package org.springframework.security.oauth2.client;

import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.net.URI;
import java.net.URISyntaxException;
import java.net.URLEncoder;
import java.util.Arrays;
import org.springframework.http.HttpMethod;
import org.springframework.http.client.ClientHttpRequest;
import org.springframework.security.oauth2.client.http.AccessTokenRequiredException;
import org.springframework.security.oauth2.client.http.OAuth2ErrorHandler;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.client.token.AccessTokenProvider;
import org.springframework.security.oauth2.client.token.AccessTokenProviderChain;
import org.springframework.security.oauth2.client.token.AccessTokenRequest;
import org.springframework.security.oauth2.client.token.grant.client.ClientCredentialsAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.code.AuthorizationCodeAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.implicit.ImplicitAccessTokenProvider;
import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordAccessTokenProvider;
import org.springframework.security.oauth2.common.AuthenticationScheme;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestTemplate;

/* loaded from: classes2.dex */
public class OAuth2RestTemplate extends RestTemplate implements OAuth2RestOperations {
    private AccessTokenProvider accessTokenProvider;
    private OAuth2RequestAuthenticator authenticator;
    private OAuth2ClientContext context;
    private final OAuth2ProtectedResourceDetails resource;
    private boolean retryBadAccessTokens;

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this(oAuth2ProtectedResourceDetails, new DefaultOAuth2ClientContext());
    }

    public OAuth2RestTemplate(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2ClientContext oAuth2ClientContext) {
        this.accessTokenProvider = new AccessTokenProviderChain(Arrays.asList(new AuthorizationCodeAccessTokenProvider(), new ImplicitAccessTokenProvider(), new ResourceOwnerPasswordAccessTokenProvider(), new ClientCredentialsAccessTokenProvider()));
        this.retryBadAccessTokens = true;
        this.authenticator = new DefaultOAuth2RequestAuthenticator();
        if (oAuth2ProtectedResourceDetails == null) {
            throw new IllegalArgumentException("An OAuth2 resource must be supplied.");
        }
        this.resource = oAuth2ProtectedResourceDetails;
        this.context = oAuth2ClientContext;
        setErrorHandler(new OAuth2ErrorHandler(oAuth2ProtectedResourceDetails));
    }

    private String getClientId() {
        return this.resource.getClientId();
    }

    protected OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oAuth2ClientContext) throws UserRedirectRequiredException {
        AccessTokenRequest accessTokenRequest = oAuth2ClientContext.getAccessTokenRequest();
        if (accessTokenRequest == null) {
            throw new AccessTokenRequiredException("No OAuth 2 security context has been established. Unable to access resource '" + this.resource.getId() + "'.", this.resource);
        }
        String stateKey = accessTokenRequest.getStateKey();
        if (stateKey != null) {
            accessTokenRequest.setPreservedState(oAuth2ClientContext.removePreservedState(stateKey));
        }
        OAuth2AccessToken accessToken = oAuth2ClientContext.getAccessToken();
        if (accessToken != null) {
            accessTokenRequest.setExistingToken(accessToken);
        }
        OAuth2AccessToken obtainAccessToken = this.accessTokenProvider.obtainAccessToken(this.resource, accessTokenRequest);
        if (obtainAccessToken == null || obtainAccessToken.getValue() == null) {
            throw new IllegalStateException("Access token provider returned a null access token, which is illegal according to the contract.");
        }
        oAuth2ClientContext.setAccessToken(obtainAccessToken);
        return obtainAccessToken;
    }

    protected URI appendQueryParameter(URI uri, OAuth2AccessToken oAuth2AccessToken) {
        try {
            String rawQuery = uri.getRawQuery();
            String str = this.resource.getTokenName() + "=" + URLEncoder.encode(oAuth2AccessToken.getValue(), "UTF-8");
            String str2 = rawQuery == null ? str : rawQuery + "&" + str;
            StringBuffer stringBuffer = new StringBuffer(new URI(uri.getScheme(), uri.getUserInfo(), uri.getHost(), uri.getPort(), uri.getPath(), null, null).toString());
            stringBuffer.append("?");
            stringBuffer.append(str2);
            if (uri.getFragment() != null) {
                stringBuffer.append("#");
                stringBuffer.append(uri.getFragment());
            }
            return new URI(stringBuffer.toString());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException("Could not encode URI", e);
        } catch (URISyntaxException e2) {
            throw new IllegalArgumentException("Could not parse URI", e2);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.http.client.support.HttpAccessor
    public ClientHttpRequest createRequest(URI uri, HttpMethod httpMethod) throws IOException {
        OAuth2AccessToken accessToken = getAccessToken();
        AuthenticationScheme authenticationScheme = this.resource.getAuthenticationScheme();
        if (AuthenticationScheme.query.equals(authenticationScheme) || AuthenticationScheme.form.equals(authenticationScheme)) {
            uri = appendQueryParameter(uri, accessToken);
        }
        ClientHttpRequest createRequest = super.createRequest(uri, httpMethod);
        if (AuthenticationScheme.header.equals(authenticationScheme)) {
            this.authenticator.authenticate(this.resource, getOAuth2ClientContext(), createRequest);
        }
        return createRequest;
    }

    /* JADX WARN: Removed duplicated region for block: B:10:0x0010  */
    /* JADX WARN: Removed duplicated region for block: B:21:? A[ADDED_TO_REGION, RETURN, SYNTHETIC] */
    @Override // org.springframework.web.client.RestTemplate
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    protected <T> T doExecute(java.net.URI r6, org.springframework.http.HttpMethod r7, org.springframework.web.client.RequestCallback r8, org.springframework.web.client.ResponseExtractor<T> r9) throws org.springframework.web.client.RestClientException {
        /*
            r5 = this;
            org.springframework.security.oauth2.client.OAuth2ClientContext r3 = r5.context
            org.springframework.security.oauth2.common.OAuth2AccessToken r0 = r3.getAccessToken()
            r2 = 0
            java.lang.Object r3 = super.doExecute(r6, r7, r8, r9)     // Catch: org.springframework.security.oauth2.client.http.AccessTokenRequiredException -> Lc org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException -> L1f org.springframework.security.oauth2.common.exceptions.InvalidTokenException -> L22
        Lb:
            return r3
        Lc:
            r1 = move-exception
            r2 = r1
        Le:
            if (r0 == 0) goto L5d
            boolean r3 = r5.retryBadAccessTokens
            if (r3 == 0) goto L5d
            org.springframework.security.oauth2.client.OAuth2ClientContext r3 = r5.context
            r4 = 0
            r3.setAccessToken(r4)
            java.lang.Object r3 = super.doExecute(r6, r7, r8, r9)     // Catch: org.springframework.security.oauth2.common.exceptions.InvalidTokenException -> L40
            goto Lb
        L1f:
            r1 = move-exception
            r2 = r1
            goto Le
        L22:
            r1 = move-exception
            org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException r2 = new org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Invalid token for client="
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r4 = r5.getClientId()
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r3 = r3.toString()
            r2.<init>(r3)
            goto Le
        L40:
            r1 = move-exception
            org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException r2 = new org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException
            java.lang.StringBuilder r3 = new java.lang.StringBuilder
            r3.<init>()
            java.lang.String r4 = "Invalid token for client="
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r4 = r5.getClientId()
            java.lang.StringBuilder r3 = r3.append(r4)
            java.lang.String r3 = r3.toString()
            r2.<init>(r3)
        L5d:
            throw r2
        */
        throw new UnsupportedOperationException("Method not decompiled: org.springframework.security.oauth2.client.OAuth2RestTemplate.doExecute(java.net.URI, org.springframework.http.HttpMethod, org.springframework.web.client.RequestCallback, org.springframework.web.client.ResponseExtractor):java.lang.Object");
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2AccessToken getAccessToken() throws UserRedirectRequiredException {
        OAuth2AccessToken accessToken = this.context.getAccessToken();
        if (accessToken != null && !accessToken.isExpired()) {
            return accessToken;
        }
        try {
            return acquireAccessToken(this.context);
        } catch (UserRedirectRequiredException e) {
            this.context.setAccessToken(null);
            String stateKey = e.getStateKey();
            if (stateKey != null) {
                Object stateToPreserve = e.getStateToPreserve();
                if (stateToPreserve == null) {
                    stateToPreserve = "NONE";
                }
                this.context.setPreservedState(stateKey, stateToPreserve);
            }
            throw e;
        }
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2ClientContext getOAuth2ClientContext() {
        return this.context;
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestOperations
    public OAuth2ProtectedResourceDetails getResource() {
        return this.resource;
    }

    public void setAccessTokenProvider(AccessTokenProvider accessTokenProvider) {
        this.accessTokenProvider = accessTokenProvider;
    }

    public void setAuthenticator(OAuth2RequestAuthenticator oAuth2RequestAuthenticator) {
        this.authenticator = oAuth2RequestAuthenticator;
    }

    @Override // org.springframework.web.client.RestTemplate
    public void setErrorHandler(ResponseErrorHandler responseErrorHandler) {
        if (!(responseErrorHandler instanceof OAuth2ErrorHandler)) {
            responseErrorHandler = new OAuth2ErrorHandler(responseErrorHandler, this.resource);
        }
        super.setErrorHandler(responseErrorHandler);
    }

    public void setRetryBadAccessTokens(boolean z) {
        this.retryBadAccessTokens = z;
    }
}
