package org.springframework.security.oauth2.client.http;

import java.io.ByteArrayInputStream;
import java.io.IOException;
import java.io.InputStream;
import java.util.List;
import org.apache.batik.constants.XMLConstants;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.client.ClientHttpResponse;
import org.springframework.http.converter.HttpMessageConversionException;
import org.springframework.http.converter.HttpMessageConverter;
import org.springframework.security.oauth2.client.resource.OAuth2AccessDeniedException;
import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
import org.springframework.util.FileCopyUtils;
import org.springframework.web.client.DefaultResponseErrorHandler;
import org.springframework.web.client.HttpMessageConverterExtractor;
import org.springframework.web.client.ResponseErrorHandler;
import org.springframework.web.client.RestClientException;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-2.3.4.RELEASE.jar:org/springframework/security/oauth2/client/http/OAuth2ErrorHandler.class */
public class OAuth2ErrorHandler implements ResponseErrorHandler {
    private final ResponseErrorHandler errorHandler;
    private final OAuth2ProtectedResourceDetails resource;
    private List<HttpMessageConverter<?>> messageConverters;

    public OAuth2ErrorHandler(OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this.messageConverters = new RestTemplate().getMessageConverters();
        this.resource = oAuth2ProtectedResourceDetails;
        this.errorHandler = new DefaultResponseErrorHandler();
    }

    public void setMessageConverters(List<HttpMessageConverter<?>> list) {
        this.messageConverters = list;
    }

    public OAuth2ErrorHandler(ResponseErrorHandler responseErrorHandler, OAuth2ProtectedResourceDetails oAuth2ProtectedResourceDetails) {
        this.messageConverters = new RestTemplate().getMessageConverters();
        this.resource = oAuth2ProtectedResourceDetails;
        this.errorHandler = responseErrorHandler;
    }

    @Override // org.springframework.web.client.ResponseErrorHandler
    public boolean hasError(ClientHttpResponse clientHttpResponse) throws IOException {
        return HttpStatus.Series.CLIENT_ERROR.equals(clientHttpResponse.getStatusCode().series()) || this.errorHandler.hasError(clientHttpResponse);
    }

    @Override // org.springframework.web.client.ResponseErrorHandler
    public void handleError(final ClientHttpResponse clientHttpResponse) throws IOException {
        OAuth2Exception oAuth2Exception;
        if (!HttpStatus.Series.CLIENT_ERROR.equals(clientHttpResponse.getStatusCode().series())) {
            this.errorHandler.handleError(clientHttpResponse);
            return;
        }
        ClientHttpResponse clientHttpResponse2 = new ClientHttpResponse() { // from class: org.springframework.security.oauth2.client.http.OAuth2ErrorHandler.1
            private byte[] lazyBody;

            @Override // org.springframework.http.client.ClientHttpResponse
            public HttpStatus getStatusCode() throws IOException {
                return clientHttpResponse.getStatusCode();
            }

            @Override // org.springframework.http.HttpInputMessage
            public synchronized InputStream getBody() throws IOException {
                if (this.lazyBody == null) {
                    InputStream body = clientHttpResponse.getBody();
                    if (body != null) {
                        this.lazyBody = FileCopyUtils.copyToByteArray(body);
                    } else {
                        this.lazyBody = new byte[0];
                    }
                }
                return new ByteArrayInputStream(this.lazyBody);
            }

            @Override // org.springframework.http.HttpMessage
            public HttpHeaders getHeaders() {
                return clientHttpResponse.getHeaders();
            }

            @Override // org.springframework.http.client.ClientHttpResponse
            public String getStatusText() throws IOException {
                return clientHttpResponse.getStatusText();
            }

            @Override // org.springframework.http.client.ClientHttpResponse, java.io.Closeable, java.lang.AutoCloseable
            public void close() {
                clientHttpResponse.close();
            }

            @Override // org.springframework.http.client.ClientHttpResponse
            public int getRawStatusCode() throws IOException {
                return getStatusCode().value();
            }
        };
        try {
            try {
                oAuth2Exception = (OAuth2Exception) new HttpMessageConverterExtractor(OAuth2Exception.class, this.messageConverters).extractData(clientHttpResponse2);
            } catch (HttpMessageConversionException e) {
            } catch (RestClientException e2) {
            }
            if (oAuth2Exception != null) {
                if (oAuth2Exception.getClass() == UserDeniedAuthorizationException.class && clientHttpResponse2.getStatusCode().equals(HttpStatus.FORBIDDEN)) {
                    oAuth2Exception = new OAuth2AccessDeniedException(oAuth2Exception.getMessage());
                }
                throw oAuth2Exception;
            }
            List<String> list = clientHttpResponse2.getHeaders().get((Object) "WWW-Authenticate");
            if (list != null) {
                for (String str : list) {
                    maybeThrowExceptionFromHeader(str, OAuth2AccessToken.BEARER_TYPE);
                    maybeThrowExceptionFromHeader(str, OAuth2AccessToken.OAUTH2_TYPE);
                }
            }
            this.errorHandler.handleError(clientHttpResponse2);
        } catch (InvalidTokenException e3) {
            throw new AccessTokenRequiredException(this.resource);
        } catch (OAuth2Exception e4) {
            if (!e4.getClass().equals(OAuth2Exception.class)) {
                throw e4;
            }
            this.errorHandler.handleError(clientHttpResponse2);
        }
    }

    private void maybeThrowExceptionFromHeader(String str, String str2) {
        String lowerCase = str2.toLowerCase();
        if (str.toLowerCase().startsWith(lowerCase)) {
            OAuth2Exception valueOf = OAuth2Exception.valueOf(StringSplitUtils.splitEachArrayElementAndCreateMap(StringSplitUtils.splitIgnoringQuotes(str.substring(lowerCase.length()), ','), XMLConstants.XML_EQUAL_SIGN, XMLConstants.XML_DOUBLE_QUOTE));
            if (!(valueOf instanceof InvalidTokenException)) {
                throw valueOf;
            }
            throw new AccessTokenRequiredException(this.resource);
        }
    }
}
