package org.pac4j.oauth.credentials.extractor;

import com.github.scribejava.core.utils.OAuthEncoder;
import java.util.Optional;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.credentials.Credentials;
import org.pac4j.oauth.config.OAuth20Configuration;
import org.pac4j.oauth.credentials.OAuth20Credentials;
import org.pac4j.oauth.exception.OAuthCredentialsException;

/* loaded from: input_file:WEB-INF/lib/pac4j-oauth-5.3.1.jar:org/pac4j/oauth/credentials/extractor/OAuth20CredentialsExtractor.class */
public class OAuth20CredentialsExtractor extends OAuthCredentialsExtractor {
    public OAuth20CredentialsExtractor(OAuth20Configuration oAuth20Configuration, IndirectClient indirectClient) {
        super(oAuth20Configuration, indirectClient);
    }

    @Override // org.pac4j.oauth.credentials.extractor.OAuthCredentialsExtractor
    protected Optional<Credentials> getOAuthCredentials(WebContext webContext, SessionStore sessionStore) {
        if (((OAuth20Configuration) this.configuration).isWithState()) {
            Optional<String> requestParameter = webContext.getRequestParameter("state");
            if (!requestParameter.isPresent()) {
                throw new OAuthCredentialsException("Missing state parameter: session expired or possible threat of cross-site request forgery");
            }
            String stateSessionAttributeName = this.client.getStateSessionAttributeName();
            String str = (String) sessionStore.get(webContext, stateSessionAttributeName).orElse(null);
            sessionStore.set(webContext, stateSessionAttributeName, null);
            this.logger.debug("sessionState: {} / stateParameter: {}", str, requestParameter);
            if (!requestParameter.get().equals(str)) {
                throw new OAuthCredentialsException("State parameter mismatch: session expired or possible threat of cross-site request forgery");
            }
        }
        Optional<String> requestParameter2 = webContext.getRequestParameter("code");
        if (!requestParameter2.isPresent()) {
            throw new OAuthCredentialsException("No credential found");
        }
        String decode = OAuthEncoder.decode(requestParameter2.get());
        this.logger.debug("code: {}", decode);
        return Optional.of(new OAuth20Credentials(decode));
    }

    @Override // org.pac4j.oauth.credentials.extractor.OAuthCredentialsExtractor, org.pac4j.core.credentials.extractor.CredentialsExtractor
    public /* bridge */ /* synthetic */ Optional extract(WebContext webContext, SessionStore sessionStore) {
        return super.extract(webContext, sessionStore);
    }
}
