package org.springframework.cloud.common.security.support;

import java.net.URI;
import java.util.HashSet;
import java.util.Set;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.ResponseEntity;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.client.http.OAuth2ErrorResponseErrorHandler;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestOperations;
import org.springframework.web.client.RestTemplate;

/* loaded from: input_file:org/springframework/cloud/common/security/support/ExternalOauth2ResourceAuthoritiesMapper.class */
public class ExternalOauth2ResourceAuthoritiesMapper implements AuthoritiesMapper {
    private static final Logger logger = LoggerFactory.getLogger(ExternalOauth2ResourceAuthoritiesMapper.class);
    public static final GrantedAuthority CREATE = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.CREATE.getKey());
    public static final GrantedAuthority DEPLOY = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.DEPLOY.getKey());
    public static final GrantedAuthority DESTROY = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.DESTROY.getKey());
    public static final GrantedAuthority MANAGE = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.MANAGE.getKey());
    public static final GrantedAuthority MODIFY = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.MODIFY.getKey());
    public static final GrantedAuthority SCHEDULE = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.SCHEDULE.getKey());
    public static final GrantedAuthority VIEW = new SimpleGrantedAuthority(SecurityConfigUtils.ROLE_PREFIX + CoreSecurityRoles.VIEW.getKey());
    private final URI roleProviderUri;
    private final RestOperations restOperations;

    public ExternalOauth2ResourceAuthoritiesMapper(URI uri) {
        Assert.notNull(uri, "The provided roleProviderUri must not be null.");
        this.roleProviderUri = uri;
        RestTemplate restTemplate = new RestTemplate();
        restTemplate.setErrorHandler(new OAuth2ErrorResponseErrorHandler());
        this.restOperations = restTemplate;
    }

    @Override // org.springframework.cloud.common.security.support.AuthoritiesMapper
    public Set<GrantedAuthority> mapScopesToAuthorities(String str, Set<String> set, String str2) {
        logger.debug("Getting permissions from {}", this.roleProviderUri);
        HttpHeaders httpHeaders = new HttpHeaders();
        httpHeaders.add("Authorization", OAuth2AccessToken.TokenType.BEARER.getValue() + " " + str2);
        ResponseEntity exchange = this.restOperations.exchange(this.roleProviderUri, HttpMethod.GET, new HttpEntity((Object) null, httpHeaders), String[].class);
        HashSet hashSet = new HashSet();
        for (String str3 : (String[]) exchange.getBody()) {
            if (!StringUtils.isEmpty(str3)) {
                CoreSecurityRoles fromKey = CoreSecurityRoles.fromKey(str3.toUpperCase());
                if (fromKey != null) {
                    switch (fromKey) {
                        case CREATE:
                            hashSet.add(CREATE);
                            break;
                        case DEPLOY:
                            hashSet.add(DEPLOY);
                            break;
                        case DESTROY:
                            hashSet.add(DESTROY);
                            break;
                        case MANAGE:
                            hashSet.add(MANAGE);
                            break;
                        case MODIFY:
                            hashSet.add(MODIFY);
                            break;
                        case SCHEDULE:
                            hashSet.add(SCHEDULE);
                            break;
                        case VIEW:
                            hashSet.add(VIEW);
                            break;
                    }
                } else {
                    logger.warn("Invalid role {} provided by {}", str3, this.roleProviderUri);
                }
            } else {
                logger.warn("Received an empty permission from {}", this.roleProviderUri);
            }
        }
        logger.info("Roles added for user: {}.", hashSet);
        return hashSet;
    }
}
