package org.springframework.security.oauth2.provider.token;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-2.0.14.RELEASE.jar:org/springframework/security/oauth2/provider/token/RemoteTokenServices.class */
public class RemoteTokenServices implements ResourceServerTokenServices {
    private String checkTokenEndpointUrl;
    private String clientId;
    private String clientSecret;
    protected final Log logger = LogFactory.getLog(getClass());
    private String tokenName = "token";
    private AccessTokenConverter tokenConverter = new DefaultAccessTokenConverter();
    private RestOperations restTemplate = new RestTemplate();

    public RemoteTokenServices() {
        ((RestTemplate) this.restTemplate).setErrorHandler(new DefaultResponseErrorHandler() { // from class: org.springframework.security.oauth2.provider.token.RemoteTokenServices.1
            @Override // org.springframework.web.client.DefaultResponseErrorHandler, org.springframework.web.client.ResponseErrorHandler
            public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
                if (clientHttpResponse.getRawStatusCode() != 400) {
                    super.handleError(clientHttpResponse);
                }
            }
        });
    }

    public void setRestTemplate(RestOperations restOperations) {
        this.restTemplate = restOperations;
    }

    public void setCheckTokenEndpointUrl(String str) {
        this.checkTokenEndpointUrl = str;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public void setAccessTokenConverter(AccessTokenConverter accessTokenConverter) {
        this.tokenConverter = accessTokenConverter;
    }

    public void setTokenName(String str) {
        this.tokenName = str;
    }

    @Override // org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(this.tokenName, str);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", getAuthorizationHeader(this.clientId, this.clientSecret));
        Map<String, ?> postForMap = postForMap(this.checkTokenEndpointUrl, linkedMultiValueMap, httpHeaders);
        if (postForMap.containsKey("error")) {
            this.logger.debug("check_token returned error: " + postForMap.get("error"));
            throw new InvalidTokenException(str);
        }
        Assert.state(postForMap.containsKey("client_id"), "Client id must be present in response from auth server");
        return this.tokenConverter.extractAuthentication(postForMap);
    }

    @Override // org.springframework.security.oauth2.provider.token.ResourceServerTokenServices
    public OAuth2AccessToken readAccessToken(String str) {
        throw new UnsupportedOperationException("Not supported: read access token");
    }

    private String getAuthorizationHeader(String str, String str2) {
        if (str == null || str2 == null) {
            this.logger.warn("Null Client ID or Client Secret detected. Endpoint that requires authentication will reject request with 401 error.");
        }
        try {
            return "Basic " + new String(Base64.encode(String.format("%s:%s", str, str2).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Could not convert String");
        }
    }

    private Map<String, Object> postForMap(String str, MultiValueMap<String, String> multiValueMap, HttpHeaders httpHeaders) {
        if (httpHeaders.getContentType() == null) {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        }
        return (Map) this.restTemplate.exchange(str, HttpMethod.POST, new HttpEntity<>(multiValueMap, httpHeaders), Map.class, new Object[0]).getBody();
    }
}
