package org.mitre.oauth2.token;

import java.util.Date;
import org.mitre.oauth2.exception.AuthorizationPendingException;
import org.mitre.oauth2.exception.DeviceCodeExpiredException;
import org.mitre.oauth2.model.DeviceCode;
import org.mitre.oauth2.service.DeviceCodeService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.stereotype.Component;

@Component("deviceTokenGranter")
/* loaded from: input_file:lib/openid.war:WEB-INF/lib/openid-connect-server-1.3.2.jar:org/mitre/oauth2/token/DeviceTokenGranter.class */
public class DeviceTokenGranter extends AbstractTokenGranter {
    public static final String GRANT_TYPE = "urn:ietf:params:oauth:grant-type:device_code";

    @Autowired
    private DeviceCodeService deviceCodeService;

    protected DeviceTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory) {
        super(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory, GRANT_TYPE);
    }

    @Override // org.springframework.security.oauth2.provider.token.AbstractTokenGranter
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails clientDetails, TokenRequest tokenRequest) {
        String str = (String) tokenRequest.getRequestParameters().get("device_code");
        DeviceCode findDeviceCode = this.deviceCodeService.findDeviceCode(str, clientDetails);
        if (findDeviceCode == null) {
            throw new InvalidGrantException("Invalid device code: " + str);
        }
        if (findDeviceCode.getExpiration() != null && findDeviceCode.getExpiration().before(new Date())) {
            this.deviceCodeService.clearDeviceCode(str, clientDetails);
            throw new DeviceCodeExpiredException("Device code has expired " + str);
        }
        if (!findDeviceCode.isApproved()) {
            throw new AuthorizationPendingException("Authorization pending for code " + str);
        }
        tokenRequest.setScope(findDeviceCode.getScope());
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(getRequestFactory().createOAuth2Request(clientDetails, tokenRequest), findDeviceCode.getAuthenticationHolder().getUserAuth());
        this.deviceCodeService.clearDeviceCode(str, clientDetails);
        return oAuth2Authentication;
    }
}
