package org.cloudfoundry.identity.uaa.authentication;

import java.io.IOException;
import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.4.3.jar:org/cloudfoundry/identity/uaa/authentication/AbstractClientParametersAuthenticationFilter.class */
public abstract class AbstractClientParametersAuthenticationFilter implements Filter {
    public static final String CLIENT_ID = "client_id";
    public static final String CLIENT_SECRET = "client_secret";
    protected AuthenticationManager clientAuthenticationManager;
    protected final Log logger = LogFactory.getLog(getClass());
    protected AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();

    public AuthenticationManager getClientAuthenticationManager() {
        return this.clientAuthenticationManager;
    }

    public void setClientAuthenticationManager(AuthenticationManager authenticationManager) {
        this.clientAuthenticationManager = authenticationManager;
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        Map<String, String> credentials = getCredentials(httpServletRequest);
        try {
            wrapClientCredentialLogin(httpServletRequest, httpServletResponse, credentials, credentials.get("client_id"));
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            this.logger.debug("Could not authenticate with client credentials.");
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
        }
    }

    public abstract void wrapClientCredentialLogin(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Map<String, String> map, String str) throws IOException, ServletException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void doClientCredentialLogin(HttpServletRequest httpServletRequest, Map<String, String> map, String str) {
        SecurityContextHolder.getContext().setAuthentication(performClientAuthentication(httpServletRequest, map, str));
    }

    private Map<String, String> getSingleValueMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        for (String str : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str);
            hashMap.put(str, (strArr == null || strArr.length <= 0) ? null : strArr[0]);
        }
        return hashMap;
    }

    private Collection<String> getScope(HttpServletRequest httpServletRequest) {
        return OAuth2Utils.parseParameterList(httpServletRequest.getParameter("scope"));
    }

    private Authentication performClientAuthentication(HttpServletRequest httpServletRequest, Map<String, String> map, String str) {
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(str, map.get(CLIENT_SECRET));
        usernamePasswordAuthenticationToken.setDetails(new UaaAuthenticationDetails(httpServletRequest, str));
        try {
            Authentication authenticate = this.clientAuthenticationManager.authenticate(usernamePasswordAuthenticationToken);
            if (authenticate == null || !authenticate.isAuthenticated()) {
                throw new BadCredentialsException("Client Authentication failed.");
            }
            map.remove(CLIENT_SECRET);
            AuthorizationRequest authorizationRequest = new AuthorizationRequest(str, getScope(httpServletRequest));
            authorizationRequest.setRequestParameters(getSingleValueMap(httpServletRequest));
            authorizationRequest.setApproved(true);
            OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(authorizationRequest.createOAuth2Request(), null);
            oAuth2Authentication.setAuthenticated(true);
            return oAuth2Authentication;
        } catch (AuthenticationException e) {
            throw new BadCredentialsException(e.getMessage(), e);
        } catch (Exception e2) {
            this.logger.debug("Unable to authenticate client: " + str, e2);
            throw new BadCredentialsException(e2.getMessage(), e2);
        }
    }

    private Map<String, String> getCredentials(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", httpServletRequest.getParameter("client_id"));
        hashMap.put(CLIENT_SECRET, httpServletRequest.getParameter(CLIENT_SECRET));
        return hashMap;
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
