package org.springframework.security.oauth2.server.authorization.web.authentication;

import java.net.URLDecoder;
import java.nio.charset.StandardCharsets;
import java.util.Base64;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/authentication/ClientSecretBasicAuthenticationConverter.class */
public final class ClientSecretBasicAuthenticationConverter implements AuthenticationConverter {
    @Nullable
    public Authentication convert(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return null;
        }
        String[] split = header.split("\\s");
        if (!split[0].equalsIgnoreCase("Basic")) {
            return null;
        }
        if (split.length != 2) {
            throw new OAuth2AuthenticationException("invalid_request");
        }
        try {
            String[] split2 = new String(Base64.getDecoder().decode(split[1].getBytes(StandardCharsets.UTF_8)), StandardCharsets.UTF_8).split(":", 2);
            if (split2.length != 2 || !StringUtils.hasText(split2[0]) || !StringUtils.hasText(split2[1])) {
                throw new OAuth2AuthenticationException("invalid_request");
            }
            try {
                return new OAuth2ClientAuthenticationToken(URLDecoder.decode(split2[0], StandardCharsets.UTF_8.name()), ClientAuthenticationMethod.CLIENT_SECRET_BASIC, URLDecoder.decode(split2[1], StandardCharsets.UTF_8.name()), extractAdditionalParameters(httpServletRequest));
            } catch (Exception e) {
                throw new OAuth2AuthenticationException(new OAuth2Error("invalid_request"), e);
            }
        } catch (IllegalArgumentException e2) {
            throw new OAuth2AuthenticationException(new OAuth2Error("invalid_request"), e2);
        }
    }

    private static Map<String, Object> extractAdditionalParameters(HttpServletRequest httpServletRequest) {
        Map<String, Object> emptyMap = Collections.emptyMap();
        if (OAuth2EndpointUtils.matchesPkceTokenRequest(httpServletRequest)) {
            emptyMap = new HashMap((Map<? extends String, ? extends Object>) OAuth2EndpointUtils.getParameters(httpServletRequest).toSingleValueMap());
        }
        return emptyMap;
    }
}
