package org.springframework.security.oauth2.consumer;

import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.consumer.token.InMemoryOAuth2ClientTokenServices;
import org.springframework.security.oauth2.consumer.token.OAuth2ClientTokenServices;
import org.springframework.util.Assert;
import org.springframework.util.LinkedMultiValueMap;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth-1.0.0.M2.jar:org/springframework/security/oauth2/consumer/AbstractOAuth2ProfileManager.class */
public abstract class AbstractOAuth2ProfileManager extends OAuth2AccessTokenSupport implements OAuth2ProfileManager, InitializingBean {
    private OAuth2ClientTokenServices tokenServices = new InMemoryOAuth2ClientTokenServices();
    private boolean requireAuthenticated = true;

    @Override // org.springframework.security.oauth2.consumer.OAuth2AccessTokenSupport, org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() throws Exception {
        super.afterPropertiesSet();
        Assert.notNull(this.tokenServices, "OAuth2 token services is required.");
    }

    @Override // org.springframework.security.oauth2.consumer.OAuth2ProfileManager
    public OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) throws UserRedirectRequiredException, AccessDeniedException {
        OAuth2AccessToken oAuth2AccessToken = null;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (isRequireAuthenticated() && (authentication == null || !authentication.isAuthenticated())) {
            throw new OAuth2AccessDeniedException("An authenticated context is required for the current user in order to obtain an access token.", oAuth2ProtectedResourceDetails);
        }
        OAuth2AccessToken token = getTokenServices().getToken(authentication, oAuth2ProtectedResourceDetails);
        if (token != null) {
            if (isExpired(token)) {
                OAuth2RefreshToken refreshToken = token.getRefreshToken();
                if (refreshToken != null) {
                    oAuth2AccessToken = obtainAccessToken(oAuth2ProtectedResourceDetails, refreshToken);
                }
            } else {
                oAuth2AccessToken = token;
            }
        }
        if (oAuth2AccessToken == null) {
            oAuth2AccessToken = obtainNewAccessToken(oAuth2ProtectedResourceDetails);
            if (oAuth2AccessToken == null) {
                throw new IllegalStateException("An OAuth 2 access token must be obtained or an exception thrown.");
            }
        }
        if (!oAuth2AccessToken.equals(token)) {
            if (token == null) {
                getTokenServices().storeToken(authentication, oAuth2ProtectedResourceDetails, oAuth2AccessToken);
            } else {
                getTokenServices().updateToken(authentication, oAuth2ProtectedResourceDetails, token, oAuth2AccessToken);
            }
        }
        return oAuth2AccessToken;
    }

    protected abstract OAuth2AccessToken obtainNewAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) throws UserRedirectRequiredException, AccessDeniedException;

    protected OAuth2AccessToken obtainAccessToken(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails, OAuth2RefreshToken oAuth2RefreshToken) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", "refresh_token");
        linkedMultiValueMap.add("client_id", oAuth2ProtectedResourceDetails.getClientId());
        linkedMultiValueMap.add("refresh_token", oAuth2RefreshToken.getValue());
        return retrieveToken(linkedMultiValueMap, oAuth2ProtectedResourceDetails);
    }

    protected boolean isExpired(OAuth2AccessToken oAuth2AccessToken) {
        return oAuth2AccessToken.getExpiration() == null || oAuth2AccessToken.getExpiration().getTime() < System.currentTimeMillis();
    }

    public OAuth2ClientTokenServices getTokenServices() {
        return this.tokenServices;
    }

    public void setTokenServices(OAuth2ClientTokenServices oAuth2ClientTokenServices) {
        this.tokenServices = oAuth2ClientTokenServices;
    }

    public boolean isRequireAuthenticated() {
        return this.requireAuthenticated;
    }

    public void setRequireAuthenticated(boolean z) {
        this.requireAuthenticated = z;
    }
}
