package org.cloudfoundry.identity.uaa.oauth.token;

import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.DefaultSecurityContextAccessor;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.16.0.jar:org/cloudfoundry/identity/uaa/oauth/token/JwtTokenGranter.class */
public class JwtTokenGranter extends AbstractTokenGranter {
    protected JwtTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientServicesExtension clientServicesExtension, OAuth2RequestFactory oAuth2RequestFactory) {
        super(authorizationServerTokenServices, clientServicesExtension, oAuth2RequestFactory, TokenConstants.GRANT_TYPE_JWT_BEARER);
    }

    protected Authentication validateRequest(TokenRequest tokenRequest) {
        if (!new DefaultSecurityContextAccessor().isUser()) {
            throw new InvalidGrantException("User authentication not found");
        }
        if (tokenRequest == null || tokenRequest.getRequestParameters() == null || tokenRequest.getRequestParameters().isEmpty()) {
            throw new InvalidGrantException("Missing token request object");
        }
        if (tokenRequest.getRequestParameters().get("grant_type") == null) {
            throw new InvalidGrantException("Missing grant type");
        }
        if (TokenConstants.GRANT_TYPE_JWT_BEARER.equals(tokenRequest.getRequestParameters().get("grant_type"))) {
            return SecurityContextHolder.getContext().getAuthentication();
        }
        throw new InvalidGrantException("Invalid grant type");
    }

    @Override // org.springframework.security.oauth2.provider.token.AbstractTokenGranter
    protected OAuth2Authentication getOAuth2Authentication(ClientDetails clientDetails, TokenRequest tokenRequest) {
        return new OAuth2Authentication(getRequestFactory().createOAuth2Request(clientDetails, tokenRequest), validateRequest(tokenRequest));
    }
}
