package org.cloudfoundry.identity.uaa.message;

import com.google.common.collect.Sets;
import java.security.KeyManagementException;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.http.conn.ssl.SSLContextBuilder;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.HttpClients;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants;
import org.cloudfoundry.identity.uaa.zone.ClientServicesExtension;
import org.cloudfoundry.identity.uaa.zone.beans.IdentityZoneManager;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.oauth2.client.OAuth2ClientContext;
import org.springframework.security.oauth2.client.OAuth2RestTemplate;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.client.resource.UserRedirectRequiredException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.30.0.jar:org/cloudfoundry/identity/uaa/message/LocalUaaRestTemplate.class */
public class LocalUaaRestTemplate extends OAuth2RestTemplate {
    private final AuthorizationServerTokenServices authorizationServerTokenServices;
    private final String clientId;
    private final ClientServicesExtension clientServicesExtension;
    private final IdentityZoneManager identityZoneManager;

    LocalUaaRestTemplate(@Qualifier("uaa") OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, AuthorizationServerTokenServices authorizationServerTokenServices, ClientServicesExtension clientServicesExtension, @Value("${notifications.verify_ssl:false}") boolean z, IdentityZoneManager identityZoneManager) throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException {
        super(oAuth2ProtectedResourceDetails);
        this.authorizationServerTokenServices = authorizationServerTokenServices;
        this.clientId = "login";
        this.clientServicesExtension = clientServicesExtension;
        this.identityZoneManager = identityZoneManager;
        if (z) {
            return;
        }
        skipSslValidation();
    }

    @Override // org.springframework.security.oauth2.client.OAuth2RestTemplate
    public OAuth2AccessToken acquireAccessToken(OAuth2ClientContext oAuth2ClientContext) throws UserRedirectRequiredException {
        OAuth2AccessToken createAccessToken = this.authorizationServerTokenServices.createAccessToken(new OAuth2Authentication(new OAuth2Request(buildRequestParameters(), this.clientId, new HashSet(), true, buildScopes(), Sets.newHashSet(OriginKeys.UAA), null, new HashSet(), new HashMap()), null));
        oAuth2ClientContext.setAccessToken(createAccessToken);
        return createAccessToken;
    }

    private Set<String> buildScopes() {
        return (Set) this.clientServicesExtension.loadClientByClientId(this.clientId, this.identityZoneManager.getCurrentIdentityZoneId()).getAuthorities().stream().map((v0) -> {
            return v0.getAuthority();
        }).collect(Collectors.toSet());
    }

    private Map<String, String> buildRequestParameters() {
        HashMap hashMap = new HashMap();
        hashMap.put("client_id", this.clientId);
        hashMap.put("grant_type", TokenConstants.GRANT_TYPE_CLIENT_CREDENTIALS);
        return hashMap;
    }

    private void skipSslValidation() throws KeyStoreException, NoSuchAlgorithmException, KeyManagementException {
        setRequestFactory(new HttpComponentsClientHttpRequestFactory(HttpClients.custom().setSslcontext(new SSLContextBuilder().loadTrustMaterial(null, new TrustSelfSignedStrategy()).build()).build()));
    }
}
