package org.springframework.security.oauth2.client.authentication;

import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.5.1.jar:org/springframework/security/oauth2/client/authentication/OAuth2LoginReactiveAuthenticationManager.class */
public class OAuth2LoginReactiveAuthenticationManager implements ReactiveAuthenticationManager {
    private final ReactiveAuthenticationManager authorizationCodeManager;
    private final ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> userService;
    private GrantedAuthoritiesMapper authoritiesMapper = collection -> {
        return collection;
    };

    public OAuth2LoginReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> reactiveOAuth2AccessTokenResponseClient, ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> reactiveOAuth2UserService) {
        Assert.notNull(reactiveOAuth2AccessTokenResponseClient, "accessTokenResponseClient cannot be null");
        Assert.notNull(reactiveOAuth2UserService, "userService cannot be null");
        this.authorizationCodeManager = new OAuth2AuthorizationCodeReactiveAuthenticationManager(reactiveOAuth2AccessTokenResponseClient);
        this.userService = reactiveOAuth2UserService;
    }

    @Override // org.springframework.security.authentication.ReactiveAuthenticationManager
    public Mono<Authentication> authenticate(Authentication authentication) {
        return Mono.defer(() -> {
            OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
            return oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getScopes().contains("openid") ? Mono.empty() : this.authorizationCodeManager.authenticate(oAuth2AuthorizationCodeAuthenticationToken).onErrorMap(OAuth2AuthorizationException.class, oAuth2AuthorizationException -> {
                return new OAuth2AuthenticationException(oAuth2AuthorizationException.getError(), oAuth2AuthorizationException.getError().toString());
            }).cast(OAuth2AuthorizationCodeAuthenticationToken.class).flatMap(this::onSuccess);
        });
    }

    public final void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        Assert.notNull(grantedAuthoritiesMapper, "authoritiesMapper cannot be null");
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    private Mono<OAuth2LoginAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken) {
        OAuth2AccessToken accessToken = oAuth2AuthorizationCodeAuthenticationToken.getAccessToken();
        return this.userService.loadUser(new OAuth2UserRequest(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), accessToken, oAuth2AuthorizationCodeAuthenticationToken.getAdditionalParameters())).map(oAuth2User -> {
            return new OAuth2LoginAuthenticationToken(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange(), oAuth2User, this.authoritiesMapper.mapAuthorities(oAuth2User.getAuthorities()), accessToken, oAuth2AuthorizationCodeAuthenticationToken.getRefreshToken());
        });
    }
}
