package io.micronaut.security.oauth2.endpoint.token.request;

import io.micronaut.context.BeanContext;
import io.micronaut.http.HttpRequest;
import io.micronaut.http.MediaType;
import io.micronaut.http.MutableHttpRequest;
import io.micronaut.http.client.HttpClientConfiguration;
import io.micronaut.http.client.LoadBalancer;
import io.micronaut.http.client.RxHttpClient;
import io.micronaut.inject.qualifiers.Qualifiers;
import io.micronaut.security.oauth2.configuration.OauthClientConfiguration;
import io.micronaut.security.oauth2.endpoint.AuthenticationMethod;
import io.micronaut.security.oauth2.endpoint.token.request.context.TokenRequestContext;
import io.micronaut.security.oauth2.endpoint.token.response.TokenResponse;
import io.micronaut.security.oauth2.grants.SecureGrant;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import javax.annotation.Nonnull;
import javax.inject.Singleton;
import org.reactivestreams.Publisher;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

@Singleton
/* loaded from: input_file:io/micronaut/security/oauth2/endpoint/token/request/DefaultTokenEndpointClient.class */
public class DefaultTokenEndpointClient implements TokenEndpointClient {
    private static final Logger LOG = LoggerFactory.getLogger(DefaultTokenEndpointClient.class);
    private final BeanContext beanContext;
    private final RxHttpClient defaultTokenClient;
    private final ConcurrentHashMap<String, RxHttpClient> tokenClients = new ConcurrentHashMap<>();

    public DefaultTokenEndpointClient(BeanContext beanContext, HttpClientConfiguration httpClientConfiguration) {
        this.beanContext = beanContext;
        this.defaultTokenClient = (RxHttpClient) beanContext.createBean(RxHttpClient.class, new Object[]{LoadBalancer.empty(), httpClientConfiguration});
    }

    @Override // io.micronaut.security.oauth2.endpoint.token.request.TokenEndpointClient
    @Nonnull
    public <G, R extends TokenResponse> Publisher<R> sendRequest(TokenRequestContext<G, R> tokenRequestContext) {
        if (LOG.isTraceEnabled()) {
            LOG.trace("Sending request to token endpoint [{}]", tokenRequestContext.getEndpoint().getUrl());
        }
        MutableHttpRequest<G> accept = HttpRequest.POST(tokenRequestContext.getEndpoint().getUrl(), tokenRequestContext.getGrant()).contentType(tokenRequestContext.getMediaType()).accept(new MediaType[]{MediaType.APPLICATION_JSON_TYPE});
        secureRequest(accept, tokenRequestContext);
        return getClient(tokenRequestContext.getClientConfiguration().getName()).retrieve(accept, tokenRequestContext.getResponseType(), tokenRequestContext.getErrorResponseType());
    }

    protected <G, R extends TokenResponse> void secureRequest(@Nonnull MutableHttpRequest<G> mutableHttpRequest, TokenRequestContext<G, R> tokenRequestContext) {
        List<AuthenticationMethod> orElseGet = tokenRequestContext.getEndpoint().getSupportedAuthenticationMethods().orElseGet(() -> {
            return Collections.singletonList(AuthenticationMethod.CLIENT_SECRET_BASIC);
        });
        OauthClientConfiguration clientConfiguration = tokenRequestContext.getClientConfiguration();
        if (LOG.isTraceEnabled()) {
            LOG.trace("The token endpoint supports [{}] authentication methods", orElseGet);
        }
        if (orElseGet.contains(AuthenticationMethod.CLIENT_SECRET_BASIC)) {
            if (LOG.isTraceEnabled()) {
                LOG.trace("Using client_secret_basic authentication. Adding an Authorization header");
            }
            mutableHttpRequest.basicAuth(clientConfiguration.getClientId(), clientConfiguration.getClientSecret());
        } else {
            if (orElseGet.contains(AuthenticationMethod.CLIENT_SECRET_POST)) {
                if (LOG.isTraceEnabled()) {
                    LOG.trace("Using client_secret_post authentication. The client_id and client_secret will be present in the body");
                }
                Optional filter = mutableHttpRequest.getBody().filter(obj -> {
                    return obj instanceof SecureGrant;
                });
                Class<SecureGrant> cls = SecureGrant.class;
                Objects.requireNonNull(SecureGrant.class);
                filter.map(cls::cast).ifPresent(secureGrant -> {
                    secureGrant.setClientId(clientConfiguration.getClientId());
                    secureGrant.setClientSecret(clientConfiguration.getClientSecret());
                });
                return;
            }
            if (LOG.isTraceEnabled()) {
                LOG.trace("Unsupported or no authentication method. The client_id will be present in the body");
            }
            Optional filter2 = mutableHttpRequest.getBody().filter(obj2 -> {
                return obj2 instanceof SecureGrant;
            });
            Class<SecureGrant> cls2 = SecureGrant.class;
            Objects.requireNonNull(SecureGrant.class);
            filter2.map(cls2::cast).ifPresent(secureGrant2 -> {
                secureGrant2.setClientId(clientConfiguration.getClientId());
            });
        }
    }

    protected RxHttpClient getClient(String str) {
        return this.tokenClients.computeIfAbsent(str, str2 -> {
            return (RxHttpClient) this.beanContext.findBean(RxHttpClient.class, Qualifiers.byName(str2)).orElse(this.defaultTokenClient);
        });
    }
}
