package org.springframework.security.oauth2.client.web.reactive.result.method.annotation;

import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.oauth2.client.ClientAuthorizationRequiredException;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.BindingContext;
import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/result/method/annotation/OAuth2AuthorizedClientArgumentResolver.class */
public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
    private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;

    public OAuth2AuthorizedClientArgumentResolver(ServerOAuth2AuthorizedClientRepository serverOAuth2AuthorizedClientRepository) {
        Assert.notNull(serverOAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.authorizedClientRepository = serverOAuth2AuthorizedClientRepository;
    }

    public boolean supportsParameter(MethodParameter methodParameter) {
        return AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
    }

    public Mono<Object> resolveArgument(MethodParameter methodParameter, BindingContext bindingContext, ServerWebExchange serverWebExchange) {
        return Mono.defer(() -> {
            Mono switchIfEmpty = Mono.justOrEmpty(((RegisteredOAuth2AuthorizedClient) AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class)).registrationId()).filter(str -> {
                return !StringUtils.isEmpty(str);
            }).switchIfEmpty(clientRegistrationId()).switchIfEmpty(Mono.defer(() -> {
                return Mono.error(new IllegalArgumentException("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\")."));
            }));
            return Mono.zip(switchIfEmpty, ReactiveSecurityContextHolder.getContext().map((v0) -> {
                return v0.getAuthentication();
            }).defaultIfEmpty(new AnonymousAuthenticationToken("key", "anonymous", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"})))).switchIfEmpty(switchIfEmpty.flatMap(str2 -> {
                return Mono.error(new IllegalStateException("Unable to resolve the Authorized Client with registration identifier \"" + str2 + "\". An \"authenticated\" or \"unauthenticated\" session is required. To allow for unauthenticated access, ensure ServerHttpSecurity.anonymous() is configured."));
            })).flatMap(tuple2 -> {
                String str3 = (String) tuple2.getT1();
                return this.authorizedClientRepository.loadAuthorizedClient(str3, (Authentication) tuple2.getT2(), serverWebExchange).switchIfEmpty(Mono.defer(() -> {
                    return Mono.error(new ClientAuthorizationRequiredException(str3));
                }));
            }).cast(OAuth2AuthorizedClient.class).cast(Object.class);
        });
    }

    private Mono<String> clientRegistrationId() {
        return ReactiveSecurityContextHolder.getContext().map((v0) -> {
            return v0.getAuthentication();
        }).filter(authentication -> {
            return authentication instanceof OAuth2AuthenticationToken;
        }).cast(OAuth2AuthenticationToken.class).map((v0) -> {
            return v0.getAuthorizedClientRegistrationId();
        });
    }
}
