package org.geoserver.security.oauth2.services;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.util.Map;
import org.geoserver.security.oauth2.GeoServerOAuthRemoteTokenServices;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.crypto.codec.Base64;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/geoserver/security/oauth2/services/GoogleTokenServices.class */
public class GoogleTokenServices extends GeoServerOAuthRemoteTokenServices {
    public GoogleTokenServices() {
        this.tokenConverter = new GoogleAccessTokenConverter();
        this.restTemplate = new RestTemplate();
        this.restTemplate.setErrorHandler(new DefaultResponseErrorHandler() { // from class: org.geoserver.security.oauth2.services.GoogleTokenServices.1
            public void handleError(ClientHttpResponse clientHttpResponse) throws IOException {
                if (clientHttpResponse.getRawStatusCode() != 400) {
                    super.handleError(clientHttpResponse);
                }
            }
        });
    }

    public OAuth2Authentication loadAuthentication(String str) throws AuthenticationException, InvalidTokenException {
        Map<String, Object> checkToken = checkToken(str);
        if (checkToken.containsKey("error")) {
            this.logger.debug("check_token returned error: " + checkToken.get("error"));
            throw new InvalidTokenException(str);
        }
        transformNonStandardValuesToStandardValues(checkToken);
        Assert.state(checkToken.containsKey("client_id"), "Client id must be present in response from auth server");
        return this.tokenConverter.extractAuthentication(checkToken);
    }

    private Map<String, Object> checkToken(String str) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("token", str);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.set("Authorization", getAuthorizationHeader(this.clientId, this.clientSecret));
        return postForMap(this.checkTokenEndpointUrl + "?access_token=" + str, linkedMultiValueMap, httpHeaders);
    }

    private void transformNonStandardValuesToStandardValues(Map<String, Object> map) {
        LOGGER.debug("Original map = " + map);
        map.put("client_id", map.get("issued_to"));
        map.put("user_name", map.get("user_id"));
        LOGGER.debug("Transformed = " + map);
    }

    private String getAuthorizationHeader(String str, String str2) {
        try {
            return "Basic " + new String(Base64.encode(String.format("%s:%s", str, str2).getBytes("UTF-8")));
        } catch (UnsupportedEncodingException e) {
            throw new IllegalStateException("Could not convert String");
        }
    }

    private Map<String, Object> postForMap(String str, MultiValueMap<String, String> multiValueMap, HttpHeaders httpHeaders) {
        if (httpHeaders.getContentType() == null) {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        }
        return (Map) this.restTemplate.exchange(str, HttpMethod.POST, new HttpEntity(multiValueMap, httpHeaders), new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.geoserver.security.oauth2.services.GoogleTokenServices.2
        }, new Object[0]).getBody();
    }
}
