package org.springframework.security.oauth2.client.web;

import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.util.Base64;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.function.Consumer;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.PkceParameterNames;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.3.9.jar:org/springframework/security/oauth2/client/web/OAuth2AuthorizationRequestCustomizers.class */
public final class OAuth2AuthorizationRequestCustomizers {
    private static final StringKeyGenerator DEFAULT_SECURE_KEY_GENERATOR = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);

    private OAuth2AuthorizationRequestCustomizers() {
    }

    public static Consumer<OAuth2AuthorizationRequest.Builder> withPkce() {
        return OAuth2AuthorizationRequestCustomizers::applyPkce;
    }

    private static void applyPkce(OAuth2AuthorizationRequest.Builder builder) {
        if (isPkceAlreadyApplied(builder)) {
            return;
        }
        String generateKey = DEFAULT_SECURE_KEY_GENERATOR.generateKey();
        builder.attributes(map -> {
            map.put(PkceParameterNames.CODE_VERIFIER, generateKey);
        });
        builder.additionalParameters(map2 -> {
            try {
                map2.put(PkceParameterNames.CODE_CHALLENGE, createHash(generateKey));
                map2.put(PkceParameterNames.CODE_CHALLENGE_METHOD, "S256");
            } catch (NoSuchAlgorithmException e) {
                map2.put(PkceParameterNames.CODE_CHALLENGE, generateKey);
            }
        });
    }

    private static boolean isPkceAlreadyApplied(OAuth2AuthorizationRequest.Builder builder) {
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        builder.additionalParameters(map -> {
            if (map.containsKey(PkceParameterNames.CODE_CHALLENGE)) {
                atomicBoolean.set(true);
            }
        });
        return atomicBoolean.get();
    }

    private static String createHash(String str) throws NoSuchAlgorithmException {
        return Base64.getUrlEncoder().withoutPadding().encodeToString(MessageDigest.getInstance("SHA-256").digest(str.getBytes(StandardCharsets.US_ASCII)));
    }
}
