package org.springframework.security.oauth2.server.resource.web;

import jakarta.servlet.http.HttpServletRequest;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
import org.springframework.util.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-resource-server-6.0.2.jar:org/springframework/security/oauth2/server/resource/web/DefaultBearerTokenResolver.class */
public final class DefaultBearerTokenResolver implements BearerTokenResolver {
    private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$", 2);
    private boolean allowFormEncodedBodyParameter = false;
    private boolean allowUriQueryParameter = false;
    private String bearerTokenHeaderName = "Authorization";

    @Override // org.springframework.security.oauth2.server.resource.web.BearerTokenResolver
    public String resolve(HttpServletRequest httpServletRequest) {
        String resolveFromAuthorizationHeader = resolveFromAuthorizationHeader(httpServletRequest);
        String resolveFromRequestParameters = isParameterTokenSupportedForRequest(httpServletRequest) ? resolveFromRequestParameters(httpServletRequest) : null;
        if (resolveFromAuthorizationHeader != null) {
            if (resolveFromRequestParameters != null) {
                throw new OAuth2AuthenticationException(BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request"));
            }
            return resolveFromAuthorizationHeader;
        }
        if (resolveFromRequestParameters == null || !isParameterTokenEnabledForRequest(httpServletRequest)) {
            return null;
        }
        return resolveFromRequestParameters;
    }

    public void setAllowFormEncodedBodyParameter(boolean z) {
        this.allowFormEncodedBodyParameter = z;
    }

    public void setAllowUriQueryParameter(boolean z) {
        this.allowUriQueryParameter = z;
    }

    public void setBearerTokenHeaderName(String str) {
        this.bearerTokenHeaderName = str;
    }

    private String resolveFromAuthorizationHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(this.bearerTokenHeaderName);
        if (!StringUtils.startsWithIgnoreCase(header, "bearer")) {
            return null;
        }
        Matcher matcher = authorizationPattern.matcher(header);
        if (matcher.matches()) {
            return matcher.group(OAuth2ParameterNames.TOKEN);
        }
        throw new OAuth2AuthenticationException(BearerTokenErrors.invalidToken("Bearer token is malformed"));
    }

    private static String resolveFromRequestParameters(HttpServletRequest httpServletRequest) {
        String[] parameterValues = httpServletRequest.getParameterValues(OAuth2ParameterNames.ACCESS_TOKEN);
        if (parameterValues == null || parameterValues.length == 0) {
            return null;
        }
        if (parameterValues.length == 1) {
            return parameterValues[0];
        }
        throw new OAuth2AuthenticationException(BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request"));
    }

    private boolean isParameterTokenSupportedForRequest(HttpServletRequest httpServletRequest) {
        return ("POST".equals(httpServletRequest.getMethod()) && "application/x-www-form-urlencoded".equals(httpServletRequest.getContentType())) || "GET".equals(httpServletRequest.getMethod());
    }

    private boolean isParameterTokenEnabledForRequest(HttpServletRequest httpServletRequest) {
        return (this.allowFormEncodedBodyParameter && "POST".equals(httpServletRequest.getMethod()) && "application/x-www-form-urlencoded".equals(httpServletRequest.getContentType())) || (this.allowUriQueryParameter && "GET".equals(httpServletRequest.getMethod()));
    }
}
