package org.springframework.cloud.task.app.composedtaskrunner;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.cloud.common.security.support.OAuth2AccessTokenProvidingClientHttpRequestInterceptor;
import org.springframework.cloud.dataflow.rest.client.DataFlowOperations;
import org.springframework.cloud.dataflow.rest.client.DataFlowTemplate;
import org.springframework.cloud.dataflow.rest.client.TaskOperations;
import org.springframework.cloud.dataflow.rest.util.HttpClientConfigurer;
import org.springframework.cloud.task.app.composedtaskrunner.properties.ComposedTaskProperties;
import org.springframework.cloud.task.app.composedtaskrunner.support.OnOAuth2ClientCredentialsEnabled;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.oauth2.client.endpoint.DefaultClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.registration.InMemoryClientRegistrationRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.util.StringUtils;
import org.springframework.web.client.RestTemplate;

@EnableConfigurationProperties({ComposedTaskProperties.class})
@Configuration
/* loaded from: input_file:org/springframework/cloud/task/app/composedtaskrunner/DataFlowConfiguration.class */
public class DataFlowConfiguration {
    private static Log logger = LogFactory.getLog(DataFlowConfiguration.class);

    @Autowired
    private ComposedTaskProperties properties;

    @Configuration
    @Conditional({OnOAuth2ClientCredentialsEnabled.class})
    /* loaded from: input_file:org/springframework/cloud/task/app/composedtaskrunner/DataFlowConfiguration$clientCredentialsConfiguration.class */
    static class clientCredentialsConfiguration {
        clientCredentialsConfiguration() {
        }

        @Bean
        public InMemoryClientRegistrationRepository clientRegistrationRepository(ComposedTaskProperties composedTaskProperties) {
            return new InMemoryClientRegistrationRepository(new ClientRegistration[]{ClientRegistration.withRegistrationId("default").authorizationGrantType(AuthorizationGrantType.CLIENT_CREDENTIALS).tokenUri(composedTaskProperties.getOauth2ClientCredentialsTokenUri()).clientId(composedTaskProperties.getOauth2ClientCredentialsClientId()).clientSecret(composedTaskProperties.getOauth2ClientCredentialsClientSecret()).scope(composedTaskProperties.getOauth2ClientCredentialsScopes()).build()});
        }

        @Bean
        OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient() {
            return new DefaultClientCredentialsTokenResponseClient();
        }
    }

    @Bean
    public TaskOperations taskOperations(DataFlowOperations dataFlowOperations) {
        return dataFlowOperations.taskOperations();
    }

    @Bean
    public DataFlowOperations dataFlowOperations(@Autowired(required = false) ClientRegistrationRepository clientRegistrationRepository, @Autowired(required = false) OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> oAuth2AccessTokenResponseClient) {
        RestTemplate defaultDataflowRestTemplate = DataFlowTemplate.getDefaultDataflowRestTemplate();
        validateUsernamePassword(this.properties.getDataflowServerUsername(), this.properties.getDataflowServerPassword());
        HttpClientConfigurer httpClientConfigurer = null;
        if (this.properties.getOauth2ClientCredentialsClientId() != null || StringUtils.hasText(this.properties.getDataflowServerAccessToken()) || (StringUtils.hasText(this.properties.getDataflowServerUsername()) && StringUtils.hasText(this.properties.getDataflowServerPassword()))) {
            httpClientConfigurer = HttpClientConfigurer.create(this.properties.getDataflowServerUri());
        }
        String str = null;
        if (this.properties.getOauth2ClientCredentialsClientId() != null) {
            str = oAuth2AccessTokenResponseClient.getTokenResponse(new OAuth2ClientCredentialsGrantRequest(clientRegistrationRepository.findByRegistrationId("default"))).getAccessToken().getTokenValue();
            logger.debug("Configured OAuth2 Client Credentials for accessing the Data Flow Server");
        } else if (StringUtils.hasText(this.properties.getDataflowServerAccessToken())) {
            str = this.properties.getDataflowServerAccessToken();
            logger.debug("Configured OAuth2 Access Token for accessing the Data Flow Server");
        } else if (StringUtils.hasText(this.properties.getDataflowServerUsername()) && StringUtils.hasText(this.properties.getDataflowServerPassword())) {
            str = null;
            httpClientConfigurer.basicAuthCredentials(this.properties.getDataflowServerUsername(), this.properties.getDataflowServerPassword());
            logger.debug("Configured basic security for accessing the Data Flow Server");
        } else {
            logger.debug("Not configuring basic security for accessing the Data Flow Server");
        }
        if (str != null) {
            defaultDataflowRestTemplate.getInterceptors().add(new OAuth2AccessTokenProvidingClientHttpRequestInterceptor(str));
        }
        if (httpClientConfigurer != null) {
            defaultDataflowRestTemplate.setRequestFactory(httpClientConfigurer.buildClientHttpRequestFactory());
        }
        return new DataFlowTemplate(this.properties.getDataflowServerUri(), defaultDataflowRestTemplate);
    }

    private void validateUsernamePassword(String str, String str2) {
        if (!StringUtils.isEmpty(str2) && StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("A password may be specified only together with a username");
        }
        if (StringUtils.isEmpty(str2) && !StringUtils.isEmpty(str)) {
            throw new IllegalArgumentException("A username may be specified only together with a password");
        }
    }
}
