package org.springframework.security.oauth2.client.endpoint;

import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.util.Collections;
import java.util.Set;
import org.springframework.http.HttpHeaders;
import org.springframework.http.MediaType;
import org.springframework.security.oauth2.client.endpoint.AbstractOAuth2AuthorizationGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.web.reactive.function.OAuth2BodyExtractors;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.BodyInserters;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/endpoint/AbstractWebClientReactiveOAuth2AccessTokenResponseClient.class */
abstract class AbstractWebClientReactiveOAuth2AccessTokenResponseClient<T extends AbstractOAuth2AuthorizationGrantRequest> implements ReactiveOAuth2AccessTokenResponseClient<T> {
    private WebClient webClient = WebClient.builder().build();

    @Override // org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient
    public Mono<OAuth2AccessTokenResponse> getTokenResponse(T t) {
        Assert.notNull(t, "grantRequest cannot be null");
        return Mono.defer(() -> {
            return this.webClient.post().uri(clientRegistration(t).getProviderDetails().getTokenUri(), new Object[0]).headers(httpHeaders -> {
                populateTokenRequestHeaders(t, httpHeaders);
            }).body(createTokenRequestBody(t)).exchange().flatMap(clientResponse -> {
                return readTokenResponse(t, clientResponse);
            });
        });
    }

    abstract ClientRegistration clientRegistration(T t);

    private void populateTokenRequestHeaders(T t, HttpHeaders httpHeaders) {
        ClientRegistration clientRegistration = clientRegistration(t);
        httpHeaders.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
        httpHeaders.setAccept(Collections.singletonList(MediaType.APPLICATION_JSON));
        if (ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
            httpHeaders.setBasicAuth(encodeClientCredential(clientRegistration.getClientId()), encodeClientCredential(clientRegistration.getClientSecret()));
        }
    }

    private static String encodeClientCredential(String str) {
        try {
            return URLEncoder.encode(str, StandardCharsets.UTF_8.toString());
        } catch (UnsupportedEncodingException e) {
            throw new IllegalArgumentException(e);
        }
    }

    private BodyInserters.FormInserter<String> createTokenRequestBody(T t) {
        return populateTokenRequestBody(t, BodyInserters.fromFormData("grant_type", t.getGrantType().getValue()));
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public BodyInserters.FormInserter<String> populateTokenRequestBody(T t, BodyInserters.FormInserter<String> formInserter) {
        ClientRegistration clientRegistration = clientRegistration(t);
        if (!ClientAuthenticationMethod.BASIC.equals(clientRegistration.getClientAuthenticationMethod())) {
            formInserter.with("client_id", clientRegistration.getClientId());
        }
        if (ClientAuthenticationMethod.POST.equals(clientRegistration.getClientAuthenticationMethod())) {
            formInserter.with("client_secret", clientRegistration.getClientSecret());
        }
        Set<String> scopes = scopes(t);
        if (!CollectionUtils.isEmpty(scopes)) {
            formInserter.with("scope", StringUtils.collectionToDelimitedString(scopes, " "));
        }
        return formInserter;
    }

    abstract Set<String> scopes(T t);

    Set<String> defaultScopes(T t) {
        return scopes(t);
    }

    private Mono<OAuth2AccessTokenResponse> readTokenResponse(T t, ClientResponse clientResponse) {
        return ((Mono) clientResponse.body(OAuth2BodyExtractors.oauth2AccessTokenResponse())).map(oAuth2AccessTokenResponse -> {
            return populateTokenResponse(t, oAuth2AccessTokenResponse);
        });
    }

    OAuth2AccessTokenResponse populateTokenResponse(T t, OAuth2AccessTokenResponse oAuth2AccessTokenResponse) {
        if (CollectionUtils.isEmpty(oAuth2AccessTokenResponse.getAccessToken().getScopes())) {
            oAuth2AccessTokenResponse = OAuth2AccessTokenResponse.withResponse(oAuth2AccessTokenResponse).scopes(defaultScopes(t)).build();
        }
        return oAuth2AccessTokenResponse;
    }

    public void setWebClient(WebClient webClient) {
        Assert.notNull(webClient, "webClient cannot be null");
        this.webClient = webClient;
    }
}
