package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;

import java.util.function.Supplier;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.BindingContext;
import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.3.9.RELEASE.jar:org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.class */
public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
    private static final AnonymousAuthenticationToken ANONYMOUS_USER_TOKEN = new AnonymousAuthenticationToken(Elements.ANONYMOUS, "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_USER"));
    private ReactiveOAuth2AuthorizedClientManager authorizedClientManager;

    public OAuth2AuthorizedClientArgumentResolver(ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager) {
        Assert.notNull(reactiveOAuth2AuthorizedClientManager, "authorizedClientManager cannot be null");
        this.authorizedClientManager = reactiveOAuth2AuthorizedClientManager;
    }

    public OAuth2AuthorizedClientArgumentResolver(ReactiveClientRegistrationRepository reactiveClientRegistrationRepository, ServerOAuth2AuthorizedClientRepository serverOAuth2AuthorizedClientRepository) {
        Assert.notNull(reactiveClientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(serverOAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.authorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(reactiveClientRegistrationRepository, serverOAuth2AuthorizedClientRepository);
    }

    public boolean supportsParameter(MethodParameter methodParameter) {
        return AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
    }

    public Mono<Object> resolveArgument(MethodParameter methodParameter, BindingContext bindingContext, ServerWebExchange serverWebExchange) {
        return Mono.defer(() -> {
            RegisteredOAuth2AuthorizedClient registeredOAuth2AuthorizedClient = (RegisteredOAuth2AuthorizedClient) AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
            Mono<OAuth2AuthorizeRequest> authorizeRequest = authorizeRequest(StringUtils.hasLength(registeredOAuth2AuthorizedClient.registrationId()) ? registeredOAuth2AuthorizedClient.registrationId() : null, serverWebExchange);
            ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager = this.authorizedClientManager;
            reactiveOAuth2AuthorizedClientManager.getClass();
            return authorizeRequest.flatMap(reactiveOAuth2AuthorizedClientManager::authorize);
        });
    }

    private Mono<OAuth2AuthorizeRequest> authorizeRequest(String str, ServerWebExchange serverWebExchange) {
        Mono<Authentication> currentAuthentication = currentAuthentication();
        return Mono.zip(Mono.justOrEmpty(str).switchIfEmpty(clientRegistrationId(currentAuthentication)).switchIfEmpty(Mono.error((Supplier<? extends Throwable>) () -> {
            return new IllegalArgumentException("The clientRegistrationId could not be resolved. Please provide one");
        })), currentAuthentication, Mono.justOrEmpty(serverWebExchange).switchIfEmpty(currentServerWebExchange())).map(tuple3 -> {
            return OAuth2AuthorizeRequest.withClientRegistrationId((String) tuple3.getT1()).principal((Authentication) tuple3.getT2()).attribute(ServerWebExchange.class.getName(), tuple3.getT3()).build();
        });
    }

    private Mono<Authentication> currentAuthentication() {
        return ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        }).defaultIfEmpty(ANONYMOUS_USER_TOKEN);
    }

    private Mono<String> clientRegistrationId(Mono<Authentication> mono) {
        return mono.filter(authentication -> {
            return authentication instanceof OAuth2AuthenticationToken;
        }).cast(OAuth2AuthenticationToken.class).map((v0) -> {
            return v0.getAuthorizedClientRegistrationId();
        });
    }

    private Mono<ServerWebExchange> currentServerWebExchange() {
        return Mono.subscriberContext().filter(context -> {
            return context.hasKey(ServerWebExchange.class);
        }).map(context2 -> {
            return (ServerWebExchange) context2.get(ServerWebExchange.class);
        });
    }
}
