package org.springframework.security.oauth2.client;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.Arrays;
import org.apache.http.protocol.HTTP;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.client.http.OAuth2ErrorHandler;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.util.StringUtils;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestTemplate;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/spring-security-oauth2-1.0.0.RELEASE.jar:org/springframework/security/oauth2/client/OAuth2RestTemplate.class
 */
/* loaded from: input_file:org.cloudfoundry.ide.eclipse.server.core_1.7.1.201408270217-RELEASE.jar:lib/spring-security-oauth2-1.0.0.RELEASE.jar:org/springframework/security/oauth2/client/OAuth2RestTemplate.class */
public class OAuth2RestTemplate extends RestTemplate implements OAuth2RestOperations {
    private final OAuth2ProtectedResourceDetails resource;
    private AccessTokenProvider accessTokenProvider;
    private OAuth2ClientContext context;
    private boolean retryBadAccessTokens;

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this(oAuth2ProtectedResourceDetails, new DefaultOAuth2ClientContext());
    }

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext) {
        this.accessTokenProvider = new AccessTokenProviderChain(Arrays.asList(new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));
        this.retryBadAccessTokens = true;
        if (oAuth2ProtectedResourceDetails == null) {
            throw new IllegalArgumentException("An OAuth2 resource must be supplied.");
        }
        this.resource = oAuth2ProtectedResourceDetails;
        this.context = oAuth2ClientContext;
        setErrorHandler(new OAuth2ErrorHandler(oAuth2ProtectedResourceDetails));
    }

    public void setRetryBadAccessTokens(boolean z) {
        this.retryBadAccessTokens = z;
    }

    @Override // org.springframework.web.client.RestTemplate
    public void setErrorHandler(ResponseErrorHandler responseErrorHandler) {
        if (!(responseErrorHandler instanceof OAuth2ErrorHandler)) {
            responseErrorHandler = new OAuth2ErrorHandler(responseErrorHandler, this.resource);
        }
        super.setErrorHandler(responseErrorHandler);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.http.client.support.HttpAccessor
    public ClientHttpRequest createRequest(URI uri, HttpMethod httpMethod) throws IOException {
        OAuth2AccessToken accessToken = getAccessToken();
        String tokenType = accessToken.getTokenType();
        if (!StringUtils.hasText(tokenType)) {
            tokenType = OAuth2AccessToken.BEARER_TYPE;
        }
        if (!OAuth2AccessToken.BEARER_TYPE.equalsIgnoreCase(tokenType) && !OAuth2AccessToken.OAUTH2_TYPE.equalsIgnoreCase(tokenType)) {
            throw new OAuth2AccessDeniedException("Unsupported access token type: " + tokenType);
        }
        AuthenticationScheme authenticationScheme = this.resource.getAuthenticationScheme();
        if (AuthenticationScheme.query.equals(authenticationScheme) || AuthenticationScheme.form.equals(authenticationScheme)) {
            uri = appendQueryParameter(uri, accessToken);
        }
        ClientHttpRequest createRequest = super.createRequest(uri, httpMethod);
        if (AuthenticationScheme.header.equals(authenticationScheme)) {
            createRequest.getHeaders().add("Authorization", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, accessToken.getValue()));
        }
        return createRequest;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Removed duplicated region for block: B:11:0x0050  */
    @Override // org.springframework.web.client.RestTemplate
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public <T> T doExecute(java.net.URI r7, org.springframework.http.HttpMethod r8, org.springframework.web.client.RequestCallback r9, org.springframework.web.client.ResponseExtractor<T> r10) throws org.springframework.web.client.RestClientException {
        /*
            r6 = this;
            r0 = r6
            org.springframework.security.oauth2.client.OAuth2ClientContext r0 = r0.context
            org.springframework.security.oauth2.common.OAuth2AccessToken r0 = r0.getAccessToken()
            r11 = r0
            r0 = 0
            r12 = r0
            r0 = r6
            r1 = r7
            r2 = r8
            r3 = r9
            r4 = r10
            java.lang.Object r0 = super.doExecute(r1, r2, r3, r4)     // Catch: org.springframework.security.oauth2.client.http.AccessTokenRequiredException -> L18 org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException -> L21 org.springframework.security.oauth2.common.exceptions.InvalidTokenException -> L2a
            return r0
        L18:
            r13 = move-exception
            r0 = r13
            r12 = r0
            goto L4b
        L21:
            r13 = move-exception
            r0 = r13
            r12 = r0
            goto L4b
        L2a:
            r13 = move-exception
            org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException r0 = new org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Invalid token for client="
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r6
            java.lang.String r3 = r3.getClientId()
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            r12 = r0
        L4b:
            r0 = r11
            if (r0 == 0) goto L8c
            r0 = r6
            boolean r0 = r0.retryBadAccessTokens
            if (r0 == 0) goto L8c
            r0 = r6
            org.springframework.security.oauth2.client.OAuth2ClientContext r0 = r0.context
            r1 = 0
            r0.setAccessToken(r1)
            r0 = r6
            r1 = r7
            r2 = r8
            r3 = r9
            r4 = r10
            java.lang.Object r0 = super.doExecute(r1, r2, r3, r4)     // Catch: org.springframework.security.oauth2.common.exceptions.InvalidTokenException -> L6b
            return r0
        L6b:
            r13 = move-exception
            org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException r0 = new org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException
            r1 = r0
            java.lang.StringBuilder r2 = new java.lang.StringBuilder
            r3 = r2
            r3.<init>()
            java.lang.String r3 = "Invalid token for client="
            java.lang.StringBuilder r2 = r2.append(r3)
            r3 = r6
            java.lang.String r3 = r3.getClientId()
            java.lang.StringBuilder r2 = r2.append(r3)
            java.lang.String r2 = r2.toString()
            r1.<init>(r2)
            r12 = r0
        L8c:
            r0 = r12
            throw r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.springframework.security.oauth2.client.OAuth2RestTemplate.doExecute(java.net.URI, org.springframework.http.HttpMethod, org.springframework.web.client.RequestCallback, org.springframework.web.client.ResponseExtractor):java.lang.Object");
    }

    private String getClientId() {
        return this.resource.getClientId();
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        OAuth2AccessToken accessToken = this.context.getAccessToken();
        if (accessToken == null || accessToken.isExpired()) {
            try {
                accessToken = acquireAccessToken(this.context);
            } catch (UserRedirectRequiredException e) {
                this.context.setAccessToken(null);
                String stateKey = e.getStateKey();
                if (stateKey != null) {
                    Object stateToPreserve = e.getStateToPreserve();
                    if (stateToPreserve == null) {
                        stateToPreserve = AuthorizationRequest.STATE;
                    }
                    this.context.setPreservedState(stateKey, stateToPreserve);
                }
                throw e;
            }
        }
        return accessToken;
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2ClientContext getOAuth2ClientContext() {
        return this.context;
    }

    protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oAuth2ClientContext) throws UserRedirectRequiredException {
        AccessTokenRequest accessTokenRequest = oAuth2ClientContext.getAccessTokenRequest();
        if (accessTokenRequest == null) {
            throw new AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.", this.resource);
        }
        String stateKey = accessTokenRequest.getStateKey();
        if (stateKey != null) {
            accessTokenRequest.setPreservedState(oAuth2ClientContext.removePreservedState(stateKey));
        }
        OAuth2AccessToken accessToken = oAuth2ClientContext.getAccessToken();
        if (accessToken != null) {
            accessTokenRequest.setExistingToken(accessToken);
        }
        OAuth2AccessToken obtainAccessToken = this.accessTokenProvider.obtainAccessToken(this.resource, accessTokenRequest);
        if (obtainAccessToken == null || obtainAccessToken.getValue() == null) {
            throw new IllegalStateException("Access token provider returned a null access token, which is illegal according to the contract.");
        }
        oAuth2ClientContext.setAccessToken(obtainAccessToken);
        return obtainAccessToken;
    }

    protected URI appendQueryParameter(URI uri, OAuth2AccessToken oAuth2AccessToken) {
        try {
            String rawQuery = uri.getRawQuery();
            String str = this.resource.getTokenName() + "=" + URLEncoder.encode(oAuth2AccessToken.getValue(), HTTP.UTF_8);
            String str2 = rawQuery == null ? str : rawQuery + BeanFactory.FACTORY_BEAN_PREFIX + str;
            StringBuffer stringBuffer = new StringBuffer(new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath(), null, null).toString());
            stringBuffer.append("?");
            stringBuffer.append(str2);
            if (uri.getFragment() != null) {
                stringBuffer.append("#");
                stringBuffer.append(uri.getFragment());
            }
            return new URI(stringBuffer.toString());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException("Could not encode URI", e);
        } catch (URISyntaxException e2) {
            throw new IllegalArgumentException("Could not parse URI", e2);
        }
    }

    public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) {
        this.accessTokenProvider = accessTokenProvider;
    }
}
