package cn.herodotus.engine.oauth2.authentication.provider;

import cn.herodotus.engine.assistant.core.utils.http.SessionUtils;
import cn.herodotus.engine.assistant.core.utils.type.ListUtils;
import cn.herodotus.engine.oauth2.authentication.utils.OAuth2EndpointUtils;
import cn.herodotus.engine.rest.core.exception.SessionInvalidException;
import cn.herodotus.engine.rest.protect.crypto.processor.HttpCryptoProcessor;
import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.HashMap;
import java.util.HashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authentication/provider/AbstractAuthenticationConverter.class */
public abstract class AbstractAuthenticationConverter implements AuthenticationConverter {
    private final HttpCryptoProcessor httpCryptoProcessor;

    public AbstractAuthenticationConverter(HttpCryptoProcessor httpCryptoProcessor) {
        this.httpCryptoProcessor = httpCryptoProcessor;
    }

    protected String[] decrypt(HttpServletRequest httpServletRequest, String str, List<String> list) {
        return (SessionUtils.isCryptoEnabled(httpServletRequest, str) && CollectionUtils.isNotEmpty(list)) ? ListUtils.toStringArray(list.stream().map(str2 -> {
            return decrypt(httpServletRequest, str, str2);
        }).toList()) : ListUtils.toStringArray(list);
    }

    protected String decrypt(HttpServletRequest httpServletRequest, String str, String str2) {
        if (SessionUtils.isCryptoEnabled(httpServletRequest, str) && StringUtils.isNotBlank(str2)) {
            try {
                return this.httpCryptoProcessor.decrypt(str, str2);
            } catch (SessionInvalidException e) {
                OAuth2EndpointUtils.throwError("SessionExpiredException", e.getMessage(), OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
            }
        }
        return str2;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authentication getClientPrincipal() {
        return SecurityContextHolder.getContext().getAuthentication();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Map<String, Object> getAdditionalParameters(HttpServletRequest httpServletRequest, MultiValueMap<String, String> multiValueMap) {
        String analyseSessionId = SessionUtils.analyseSessionId(httpServletRequest);
        HashMap hashMap = new HashMap();
        multiValueMap.forEach((str, list) -> {
            if (str.equals("grant_type") || str.equals("scope")) {
                return;
            }
            hashMap.put(str, list.size() == 1 ? decrypt(httpServletRequest, analyseSessionId, (String) list.get(0)) : decrypt(httpServletRequest, analyseSessionId, (List<String>) list));
        });
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Set<String> getRequestedScopes(String str) {
        HashSet hashSet = null;
        if (org.springframework.util.StringUtils.hasText(str)) {
            hashSet = new HashSet(Arrays.asList(org.springframework.util.StringUtils.delimitedListToStringArray(str, " ")));
        }
        return hashSet;
    }
}
