package io.github.microcks.security;

import io.github.microcks.domain.OAuth2AuthorizedClient;
import io.github.microcks.domain.OAuth2ClientContext;
import io.github.microcks.domain.OAuth2GrantType;
import java.time.Instant;
import java.util.Arrays;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.DefaultRefreshTokenTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;

/* loaded from: input_file:io/github/microcks/security/OAuth2AuthorizedClientProvider.class */
public class OAuth2AuthorizedClientProvider {
    private static Logger log = LoggerFactory.getLogger(OAuth2AuthorizedClientProvider.class);

    /* renamed from: io.github.microcks.security.OAuth2AuthorizedClientProvider$1, reason: invalid class name */
    /* loaded from: input_file:io/github/microcks/security/OAuth2AuthorizedClientProvider$1.class */
    static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$github$microcks$domain$OAuth2GrantType = new int[OAuth2GrantType.values().length];

        static {
            try {
                $SwitchMap$io$github$microcks$domain$OAuth2GrantType[OAuth2GrantType.PASSWORD.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$github$microcks$domain$OAuth2GrantType[OAuth2GrantType.CLIENT_CREDENTIALS.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            try {
                $SwitchMap$io$github$microcks$domain$OAuth2GrantType[OAuth2GrantType.REFRESH_TOKEN.ordinal()] = 3;
            } catch (NoSuchFieldError e3) {
            }
        }
    }

    public OAuth2AuthorizedClient authorize(OAuth2ClientContext oAuth2ClientContext) throws AuthorizationException {
        OAuth2AccessToken oAuth2AccessToken = null;
        try {
            switch (AnonymousClass1.$SwitchMap$io$github$microcks$domain$OAuth2GrantType[oAuth2ClientContext.getGrantType().ordinal()]) {
                case 1:
                    oAuth2AccessToken = getResourceOwnerPasswordAccessToken(oAuth2ClientContext);
                    break;
                case 2:
                    oAuth2AccessToken = getClientCredentialsAccessToken(oAuth2ClientContext);
                    break;
                case 3:
                    oAuth2AccessToken = getRefreshTokenAccessToken(oAuth2ClientContext);
                    break;
            }
            String clientId = oAuth2ClientContext.getClientId();
            if (oAuth2ClientContext.getGrantType() == OAuth2GrantType.PASSWORD) {
                clientId = oAuth2ClientContext.getUsername();
            }
            return new OAuth2AuthorizedClient(oAuth2ClientContext.getGrantType(), clientId, oAuth2ClientContext.getTokenUri(), String.join(" ", oAuth2AccessToken.getScopes()), oAuth2AccessToken.getTokenValue());
        } catch (OAuth2AuthorizationException e) {
            log.error("Error during {} grant type fetching", oAuth2ClientContext.getGrantType(), e);
            throw new AuthorizationException("Error during " + oAuth2ClientContext.getGrantType() + " grant type fetching", e);
        }
    }

    private OAuth2AccessToken getResourceOwnerPasswordAccessToken(OAuth2ClientContext oAuth2ClientContext) {
        return new DefaultPasswordTokenResponseClient().getTokenResponse(new OAuth2PasswordGrantRequest(initializeClientRegistration(oAuth2ClientContext).authorizationGrantType(AuthorizationGrantType.PASSWORD).build(), oAuth2ClientContext.getUsername(), oAuth2ClientContext.getPassword())).getAccessToken();
    }

    private OAuth2AccessToken getClientCredentialsAccessToken(OAuth2ClientContext oAuth2ClientContext) {
        return new DefaultClientCredentialsTokenResponseClient().getTokenResponse(new OAuth2ClientCredentialsGrantRequest(initializeClientRegistration(oAuth2ClientContext).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).build())).getAccessToken();
    }

    private OAuth2AccessToken getRefreshTokenAccessToken(OAuth2ClientContext oAuth2ClientContext) {
        return new DefaultRefreshTokenTokenResponseClient().getTokenResponse(new OAuth2RefreshTokenGrantRequest(initializeClientRegistration(oAuth2ClientContext).authorizationGrantType(AuthorizationGrantType.REFRESH_TOKEN).build(), new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "fake-one", (Instant) null, (Instant) null), new OAuth2RefreshToken(oAuth2ClientContext.getRefreshToken(), (Instant) null))).getAccessToken();
    }

    private ClientRegistration.Builder initializeClientRegistration(OAuth2ClientContext oAuth2ClientContext) {
        ClientRegistration.Builder builder = ClientRegistration.withRegistrationId("microcks-test-idp").clientId(oAuth2ClientContext.getClientId()).clientSecret(oAuth2ClientContext.getClientSecret()).tokenUri(oAuth2ClientContext.getTokenUri());
        if (oAuth2ClientContext.getScopes() != null) {
            builder.scope(Arrays.asList((oAuth2ClientContext.getScopes() + " openid").split(" ")));
        } else {
            builder.scope(new String[]{"openid"});
        }
        return builder;
    }
}
