package org.cloudfoundry.client.lib.oauth2;

import java.net.URL;
import java.util.HashMap;
import org.cloudfoundry.client.lib.CloudCredentials;
import org.cloudfoundry.client.lib.CloudFoundryException;
import org.cloudfoundry.client.lib.util.JsonUtil;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.client.resource.BaseOAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.DefaultAccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;

/* JADX WARN: Classes with same name are omitted:
  input_file:lib/cloudfoundry-client-lib-1.1.4.20160618.jar:org/cloudfoundry/client/lib/oauth2/OauthClient.class
 */
/* loaded from: input_file:lib/cloudfoundry-client-lib-1.1.4.20161011.jar:org/cloudfoundry/client/lib/oauth2/OauthClient.class */
public class OauthClient {
    private static final String AUTHORIZATION_HEADER_KEY = "Authorization";
    private URL authorizationUrl;
    private RestTemplate restTemplate;
    private OAuth2AccessToken token;
    private CloudCredentials credentials;

    public OauthClient(URL url, RestTemplate restTemplate) {
        this.authorizationUrl = url;
        this.restTemplate = restTemplate;
    }

    public void init(CloudCredentials cloudCredentials) {
        if (cloudCredentials != null) {
            this.credentials = cloudCredentials;
            if (cloudCredentials.getToken() != null) {
                this.token = cloudCredentials.getToken();
            } else {
                this.token = createToken(cloudCredentials);
            }
        }
    }

    public void clear() {
        this.token = null;
        this.credentials = null;
    }

    public OAuth2AccessToken getToken() {
        if (this.token == null) {
            return null;
        }
        if (this.credentials.isRefreshable() && this.token.getExpiresIn() < 50) {
            this.token = refreshToken(this.token, this.credentials.getClientId(), this.credentials.getClientSecret());
        }
        return this.token;
    }

    public String getAuthorizationHeader() {
        OAuth2AccessToken token = getToken();
        if (token != null) {
            return token.getTokenType() + " " + token.getValue();
        }
        return null;
    }

    private OAuth2AccessToken createToken(CloudCredentials cloudCredentials) {
        ResourceOwnerPasscodeAccessTokenProvider createResourceOwnerPasswordAccessTokenProvider;
        OAuth2ProtectedResourceDetails resourceDetails = getResourceDetails(cloudCredentials);
        AccessTokenRequest createAccessTokenRequest = createAccessTokenRequest();
        if (!cloudCredentials.isPasscodeSet()) {
            createResourceOwnerPasswordAccessTokenProvider = createResourceOwnerPasswordAccessTokenProvider();
        } else {
            if (this.token != null) {
                return this.token;
            }
            createResourceOwnerPasswordAccessTokenProvider = createResourceOwnerPasscodeAccessTokenProvider();
        }
        try {
            return createResourceOwnerPasswordAccessTokenProvider.obtainAccessToken(resourceDetails, createAccessTokenRequest);
        } catch (OAuth2AccessDeniedException e) {
            CloudFoundryException cloudFoundryException = new CloudFoundryException(HttpStatus.valueOf(e.getHttpErrorCode()), e.getMessage());
            cloudFoundryException.setDescription(e.getSummary());
            throw cloudFoundryException;
        }
    }

    private OAuth2AccessToken refreshToken(OAuth2AccessToken oAuth2AccessToken, String str, String str2) {
        return createResourceOwnerPasswordAccessTokenProvider().refreshAccessToken(getResourceDetails(new CloudCredentials(oAuth2AccessToken, str, str2)), oAuth2AccessToken.getRefreshToken(), createAccessTokenRequest());
    }

    /* JADX WARN: Multi-variable type inference failed */
    public void changePassword(String str, String str2) {
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add(AUTHORIZATION_HEADER_KEY, this.token.getTokenType() + " " + this.token.getValue());
        String str3 = (String) JsonUtil.convertJsonToMap((String) this.restTemplate.exchange(this.authorizationUrl + "/userinfo", HttpMethod.GET, new HttpEntity<>((MultiValueMap<String, String>) httpHeaders), String.class, new Object[0]).getBody()).get("user_id");
        HashMap hashMap = new HashMap();
        hashMap.put("schemas", new String[]{"urn:scim:schemas:core:1.0"});
        hashMap.put("password", str2);
        hashMap.put("oldPassword", str);
        this.restTemplate.put(this.authorizationUrl + "/User/{id}/password", new HttpEntity(hashMap, httpHeaders), str3);
    }

    protected ResourceOwnerPasswordAccessTokenProvider createResourceOwnerPasswordAccessTokenProvider() {
        ResourceOwnerPasswordAccessTokenProvider resourceOwnerPasswordAccessTokenProvider = new ResourceOwnerPasswordAccessTokenProvider();
        resourceOwnerPasswordAccessTokenProvider.setRequestFactory(this.restTemplate.getRequestFactory());
        return resourceOwnerPasswordAccessTokenProvider;
    }

    private AccessTokenRequest createAccessTokenRequest() {
        return new DefaultAccessTokenRequest();
    }

    private OAuth2ProtectedResourceDetails getResourceDetails(CloudCredentials cloudCredentials) {
        BaseOAuth2ProtectedResourceDetails resourceOwnerPasswordResourceDetails;
        if (cloudCredentials.isPasscodeSet()) {
            resourceOwnerPasswordResourceDetails = new ResourceOwnerPasscodeResourceDetails();
            ((ResourceOwnerPasscodeResourceDetails) resourceOwnerPasswordResourceDetails).setPasscode(cloudCredentials.getPasscode());
        } else {
            resourceOwnerPasswordResourceDetails = new ResourceOwnerPasswordResourceDetails();
            ((ResourceOwnerPasswordResourceDetails) resourceOwnerPasswordResourceDetails).setUsername(cloudCredentials.getEmail());
            ((ResourceOwnerPasswordResourceDetails) resourceOwnerPasswordResourceDetails).setPassword(cloudCredentials.getPassword());
        }
        resourceOwnerPasswordResourceDetails.setClientId(cloudCredentials.getClientId());
        resourceOwnerPasswordResourceDetails.setClientSecret(cloudCredentials.getClientSecret());
        resourceOwnerPasswordResourceDetails.setId(cloudCredentials.getClientId());
        resourceOwnerPasswordResourceDetails.setClientAuthenticationScheme(AuthenticationScheme.header);
        resourceOwnerPasswordResourceDetails.setAccessTokenUri(this.authorizationUrl + "/oauth/token");
        return resourceOwnerPasswordResourceDetails;
    }

    protected ResourceOwnerPasscodeAccessTokenProvider createResourceOwnerPasscodeAccessTokenProvider() {
        ResourceOwnerPasscodeAccessTokenProvider resourceOwnerPasscodeAccessTokenProvider = new ResourceOwnerPasscodeAccessTokenProvider();
        resourceOwnerPasscodeAccessTokenProvider.setRequestFactory(this.restTemplate.getRequestFactory());
        return resourceOwnerPasscodeAccessTokenProvider;
    }
}
