package org.springframework.security.oauth2.client.web;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import org.codehaus.jackson.util.MinimalPrettyPrinter;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizationSuccessHandler;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.2.2.jar:org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager.class */
public final class DefaultReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager {
    private static final ReactiveOAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = ReactiveOAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().refreshToken().clientCredentials().password().build();
    private static final Mono<ServerWebExchange> currentServerWebExchangeMono = Mono.deferContextual((v0) -> {
        return Mono.just(v0);
    }).filter(contextView -> {
        return contextView.hasKey(ServerWebExchange.class);
    }).map(contextView2 -> {
        return (ServerWebExchange) contextView2.get(ServerWebExchange.class);
    });
    private final ReactiveClientRegistrationRepository clientRegistrationRepository;
    private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
    private ReactiveOAuth2AuthorizedClientProvider authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
    private Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> contextAttributesMapper = new DefaultContextAttributesMapper();
    private ReactiveOAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
    private ReactiveOAuth2AuthorizationFailureHandler authorizationFailureHandler;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.2.2.jar:org/springframework/security/oauth2/client/web/DefaultReactiveOAuth2AuthorizedClientManager$DefaultContextAttributesMapper.class */
    public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> {
        @Override // java.util.function.Function
        public Mono<Map<String, Object>> apply(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
            return Mono.justOrEmpty((ServerWebExchange) oAuth2AuthorizeRequest.getAttribute(ServerWebExchange.class.getName())).switchIfEmpty(DefaultReactiveOAuth2AuthorizedClientManager.currentServerWebExchangeMono).flatMap(serverWebExchange -> {
                Map emptyMap = Collections.emptyMap();
                String first = serverWebExchange.getRequest().getQueryParams().getFirst("scope");
                if (StringUtils.hasText(first)) {
                    emptyMap = new HashMap();
                    emptyMap.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, StringUtils.delimitedListToStringArray(first, MinimalPrettyPrinter.DEFAULT_ROOT_VALUE_SEPARATOR));
                }
                return Mono.just(emptyMap);
            }).defaultIfEmpty(Collections.emptyMap());
        }
    }

    public DefaultReactiveOAuth2AuthorizedClientManager(ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository serverOAuth2AuthorizedClientRepository) {
        Assert.notNull(reactiveClientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(serverOAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.clientRegistrationRepository = reactiveClientRegistrationRepository;
        this.authorizedClientRepository = serverOAuth2AuthorizedClientRepository;
        this.authorizationSuccessHandler = (oAuth2AuthorizedClient, authentication, map) -> {
            return serverOAuth2AuthorizedClientRepository.saveAuthorizedClient(oAuth2AuthorizedClient, authentication, (ServerWebExchange) map.get(ServerWebExchange.class.getName()));
        };
        this.authorizationFailureHandler = new RemoveAuthorizedClientReactiveOAuth2AuthorizationFailureHandler((str, authentication2, map2) -> {
            return serverOAuth2AuthorizedClientRepository.removeAuthorizedClient(str, authentication2, (ServerWebExchange) map2.get(ServerWebExchange.class.getName()));
        });
    }

    @Override // org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager
    public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
        Assert.notNull(oAuth2AuthorizeRequest, "authorizeRequest cannot be null");
        String clientRegistrationId = oAuth2AuthorizeRequest.getClientRegistrationId();
        Authentication principal = oAuth2AuthorizeRequest.getPrincipal();
        return Mono.justOrEmpty((ServerWebExchange) oAuth2AuthorizeRequest.getAttribute(ServerWebExchange.class.getName())).switchIfEmpty(currentServerWebExchangeMono).switchIfEmpty(Mono.error(() -> {
            return new IllegalArgumentException("serverWebExchange cannot be null");
        })).flatMap(serverWebExchange -> {
            return Mono.justOrEmpty(oAuth2AuthorizeRequest.getAuthorizedClient()).switchIfEmpty(Mono.defer(() -> {
                return loadAuthorizedClient(clientRegistrationId, principal, serverWebExchange);
            })).flatMap(oAuth2AuthorizedClient -> {
                return authorizationContext(oAuth2AuthorizeRequest, oAuth2AuthorizedClient).flatMap(oAuth2AuthorizationContext -> {
                    return authorize(oAuth2AuthorizationContext, principal, serverWebExchange);
                }).defaultIfEmpty(oAuth2AuthorizeRequest.getAuthorizedClient() != null ? oAuth2AuthorizeRequest.getAuthorizedClient() : oAuth2AuthorizedClient);
            }).switchIfEmpty(Mono.defer(() -> {
                return this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId).switchIfEmpty(Mono.error(() -> {
                    return new IllegalArgumentException("Could not find ClientRegistration with id '" + clientRegistrationId + "'");
                })).flatMap(clientRegistration -> {
                    return authorizationContext(oAuth2AuthorizeRequest, clientRegistration);
                }).flatMap(oAuth2AuthorizationContext -> {
                    return authorize(oAuth2AuthorizationContext, principal, serverWebExchange);
                });
            }));
        });
    }

    private Mono<OAuth2AuthorizedClient> loadAuthorizedClient(String str, Authentication authentication, ServerWebExchange serverWebExchange) {
        return this.authorizedClientRepository.loadAuthorizedClient(str, authentication, serverWebExchange);
    }

    private Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizationContext oAuth2AuthorizationContext, Authentication authentication, ServerWebExchange serverWebExchange) {
        return this.authorizedClientProvider.authorize(oAuth2AuthorizationContext).flatMap(oAuth2AuthorizedClient -> {
            return this.authorizationSuccessHandler.onAuthorizationSuccess(oAuth2AuthorizedClient, authentication, createAttributes(serverWebExchange)).thenReturn(oAuth2AuthorizedClient);
        }).onErrorResume(OAuth2AuthorizationException.class, oAuth2AuthorizationException -> {
            return this.authorizationFailureHandler.onAuthorizationFailure(oAuth2AuthorizationException, authentication, createAttributes(serverWebExchange)).then(Mono.error(oAuth2AuthorizationException));
        });
    }

    private Map<String, Object> createAttributes(ServerWebExchange serverWebExchange) {
        return Collections.singletonMap(ServerWebExchange.class.getName(), serverWebExchange);
    }

    private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest oAuth2AuthorizeRequest, OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        return Mono.just(oAuth2AuthorizeRequest).flatMap(this.contextAttributesMapper).map(map -> {
            return OAuth2AuthorizationContext.withAuthorizedClient(oAuth2AuthorizedClient).principal(oAuth2AuthorizeRequest.getPrincipal()).attributes(map -> {
                if (CollectionUtils.isEmpty((Map<?, ?>) map)) {
                    return;
                }
                map.putAll(map);
            }).build();
        });
    }

    private Mono<OAuth2AuthorizationContext> authorizationContext(OAuth2AuthorizeRequest oAuth2AuthorizeRequest, ClientRegistration clientRegistration) {
        return Mono.just(oAuth2AuthorizeRequest).flatMap(this.contextAttributesMapper).map(map -> {
            return OAuth2AuthorizationContext.withClientRegistration(clientRegistration).principal(oAuth2AuthorizeRequest.getPrincipal()).attributes(map -> {
                if (CollectionUtils.isEmpty((Map<?, ?>) map)) {
                    return;
                }
                map.putAll(map);
            }).build();
        });
    }

    public void setAuthorizedClientProvider(ReactiveOAuth2AuthorizedClientProvider reactiveOAuth2AuthorizedClientProvider) {
        Assert.notNull(reactiveOAuth2AuthorizedClientProvider, "authorizedClientProvider cannot be null");
        this.authorizedClientProvider = reactiveOAuth2AuthorizedClientProvider;
    }

    public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Mono<Map<String, Object>>> function) {
        Assert.notNull(function, "contextAttributesMapper cannot be null");
        this.contextAttributesMapper = function;
    }

    public void setAuthorizationSuccessHandler(ReactiveOAuth2AuthorizationSuccessHandler reactiveOAuth2AuthorizationSuccessHandler) {
        Assert.notNull(reactiveOAuth2AuthorizationSuccessHandler, "authorizationSuccessHandler cannot be null");
        this.authorizationSuccessHandler = reactiveOAuth2AuthorizationSuccessHandler;
    }

    public void setAuthorizationFailureHandler(ReactiveOAuth2AuthorizationFailureHandler reactiveOAuth2AuthorizationFailureHandler) {
        Assert.notNull(reactiveOAuth2AuthorizationFailureHandler, "authorizationFailureHandler cannot be null");
        this.authorizationFailureHandler = reactiveOAuth2AuthorizationFailureHandler;
    }
}
