package org.springframework.security.oauth2.client.filter;

import java.io.IOException;
import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import java.util.TreeSet;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.oauth2.client.context.OAuth2ClientContext;
import org.springframework.security.oauth2.client.context.OAuth2ClientContextHolder;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetailsService;
import org.springframework.security.web.FilterInvocation;
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/client/filter/OAuth2ClientProcessingFilter.class */
public class OAuth2ClientProcessingFilter implements Filter, InitializingBean {
    private static final Log logger = LogFactory.getLog(OAuth2ClientProcessingFilter.class);
    private FilterInvocationSecurityMetadataSource objectDefinitionSource;
    private OAuth2ProtectedResourceDetailsService resourceDetailsService;

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.objectDefinitionSource, "The object definition source must be configured.");
        Assert.notNull(this.resourceDetailsService, "A resource details service must be configured for the client processing filter.");
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Set<String> resourceDependencies = getResourceDependencies(httpServletRequest, httpServletResponse, filterChain);
        if (resourceDependencies.isEmpty()) {
            if (logger.isDebugEnabled()) {
                logger.debug("No access token dependencies for request.");
            }
            filterChain.doFilter(servletRequest, servletResponse);
            return;
        }
        OAuth2ClientContext context = OAuth2ClientContextHolder.getContext();
        if (context == null) {
            throw new IllegalStateException("An OAuth2 security context hasn't been established. Unable to load the access tokens for the following resources: " + resourceDependencies);
        }
        for (String str : resourceDependencies) {
            OAuth2ProtectedResourceDetails loadProtectedResourceDetailsById = this.resourceDetailsService.loadProtectedResourceDetailsById(str);
            if (loadProtectedResourceDetailsById == null) {
                throw new IllegalStateException("Unknown resource: " + str);
            }
            if (context.getAccessToken(loadProtectedResourceDetailsById) == null) {
                throw new AccessTokenRequiredException("Access token for resource '" + str + "' has not been obtained.", loadProtectedResourceDetailsById);
            }
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected Set<String> getResourceDependencies(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) {
        TreeSet treeSet = new TreeSet();
        if (this.objectDefinitionSource != null) {
            Collection attributes = this.objectDefinitionSource.getAttributes(new FilterInvocation(httpServletRequest, httpServletResponse, filterChain));
            if (attributes != null) {
                Iterator it = attributes.iterator();
                while (it.hasNext()) {
                    treeSet.add(((ConfigAttribute) it.next()).getAttribute());
                }
            }
        }
        return treeSet;
    }

    public void setObjectDefinitionSource(FilterInvocationSecurityMetadataSource filterInvocationSecurityMetadataSource) {
        this.objectDefinitionSource = filterInvocationSecurityMetadataSource;
    }

    public void setResourceDetailsService(OAuth2ProtectedResourceDetailsService oAuth2ProtectedResourceDetailsService) {
        this.resourceDetailsService = oAuth2ProtectedResourceDetailsService;
    }
}
