package org.springframework.security.oauth2.client.http;

import com.nimbusds.oauth2.sdk.token.BearerTokenError;
import java.io.IOException;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.OAuth2ErrorCodes;
import org.springframework.security.oauth2.core.http.converter.OAuth2ErrorHttpMessageConverter;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.ResponseErrorHandler;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.8.10.jar:org/springframework/security/oauth2/client/http/OAuth2ErrorResponseErrorHandler.class */
public class OAuth2ErrorResponseErrorHandler implements ResponseErrorHandler {
    private HttpMessageConverter<OAuth2Error> oauth2ErrorConverter = new OAuth2ErrorHttpMessageConverter();
    private final ResponseErrorHandler defaultErrorHandler = new DefaultResponseErrorHandler();

    @Override // org.springframework.web.client.ResponseErrorHandler
    public boolean hasError(ClientHttpResponse clientHttpResponse) throws IOException {
        return this.defaultErrorHandler.hasError(clientHttpResponse);
    }

    @Override // org.springframework.web.client.ResponseErrorHandler
    public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
        if (HttpStatus.BAD_REQUEST.value() != clientHttpResponse.getRawStatusCode()) {
            this.defaultErrorHandler.handleError(clientHttpResponse);
        }
        OAuth2Error readErrorFromWwwAuthenticate = readErrorFromWwwAuthenticate(clientHttpResponse.getHeaders());
        if (readErrorFromWwwAuthenticate == null) {
            readErrorFromWwwAuthenticate = this.oauth2ErrorConverter.read2(OAuth2Error.class, clientHttpResponse);
        }
        throw new OAuth2AuthorizationException(readErrorFromWwwAuthenticate);
    }

    private OAuth2Error readErrorFromWwwAuthenticate(HttpHeaders httpHeaders) {
        String first = httpHeaders.getFirst("WWW-Authenticate");
        if (!StringUtils.hasText(first)) {
            return null;
        }
        BearerTokenError bearerToken = getBearerToken(first);
        if (bearerToken == null) {
            return new OAuth2Error(OAuth2ErrorCodes.SERVER_ERROR, null, null);
        }
        return new OAuth2Error(bearerToken.getCode() != null ? bearerToken.getCode() : OAuth2ErrorCodes.SERVER_ERROR, bearerToken.getDescription(), bearerToken.getURI() != null ? bearerToken.getURI().toString() : null);
    }

    private BearerTokenError getBearerToken(String str) {
        try {
            return BearerTokenError.parse(str);
        } catch (Exception e) {
            return null;
        }
    }

    public final void setErrorConverter(HttpMessageConverter<OAuth2Error> httpMessageConverter) {
        Assert.notNull(httpMessageConverter, "oauth2ErrorConverter cannot be null");
        this.oauth2ErrorConverter = httpMessageConverter;
    }
}
