package org.springframework.security.oauth2.server.authorization.authentication;

import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.jwt.DPoPProofContext;
import org.springframework.security.oauth2.jwt.DPoPProofJwtDecoderFactory;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtDecoderFactory;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/authentication/DPoPProofVerifier.class */
final class DPoPProofVerifier {
    private static final JwtDecoderFactory<DPoPProofContext> dPoPProofVerifierFactory = new DPoPProofJwtDecoderFactory();

    private DPoPProofVerifier() {
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static Jwt verifyIfAvailable(OAuth2AuthorizationGrantAuthenticationToken oAuth2AuthorizationGrantAuthenticationToken) {
        String str = (String) oAuth2AuthorizationGrantAuthenticationToken.getAdditionalParameters().get("dpop_proof");
        if (!StringUtils.hasText(str)) {
            return null;
        }
        String str2 = (String) oAuth2AuthorizationGrantAuthenticationToken.getAdditionalParameters().get("dpop_method");
        try {
            return dPoPProofVerifierFactory.createDecoder(DPoPProofContext.withDPoPProof(str).method(str2).targetUri((String) oAuth2AuthorizationGrantAuthenticationToken.getAdditionalParameters().get("dpop_target_uri")).build()).decode(str);
        } catch (Exception e) {
            throw new OAuth2AuthenticationException(new OAuth2Error("invalid_dpop_proof"), e);
        }
    }
}
