package org.springframework.security.oauth2.provider.endpoint;

import java.io.IOException;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;

/* loaded from: input_file:org/springframework/security/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.class */
public class TokenEndpointAuthenticationFilter implements Filter {
    private static final Log logger = LogFactory.getLog(TokenEndpointAuthenticationFilter.class);
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
    private AuthenticationEntryPoint authenticationEntryPoint = new OAuth2AuthenticationEntryPoint();
    private final AuthenticationManager authenticationManager;
    private final OAuth2RequestFactory oAuth2RequestFactory;

    public TokenEndpointAuthenticationFilter(AuthenticationManager authenticationManager, OAuth2RequestFactory oAuth2RequestFactory) {
        this.authenticationManager = authenticationManager;
        this.oAuth2RequestFactory = oAuth2RequestFactory;
    }

    public void setAuthenticationEntryPoint(AuthenticationEntryPoint authenticationEntryPoint) {
        this.authenticationEntryPoint = authenticationEntryPoint;
    }

    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        this.authenticationDetailsSource = authenticationDetailsSource;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        boolean isDebugEnabled = logger.isDebugEnabled();
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
        HttpServletResponse httpServletResponse = (HttpServletResponse) servletResponse;
        try {
            Authentication extractCredentials = extractCredentials(httpServletRequest);
            if (extractCredentials != null) {
                if (isDebugEnabled) {
                    logger.debug("Authentication credentials found for '" + extractCredentials.getName() + "'");
                }
                Authentication authenticate = this.authenticationManager.authenticate(extractCredentials);
                if (isDebugEnabled) {
                    logger.debug("Authentication success: " + authenticate.getName());
                }
                Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
                if (authentication == null) {
                    throw new BadCredentialsException("No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter.");
                }
                Map<String, String> singleValueMap = getSingleValueMap(httpServletRequest);
                singleValueMap.put("client_id", authentication.getName());
                AuthorizationRequest createAuthorizationRequest = this.oAuth2RequestFactory.createAuthorizationRequest(singleValueMap);
                createAuthorizationRequest.setScope(getScope(httpServletRequest));
                if (authentication.isAuthenticated()) {
                    createAuthorizationRequest.setApproved(true);
                }
                SecurityContextHolder.getContext().setAuthentication(new OAuth2Authentication(this.oAuth2RequestFactory.createOAuth2Request(createAuthorizationRequest), authenticate));
                onSuccessfulAuthentication(httpServletRequest, httpServletResponse, authenticate);
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } catch (AuthenticationException e) {
            SecurityContextHolder.clearContext();
            if (isDebugEnabled) {
                logger.debug("Authentication request for failed: " + e);
            }
            onUnsuccessfulAuthentication(httpServletRequest, httpServletResponse, e);
            this.authenticationEntryPoint.commence(httpServletRequest, httpServletResponse, e);
        }
    }

    private Map<String, String> getSingleValueMap(HttpServletRequest httpServletRequest) {
        HashMap hashMap = new HashMap();
        Map parameterMap = httpServletRequest.getParameterMap();
        for (String str : parameterMap.keySet()) {
            String[] strArr = (String[]) parameterMap.get(str);
            hashMap.put(str, (strArr == null || strArr.length <= 0) ? null : strArr[0]);
        }
        return hashMap;
    }

    protected void onSuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException {
    }

    protected void onUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
    }

    protected Authentication extractCredentials(HttpServletRequest httpServletRequest) {
        String parameter = httpServletRequest.getParameter(OAuth2Utils.GRANT_TYPE);
        if (parameter == null || !parameter.equals("password")) {
            return null;
        }
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(httpServletRequest.getParameter("username"), httpServletRequest.getParameter("password"));
        usernamePasswordAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return usernamePasswordAuthenticationToken;
    }

    private Set<String> getScope(HttpServletRequest httpServletRequest) {
        return OAuth2Utils.parseParameterList(httpServletRequest.getParameter("scope"));
    }

    public void init(FilterConfig filterConfig) throws ServletException {
    }

    public void destroy() {
    }
}
