package org.springframework.security.oauth2.server.authorization.web.authentication;

import jakarta.servlet.http.HttpServletRequest;
import java.security.cert.X509Certificate;
import java.util.List;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.authorization.authentication.OAuth2ClientAuthenticationToken;
import org.springframework.security.oauth2.server.authorization.oidc.OidcClientMetadataClaimNames;
import org.springframework.security.web.authentication.AuthenticationConverter;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/web/authentication/X509ClientCertificateAuthenticationConverter.class */
public final class X509ClientCertificateAuthenticationConverter implements AuthenticationConverter {
    @Nullable
    public Authentication convert(HttpServletRequest httpServletRequest) {
        X509Certificate[] x509CertificateArr = (X509Certificate[]) httpServletRequest.getAttribute("jakarta.servlet.request.X509Certificate");
        if (x509CertificateArr == null || x509CertificateArr.length == 0) {
            return null;
        }
        MultiValueMap<String, String> formParameters = OAuth2EndpointUtils.getFormParameters(httpServletRequest);
        String str = (String) formParameters.getFirst(OidcClientMetadataClaimNames.CLIENT_ID);
        if (!StringUtils.hasText(str)) {
            return null;
        }
        if (((List) formParameters.get(OidcClientMetadataClaimNames.CLIENT_ID)).size() != 1) {
            throw new OAuth2AuthenticationException("invalid_request");
        }
        return new OAuth2ClientAuthenticationToken(str, x509CertificateArr.length == 1 ? ClientAuthenticationMethod.SELF_SIGNED_TLS_CLIENT_AUTH : ClientAuthenticationMethod.TLS_CLIENT_AUTH, x509CertificateArr, OAuth2EndpointUtils.getParametersIfMatchesAuthorizationCodeGrantRequest(httpServletRequest, OidcClientMetadataClaimNames.CLIENT_ID));
    }
}
