package it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.enancher;

import it.geosolutions.geostore.services.rest.security.oauth2.openid_connect.OpenIdConnectConfiguration;
import java.util.Base64;
import java.util.Collections;
import java.util.List;
import org.springframework.http.HttpHeaders;
import org.springframework.security.crypto.keygen.Base64StringKeyGenerator;
import org.springframework.security.crypto.keygen.StringKeyGenerator;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.RequestEnhancer;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:WEB-INF/lib/geostore-rest-impl-2.2.0.jar:it/geosolutions/geostore/services/rest/security/oauth2/openid_connect/enancher/PKCERequestEnhancer.class */
public class PKCERequestEnhancer implements RequestEnhancer {
    private final StringKeyGenerator secureKeyGenerator = new Base64StringKeyGenerator(Base64.getUrlEncoder().withoutPadding(), 96);
    private final OpenIdConnectConfiguration config;

    public PKCERequestEnhancer(OpenIdConnectConfiguration openIdConnectConfiguration) {
        this.config = openIdConnectConfiguration;
    }

    @Override // org.springframework.security.oauth2.client.token.RequestEnhancer
    public void enhance(AccessTokenRequest accessTokenRequest, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, MultiValueMap<String, String> multiValueMap, HttpHeaders httpHeaders) {
        List list;
        if (this.config.isSendClientSecret()) {
            multiValueMap.put("client_secret", Collections.singletonList(oAuth2ProtectedResourceDetails.getClientSecret()));
        }
        if (!this.config.isUsePKCE() || (list = (List) accessTokenRequest.get("code_verifier")) == null) {
            return;
        }
        multiValueMap.put("code_verifier", list);
    }
}
