package org.springframework.security.oauth2.client.endpoint;

import java.io.IOException;
import java.util.Arrays;
import java.util.Collections;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient.class */
public class DefaultClientCredentialsTokenResponseClient implements OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> {
    private static final String INVALID_TOKEN_REQUEST_ERROR_CODE = "invalid_token_request";
    private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
    private static final String[] TOKEN_RESPONSE_PARAMETER_NAMES = {"access_token", "token_type", "expires_in", "scope", "refresh_token"};
    private RestOperations restOperations;

    /* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/DefaultClientCredentialsTokenResponseClient$NoOpResponseErrorHandler.class */
    private static class NoOpResponseErrorHandler implements ResponseErrorHandler {
        private NoOpResponseErrorHandler() {
        }

        public boolean hasError(ClientHttpResponse clientHttpResponse) throws IOException {
            return false;
        }

        public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
        }
    }

    public DefaultClientCredentialsTokenResponseClient() {
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setErrorHandler(new NoOpResponseErrorHandler());
        this.restOperations = restTemplate;
    }

    @Override // org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient
    public OAuth2AccessTokenResponse getTokenResponse(OAuth2ClientCredentialsGrantRequest oAuth2ClientCredentialsGrantRequest) throws OAuth2AuthenticationException {
        Assert.notNull(oAuth2ClientCredentialsGrantRequest, "clientCredentialsGrantRequest cannot be null");
        try {
            ResponseEntity exchange = this.restOperations.exchange(buildRequest(oAuth2ClientCredentialsGrantRequest), new ParameterizedTypeReference<Map<String, String>>() { // from class: org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient.1
            });
            Map<String, String> map = (Map) exchange.getBody();
            if (exchange.getStatusCodeValue() != 200) {
                OAuth2Error parseErrorResponse = parseErrorResponse(map);
                if (parseErrorResponse == null) {
                    parseErrorResponse = new OAuth2Error("server_error");
                }
                throw new OAuth2AuthenticationException(parseErrorResponse, parseErrorResponse.toString());
            }
            try {
                OAuth2AccessTokenResponse parseTokenResponse = parseTokenResponse(map);
                if (parseTokenResponse == null) {
                    OAuth2Error oAuth2Error = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred parsing the Access Token response (200 OK). Missing required parameters: access_token and/or token_type", (String) null);
                    throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
                }
                if (CollectionUtils.isEmpty(parseTokenResponse.getAccessToken().getScopes())) {
                    parseTokenResponse = OAuth2AccessTokenResponse.withResponse(parseTokenResponse).scopes(oAuth2ClientCredentialsGrantRequest.getClientRegistration().getScopes()).build();
                }
                return parseTokenResponse;
            } catch (Exception e) {
                OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred parsing the Access Token response (200 OK): " + e.getMessage(), (String) null);
                throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString(), e);
            }
        } catch (Exception e2) {
            OAuth2Error oAuth2Error3 = new OAuth2Error(INVALID_TOKEN_REQUEST_ERROR_CODE, "An error occurred while sending the Access Token Request: " + e2.getMessage(), (String) null);
            throw new OAuth2AuthenticationException(oAuth2Error3, oAuth2Error3.toString(), e2);
        }
    }

    private RequestEntity<MultiValueMap<String, String>> buildRequest(OAuth2ClientCredentialsGrantRequest oAuth2ClientCredentialsGrantRequest) {
        HttpHeaders buildHeaders = buildHeaders(oAuth2ClientCredentialsGrantRequest);
        return new RequestEntity<>(buildFormParameters(oAuth2ClientCredentialsGrantRequest), buildHeaders, HttpMethod.POST, UriComponentsBuilder.fromUriString(oAuth2ClientCredentialsGrantRequest.getClientRegistration().getProviderDetails().getTokenUri()).build().toUri());
    }

    private HttpHeaders buildHeaders(OAuth2ClientCredentialsGrantRequest oAuth2ClientCredentialsGrantRequest) {
        ClientRegistration clientRegistration = oAuth2ClientCredentialsGrantRequest.getClientRegistration();
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
            httpHeaders.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret());
        }
        return httpHeaders;
    }

    private MultiValueMap<String, String> buildFormParameters(OAuth2ClientCredentialsGrantRequest oAuth2ClientCredentialsGrantRequest) {
        ClientRegistration clientRegistration = oAuth2ClientCredentialsGrantRequest.getClientRegistration();
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", oAuth2ClientCredentialsGrantRequest.getGrantType().getValue());
        if (!CollectionUtils.isEmpty(clientRegistration.getScopes())) {
            linkedMultiValueMap.add("scope", StringUtils.collectionToDelimitedString(clientRegistration.getScopes(), " "));
        }
        if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
            linkedMultiValueMap.add("client_id", clientRegistration.getClientId());
            linkedMultiValueMap.add("client_secret", clientRegistration.getClientSecret());
        }
        return linkedMultiValueMap;
    }

    private OAuth2Error parseErrorResponse(Map<String, String> map) {
        if (CollectionUtils.isEmpty(map) || !map.containsKey("error")) {
            return null;
        }
        return new OAuth2Error(map.get("error"), map.get("error_description"), map.get("error_uri"));
    }

    private OAuth2AccessTokenResponse parseTokenResponse(Map<String, String> map) {
        if (CollectionUtils.isEmpty(map) || !map.containsKey("access_token") || !map.containsKey("token_type")) {
            return null;
        }
        String str = map.get("access_token");
        OAuth2AccessToken.TokenType tokenType = null;
        if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase(map.get("token_type"))) {
            tokenType = OAuth2AccessToken.TokenType.BEARER;
        }
        long j = 0;
        if (map.containsKey("expires_in")) {
            try {
                j = Long.valueOf(map.get("expires_in")).longValue();
            } catch (NumberFormatException e) {
            }
        }
        Set emptySet = Collections.emptySet();
        if (map.containsKey("scope")) {
            emptySet = (Set) Arrays.stream(StringUtils.delimitedListToStringArray(map.get("scope"), " ")).collect(Collectors.toSet());
        }
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Set set = (Set) Stream.of((Object[]) TOKEN_RESPONSE_PARAMETER_NAMES).collect(Collectors.toSet());
        map.entrySet().stream().filter(entry -> {
            return !set.contains(entry.getKey());
        }).forEach(entry2 -> {
            linkedHashMap.put(entry2.getKey(), entry2.getValue());
        });
        return OAuth2AccessTokenResponse.withToken(str).tokenType(tokenType).expiresIn(j).scopes(emptySet).additionalParameters(linkedHashMap).build();
    }

    public final void setRestOperations(RestOperations restOperations) {
        Assert.notNull(restOperations, "restOperations cannot be null");
        this.restOperations = restOperations;
    }
}
