package org.springframework.security.oauth2.client.endpoint;

import java.util.Collections;
import java.util.function.Consumer;
import org.springframework.core.io.buffer.DataBuffer;
import org.springframework.core.io.buffer.DataBufferUtils;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/WebClientReactiveRefreshTokenTokenResponseClient.class */
public final class WebClientReactiveRefreshTokenTokenResponseClient implements ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> {
    private static final String INVALID_TOKEN_RESPONSE_ERROR_CODE = "invalid_token_response";
    private WebClient webClient = WebClient.builder().build();

    @Override // org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
    public Mono<OAuth2AccessTokenResponse> getTokenResponse(OAuth2RefreshTokenGrantRequest oAuth2RefreshTokenGrantRequest) {
        Assert.notNull(oAuth2RefreshTokenGrantRequest, "refreshTokenGrantRequest cannot be null");
        return Mono.defer(() -> {
            ClientRegistration clientRegistration = oAuth2RefreshTokenGrantRequest.getClientRegistration();
            return this.webClient.post().uri(clientRegistration.getProviderDetails().getTokenUri(), new Object[0]).headers(tokenRequestHeaders(clientRegistration)).body(tokenRequestBody(oAuth2RefreshTokenGrantRequest)).exchange().flatMap(clientResponse -> {
                HttpStatus resolve = HttpStatus.resolve(clientResponse.rawStatusCode());
                if (resolve != null && resolve.is2xxSuccessful()) {
                    return (Mono) clientResponse.body(OAuth2BodyExtractors.oauth2AccessTokenResponse());
                }
                return clientResponse.bodyToMono(DataBuffer.class).map(DataBufferUtils::release).then(Mono.error(new OAuth2AuthorizationException(new OAuth2Error(INVALID_TOKEN_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the OAuth 2.0 Access Token Response: HTTP Status Code " + clientResponse.rawStatusCode(), (String) null))));
            }).map(oAuth2AccessTokenResponse -> {
                return tokenResponse(oAuth2RefreshTokenGrantRequest, oAuth2AccessTokenResponse);
            });
        });
    }

    private static Consumer<HttpHeaders> tokenRequestHeaders(ClientRegistration clientRegistration) {
        return httpHeaders -> {
            httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
            httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
            if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
                httpHeaders.setBasicAuth(clientRegistration.getClientId(), clientRegistration.getClientSecret());
            }
        };
    }

    private static BodyInserters.FormInserter<String> tokenRequestBody(OAuth2RefreshTokenGrantRequest oAuth2RefreshTokenGrantRequest) {
        ClientRegistration clientRegistration = oAuth2RefreshTokenGrantRequest.getClientRegistration();
        BodyInserters.FormInserter<String> fromFormData = BodyInserters.fromFormData("grant_type", oAuth2RefreshTokenGrantRequest.getGrantType().getValue());
        fromFormData.with("refresh_token", oAuth2RefreshTokenGrantRequest.getRefreshToken().getTokenValue());
        if (!CollectionUtils.isEmpty(oAuth2RefreshTokenGrantRequest.getScopes())) {
            fromFormData.with("scope", StringUtils.collectionToDelimitedString(oAuth2RefreshTokenGrantRequest.getScopes(), " "));
        }
        if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
            fromFormData.with("client_id", clientRegistration.getClientId());
            fromFormData.with("client_secret", clientRegistration.getClientSecret());
        }
        return fromFormData;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static OAuth2AccessTokenResponse tokenResponse(OAuth2RefreshTokenGrantRequest oAuth2RefreshTokenGrantRequest, OAuth2AccessTokenResponse oAuth2AccessTokenResponse) {
        if (!CollectionUtils.isEmpty(oAuth2AccessTokenResponse.getAccessToken().getScopes()) && oAuth2AccessTokenResponse.getRefreshToken() != null) {
            return oAuth2AccessTokenResponse;
        }
        OAuth2AccessTokenResponse.Builder withResponse = OAuth2AccessTokenResponse.withResponse(oAuth2AccessTokenResponse);
        if (CollectionUtils.isEmpty(oAuth2AccessTokenResponse.getAccessToken().getScopes())) {
            withResponse.scopes(oAuth2RefreshTokenGrantRequest.getAccessToken().getScopes());
        }
        if (oAuth2AccessTokenResponse.getRefreshToken() == null) {
            withResponse.refreshToken(oAuth2RefreshTokenGrantRequest.getRefreshToken().getTokenValue());
        }
        return withResponse.build();
    }

    public void setWebClient(WebClient webClient) {
        Assert.notNull(webClient, "webClient cannot be null");
        this.webClient = webClient;
    }
}
