package org.springframework.boot.autoconfigure.security.oauth2.resource;

import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.DefaultOAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices;

/* loaded from: input_file:org/springframework/boot/autoconfigure/security/oauth2/resource/UserInfoTokenServices.class */
public class UserInfoTokenServices implements ResourceServerTokenServices {
    private static final String[] PRINCIPAL_KEYS = {"user", "username", "userid", "user_id", "login", "id", "name"};
    private final String userInfoEndpointUrl;
    private final String clientId;
    private OAuth2RestOperations restTemplate;
    protected final Log logger = LogFactory.getLog(getClass());
    private String tokenType = "Bearer";
    private AuthoritiesExtractor authoritiesExtractor = new FixedAuthoritiesExtractor();

    public UserInfoTokenServices(String str, String str2) {
        this.userInfoEndpointUrl = str;
        this.clientId = str2;
    }

    public void setTokenType(String str) {
        this.tokenType = str;
    }

    public void setRestTemplate(OAuth2RestOperations oAuth2RestOperations) {
        this.restTemplate = oAuth2RestOperations;
    }

    public void setAuthoritiesExtractor(AuthoritiesExtractor authoritiesExtractor) {
        this.authoritiesExtractor = authoritiesExtractor;
    }

    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        Map<String, Object> map = getMap(this.userInfoEndpointUrl, str);
        if (!map.containsKey("error")) {
            return extractAuthentication(map);
        }
        this.logger.debug("userinfo returned error: " + map.get("error"));
        throw new InvalidTokenException(str);
    }

    private OAuth2Authentication extractAuthentication(Map<String, Object> map) {
        Object principal = getPrincipal(map);
        List<GrantedAuthority> extractAuthorities = this.authoritiesExtractor.extractAuthorities(map);
        OAuth2Request oAuth2Request = new OAuth2Request((Map) null, this.clientId, (Collection) null, true, (Set) null, (Set) null, (String) null, (Set) null, (Map) null);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(principal, "N/A", extractAuthorities);
        usernamePasswordAuthenticationToken.setDetails(map);
        return new OAuth2Authentication(oAuth2Request, usernamePasswordAuthenticationToken);
    }

    private Object getPrincipal(Map<String, Object> map) {
        for (String str : PRINCIPAL_KEYS) {
            if (map.containsKey(str)) {
                return map.get(str);
            }
        }
        return "unknown";
    }

    public OAuth2AccessToken readAccessToken(String str) {
        throw new UnsupportedOperationException("Not supported: read access token");
    }

    private Map<String, Object> getMap(String str, String str2) {
        this.logger.info("Getting user info from: " + str);
        try {
            OAuth2RestTemplate oAuth2RestTemplate = this.restTemplate;
            if (oAuth2RestTemplate == null) {
                BaseOAuth2ProtectedResourceDetails baseOAuth2ProtectedResourceDetails = new BaseOAuth2ProtectedResourceDetails();
                baseOAuth2ProtectedResourceDetails.setClientId(this.clientId);
                oAuth2RestTemplate = new OAuth2RestTemplate(baseOAuth2ProtectedResourceDetails);
            }
            DefaultOAuth2AccessToken defaultOAuth2AccessToken = new DefaultOAuth2AccessToken(str2);
            defaultOAuth2AccessToken.setTokenType(this.tokenType);
            oAuth2RestTemplate.getOAuth2ClientContext().setAccessToken(defaultOAuth2AccessToken);
            return (Map) oAuth2RestTemplate.getForEntity(str, Map.class, new Object[0]).getBody();
        } catch (Exception e) {
            this.logger.info("Could not fetch user details: " + e.getClass() + ", " + e.getMessage());
            return Collections.singletonMap("error", "Could not fetch user details");
        }
    }
}
