package org.springframework.cloud.dataflow.rest.client.config;

import java.net.URI;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.Map;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientPropertiesRegistrationAdapter;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.common.security.core.support.OAuth2AccessTokenProvidingClientHttpRequestInterceptor;
import org.springframework.cloud.dataflow.rest.client.DataFlowOperations;
import org.springframework.cloud.dataflow.rest.client.DataFlowTemplate;
import org.springframework.cloud.dataflow.rest.client.dsl.Stream;
import org.springframework.cloud.dataflow.rest.client.dsl.StreamBuilder;
import org.springframework.cloud.dataflow.rest.util.HttpClientConfigurer;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.client.ClientHttpRequestInterceptor;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.AuthorizedClientServiceOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.InMemoryOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({DataFlowClientProperties.class})
@Configuration
/* loaded from: input_file:org/springframework/cloud/dataflow/rest/client/config/DataFlowClientAutoConfiguration.class */
public class DataFlowClientAutoConfiguration {
    private static final String DEFAULT_REGISTRATION_ID = "default";

    @Autowired
    private DataFlowClientProperties properties;
    private RestTemplate restTemplate;

    @Nullable
    @Autowired
    private ClientRegistrationRepository clientRegistrations;

    @Nullable
    @Autowired
    private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient;

    @Nullable
    @Autowired
    private OAuth2ClientProperties oauth2ClientProperties;
    private static Log logger = LogFactory.getLog(DataFlowClientAutoConfiguration.class);
    private static final Authentication DEFAULT_PRINCIPAL = createAuthentication("dataflow-client-principal");

    @ConditionalOnProperty(prefix = "spring.cloud.dataflow.client.authentication", name = {"client-id"})
    @Configuration
    /* loaded from: input_file:org/springframework/cloud/dataflow/rest/client/config/DataFlowClientAutoConfiguration$ClientCredentialsConfiguration.class */
    static class ClientCredentialsConfiguration {
        ClientCredentialsConfiguration() {
        }

        @Bean
        public InMemoryClientRegistrationRepository clientRegistrationRepository(DataFlowClientProperties dataFlowClientProperties) {
            return new InMemoryClientRegistrationRepository(new ClientRegistration[]{ClientRegistration.withRegistrationId(DataFlowClientAutoConfiguration.DEFAULT_REGISTRATION_ID).authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(dataFlowClientProperties.getAuthentication().getTokenUri()).clientId(dataFlowClientProperties.getAuthentication().getClientId()).clientSecret(dataFlowClientProperties.getAuthentication().getClientSecret()).scope(dataFlowClientProperties.getAuthentication().getScope()).build()});
        }

        @Bean
        OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient() {
            return new DefaultClientCredentialsTokenResponseClient();
        }
    }

    public DataFlowClientAutoConfiguration(@Nullable RestTemplate restTemplate) {
        this.restTemplate = restTemplate;
    }

    @ConditionalOnMissingBean({DataFlowOperations.class})
    @Bean
    public DataFlowOperations dataFlowOperations() throws Exception {
        RestTemplate prepareRestTemplate = DataFlowTemplate.prepareRestTemplate(this.restTemplate);
        HttpClientConfigurer skipTlsCertificateVerification = HttpClientConfigurer.create(new URI(this.properties.getServerUri())).skipTlsCertificateVerification(this.properties.isSkipSslValidation());
        if (StringUtils.hasText(this.properties.getAuthentication().getAccessToken())) {
            prepareRestTemplate.getInterceptors().add(new OAuth2AccessTokenProvidingClientHttpRequestInterceptor(this.properties.getAuthentication().getAccessToken()));
            logger.debug("Configured OAuth2 Access Token for accessing the Data Flow Server");
        } else if (StringUtils.hasText(this.properties.getAuthentication().getClientId())) {
            prepareRestTemplate.getInterceptors().add(clientCredentialsTokenResolvingInterceptor(this.clientRegistrations.findByRegistrationId(DEFAULT_REGISTRATION_ID), this.clientRegistrations, this.properties.getAuthentication().getClientId()));
            logger.debug("Configured OAuth2 Client Credentials for accessing the Data Flow Server");
        } else if (!StringUtils.isEmpty(this.properties.getAuthentication().getBasic().getUsername()) && !StringUtils.isEmpty(this.properties.getAuthentication().getBasic().getPassword())) {
            skipTlsCertificateVerification.basicAuthCredentials(this.properties.getAuthentication().getBasic().getUsername(), this.properties.getAuthentication().getBasic().getPassword());
            prepareRestTemplate.setRequestFactory(skipTlsCertificateVerification.buildClientHttpRequestFactory());
        } else if (this.oauth2ClientProperties == null || this.oauth2ClientProperties.getRegistration().isEmpty() || !StringUtils.hasText(this.properties.getAuthentication().getOauth2().getUsername()) || !StringUtils.hasText(this.properties.getAuthentication().getOauth2().getPassword())) {
            logger.debug("Not configuring security for accessing the Data Flow Server");
        } else {
            prepareRestTemplate.getInterceptors().add(bearerTokenResolvingInterceptor(this.oauth2ClientProperties, this.properties.getAuthentication().getOauth2().getUsername(), this.properties.getAuthentication().getOauth2().getPassword(), this.properties.getAuthentication().getOauth2().getClientRegistrationId()));
            logger.debug("Configured OAuth2 Bearer Token resolving for accessing the Data Flow Server");
        }
        return new DataFlowTemplate(new URI(this.properties.getServerUri()), prepareRestTemplate);
    }

    @ConditionalOnMissingBean({StreamBuilder.class})
    @Bean
    public StreamBuilder streamBuilder(DataFlowOperations dataFlowOperations) {
        return Stream.builder(dataFlowOperations);
    }

    private ClientHttpRequestInterceptor clientCredentialsTokenResolvingInterceptor(ClientRegistration clientRegistration, ClientRegistrationRepository clientRegistrationRepository, String str) {
        Authentication createAuthentication = createAuthentication(str);
        AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceOAuth2AuthorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository));
        authorizedClientServiceOAuth2AuthorizedClientManager.setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().clientCredentials().build());
        OAuth2AuthorizeRequest build = OAuth2AuthorizeRequest.withClientRegistrationId(DEFAULT_REGISTRATION_ID).principal(createAuthentication).build();
        return (httpRequest, bArr, clientHttpRequestExecution) -> {
            httpRequest.getHeaders().setBearerAuth(authorizedClientServiceOAuth2AuthorizedClientManager.authorize(build).getAccessToken().getTokenValue());
            return clientHttpRequestExecution.execute(httpRequest, bArr);
        };
    }

    private ClientRegistrationRepository shellClientRegistrationRepository(OAuth2ClientProperties oAuth2ClientProperties) {
        return new InMemoryClientRegistrationRepository(new ArrayList(OAuth2ClientPropertiesRegistrationAdapter.getClientRegistrations(oAuth2ClientProperties).values()));
    }

    private OAuth2AuthorizedClientService shellAuthorizedClientService(ClientRegistrationRepository clientRegistrationRepository) {
        return new InMemoryOAuth2AuthorizedClientService(clientRegistrationRepository);
    }

    private OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        AuthorizedClientServiceOAuth2AuthorizedClientManager authorizedClientServiceOAuth2AuthorizedClientManager = new AuthorizedClientServiceOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientService);
        authorizedClientServiceOAuth2AuthorizedClientManager.setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().password().refreshToken().build());
        authorizedClientServiceOAuth2AuthorizedClientManager.setContextAttributesMapper(oAuth2AuthorizeRequest -> {
            HashMap hashMap = new HashMap();
            oAuth2AuthorizeRequest.getAttributes().forEach((str, obj) -> {
                if (OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME.equals(str) || OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME.equals(str)) {
                    hashMap.put(str, obj);
                }
            });
            return hashMap;
        });
        return authorizedClientServiceOAuth2AuthorizedClientManager;
    }

    private ClientHttpRequestInterceptor bearerTokenResolvingInterceptor(OAuth2ClientProperties oAuth2ClientProperties, String str, String str2, String str3) {
        ClientRegistrationRepository shellClientRegistrationRepository = shellClientRegistrationRepository(oAuth2ClientProperties);
        OAuth2AuthorizedClientManager authorizedClientManager = authorizedClientManager(shellClientRegistrationRepository, shellAuthorizedClientService(shellClientRegistrationRepository));
        if (oAuth2ClientProperties.getRegistration() != null && oAuth2ClientProperties.getRegistration().size() == 1) {
            str3 = (String) ((Map.Entry) oAuth2ClientProperties.getRegistration().entrySet().iterator().next()).getKey();
        }
        OAuth2AuthorizeRequest build = OAuth2AuthorizeRequest.withClientRegistrationId(str3).principal(DEFAULT_PRINCIPAL).attribute(OAuth2AuthorizationContext.USERNAME_ATTRIBUTE_NAME, str).attribute(OAuth2AuthorizationContext.PASSWORD_ATTRIBUTE_NAME, str2).build();
        return (httpRequest, bArr, clientHttpRequestExecution) -> {
            httpRequest.getHeaders().setBearerAuth(authorizedClientManager.authorize(build).getAccessToken().getTokenValue());
            return clientHttpRequestExecution.execute(httpRequest, bArr);
        };
    }

    private static Authentication createAuthentication(final String str) {
        return new AbstractAuthenticationToken(null) { // from class: org.springframework.cloud.dataflow.rest.client.config.DataFlowClientAutoConfiguration.1
            private static final long serialVersionUID = -2038812908189509872L;

            public Object getCredentials() {
                return "";
            }

            public Object getPrincipal() {
                return str;
            }
        };
    }
}
