package org.springframework.security.oauth2.server.authorization.web.authentication;

import java.util.Collections;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretPostAuthenticationConverter.class */
public final class ClientSecretPostAuthenticationConverter implements AuthenticationConverter {
    @Nullable
    public Authentication convert(HttpServletRequest httpServletRequest) {
        MultiValueMap<String, String> parameters = OAuth2EndpointUtils.getParameters(httpServletRequest);
        String str = (String) parameters.getFirst("client_id");
        if (!StringUtils.hasText(str)) {
            return null;
        }
        if (((List) parameters.get("client_id")).size() != 1) {
            throw new OAuth2AuthenticationException("invalid_request");
        }
        String str2 = (String) parameters.getFirst(OidcClientMetadataClaimNames.CLIENT_SECRET);
        if (!StringUtils.hasText(str2)) {
            return null;
        }
        if (((List) parameters.get(OidcClientMetadataClaimNames.CLIENT_SECRET)).size() != 1) {
            throw new OAuth2AuthenticationException("invalid_request");
        }
        return new OAuth2ClientAuthenticationToken(str, ClientAuthenticationMethod.CLIENT_SECRET_POST, str2, extractAdditionalParameters(httpServletRequest));
    }

    private static Map<String, Object> extractAdditionalParameters(HttpServletRequest httpServletRequest) {
        Map<String, Object> emptyMap = Collections.emptyMap();
        if (OAuth2EndpointUtils.matchesPkceTokenRequest(httpServletRequest)) {
            emptyMap = new HashMap((Map<? extends String, ? extends Object>) OAuth2EndpointUtils.getParameters(httpServletRequest).toSingleValueMap());
            emptyMap.remove("client_id");
            emptyMap.remove(OidcClientMetadataClaimNames.CLIENT_SECRET);
        }
        return emptyMap;
    }
}
