package org.springframework.security.oauth2.client.token.auth;
   
   import java.io.UnsupportedEncodingException;
   
   import org.springframework.http.HttpHeaders;
   import org.springframework.security.crypto.codec.Base64;
   import org.springframework.security.oauth2.client.resource.OAuth2ProtectedResourceDetails;
   import org.springframework.security.oauth2.common.AuthenticationScheme;
   import org.springframework.util.MultiValueMap;
  import org.springframework.util.StringUtils;
  
  /**
   * Default implementation of the client authentication handler.
   * 
   * @author Ryan Heaton
   * @author Dave Syer
   */
  public class DefaultClientAuthenticationHandler implements ClientAuthenticationHandler {
  
  	public void authenticateTokenRequest(OAuth2ProtectedResourceDetails resource, MultiValueMap<String, String> form,
  			HttpHeaders headers) {
  		if (resource.isAuthenticationRequired()) {
  			AuthenticationScheme scheme = AuthenticationScheme.header;
  			if (resource.getClientAuthenticationScheme() != null) {
  				scheme = resource.getClientAuthenticationScheme();
  			}
  
  			try {
  				String clientSecret = resource.getClientSecret();
  				clientSecret = clientSecret == null ? "" : clientSecret;
  				switch (scheme) {
  				case header:
  					form.remove("client_secret");
  					headers.add(
  							"Authorization",
  							String.format(
  									"Basic %s",
  									new String(Base64.encode(String.format("%s:%s", resource.getClientId(),
  											clientSecret).getBytes("UTF-8")), "UTF-8")));
  					break;
  				case form:
  				case query:
  					form.set("client_id", resource.getClientId());
  					if (StringUtils.hasText(clientSecret)) {
  						form.set("client_secret", clientSecret);
  					}
  					break;
  				default:
  					throw new IllegalStateException(
  							"Default authentication handler doesn't know how to handle scheme: " + scheme);
  				}
  			}
  			catch (UnsupportedEncodingException e) {
  				throw new IllegalStateException(e);
  			}
  		}
  	}
  }