package org.springframework.security.oauth2.server.resource.web.server.authentication;

import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import org.reactivestreams.Publisher;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.server.resource.BearerTokenErrors;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthenticationToken;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.util.CollectionUtils;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/server/resource/web/server/authentication/ServerBearerTokenAuthenticationConverter.class */
public class ServerBearerTokenAuthenticationConverter implements ServerAuthenticationConverter {
    private static final String ACCESS_TOKEN_PARAMETER_NAME = "access_token";
    private static final Pattern authorizationPattern = Pattern.compile("^Bearer (?<token>[a-zA-Z0-9-._~+/]+=*)$", 2);
    private boolean allowFormEncodedBodyParameter = false;
    private boolean allowUriQueryParameter = false;
    private String bearerTokenHeaderName = "Authorization";

    public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
        return Mono.defer(() -> {
            ServerHttpRequest request = serverWebExchange.getRequest();
            return Flux.merge(new Publisher[]{resolveFromAuthorizationHeader(request.getHeaders()), resolveAccessTokenFromQueryString(request), resolveAccessTokenFromBody(serverWebExchange)}).collectList().flatMap(ServerBearerTokenAuthenticationConverter::resolveToken).map(BearerTokenAuthenticationToken::new);
        });
    }

    private static Mono<String> resolveToken(List<String> list) {
        if (CollectionUtils.isEmpty(list)) {
            return Mono.empty();
        }
        if (list.size() > 1) {
            return Mono.error(new OAuth2AuthenticationException(BearerTokenErrors.invalidRequest("Found multiple bearer tokens in the request")));
        }
        String str = list.get(0);
        return !StringUtils.hasText(str) ? Mono.error(new OAuth2AuthenticationException(BearerTokenErrors.invalidRequest("The requested token parameter is an empty string"))) : Mono.just(str);
    }

    private Mono<String> resolveFromAuthorizationHeader(HttpHeaders httpHeaders) {
        String first = httpHeaders.getFirst(this.bearerTokenHeaderName);
        if (!StringUtils.startsWithIgnoreCase(first, "bearer")) {
            return Mono.empty();
        }
        Matcher matcher = authorizationPattern.matcher(first);
        if (matcher.matches()) {
            return Mono.just(matcher.group("token"));
        }
        throw new OAuth2AuthenticationException(BearerTokenErrors.invalidToken("Bearer token is malformed"));
    }

    private Flux<String> resolveAccessTokenFromQueryString(ServerHttpRequest serverHttpRequest) {
        return (this.allowUriQueryParameter && HttpMethod.GET.equals(serverHttpRequest.getMethod())) ? resolveTokens(serverHttpRequest.getQueryParams()) : Flux.empty();
    }

    private Flux<String> resolveAccessTokenFromBody(ServerWebExchange serverWebExchange) {
        ServerHttpRequest request = serverWebExchange.getRequest();
        return (this.allowFormEncodedBodyParameter && MediaType.APPLICATION_FORM_URLENCODED.equals(request.getHeaders().getContentType()) && HttpMethod.POST.equals(request.getMethod())) ? serverWebExchange.getFormData().flatMapMany(ServerBearerTokenAuthenticationConverter::resolveTokens) : Flux.empty();
    }

    private static Flux<String> resolveTokens(MultiValueMap<String, String> multiValueMap) {
        List list = (List) multiValueMap.get(ACCESS_TOKEN_PARAMETER_NAME);
        return CollectionUtils.isEmpty(list) ? Flux.empty() : Flux.fromIterable(list);
    }

    public void setAllowUriQueryParameter(boolean z) {
        this.allowUriQueryParameter = z;
    }

    public void setBearerTokenHeaderName(String str) {
        this.bearerTokenHeaderName = str;
    }

    public void setAllowFormEncodedBodyParameter(boolean z) {
        this.allowFormEncodedBodyParameter = z;
    }
}
