package io.micronaut.security.oauth2.endpoint.token.request;

import io.micronaut.context.BeanContext;
import io.micronaut.core.annotation.NonNull;
import io.micronaut.core.util.SupplierUtil;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.MediaType;
import io.micronaut.http.MutableHttpRequest;
import io.micronaut.http.client.HttpClient;
import io.micronaut.http.client.HttpClientConfiguration;
import io.micronaut.http.client.LoadBalancer;
import io.micronaut.inject.qualifiers.Qualifiers;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.AuthenticationMethods;
import io.micronaut.security.oauth2.endpoint.token.request.context.TokenRequestContext;
import io.micronaut.security.oauth2.endpoint.token.response.TokenResponse;
import io.micronaut.security.oauth2.grants.SecureGrant;
import jakarta.inject.Singleton;
import java.util.Collections;
import java.util.Objects;
import java.util.Optional;
import java.util.Set;
import java.util.concurrent.ConcurrentHashMap;
import java.util.function.Supplier;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/request/DefaultTokenEndpointClient.class */
public class DefaultTokenEndpointClient implements TokenEndpointClient {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultTokenEndpointClient.class);
    private final BeanContext beanContext;
    private final Supplier<HttpClient> defaultTokenClient;
    private final ConcurrentHashMap<String, HttpClient> tokenClients = new ConcurrentHashMap<>();

    public DefaultTokenEndpointClient(BeanContext beanContext, HttpClientConfiguration httpClientConfiguration) {
        this.beanContext = beanContext;
        this.defaultTokenClient = SupplierUtil.memoized(() -> {
            return (HttpClient) beanContext.createBean(HttpClient.class, new Object[]{LoadBalancer.empty(), httpClientConfiguration});
        });
    }

    @Override // io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient
    @NonNull
    public <G, R extends TokenResponse> Publisher<R> sendRequest(TokenRequestContext<G, R> tokenRequestContext) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Sending request to token endpoint [{}]", tokenRequestContext.getEndpoint().getUrl());
        }
        MutableHttpRequest<G> accept = HttpRequest.POST(tokenRequestContext.getEndpoint().getUrl(), tokenRequestContext.getGrant()).contentType(tokenRequestContext.getMediaType()).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE});
        secureRequest(accept, tokenRequestContext);
        return getClient(tokenRequestContext.getClientConfiguration().getName()).retrieve(accept, tokenRequestContext.getResponseType(), tokenRequestContext.getErrorResponseType());
    }

    protected <G, R extends TokenResponse> void secureRequest(@NonNull MutableHttpRequest<G> mutableHttpRequest, TokenRequestContext<G, R> tokenRequestContext) {
        Set<String> authenticationMethodsSupported = tokenRequestContext.getEndpoint().getAuthenticationMethodsSupported();
        if (authenticationMethodsSupported == null) {
            authenticationMethodsSupported = Collections.singleton(AuthenticationMethods.CLIENT_SECRET_BASIC);
        }
        OauthClientConfiguration clientConfiguration = tokenRequestContext.getClientConfiguration();
        if (LOG.isTraceEnabled()) {
            LOG.trace("The token endpoint supports [{}] authentication methods", authenticationMethodsSupported);
        }
        if (authenticationMethodsSupported.contains(AuthenticationMethods.CLIENT_SECRET_BASIC)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Using client_secret_basic authentication. Adding an Authorization header");
            }
            mutableHttpRequest.basicAuth(clientConfiguration.getClientId(), clientConfiguration.getClientSecret());
            return;
        }
        if (authenticationMethodsSupported.contains("client_secret_post")) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Using client_secret_post authentication. The client_id and client_secret will be present in the body");
            }
            Optional body = mutableHttpRequest.getBody();
            Class<SecureGrant> cls = SecureGrant.class;
            Objects.requireNonNull(SecureGrant.class);
            Optional filter = body.filter(cls::isInstance);
            Class<SecureGrant> cls2 = SecureGrant.class;
            Objects.requireNonNull(SecureGrant.class);
            filter.map(cls2::cast).ifPresent(secureGrant -> {
                secureGrant.setClientId(clientConfiguration.getClientId());
                secureGrant.setClientSecret(clientConfiguration.getClientSecret());
            });
            return;
        }
        if (LOG.isTraceEnabled()) {
            LOG.trace("Unsupported or no authentication method. The client_id will be present in the body");
        }
        Optional body2 = mutableHttpRequest.getBody();
        Class<SecureGrant> cls3 = SecureGrant.class;
        Objects.requireNonNull(SecureGrant.class);
        Optional filter2 = body2.filter(cls3::isInstance);
        Class<SecureGrant> cls4 = SecureGrant.class;
        Objects.requireNonNull(SecureGrant.class);
        filter2.map(cls4::cast).ifPresent(secureGrant2 -> {
            secureGrant2.setClientId(clientConfiguration.getClientId());
        });
    }

    protected HttpClient getClient(String str) {
        return this.tokenClients.computeIfAbsent(str, str2 -> {
            return (HttpClient) this.beanContext.findBean(HttpClient.class, Qualifiers.byName(str2)).orElseGet(this.defaultTokenClient);
        });
    }
}
