package org.springframework.security.oauth2.client.web.reactive.function.client;

import java.util.Optional;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.WebClientReactiveClientCredentialsTokenResponseClient;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/function/client/OAuth2AuthorizedClientResolver.class */
class OAuth2AuthorizedClientResolver {
    private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_USER"}));
    private final ReactiveClientRegistrationRepository clientRegistrationRepository;
    private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;
    private ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient = new WebClientReactiveClientCredentialsTokenResponseClient();
    private boolean defaultOAuth2AuthorizedClient;
    private String defaultClientRegistrationId;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/function/client/OAuth2AuthorizedClientResolver$Request.class */
    public static class Request {
        private final String clientRegistrationId;
        private final Authentication authentication;
        private final ServerWebExchange exchange;

        public Request(String str, Authentication authentication, ServerWebExchange serverWebExchange) {
            this.clientRegistrationId = str;
            this.authentication = authentication;
            this.exchange = serverWebExchange;
        }

        public String getClientRegistrationId() {
            return this.clientRegistrationId;
        }

        public Authentication getAuthentication() {
            return this.authentication;
        }

        public ServerWebExchange getExchange() {
            return this.exchange;
        }
    }

    public OAuth2AuthorizedClientResolver(ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository serverOAuth2AuthorizedClientRepository) {
        Assert.notNull(reactiveClientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(serverOAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.clientRegistrationRepository = reactiveClientRegistrationRepository;
        this.authorizedClientRepository = serverOAuth2AuthorizedClientRepository;
    }

    public void setDefaultOAuth2AuthorizedClient(boolean z) {
        this.defaultOAuth2AuthorizedClient = z;
    }

    public void setDefaultClientRegistrationId(String str) {
        this.defaultClientRegistrationId = str;
    }

    public void setClientCredentialsTokenResponseClient(ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> reactiveOAuth2AccessTokenResponseClient) {
        Assert.notNull(reactiveOAuth2AccessTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
        this.clientCredentialsTokenResponseClient = reactiveOAuth2AccessTokenResponseClient;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<Request> createDefaultedRequest(String str, Authentication authentication, ServerWebExchange serverWebExchange) {
        Mono<Authentication> switchIfEmpty = Mono.justOrEmpty(authentication).switchIfEmpty(currentAuthentication());
        return Mono.zip(Mono.justOrEmpty(str).switchIfEmpty(Mono.justOrEmpty(this.defaultClientRegistrationId)).switchIfEmpty(clientRegistrationId(switchIfEmpty)), switchIfEmpty, Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchange()).map((v0) -> {
            return Optional.of(v0);
        }).defaultIfEmpty(Optional.empty())).map(tuple3 -> {
            return new Request((String) tuple3.getT1(), (Authentication) tuple3.getT2(), (ServerWebExchange) ((Optional) tuple3.getT3()).orElse(null));
        });
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public Mono<OAuth2AuthorizedClient> loadAuthorizedClient(Request request) {
        String clientRegistrationId = request.getClientRegistrationId();
        Authentication authentication = request.getAuthentication();
        ServerWebExchange exchange = request.getExchange();
        return this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, authentication, exchange).switchIfEmpty(authorizedClientNotLoaded(clientRegistrationId, authentication, exchange));
    }

    private Mono<OAuth2AuthorizedClient> authorizedClientNotLoaded(String str, Authentication authentication, ServerWebExchange serverWebExchange) {
        return this.clientRegistrationRepository.findByRegistrationId(str).switchIfEmpty(Mono.error(() -> {
            return new IllegalArgumentException("Client Registration with id " + str + " was not found");
        })).flatMap(clientRegistration -> {
            return AuthorizationGrantType.CLIENT_CREDENTIALS.equals(clientRegistration.getAuthorizationGrantType()) ? clientCredentials(clientRegistration, authentication, serverWebExchange) : Mono.error(() -> {
                return new ClientAuthorizationRequiredException(str);
            });
        });
    }

    private Mono<? extends OAuth2AuthorizedClient> clientCredentials(ClientRegistration clientRegistration, Authentication authentication, ServerWebExchange serverWebExchange) {
        return this.clientCredentialsTokenResponseClient.getTokenResponse(new OAuth2ClientCredentialsGrantRequest(clientRegistration)).flatMap(oAuth2AccessTokenResponse -> {
            return clientCredentialsResponse(clientRegistration, authentication, serverWebExchange, oAuth2AccessTokenResponse);
        });
    }

    private Mono<OAuth2AuthorizedClient> clientCredentialsResponse(ClientRegistration clientRegistration, Authentication authentication, ServerWebExchange serverWebExchange, OAuth2AccessTokenResponse oAuth2AccessTokenResponse) {
        OAuth2AuthorizedClient oAuth2AuthorizedClient = new OAuth2AuthorizedClient(clientRegistration, authentication.getName(), oAuth2AccessTokenResponse.getAccessToken());
        return this.authorizedClientRepository.saveAuthorizedClient(oAuth2AuthorizedClient, authentication, serverWebExchange).thenReturn(oAuth2AuthorizedClient);
    }

    private Mono<String> clientRegistrationId(Mono<Authentication> mono) {
        return mono.filter(authentication -> {
            return this.defaultOAuth2AuthorizedClient && (authentication instanceof OAuth2AuthenticationToken);
        }).cast(OAuth2AuthenticationToken.class).map((v0) -> {
            return v0.getAuthorizedClientRegistrationId();
        });
    }

    private Mono<Authentication> currentAuthentication() {
        return ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        }).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
    }

    private Mono<ServerWebExchange> currentServerWebExchange() {
        return Mono.subscriberContext().filter(context -> {
            return context.hasKey(ServerWebExchange.class);
        }).map(context2 -> {
            return (ServerWebExchange) context2.get(ServerWebExchange.class);
        });
    }
}
