package org.springframework.security.oauth2.server.resource.introspection;

import java.net.URI;
import java.time.Instant;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.RequestEntity;
import org.springframework.http.ResponseEntity;
import org.springframework.http.client.support.BasicAuthenticationInterceptor;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.OAuth2TokenIntrospectionClaimNames;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-resource-server-5.7.11.jar:org/springframework/security/oauth2/server/resource/introspection/SpringOpaqueTokenIntrospector.class */
public class SpringOpaqueTokenIntrospector implements OpaqueTokenIntrospector {
    private static final String AUTHORITY_PREFIX = "SCOPE_";
    private static final ParameterizedTypeReference<Map<String, Object>> STRING_OBJECT_MAP = new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.server.resource.introspection.SpringOpaqueTokenIntrospector.1
    };
    private final Log logger = LogFactory.getLog(getClass());
    private final RestOperations restOperations;
    private Converter<String, RequestEntity<?>> requestEntityConverter;

    public SpringOpaqueTokenIntrospector(String str, String str2, String str3) {
        Assert.notNull(str, "introspectionUri cannot be null");
        Assert.notNull(str2, "clientId cannot be null");
        Assert.notNull(str3, "clientSecret cannot be null");
        this.requestEntityConverter = defaultRequestEntityConverter(URI.create(str));
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.getInterceptors().add(new BasicAuthenticationInterceptor(str2, str3));
        this.restOperations = restTemplate;
    }

    public SpringOpaqueTokenIntrospector(String str, RestOperations restOperations) {
        Assert.notNull(str, "introspectionUri cannot be null");
        Assert.notNull(restOperations, "restOperations cannot be null");
        this.requestEntityConverter = defaultRequestEntityConverter(URI.create(str));
        this.restOperations = restOperations;
    }

    private Converter<String, RequestEntity<?>> defaultRequestEntityConverter(URI uri) {
        return str -> {
            return new RequestEntity(requestBody(str), requestHeaders(), HttpMethod.POST, uri);
        };
    }

    private HttpHeaders requestHeaders() {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        return httpHeaders;
    }

    private MultiValueMap<String, String> requestBody(String str) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add(OAuth2ParameterNames.TOKEN, str);
        return linkedMultiValueMap;
    }

    @Override // org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector
    public OAuth2AuthenticatedPrincipal introspect(String str) {
        RequestEntity<?> convert = this.requestEntityConverter.convert(str);
        if (convert == null) {
            throw new OAuth2IntrospectionException("requestEntityConverter returned a null entity");
        }
        return convertClaimsSet(adaptToNimbusResponse(makeRequest(convert)));
    }

    public void setRequestEntityConverter(Converter<String, RequestEntity<?>> converter) {
        Assert.notNull(converter, "requestEntityConverter cannot be null");
        this.requestEntityConverter = converter;
    }

    private ResponseEntity<Map<String, Object>> makeRequest(RequestEntity<?> requestEntity) {
        try {
            return this.restOperations.exchange(requestEntity, STRING_OBJECT_MAP);
        } catch (Exception e) {
            throw new OAuth2IntrospectionException(e.getMessage(), e);
        }
    }

    private Map<String, Object> adaptToNimbusResponse(ResponseEntity<Map<String, Object>> responseEntity) {
        if (responseEntity.getStatusCode() != HttpStatus.OK) {
            throw new OAuth2IntrospectionException("Introspection endpoint responded with " + responseEntity.getStatusCode());
        }
        Map<String, Object> body = responseEntity.getBody();
        if (body == null) {
            return Collections.emptyMap();
        }
        if (((Boolean) body.compute(OAuth2TokenIntrospectionClaimNames.ACTIVE, (str, obj) -> {
            if (obj instanceof String) {
                return Boolean.valueOf(Boolean.parseBoolean((String) obj));
            }
            if (obj instanceof Boolean) {
                return obj;
            }
            return false;
        })).booleanValue()) {
            return body;
        }
        this.logger.trace("Did not validate token since it is inactive");
        throw new BadOpaqueTokenException("Provided token isn't active");
    }

    private OAuth2AuthenticatedPrincipal convertClaimsSet(Map<String, Object> map) {
        map.computeIfPresent("aud", (str, obj) -> {
            return obj instanceof String ? Collections.singletonList(obj) : obj;
        });
        map.computeIfPresent("client_id", (str2, obj2) -> {
            return obj2.toString();
        });
        map.computeIfPresent("exp", (str3, obj3) -> {
            return Instant.ofEpochSecond(((Number) obj3).longValue());
        });
        map.computeIfPresent("iat", (str4, obj4) -> {
            return Instant.ofEpochSecond(((Number) obj4).longValue());
        });
        map.computeIfPresent("iss", (str5, obj5) -> {
            return obj5.toString();
        });
        map.computeIfPresent("nbf", (str6, obj6) -> {
            return Instant.ofEpochSecond(((Number) obj6).longValue());
        });
        ArrayList arrayList = new ArrayList();
        map.computeIfPresent("scope", (str7, obj7) -> {
            if (!(obj7 instanceof String)) {
                return obj7;
            }
            List asList = Arrays.asList(((String) obj7).split(StringUtils.SPACE));
            Iterator it = asList.iterator();
            while (it.hasNext()) {
                arrayList.add(new SimpleGrantedAuthority(AUTHORITY_PREFIX + ((String) it.next())));
            }
            return asList;
        });
        return new OAuth2IntrospectionAuthenticatedPrincipal(map, arrayList);
    }
}
