package org.springframework.security.oauth2.client.endpoint;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Set;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.http.ReactiveHttpInputMessage;
import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.BodyExtractor;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.class */
public abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> implements ReactiveOAuth2AccessTokenResponseClient<T> {
    private WebClient webClient = WebClient.builder().build();
    private Converter<T, WebClient.RequestHeadersSpec<?>> requestEntityConverter = this::validatingPopulateRequest;
    private Converter<T, HttpHeaders> headersConverter = this::populateTokenRequestHeaders;
    private Converter<T, MultiValueMap<String, String>> parametersConverter = this::populateTokenRequestParameters;
    private BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> bodyExtractor = OAuth2BodyExtractors.oauth2AccessTokenResponse();

    @Override // org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
    public Mono<OAuth2AccessTokenResponse> getTokenResponse(T t) {
        Assert.notNull(t, "grantRequest cannot be null");
        return Mono.defer(() -> {
            return ((WebClient.RequestHeadersSpec) this.requestEntityConverter.convert(t)).exchange().flatMap(clientResponse -> {
                return readTokenResponse(t, clientResponse);
            });
        });
    }

    abstract ClientRegistration clientRegistration(T t);

    private WebClient.RequestHeadersSpec<?> validatingPopulateRequest(T t) {
        validateClientAuthenticationMethod(t);
        return populateRequest(t);
    }

    private void validateClientAuthenticationMethod(T t) {
        ClientRegistration clientRegistration = t.getClientRegistration();
        ClientAuthenticationMethod clientAuthenticationMethod = clientRegistration.getClientAuthenticationMethod();
        if (!(clientAuthenticationMethod.equals(ClientAuthenticationMethod.NONE) || clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_BASIC) || clientAuthenticationMethod.equals(ClientAuthenticationMethod.CLIENT_SECRET_POST))) {
            throw new IllegalArgumentException(String.format("This class supports `client_secret_basic`, `client_secret_post`, and `none` by default. Client [%s] is using [%s] instead. Please use a supported client authentication method, or use `set/addParametersConverter` or `set/addHeadersConverter` to supply an instance that supports [%s].", clientRegistration.getRegistrationId(), clientAuthenticationMethod, clientAuthenticationMethod));
        }
    }

    private WebClient.RequestHeadersSpec<?> populateRequest(T t) {
        return this.webClient.post().uri(clientRegistration(t).getProviderDetails().getTokenUri(), new Object[0]).headers(httpHeaders -> {
            HttpHeaders httpHeaders = (HttpHeaders) getHeadersConverter().convert(t);
            if (httpHeaders != null) {
                httpHeaders.addAll(httpHeaders);
            }
        }).body(createTokenRequestBody(t));
    }

    private HttpHeaders populateTokenRequestHeaders(T t) {
        HttpHeaders httpHeaders = new HttpHeaders();
        ClientRegistration clientRegistration = clientRegistration(t);
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        if (ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
            httpHeaders.setBasicAuth(encodeClientCredential(clientRegistration.getClientId()), encodeClientCredential(clientRegistration.getClientSecret()));
        }
        return httpHeaders;
    }

    private static String encodeClientCredential(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.toString());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private MultiValueMap<String, String> populateTokenRequestParameters(T t) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap();
        linkedMultiValueMap.add("grant_type", t.getGrantType().getValue());
        return linkedMultiValueMap;
    }

    private BodyInserters.FormInserter<String> createTokenRequestBody(T t) {
        return populateTokenRequestBody(t, BodyInserters.fromFormData((MultiValueMap) getParametersConverter().convert(t)));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BodyInserters.FormInserter<String> populateTokenRequestBody(T t, BodyInserters.FormInserter<String> formInserter) {
        ClientRegistration clientRegistration = clientRegistration(t);
        if (!ClientAuthenticationMethod.CLIENT_SECRET_BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
            formInserter.with("client_id", clientRegistration.getClientId());
        }
        if (ClientAuthenticationMethod.CLIENT_SECRET_POST.equals(clientRegistration.getClientAuthenticationMethod())) {
            formInserter.with("client_secret", clientRegistration.getClientSecret());
        }
        Set<String> scopes = scopes(t);
        if (!CollectionUtils.isEmpty(scopes)) {
            formInserter.with("scope", StringUtils.collectionToDelimitedString(scopes, " "));
        }
        return formInserter;
    }

    abstract Set<String> scopes(T t);

    Set<String> defaultScopes(T t) {
        return Collections.emptySet();
    }

    private Mono<OAuth2AccessTokenResponse> readTokenResponse(T t, ClientResponse clientResponse) {
        return ((Mono) clientResponse.body(this.bodyExtractor)).map(oAuth2AccessTokenResponse -> {
            return populateTokenResponse(t, oAuth2AccessTokenResponse);
        });
    }

    OAuth2AccessTokenResponse populateTokenResponse(T t, OAuth2AccessTokenResponse oAuth2AccessTokenResponse) {
        if (CollectionUtils.isEmpty(oAuth2AccessTokenResponse.getAccessToken().getScopes())) {
            oAuth2AccessTokenResponse = OAuth2AccessTokenResponse.withResponse(oAuth2AccessTokenResponse).scopes(defaultScopes(t)).build();
        }
        return oAuth2AccessTokenResponse;
    }

    public void setWebClient(WebClient webClient) {
        Assert.notNull(webClient, "webClient cannot be null");
        this.webClient = webClient;
    }

    final Converter<T, HttpHeaders> getHeadersConverter() {
        return this.headersConverter;
    }

    public final void setHeadersConverter(Converter<T, HttpHeaders> converter) {
        Assert.notNull(converter, "headersConverter cannot be null");
        this.headersConverter = converter;
        this.requestEntityConverter = this::populateRequest;
    }

    public final void addHeadersConverter(Converter<T, HttpHeaders> converter) {
        Assert.notNull(converter, "headersConverter cannot be null");
        Converter<T, HttpHeaders> converter2 = this.headersConverter;
        this.headersConverter = abstractOAuth2AuthorizationGrantRequest -> {
            HttpHeaders httpHeaders = (HttpHeaders) converter2.convert(abstractOAuth2AuthorizationGrantRequest);
            if (httpHeaders == null) {
                httpHeaders = new HttpHeaders();
            }
            HttpHeaders httpHeaders2 = (HttpHeaders) converter.convert(abstractOAuth2AuthorizationGrantRequest);
            if (httpHeaders2 != null) {
                httpHeaders.addAll(httpHeaders2);
            }
            return httpHeaders;
        };
        this.requestEntityConverter = this::populateRequest;
    }

    final Converter<T, MultiValueMap<String, String>> getParametersConverter() {
        return this.parametersConverter;
    }

    public final void setParametersConverter(Converter<T, MultiValueMap<String, String>> converter) {
        Assert.notNull(converter, "parametersConverter cannot be null");
        this.parametersConverter = converter;
        this.requestEntityConverter = this::populateRequest;
    }

    public final void addParametersConverter(Converter<T, MultiValueMap<String, String>> converter) {
        Assert.notNull(converter, "parametersConverter cannot be null");
        Converter<T, MultiValueMap<String, String>> converter2 = this.parametersConverter;
        this.parametersConverter = abstractOAuth2AuthorizationGrantRequest -> {
            LinkedMultiValueMap linkedMultiValueMap = (MultiValueMap) converter2.convert(abstractOAuth2AuthorizationGrantRequest);
            if (linkedMultiValueMap == null) {
                linkedMultiValueMap = new LinkedMultiValueMap();
            }
            MultiValueMap multiValueMap = (MultiValueMap) converter.convert(abstractOAuth2AuthorizationGrantRequest);
            if (multiValueMap != null) {
                linkedMultiValueMap.addAll(multiValueMap);
            }
            return linkedMultiValueMap;
        };
        this.requestEntityConverter = this::populateRequest;
    }

    public final void setBodyExtractor(BodyExtractor<Mono<OAuth2AccessTokenResponse>, ReactiveHttpInputMessage> bodyExtractor) {
        Assert.notNull(bodyExtractor, "bodyExtractor cannot be null");
        this.bodyExtractor = bodyExtractor;
    }
}
