package org.geoserver.security.oauth2;

import java.io.IOException;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AccessTokenConverter;
import org.springframework.security.oauth2.provider.token.RemoteTokenServices;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/geoserver/security/oauth2/GeoServerOAuthRemoteTokenServices.class */
public abstract class GeoServerOAuthRemoteTokenServices extends RemoteTokenServices {
    protected static Logger LOGGER = LoggerFactory.getLogger(GeoServerOAuthRemoteTokenServices.class);
    protected RestOperations restTemplate;
    protected String checkTokenEndpointUrl;
    protected String clientId;
    protected String clientSecret;
    protected AccessTokenConverter tokenConverter;

    protected GeoServerOAuthRemoteTokenServices() {
    }

    protected GeoServerOAuthRemoteTokenServices(AccessTokenConverter accessTokenConverter) {
        this.tokenConverter = accessTokenConverter;
        this.restTemplate = new RestTemplate();
        this.restTemplate.setErrorHandler(new DefaultResponseErrorHandler() { // from class: org.geoserver.security.oauth2.GeoServerOAuthRemoteTokenServices.1
            public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
                if (clientHttpResponse.getRawStatusCode() != 400) {
                    super.handleError(clientHttpResponse);
                }
            }
        });
    }

    public void setRestTemplate(RestOperations restOperations) {
        this.restTemplate = restOperations;
    }

    public void setCheckTokenEndpointUrl(String str) {
        this.checkTokenEndpointUrl = str;
    }

    public void setClientId(String str) {
        this.clientId = str;
    }

    public void setClientSecret(String str) {
        this.clientSecret = str;
    }

    public void setAccessTokenConverter(AccessTokenConverter accessTokenConverter) {
        this.tokenConverter = accessTokenConverter;
    }

    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        Map<String, Object> checkToken = checkToken(str);
        verifyTokenResponse(str, checkToken);
        transformNonStandardValuesToStandardValues(checkToken);
        Assert.state(checkToken.containsKey("client_id"), "Client id must be present in response from auth server");
        return this.tokenConverter.extractAuthentication(checkToken);
    }

    protected void verifyTokenResponse(String str, Map<String, Object> map) {
        if (map.containsKey("error")) {
            this.logger.debug("check_token returned error: " + map.get("error"));
            throw new InvalidTokenException(str);
        }
    }

    protected void transformNonStandardValuesToStandardValues(Map<String, Object> map) {
    }

    protected Map<String, Object> checkToken(String str) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("token", str);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", getAuthorizationHeader(str));
        return postForMap(this.checkTokenEndpointUrl + "?access_token=" + str, linkedMultiValueMap, httpHeaders);
    }

    protected String getAuthorizationHeader(String str) {
        return "Bearer " + str;
    }

    protected Map<String, Object> postForMap(String str, MultiValueMap<String, String> multiValueMap, HttpHeaders httpHeaders) {
        if (httpHeaders.getContentType() == null) {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        }
        return (Map) this.restTemplate.exchange(str, HttpMethod.POST, new HttpEntity(multiValueMap, httpHeaders), new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.geoserver.security.oauth2.GeoServerOAuthRemoteTokenServices.2
        }, new Object[0]).getBody();
    }
}
