package org.springframework.security.oauth2.client.http;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.ClientHttpRequestFactory;
import org.springframework.security.oauth2.client.context.OAuth2ClientContext;
import org.springframework.security.oauth2.client.context.OAuth2ClientContextHolder;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/client/http/OAuth2ClientHttpRequestFactory.class */
public class OAuth2ClientHttpRequestFactory implements ClientHttpRequestFactory {
    private final ClientHttpRequestFactory delegate;
    private final OAuth2ProtectedResourceDetails resource;

    public OAuth2ClientHttpRequestFactory(ClientHttpRequestFactory clientHttpRequestFactory, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this.delegate = clientHttpRequestFactory;
        this.resource = oAuth2ProtectedResourceDetails;
        if (clientHttpRequestFactory == null) {
            throw new IllegalArgumentException("A delegate must be supplied for an OAuth2ClientHttpRequestFactory.");
        }
        if (oAuth2ProtectedResourceDetails == null) {
            throw new IllegalArgumentException("A resource must be supplied for an OAuth2ClientHttpRequestFactory.");
        }
    }

    public ClientHttpRequest createRequest(URI uri, HttpMethod httpMethod) throws IOException {
        OAuth2ClientContext context = OAuth2ClientContextHolder.getContext();
        if (context == null) {
            throw new IllegalStateException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.");
        }
        OAuth2AccessToken accessToken = context.getAccessToken(this.resource);
        if (accessToken == null) {
            throw new AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.", this.resource);
        }
        if (accessToken.isExpired()) {
            throw new AccessTokenRequiredException("OAuth 2 token is expired. Unable to access resource '" + this.resource.getId() + "'.", this.resource);
        }
        String tokenType = accessToken.getTokenType();
        if (!StringUtils.hasText(tokenType)) {
            tokenType = OAuth2AccessToken.BEARER_TYPE;
        }
        if (!OAuth2AccessToken.BEARER_TYPE.equalsIgnoreCase(tokenType) && !OAuth2AccessToken.OAUTH2_TYPE.equalsIgnoreCase(tokenType)) {
            throw new OAuth2AccessDeniedException("Unsupported access token type: " + tokenType);
        }
        AuthenticationScheme authenticationScheme = this.resource.getAuthenticationScheme();
        if (AuthenticationScheme.query.equals(authenticationScheme)) {
            uri = appendQueryParameter(uri, accessToken);
        }
        ClientHttpRequest createRequest = this.delegate.createRequest(uri, httpMethod);
        if (AuthenticationScheme.header.equals(authenticationScheme)) {
            createRequest.getHeaders().add("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, accessToken.getValue()));
        }
        return createRequest;
    }

    protected URI appendQueryParameter(URI uri, OAuth2AccessToken oAuth2AccessToken) {
        try {
            String query = uri.getQuery();
            String str = this.resource.getTokenName() + "=" + URLEncoder.encode(oAuth2AccessToken.getValue(), "UTF-8");
            String str2 = query == null ? str : query + "&" + str;
            StringBuffer stringBuffer = new StringBuffer(new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath(), null, null).toString());
            stringBuffer.append("?");
            stringBuffer.append(str2);
            if (uri.getFragment() != null) {
                stringBuffer.append("#");
                stringBuffer.append(uri.getFragment());
            }
            return new URI(stringBuffer.toString());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException("Could not encode URI", e);
        } catch (URISyntaxException e2) {
            throw new IllegalArgumentException("Could not parse URI", e2);
        }
    }
}
