package org.springframework.cloud.common.security;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.OpaqueTokenAuthenticationProvider;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.web.client.ResourceAccessException;

/* loaded from: input_file:BOOT-INF/lib/spring-cloud-common-security-config-web-2.11.3.jar:org/springframework/cloud/common/security/ManualOAuthAuthenticationProvider.class */
public class ManualOAuthAuthenticationProvider implements AuthenticationProvider {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) ManualOAuthAuthenticationProvider.class);
    private final OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> oAuth2PasswordTokenResponseClient;
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final AuthenticationProvider authenticationProvider;
    private final String providerId;

    public ManualOAuthAuthenticationProvider(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> oAuth2AccessTokenResponseClient, ClientRegistrationRepository clientRegistrationRepository, OpaqueTokenIntrospector opaqueTokenIntrospector, String str) {
        this.oAuth2PasswordTokenResponseClient = oAuth2AccessTokenResponseClient;
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authenticationProvider = new OpaqueTokenAuthenticationProvider(opaqueTokenIntrospector);
        this.providerId = str;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String name = authentication.getName();
        String obj = authentication.getCredentials().toString();
        ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(this.providerId);
        OAuth2PasswordGrantRequest oAuth2PasswordGrantRequest = new OAuth2PasswordGrantRequest(ClientRegistration.withClientRegistration(findByRegistrationId).authorizationGrantType(AuthorizationGrantType.PASSWORD).build(), name, obj);
        String tokenUri = findByRegistrationId.getProviderDetails().getTokenUri();
        try {
            OAuth2AccessTokenResponse tokenResponse = this.oAuth2PasswordTokenResponseClient.getTokenResponse(oAuth2PasswordGrantRequest);
            logger.warn("Authenticating user '{}' using accessTokenUri '{}'.", name, tokenUri);
            Authentication authentication2 = null;
            try {
                authentication2 = this.authenticationProvider.authenticate(new BearerTokenAuthenticationToken(tokenResponse.getAccessToken().getTokenValue()));
                SecurityContext createEmptyContext = SecurityContextHolder.createEmptyContext();
                createEmptyContext.setAuthentication(authentication2);
                SecurityContextHolder.setContext(createEmptyContext);
            } catch (AuthenticationException e) {
                SecurityContextHolder.clearContext();
                logger.warn("Authentication request for failed!", (Throwable) e);
            }
            return authentication2;
        } catch (OAuth2AuthorizationException e2) {
            if (!(e2.getCause() instanceof ResourceAccessException)) {
                throw new BadCredentialsException(String.format("Access denied for user '%s'.", name), e2);
            }
            String format = String.format("While authenticating user '%s': Unable to access accessTokenUri '%s'.", name, tokenUri);
            logger.error(format + " Error message: {}.", e2.getCause().getMessage());
            throw new AuthenticationServiceException(format, e2);
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
