package org.springframework.security.oauth2.client.web;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.OAuth2AuthorizationSuccessHandler;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestAttributes;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.5.1.jar:org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.class */
public final class DefaultOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
    private static final OAuth2AuthorizedClientProvider DEFAULT_AUTHORIZED_CLIENT_PROVIDER = OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().refreshToken().clientCredentials().password().build();
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final OAuth2AuthorizedClientRepository authorizedClientRepository;
    private OAuth2AuthorizedClientProvider authorizedClientProvider;
    private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper;
    private OAuth2AuthorizationSuccessHandler authorizationSuccessHandler;
    private OAuth2AuthorizationFailureHandler authorizationFailureHandler;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.5.1.jar:org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager$DefaultContextAttributesMapper.class */
    public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
        @Override // java.util.function.Function
        public Map<String, Object> apply(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
            Map<String, Object> emptyMap = Collections.emptyMap();
            String parameter = DefaultOAuth2AuthorizedClientManager.getHttpServletRequestOrDefault(oAuth2AuthorizeRequest.getAttributes()).getParameter("scope");
            if (StringUtils.hasText(parameter)) {
                emptyMap = new HashMap();
                emptyMap.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, StringUtils.delimitedListToStringArray(parameter, org.apache.commons.lang3.StringUtils.SPACE));
            }
            return emptyMap;
        }
    }

    public DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(oAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizedClientRepository = oAuth2AuthorizedClientRepository;
        this.authorizedClientProvider = DEFAULT_AUTHORIZED_CLIENT_PROVIDER;
        this.contextAttributesMapper = new DefaultContextAttributesMapper();
        this.authorizationSuccessHandler = (oAuth2AuthorizedClient, authentication, map) -> {
            oAuth2AuthorizedClientRepository.saveAuthorizedClient(oAuth2AuthorizedClient, authentication, (HttpServletRequest) map.get(HttpServletRequest.class.getName()), (HttpServletResponse) map.get(HttpServletResponse.class.getName()));
        };
        this.authorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler((str, authentication2, map2) -> {
            oAuth2AuthorizedClientRepository.removeAuthorizedClient(str, authentication2, (HttpServletRequest) map2.get(HttpServletRequest.class.getName()), (HttpServletResponse) map2.get(HttpServletResponse.class.getName()));
        });
    }

    @Override // org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager
    @Nullable
    public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
        OAuth2AuthorizationContext.Builder withClientRegistration;
        Assert.notNull(oAuth2AuthorizeRequest, "authorizeRequest cannot be null");
        String clientRegistrationId = oAuth2AuthorizeRequest.getClientRegistrationId();
        OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizeRequest.getAuthorizedClient();
        Authentication principal = oAuth2AuthorizeRequest.getPrincipal();
        HttpServletRequest httpServletRequestOrDefault = getHttpServletRequestOrDefault(oAuth2AuthorizeRequest.getAttributes());
        Assert.notNull(httpServletRequestOrDefault, "servletRequest cannot be null");
        HttpServletResponse httpServletResponseOrDefault = getHttpServletResponseOrDefault(oAuth2AuthorizeRequest.getAttributes());
        Assert.notNull(httpServletResponseOrDefault, "servletResponse cannot be null");
        if (authorizedClient != null) {
            withClientRegistration = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
        } else {
            OAuth2AuthorizedClient loadAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, httpServletRequestOrDefault);
            if (loadAuthorizedClient != null) {
                withClientRegistration = OAuth2AuthorizationContext.withAuthorizedClient(loadAuthorizedClient);
            } else {
                ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
                Assert.notNull(findByRegistrationId, "Could not find ClientRegistration with id '" + clientRegistrationId + "'");
                withClientRegistration = OAuth2AuthorizationContext.withClientRegistration(findByRegistrationId);
            }
        }
        OAuth2AuthorizationContext build = withClientRegistration.principal(principal).attributes(map -> {
            Map<String, Object> apply = this.contextAttributesMapper.apply(oAuth2AuthorizeRequest);
            if (CollectionUtils.isEmpty(apply)) {
                return;
            }
            map.putAll(apply);
        }).build();
        try {
            OAuth2AuthorizedClient authorize = this.authorizedClientProvider.authorize(build);
            if (authorize != null) {
                this.authorizationSuccessHandler.onAuthorizationSuccess(authorize, principal, createAttributes(httpServletRequestOrDefault, httpServletResponseOrDefault));
            } else if (build.getAuthorizedClient() != null) {
                return build.getAuthorizedClient();
            }
            return authorize;
        } catch (OAuth2AuthorizationException e) {
            this.authorizationFailureHandler.onAuthorizationFailure(e, principal, createAttributes(httpServletRequestOrDefault, httpServletResponseOrDefault));
            throw e;
        }
    }

    private static Map<String, Object> createAttributes(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        HashMap hashMap = new HashMap();
        hashMap.put(HttpServletRequest.class.getName(), httpServletRequest);
        hashMap.put(HttpServletResponse.class.getName(), httpServletResponse);
        return hashMap;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static HttpServletRequest getHttpServletRequestOrDefault(Map<String, Object> map) {
        HttpServletRequest httpServletRequest = (HttpServletRequest) map.get(HttpServletRequest.class.getName());
        if (httpServletRequest == null) {
            RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
            if (requestAttributes instanceof ServletRequestAttributes) {
                httpServletRequest = ((ServletRequestAttributes) requestAttributes).getRequest();
            }
        }
        return httpServletRequest;
    }

    private static HttpServletResponse getHttpServletResponseOrDefault(Map<String, Object> map) {
        HttpServletResponse httpServletResponse = (HttpServletResponse) map.get(HttpServletResponse.class.getName());
        if (httpServletResponse == null) {
            RequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
            if (requestAttributes instanceof ServletRequestAttributes) {
                httpServletResponse = ((ServletRequestAttributes) requestAttributes).getResponse();
            }
        }
        return httpServletResponse;
    }

    public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider oAuth2AuthorizedClientProvider) {
        Assert.notNull(oAuth2AuthorizedClientProvider, "authorizedClientProvider cannot be null");
        this.authorizedClientProvider = oAuth2AuthorizedClientProvider;
    }

    public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>> function) {
        Assert.notNull(function, "contextAttributesMapper cannot be null");
        this.contextAttributesMapper = function;
    }

    public void setAuthorizationSuccessHandler(OAuth2AuthorizationSuccessHandler oAuth2AuthorizationSuccessHandler) {
        Assert.notNull(oAuth2AuthorizationSuccessHandler, "authorizationSuccessHandler cannot be null");
        this.authorizationSuccessHandler = oAuth2AuthorizationSuccessHandler;
    }

    public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler oAuth2AuthorizationFailureHandler) {
        Assert.notNull(oAuth2AuthorizationFailureHandler, "authorizationFailureHandler cannot be null");
        this.authorizationFailureHandler = oAuth2AuthorizationFailureHandler;
    }
}
