package org.springframework.cloud.dataflow.server.service.impl;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.security.oauth2.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.UserInfoTokenServices;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.web.client.ResourceAccessException;

/* loaded from: input_file:org/springframework/cloud/dataflow/server/service/impl/ManualOAuthAuthenticationProvider.class */
public class ManualOAuthAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger(ManualOAuthAuthenticationProvider.class);

    @Autowired
    private OAuth2ClientProperties oAuth2ClientProperties;

    @Value("${security.oauth2.client.access-token-uri}")
    private String accessTokenUri;

    @Autowired
    private UserInfoTokenServices userInfoTokenServices;

    public AccessTokenProvider userAccessTokenProvider() {
        return new ResourceOwnerPasswordAccessTokenProvider();
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        String obj = authentication.getCredentials().toString();
        ResourceOwnerPasswordResourceDetails resourceOwnerPasswordResourceDetails = new ResourceOwnerPasswordResourceDetails();
        resourceOwnerPasswordResourceDetails.setUsername(name);
        resourceOwnerPasswordResourceDetails.setPassword(obj);
        resourceOwnerPasswordResourceDetails.setAccessTokenUri(this.accessTokenUri);
        resourceOwnerPasswordResourceDetails.setClientId(this.oAuth2ClientProperties.getClientId());
        resourceOwnerPasswordResourceDetails.setClientSecret(this.oAuth2ClientProperties.getClientSecret());
        resourceOwnerPasswordResourceDetails.setGrantType("password");
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceOwnerPasswordResourceDetails, new DefaultOAuth2ClientContext(new DefaultAccessTokenRequest()));
        oAuth2RestTemplate.setAccessTokenProvider(userAccessTokenProvider());
        try {
            logger.warn("Authenticating user '{}' using accessTokenUri '{}'.", name, this.accessTokenUri);
            return this.userInfoTokenServices.loadAuthentication(oAuth2RestTemplate.getAccessToken().getValue());
        } catch (OAuth2Exception e) {
            throw new AuthenticationServiceException(String.format("Unable to perform OAuth authentication for user '%s'.", name), e);
        } catch (OAuth2AccessDeniedException e2) {
            if (!(e2.getCause() instanceof ResourceAccessException)) {
                throw new BadCredentialsException(String.format("Access denied for user '%s'.", name), e2);
            }
            String format = String.format("While authenticating user '%s': Unable to access accessTokenUri '%s'.", name, this.accessTokenUri);
            logger.error(format + " Error message: {}.", e2.getCause().getMessage());
            throw new AuthenticationServiceException(format, e2);
        }
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
