package org.springframework.security.oauth2.server.authorization.token;

import java.time.Instant;
import java.time.temporal.TemporalAmount;
import java.util.Base64;
import org.springframework.lang.Nullable;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.server.authorization.OAuth2TokenType;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/token/OAuth2RefreshTokenGenerator.class */
public final class OAuth2RefreshTokenGenerator implements OAuth2TokenGenerator<OAuth2RefreshToken> {
    private final StringKeyGenerator refreshTokenGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);

    @Override // org.springframework.security.oauth2.server.authorization.token.OAuth2TokenGenerator
    @Nullable
    public OAuth2RefreshToken generate(OAuth2TokenContext oAuth2TokenContext) {
        if (!OAuth2TokenType.REFRESH_TOKEN.equals(oAuth2TokenContext.getTokenType()) || isPublicClientForAuthorizationCodeGrant(oAuth2TokenContext)) {
            return null;
        }
        Instant now = Instant.now();
        return new OAuth2RefreshToken(this.refreshTokenGenerator.generateKey(), now, now.plus((TemporalAmount) oAuth2TokenContext.getRegisteredClient().getTokenSettings().getRefreshTokenTimeToLive()));
    }

    private static boolean isPublicClientForAuthorizationCodeGrant(OAuth2TokenContext oAuth2TokenContext) {
        if (!AuthorizationGrantType.AUTHORIZATION_CODE.equals(oAuth2TokenContext.getAuthorizationGrantType())) {
            return false;
        }
        Object principal = oAuth2TokenContext.getAuthorizationGrant().getPrincipal();
        if (principal instanceof OAuth2ClientAuthenticationToken) {
            return ((OAuth2ClientAuthenticationToken) principal).getClientAuthenticationMethod().equals(ClientAuthenticationMethod.NONE);
        }
        return false;
    }
}
