package com.nimbusds.oauth2.sdk.auth;

import com.nimbusds.common.contenttype.ContentType;
import com.nimbusds.oauth2.sdk.ParseException;
import com.nimbusds.oauth2.sdk.http.HTTPRequest;
import com.nimbusds.oauth2.sdk.id.ClientID;
import com.nimbusds.oauth2.sdk.util.MultivaluedMapUtils;
import com.nimbusds.oauth2.sdk.util.StringUtils;
import java.util.List;
import java.util.Map;
import java.util.Set;
import javax.security.auth.x500.X500Principal;
import org.apache.hc.client5.http.auth.StandardAuthScheme;

/* loaded from: input_file:com/nimbusds/oauth2/sdk/auth/ClientAuthentication.class */
public abstract class ClientAuthentication {
    private final ClientAuthenticationMethod method;
    private final ClientID clientID;

    /* JADX INFO: Access modifiers changed from: protected */
    public ClientAuthentication(ClientAuthenticationMethod clientAuthenticationMethod, ClientID clientID) {
        if (clientAuthenticationMethod == null) {
            throw new IllegalArgumentException("The client authentication method must not be null");
        }
        this.method = clientAuthenticationMethod;
        if (clientID == null) {
            throw new IllegalArgumentException("The client identifier must not be null");
        }
        this.clientID = clientID;
    }

    public ClientAuthenticationMethod getMethod() {
        return this.method;
    }

    public ClientID getClientID() {
        return this.clientID;
    }

    public abstract Set<String> getFormParameterNames();

    public static ClientAuthentication parse(HTTPRequest hTTPRequest) throws ParseException {
        if (hTTPRequest.getAuthorization() != null && hTTPRequest.getAuthorization().startsWith(StandardAuthScheme.BASIC)) {
            return ClientSecretBasic.parse(hTTPRequest);
        }
        if (hTTPRequest.getMethod() != HTTPRequest.Method.POST && !hTTPRequest.getEntityContentType().matches(ContentType.APPLICATION_URLENCODED)) {
            return null;
        }
        Map<String, List<String>> queryParameters = hTTPRequest.getQueryParameters();
        if (StringUtils.isNotBlank((CharSequence) MultivaluedMapUtils.getFirstValue(queryParameters, "client_id")) && StringUtils.isNotBlank((CharSequence) MultivaluedMapUtils.getFirstValue(queryParameters, "client_secret"))) {
            return ClientSecretPost.parse(hTTPRequest);
        }
        if (StringUtils.isNotBlank((CharSequence) MultivaluedMapUtils.getFirstValue(queryParameters, "client_assertion")) && StringUtils.isNotBlank((CharSequence) MultivaluedMapUtils.getFirstValue(queryParameters, "client_assertion_type"))) {
            return JWTAuthentication.parse(hTTPRequest);
        }
        if (hTTPRequest.getClientX509Certificate() == null || !StringUtils.isNotBlank((CharSequence) MultivaluedMapUtils.getFirstValue(queryParameters, "client_id"))) {
            return null;
        }
        X500Principal issuerX500Principal = hTTPRequest.getClientX509Certificate().getIssuerX500Principal();
        X500Principal subjectX500Principal = hTTPRequest.getClientX509Certificate().getSubjectX500Principal();
        if (issuerX500Principal == null || !issuerX500Principal.equals(subjectX500Principal)) {
            return PKITLSClientAuthentication.parse(hTTPRequest);
        }
        if (hTTPRequest.getClientX509CertificateRootDN() != null && !hTTPRequest.getClientX509CertificateRootDN().equalsIgnoreCase(issuerX500Principal.toString())) {
            throw new ParseException("Client X.509 certificate issuer DN doesn't match HTTP request metadata");
        }
        if (hTTPRequest.getClientX509CertificateSubjectDN() == null || hTTPRequest.getClientX509CertificateSubjectDN().equalsIgnoreCase(subjectX500Principal.toString())) {
            return SelfSignedTLSClientAuthentication.parse(hTTPRequest);
        }
        throw new ParseException("Client X.509 certificate subject DN doesn't match HTTP request metadata");
    }

    public abstract void applyTo(HTTPRequest hTTPRequest);
}
