package org.springframework.security.oauth2.server.authorization.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2RefreshTokenAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/authentication/OAuth2RefreshTokenAuthenticationConverter.class */
public final class OAuth2RefreshTokenAuthenticationConverter implements AuthenticationConverter {
    @Nullable
    public Authentication convert(HttpServletRequest httpServletRequest) {
        MultiValueMap<String, String> formParameters = OAuth2EndpointUtils.getFormParameters(httpServletRequest);
        if (!AuthorizationGrantType.REFRESH_TOKEN.getValue().equals((String) formParameters.getFirst("grant_type"))) {
            return null;
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = (String) formParameters.getFirst("refresh_token");
        if (!StringUtils.hasText(str) || ((List) formParameters.get("refresh_token")).size() != 1) {
            OAuth2EndpointUtils.throwError("invalid_request", "refresh_token", "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2");
        }
        String str2 = (String) formParameters.getFirst(OidcClientMetadataClaimNames.SCOPE);
        if (StringUtils.hasText(str2) && ((List) formParameters.get(OidcClientMetadataClaimNames.SCOPE)).size() != 1) {
            OAuth2EndpointUtils.throwError("invalid_request", OidcClientMetadataClaimNames.SCOPE, "https://datatracker.ietf.org/doc/html/rfc6749#section-5.2");
        }
        HashSet hashSet = null;
        if (StringUtils.hasText(str2)) {
            hashSet = new HashSet(Arrays.asList(StringUtils.delimitedListToStringArray(str2, " ")));
        }
        HashMap hashMap = new HashMap();
        formParameters.forEach((str3, list) -> {
            if (str3.equals("grant_type") || str3.equals("refresh_token") || str3.equals(OidcClientMetadataClaimNames.SCOPE)) {
                return;
            }
            hashMap.put(str3, list.size() == 1 ? list.get(0) : list.toArray(new String[0]));
        });
        return new OAuth2RefreshTokenAuthenticationToken(str, authentication, hashSet, hashMap);
    }
}
