package org.springframework.security.oauth2.provider.verification;

import java.util.Set;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.RedirectMismatchException;
import org.springframework.security.oauth2.provider.AccessGrantAuthenticationToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.Assert;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth-1.0.0.M2.jar:org/springframework/security/oauth2/provider/verification/VerificationCodeAuthenticationProvider.class */
public class VerificationCodeAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    private AuthenticationManager authenticationManager;
    private VerificationCodeServices verificationServices;

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.authenticationManager, "An authentication manager must be provided.");
        Assert.notNull(this.verificationServices, "Verification code services must be supplied.");
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AuthorizationCodeAuthenticationToken authorizationCodeAuthenticationToken = (AuthorizationCodeAuthenticationToken) authentication;
        String verificationCode = authorizationCodeAuthenticationToken.getVerificationCode();
        if (verificationCode == null) {
            throw new OAuth2Exception("A verification code must be supplied.");
        }
        OAuth2Authentication<? extends VerificationCodeAuthenticationToken, ? extends Authentication> consumeVerificationCode = getVerificationServices().consumeVerificationCode(verificationCode);
        if (consumeVerificationCode == null) {
            throw new InvalidGrantException("Invalid verification code: " + verificationCode);
        }
        VerificationCodeAuthenticationToken clientAuthentication = consumeVerificationCode.getClientAuthentication();
        if (clientAuthentication.getRequestedRedirect() != null && !clientAuthentication.getRequestedRedirect().equals(authorizationCodeAuthenticationToken.getRequestedRedirect())) {
            throw new RedirectMismatchException("Redirect URI mismatch.");
        }
        if (authorizationCodeAuthenticationToken.getClientId() == null || !authorizationCodeAuthenticationToken.getClientId().equals(clientAuthentication.getClientId())) {
            throw new InvalidClientException("Client ID mismatch");
        }
        Set<String> scope = clientAuthentication.getScope();
        Set<String> scope2 = authorizationCodeAuthenticationToken.getScope();
        if (!scope.containsAll(scope2)) {
            throw new InvalidScopeException("Request for access token scope outside of verification code scope.");
        }
        return new OAuth2Authentication(getAuthenticationManager().authenticate(new AccessGrantAuthenticationToken(authorizationCodeAuthenticationToken.getClientId(), authorizationCodeAuthenticationToken.getClientSecret(), scope2, "authorization_code")), consumeVerificationCode.getUserAuthentication());
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class cls) {
        return AuthorizationCodeAuthenticationToken.class.isAssignableFrom(cls);
    }

    public AuthenticationManager getAuthenticationManager() {
        return this.authenticationManager;
    }

    @Autowired
    public void setAuthenticationManager(AuthenticationManager authenticationManager) {
        this.authenticationManager = authenticationManager;
    }

    public VerificationCodeServices getVerificationServices() {
        return this.verificationServices;
    }

    @Autowired
    public void setVerificationServices(VerificationCodeServices verificationCodeServices) {
        this.verificationServices = verificationCodeServices;
    }
}
