package io.fusionauth.security;

import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.client.OAuth2RestOperations;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:io/fusionauth/security/OpenIDConnectFilter.class */
public class OpenIDConnectFilter extends AbstractAuthenticationProcessingFilter {
    private OAuth2RestOperations restTemplate;

    @Autowired
    private OpenIDAuthorizationCodeResourceDetails openIDResourceDetails;

    /* loaded from: input_file:io/fusionauth/security/OpenIDConnectFilter$NoopAuthenticationManager.class */
    private static class NoopAuthenticationManager implements AuthenticationManager {
        private NoopAuthenticationManager() {
        }

        public Authentication authenticate(Authentication authentication) throws AuthenticationException {
            throw new UnsupportedOperationException("No authentication should be done with this AuthenticationManager");
        }
    }

    public OpenIDConnectFilter(String str) {
        super(str);
        setAuthenticationManager(new NoopAuthenticationManager());
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        try {
            OAuth2AccessToken accessToken = this.restTemplate.getAccessToken();
            try {
                FusionAuthUserDetails fusionAuthUserDetails = new FusionAuthUserDetails(getUserInfo(accessToken), accessToken);
                return new UsernamePasswordAuthenticationToken(fusionAuthUserDetails, (Object) null, fusionAuthUserDetails.getAuthorities());
            } catch (Exception e) {
                throw new BadCredentialsException("Failed to validate the token", e);
            }
        } catch (OAuth2Exception e2) {
            throw new BadCredentialsException("Could not obtain access token", e2);
        }
    }

    public void setRestTemplate(OAuth2RestTemplate oAuth2RestTemplate) {
        this.restTemplate = oAuth2RestTemplate;
    }

    private JsonNode getUserInfo(OAuth2AccessToken oAuth2AccessToken) throws IOException {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", "Bearer " + oAuth2AccessToken.getValue());
        ResponseEntity exchange = new RestTemplate().exchange(this.openIDResourceDetails.getUserInfoUri(), HttpMethod.GET, new HttpEntity(httpHeaders), String.class, new Object[0]);
        if (exchange.getStatusCode() == HttpStatus.OK) {
            return new ObjectMapper().readTree((String) exchange.getBody());
        }
        throw new BadCredentialsException("Failed to request user details from the UserInfo API. Status code [" + exchange.getStatusCodeValue() + "] Message [" + ((String) exchange.getBody()) + "]");
    }
}
