package org.cloudfoundry.identity.client;

import java.net.URI;
import java.util.Arrays;
import java.util.LinkedList;
import java.util.Objects;
import org.cloudfoundry.identity.client.token.GrantType;
import org.cloudfoundry.identity.client.token.TokenRequest;
import org.cloudfoundry.identity.uaa.oauth.token.CompositeAccessToken;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.security.oauth2.client.DefaultOAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.OAuth2AccessTokenSupport;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsResourceDetails;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeResourceDetails;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
import org.springframework.security.oauth2.common.util.RandomValueStringGenerator;
import org.springframework.web.client.HttpMessageConverterExtractor;
import org.springframework.web.client.ResponseExtractor;
import org.springframework.web.util.UriComponentsBuilder;

/* loaded from: input_file:org/cloudfoundry/identity/client/UaaContextFactory.class */
public class UaaContextFactory {
    private final URI uaaURI;
    private String tokenPath = "/oauth/token";
    private String authorizePath = "/oauth/authorize";

    private UaaContextFactory(URI uri) {
        this.uaaURI = uri;
    }

    public static UaaContextFactory factory(URI uri) {
        return new UaaContextFactory(uri);
    }

    public UaaContextFactory tokenPath(String str) {
        this.tokenPath = str;
        return this;
    }

    public UaaContextFactory authorizePath(String str) {
        this.authorizePath = str;
        return this;
    }

    public TokenRequest tokenRequest() {
        UriComponentsBuilder newInstance = UriComponentsBuilder.newInstance();
        newInstance.uri(this.uaaURI);
        newInstance.path(this.tokenPath);
        UriComponentsBuilder newInstance2 = UriComponentsBuilder.newInstance();
        newInstance2.uri(this.uaaURI);
        newInstance2.path(this.authorizePath);
        return new TokenRequest(newInstance.build().toUri(), newInstance2.build().toUri());
    }

    public UaaContext authenticate(TokenRequest tokenRequest) {
        if (tokenRequest == null) {
            throw new NullPointerException(TokenRequest.class.getName() + " cannot be null.");
        }
        if (!tokenRequest.isValid()) {
            throw new IllegalArgumentException("Invalid token request.");
        }
        switch (tokenRequest.getGrantType()) {
            case CLIENT_CREDENTIALS:
                return authenticateClientCredentials(tokenRequest);
            case PASSWORD:
            case PASSWORD_WITH_PASSCODE:
                return authenticatePassword(tokenRequest);
            case AUTHORIZATION_CODE:
                return authenticateAuthCode(tokenRequest);
            case AUTHORIZATION_CODE_WITH_TOKEN:
                return authenticateAuthCodeWithToken(tokenRequest);
            default:
                throw new UnsupportedGrantTypeException("Not implemented:" + tokenRequest.getGrantType());
        }
    }

    protected UaaContext authenticateAuthCode(TokenRequest tokenRequest) {
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails = new AuthorizationCodeResourceDetails();
        authorizationCodeResourceDetails.setPreEstablishedRedirectUri(tokenRequest.getRedirectUriRedirectUri().toString());
        configureResourceDetails(tokenRequest, authorizationCodeResourceDetails);
        setClientCredentials(tokenRequest, authorizationCodeResourceDetails);
        setRequestScopes(tokenRequest, authorizationCodeResourceDetails);
        new OAuth2RestTemplate(authorizationCodeResourceDetails, new DefaultOAuth2ClientContext()).getAccessToken();
        throw new UnsupportedOperationException(GrantType.AUTHORIZATION_CODE + " is not yet implemented");
    }

    protected UaaContext authenticateAuthCodeWithToken(TokenRequest tokenRequest) {
        AuthorizationCodeAccessTokenProvider authorizationCodeAccessTokenProvider = new AuthorizationCodeAccessTokenProvider() { // from class: org.cloudfoundry.identity.client.UaaContextFactory.1
            protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
                getRestTemplate();
                return new HttpMessageConverterExtractor(CompositeAccessToken.class, Arrays.asList(new MappingJackson2HttpMessageConverter()));
            }
        };
        enhanceRequestParameters(tokenRequest, authorizationCodeAccessTokenProvider);
        AuthorizationCodeResourceDetails authorizationCodeResourceDetails = new AuthorizationCodeResourceDetails();
        authorizationCodeResourceDetails.setPreEstablishedRedirectUri(tokenRequest.getRedirectUriRedirectUri().toString());
        configureResourceDetails(tokenRequest, authorizationCodeResourceDetails);
        setClientCredentials(tokenRequest, authorizationCodeResourceDetails);
        setRequestScopes(tokenRequest, authorizationCodeResourceDetails);
        authorizationCodeResourceDetails.setUserAuthorizationUri(tokenRequest.getAuthorizationEndpoint().toString());
        DefaultOAuth2ClientContext defaultOAuth2ClientContext = new DefaultOAuth2ClientContext();
        String generate = new RandomValueStringGenerator().generate();
        defaultOAuth2ClientContext.getAccessTokenRequest().setStateKey(generate);
        defaultOAuth2ClientContext.setPreservedState(generate, authorizationCodeResourceDetails.getPreEstablishedRedirectUri());
        defaultOAuth2ClientContext.getAccessTokenRequest().setCurrentUri(authorizationCodeResourceDetails.getPreEstablishedRedirectUri());
        defaultOAuth2ClientContext.getAccessTokenRequest().getHeaders().put("Authorization", Arrays.asList("bearer " + tokenRequest.getAuthCodeAPIToken()));
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(authorizationCodeResourceDetails, defaultOAuth2ClientContext);
        oAuth2RestTemplate.setAccessTokenProvider(authorizationCodeAccessTokenProvider);
        return new UaaContextImpl(tokenRequest, oAuth2RestTemplate, oAuth2RestTemplate.getAccessToken());
    }

    protected UaaContext authenticatePassword(TokenRequest tokenRequest) {
        ResourceOwnerPasswordAccessTokenProvider resourceOwnerPasswordAccessTokenProvider = new ResourceOwnerPasswordAccessTokenProvider() { // from class: org.cloudfoundry.identity.client.UaaContextFactory.2
            protected ResponseExtractor<OAuth2AccessToken> getResponseExtractor() {
                getRestTemplate();
                return new HttpMessageConverterExtractor(CompositeAccessToken.class, Arrays.asList(new MappingJackson2HttpMessageConverter()));
            }
        };
        enhanceRequestParameters(tokenRequest, resourceOwnerPasswordAccessTokenProvider);
        ResourceOwnerPasswordResourceDetails resourceOwnerPasswordResourceDetails = new ResourceOwnerPasswordResourceDetails();
        configureResourceDetails(tokenRequest, resourceOwnerPasswordResourceDetails);
        setUserCredentials(tokenRequest, resourceOwnerPasswordResourceDetails);
        setClientCredentials(tokenRequest, resourceOwnerPasswordResourceDetails);
        setRequestScopes(tokenRequest, resourceOwnerPasswordResourceDetails);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(resourceOwnerPasswordResourceDetails, new DefaultOAuth2ClientContext());
        oAuth2RestTemplate.setAccessTokenProvider(resourceOwnerPasswordAccessTokenProvider);
        return new UaaContextImpl(tokenRequest, oAuth2RestTemplate, oAuth2RestTemplate.getAccessToken());
    }

    protected void enhanceRequestParameters(TokenRequest tokenRequest, OAuth2AccessTokenSupport oAuth2AccessTokenSupport) {
        oAuth2AccessTokenSupport.setTokenRequestEnhancer((accessTokenRequest, oAuth2ProtectedResourceDetails, multiValueMap, httpHeaders) -> {
            if (tokenRequest.wantsIdToken()) {
                multiValueMap.put("response_type", Arrays.asList("id_token token"));
            }
            if (tokenRequest.getGrantType() == GrantType.PASSWORD_WITH_PASSCODE) {
                multiValueMap.put("passcode", Arrays.asList(tokenRequest.getPasscode()));
            }
        });
    }

    protected UaaContext authenticateClientCredentials(TokenRequest tokenRequest) {
        ClientCredentialsResourceDetails clientCredentialsResourceDetails = new ClientCredentialsResourceDetails();
        configureResourceDetails(tokenRequest, clientCredentialsResourceDetails);
        setClientCredentials(tokenRequest, clientCredentialsResourceDetails);
        setRequestScopes(tokenRequest, clientCredentialsResourceDetails);
        OAuth2RestTemplate oAuth2RestTemplate = new OAuth2RestTemplate(clientCredentialsResourceDetails, new DefaultOAuth2ClientContext());
        return new UaaContextImpl(tokenRequest, oAuth2RestTemplate, new CompositeAccessToken(oAuth2RestTemplate.getAccessToken()));
    }

    protected void configureResourceDetails(TokenRequest tokenRequest, BaseOAuth2ProtectedResourceDetails baseOAuth2ProtectedResourceDetails) {
        baseOAuth2ProtectedResourceDetails.setAuthenticationScheme(AuthenticationScheme.header);
        baseOAuth2ProtectedResourceDetails.setAccessTokenUri(tokenRequest.getTokenEndpoint().toString());
    }

    protected void setRequestScopes(TokenRequest tokenRequest, BaseOAuth2ProtectedResourceDetails baseOAuth2ProtectedResourceDetails) {
        if (Objects.isNull(tokenRequest.getScopes())) {
            return;
        }
        baseOAuth2ProtectedResourceDetails.setScope(new LinkedList(tokenRequest.getScopes()));
    }

    protected void setClientCredentials(TokenRequest tokenRequest, BaseOAuth2ProtectedResourceDetails baseOAuth2ProtectedResourceDetails) {
        baseOAuth2ProtectedResourceDetails.setClientId(tokenRequest.getClientId());
        baseOAuth2ProtectedResourceDetails.setClientSecret(tokenRequest.getClientSecret());
    }

    protected void setUserCredentials(TokenRequest tokenRequest, ResourceOwnerPasswordResourceDetails resourceOwnerPasswordResourceDetails) {
        resourceOwnerPasswordResourceDetails.setUsername(tokenRequest.getUsername());
        resourceOwnerPasswordResourceDetails.setPassword(tokenRequest.getPassword());
    }
}
