package org.springframework.security.oauth2.client.web;

import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.function.Function;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.lang.Nullable;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.OAuth2AuthorizationContext;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager.class */
public final class DefaultOAuth2AuthorizedClientManager implements OAuth2AuthorizedClientManager {
    private final ClientRegistrationRepository clientRegistrationRepository;
    private final OAuth2AuthorizedClientRepository authorizedClientRepository;
    private OAuth2AuthorizedClientProvider authorizedClientProvider = oAuth2AuthorizationContext -> {
        return null;
    };
    private Function<OAuth2AuthorizeRequest, Map<String, Object>> contextAttributesMapper = new DefaultContextAttributesMapper();

    /* loaded from: input_file:org/springframework/security/oauth2/client/web/DefaultOAuth2AuthorizedClientManager$DefaultContextAttributesMapper.class */
    public static class DefaultContextAttributesMapper implements Function<OAuth2AuthorizeRequest, Map<String, Object>> {
        @Override // java.util.function.Function
        public Map<String, Object> apply(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
            Map<String, Object> emptyMap = Collections.emptyMap();
            String parameter = oAuth2AuthorizeRequest.getServletRequest().getParameter("scope");
            if (StringUtils.hasText(parameter)) {
                emptyMap = new HashMap();
                emptyMap.put(OAuth2AuthorizationContext.REQUEST_SCOPE_ATTRIBUTE_NAME, StringUtils.delimitedListToStringArray(parameter, " "));
            }
            return emptyMap;
        }
    }

    public DefaultOAuth2AuthorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(oAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.clientRegistrationRepository = clientRegistrationRepository;
        this.authorizedClientRepository = oAuth2AuthorizedClientRepository;
    }

    @Override // org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientManager
    @Nullable
    public OAuth2AuthorizedClient authorize(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
        OAuth2AuthorizationContext.Builder withAuthorizedClient;
        Assert.notNull(oAuth2AuthorizeRequest, "authorizeRequest cannot be null");
        String clientRegistrationId = oAuth2AuthorizeRequest.getClientRegistrationId();
        OAuth2AuthorizedClient authorizedClient = oAuth2AuthorizeRequest.getAuthorizedClient();
        Authentication principal = oAuth2AuthorizeRequest.getPrincipal();
        HttpServletRequest servletRequest = oAuth2AuthorizeRequest.getServletRequest();
        HttpServletResponse servletResponse = oAuth2AuthorizeRequest.getServletResponse();
        if (authorizedClient != null) {
            withAuthorizedClient = OAuth2AuthorizationContext.withAuthorizedClient(authorizedClient);
        } else {
            ClientRegistration findByRegistrationId = this.clientRegistrationRepository.findByRegistrationId(clientRegistrationId);
            Assert.notNull(findByRegistrationId, "Could not find ClientRegistration with id '" + clientRegistrationId + "'");
            OAuth2AuthorizedClient loadAuthorizedClient = this.authorizedClientRepository.loadAuthorizedClient(clientRegistrationId, principal, servletRequest);
            withAuthorizedClient = loadAuthorizedClient != null ? OAuth2AuthorizationContext.withAuthorizedClient(loadAuthorizedClient) : OAuth2AuthorizationContext.withClientRegistration(findByRegistrationId);
        }
        OAuth2AuthorizationContext build = withAuthorizedClient.principal(principal).attributes(this.contextAttributesMapper.apply(oAuth2AuthorizeRequest)).build();
        OAuth2AuthorizedClient authorize = this.authorizedClientProvider.authorize(build);
        if (authorize != null) {
            this.authorizedClientRepository.saveAuthorizedClient(authorize, principal, servletRequest, servletResponse);
        } else if (build.getAuthorizedClient() != null) {
            return build.getAuthorizedClient();
        }
        return authorize;
    }

    public void setAuthorizedClientProvider(OAuth2AuthorizedClientProvider oAuth2AuthorizedClientProvider) {
        Assert.notNull(oAuth2AuthorizedClientProvider, "authorizedClientProvider cannot be null");
        this.authorizedClientProvider = oAuth2AuthorizedClientProvider;
    }

    public void setContextAttributesMapper(Function<OAuth2AuthorizeRequest, Map<String, Object>> function) {
        Assert.notNull(function, "contextAttributesMapper cannot be null");
        this.contextAttributesMapper = function;
    }
}
