package org.springframework.security.oauth2.client.web.server;

import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthorizationCodeAuthenticationToken;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationExchange;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationRequest;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.web.server.authentication.ServerAuthenticationConverter;
import org.springframework.util.Assert;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.util.UriComponentsBuilder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/server/ServerOAuth2AuthorizationCodeAuthenticationTokenConverter.class */
public class ServerOAuth2AuthorizationCodeAuthenticationTokenConverter implements ServerAuthenticationConverter {
    static final String AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE = "authorization_request_not_found";
    static final String CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE = "client_registration_not_found";
    private ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> authorizationRequestRepository = new WebSessionOAuth2ServerAuthorizationRequestRepository();
    private final ReactiveClientRegistrationRepository clientRegistrationRepository;

    public ServerOAuth2AuthorizationCodeAuthenticationTokenConverter(ReactiveClientRegistrationRepository reactiveClientRegistrationRepository) {
        Assert.notNull(reactiveClientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.clientRegistrationRepository = reactiveClientRegistrationRepository;
    }

    public void setAuthorizationRequestRepository(ServerAuthorizationRequestRepository<OAuth2AuthorizationRequest> serverAuthorizationRequestRepository) {
        Assert.notNull(serverAuthorizationRequestRepository, "authorizationRequestRepository cannot be null");
        this.authorizationRequestRepository = serverAuthorizationRequestRepository;
    }

    @Override // org.springframework.security.web.server.authentication.ServerAuthenticationConverter
    public Mono<Authentication> convert(ServerWebExchange serverWebExchange) {
        return this.authorizationRequestRepository.removeAuthorizationRequest(serverWebExchange).switchIfEmpty(oauth2AuthorizationException(AUTHORIZATION_REQUEST_NOT_FOUND_ERROR_CODE)).flatMap(oAuth2AuthorizationRequest -> {
            return authenticationRequest(serverWebExchange, oAuth2AuthorizationRequest);
        });
    }

    private <T> Mono<T> oauth2AuthorizationException(String str) {
        return Mono.defer(() -> {
            return Mono.error(new OAuth2AuthorizationException(new OAuth2Error(str)));
        });
    }

    private Mono<OAuth2AuthorizationCodeAuthenticationToken> authenticationRequest(ServerWebExchange serverWebExchange, OAuth2AuthorizationRequest oAuth2AuthorizationRequest) {
        return Mono.just(oAuth2AuthorizationRequest).map((v0) -> {
            return v0.getAttributes();
        }).flatMap(map -> {
            String str = (String) map.get(OAuth2ParameterNames.REGISTRATION_ID);
            return str == null ? oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE) : this.clientRegistrationRepository.findByRegistrationId(str);
        }).switchIfEmpty(oauth2AuthorizationException(CLIENT_REGISTRATION_NOT_FOUND_ERROR_CODE)).map(clientRegistration -> {
            return new OAuth2AuthorizationCodeAuthenticationToken(clientRegistration, new OAuth2AuthorizationExchange(oAuth2AuthorizationRequest, convertResponse(serverWebExchange)));
        });
    }

    private static OAuth2AuthorizationResponse convertResponse(ServerWebExchange serverWebExchange) {
        return OAuth2AuthorizationResponseUtils.convert(serverWebExchange.getRequest().getQueryParams(), UriComponentsBuilder.fromUri(serverWebExchange.getRequest().getURI()).build().toUriString());
    }
}
