationProvider.class */
public class AccessGrantAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private ClientDetailsService clientDetailsService;

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.clientDetailsService, "Client details service must be supplied");
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AccessGrantAuthenticationToken accessGrantAuthenticationToken = (AccessGrantAuthenticationToken) authentication;
        ClientDetails loadClientByClientId = getClientDetailsService().loadClientByClientId(accessGrantAuthenticationToken.getClientId());
        if (loadClientByClientId.isSecretRequired()) {
            String clientSecret = accessGrantAuthenticationToken.getClientSecret();
            if (clientSecret == null) {
                throw new InvalidClientException("Client secret is required but not provided.");
            }
            if (!clientSecret.equals(loadClientByClientId.getClientSecret())) {
                throw new InvalidClientException("Invalid client secret.");
            }
        }
        if (loadClientByClientId.isScoped()) {
            Set<String> scope = accessGrantAuthenticationToken.getScope();
            List<String> scope2 = loadClientByClientId.getScope();
            for (String str : scope) {
                if (!scope2.contains(str)) {
                    throw new InvalidScopeException("Invalid scope: " + str);
                }
            }
        }
        List<String> authorizedGrantTypes = loadClientByClientId.getAuthorizedGrantTypes();
        if (authorizedGrantTypes == null || authorizedGrantTypes.contains(accessGrantAuthenticationToken.getGrantType())) {
            return new AuthorizedClientAuthenticationToken(accessGrantAuthenticationToken.getClientId(), accessGrantAuthenticationToken.getClientSecret(), accessGrantAuthenticationToken.getScope(), loadClientByClientId.getAuthorities());
        }
        throw new InvalidGrantException("Unauthorized grant type: " + accessGrantAuthenticationToken.getGrantType());
    }

    public boolean supports(Class<?> cls) {
        return AccessGrantAuthenticationToken.class.isAssignableFrom(cls);
    }

    public ClientDetailsService getClientDetailsService() {
        return this.clientDetailsService;
    }

    @Autowired
    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }
}
