package org.springframework.security.config.annotation.web.reactive;

import java.util.ArrayList;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import java.util.function.Consumer;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanFactory;
import org.springframework.beans.factory.BeanFactoryAware;
import org.springframework.beans.factory.BeanFactoryUtils;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.ListableBeanFactory;
import org.springframework.beans.factory.NoSuchBeanDefinitionException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.support.AbstractBeanDefinition;
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor;
import org.springframework.context.annotation.AnnotationBeanNameGenerator;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.core.ResolvableType;
import org.springframework.security.oauth2.client.AuthorizationCodeReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ClientCredentialsReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.DelegatingReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.JwtBearerReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.PasswordReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.RefreshTokenReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.TokenExchangeReactiveOAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.endpoint.JwtBearerGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.endpoint.OAuth2RefreshTokenGrantRequest;
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.TokenExchangeGrantRequest;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
import org.springframework.security.oauth2.client.web.server.AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.web.reactive.config.WebFluxConfigurer;
import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;

@Import({ReactiveOAuth2AuthorizedClientManagerConfiguration.class, OAuth2ClientWebFluxSecurityConfiguration.class})
/* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.3.3.jar:org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientConfiguration.class */
final class ReactiveOAuth2ClientConfiguration {

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.3.3.jar:org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientConfiguration$OAuth2ClientWebFluxSecurityConfiguration.class */
    static class OAuth2ClientWebFluxSecurityConfiguration implements WebFluxConfigurer {
        private ReactiveOAuth2AuthorizedClientManager authorizedClientManager;
        private ReactiveOAuth2AuthorizedClientManagerRegistrar authorizedClientManagerRegistrar;

        OAuth2ClientWebFluxSecurityConfiguration() {
        }

        @Override // org.springframework.web.reactive.config.WebFluxConfigurer
        public void configureArgumentResolvers(ArgumentResolverConfigurer argumentResolverConfigurer) {
            ReactiveOAuth2AuthorizedClientManager authorizedClientManager = getAuthorizedClientManager();
            if (authorizedClientManager != null) {
                argumentResolverConfigurer.addCustomResolver(new OAuth2AuthorizedClientArgumentResolver(authorizedClientManager));
            }
        }

        @Autowired(required = false)
        void setAuthorizedClientManager(List<ReactiveOAuth2AuthorizedClientManager> list) {
            if (list.size() == 1) {
                this.authorizedClientManager = list.get(0);
            }
        }

        @Autowired
        void setAuthorizedClientManagerRegistrar(ReactiveOAuth2AuthorizedClientManagerRegistrar reactiveOAuth2AuthorizedClientManagerRegistrar) {
            this.authorizedClientManagerRegistrar = reactiveOAuth2AuthorizedClientManagerRegistrar;
        }

        private ReactiveOAuth2AuthorizedClientManager getAuthorizedClientManager() {
            return this.authorizedClientManager != null ? this.authorizedClientManager : this.authorizedClientManagerRegistrar.getAuthorizedClientManagerIfAvailable();
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.3.3.jar:org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientConfiguration$ReactiveOAuth2AuthorizedClientManagerConfiguration.class */
    static class ReactiveOAuth2AuthorizedClientManagerConfiguration {
        ReactiveOAuth2AuthorizedClientManagerConfiguration() {
        }

        @Bean(name = {"authorizedClientManagerRegistrar"})
        ReactiveOAuth2AuthorizedClientManagerRegistrar authorizedClientManagerRegistrar() {
            return new ReactiveOAuth2AuthorizedClientManagerRegistrar();
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:BOOT-INF/lib/spring-security-config-6.3.3.jar:org/springframework/security/config/annotation/web/reactive/ReactiveOAuth2ClientConfiguration$ReactiveOAuth2AuthorizedClientManagerRegistrar.class */
    public static final class ReactiveOAuth2AuthorizedClientManagerRegistrar implements BeanDefinitionRegistryPostProcessor, BeanFactoryAware {
        static final String BEAN_NAME = "authorizedClientManagerRegistrar";
        static final String FACTORY_METHOD_NAME = "getAuthorizedClientManager";
        private static final Set<Class<?>> KNOWN_AUTHORIZED_CLIENT_PROVIDERS = Set.of(AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.class, RefreshTokenReactiveOAuth2AuthorizedClientProvider.class, ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class, PasswordReactiveOAuth2AuthorizedClientProvider.class, JwtBearerReactiveOAuth2AuthorizedClientProvider.class, TokenExchangeReactiveOAuth2AuthorizedClientProvider.class);
        private final AnnotationBeanNameGenerator beanNameGenerator = new AnnotationBeanNameGenerator();
        private ListableBeanFactory beanFactory;

        ReactiveOAuth2AuthorizedClientManagerRegistrar() {
        }

        @Override // org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor
        public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry beanDefinitionRegistry) throws BeansException {
            if (getBeanNamesForType(ReactiveOAuth2AuthorizedClientManager.class).length == 0 && getBeanNamesForType(ReactiveClientRegistrationRepository.class).length == 1) {
                if (getBeanNamesForType(ServerOAuth2AuthorizedClientRepository.class).length == 1 || getBeanNamesForType(ReactiveOAuth2AuthorizedClientService.class).length == 1) {
                    AbstractBeanDefinition beanDefinition = BeanDefinitionBuilder.rootBeanDefinition((Class<?>) ReactiveOAuth2AuthorizedClientManager.class).setFactoryMethodOnBean(FACTORY_METHOD_NAME, BEAN_NAME).getBeanDefinition();
                    beanDefinitionRegistry.registerBeanDefinition(this.beanNameGenerator.generateBeanName(beanDefinition, beanDefinitionRegistry), beanDefinition);
                }
            }
        }

        @Override // org.springframework.beans.factory.BeanFactoryAware
        public void setBeanFactory(BeanFactory beanFactory) throws BeansException {
            this.beanFactory = (ListableBeanFactory) beanFactory;
        }

        ReactiveOAuth2AuthorizedClientManager getAuthorizedClientManagerIfAvailable() {
            if (getBeanNamesForType(ReactiveClientRegistrationRepository.class).length != 1) {
                return null;
            }
            if (getBeanNamesForType(ServerOAuth2AuthorizedClientRepository.class).length == 1 || getBeanNamesForType(ReactiveOAuth2AuthorizedClientService.class).length == 1) {
                return getAuthorizedClientManager();
            }
            return null;
        }

        /* JADX WARN: Multi-variable type inference failed */
        /* JADX WARN: Type inference failed for: r0v48, types: [org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientProvider] */
        /* JADX WARN: Type inference failed for: r0v52, types: [org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository] */
        ReactiveOAuth2AuthorizedClientManager getAuthorizedClientManager() {
            AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository authenticatedPrincipalServerOAuth2AuthorizedClientRepository;
            DelegatingReactiveOAuth2AuthorizedClientProvider delegatingReactiveOAuth2AuthorizedClientProvider;
            ReactiveClientRegistrationRepository reactiveClientRegistrationRepository = (ReactiveClientRegistrationRepository) BeanFactoryUtils.beanOfTypeIncludingAncestors(this.beanFactory, ReactiveClientRegistrationRepository.class, true, true);
            try {
                authenticatedPrincipalServerOAuth2AuthorizedClientRepository = (ServerOAuth2AuthorizedClientRepository) BeanFactoryUtils.beanOfTypeIncludingAncestors(this.beanFactory, ServerOAuth2AuthorizedClientRepository.class, true, true);
            } catch (NoSuchBeanDefinitionException e) {
                authenticatedPrincipalServerOAuth2AuthorizedClientRepository = new AuthenticatedPrincipalServerOAuth2AuthorizedClientRepository((ReactiveOAuth2AuthorizedClientService) BeanFactoryUtils.beanOfTypeIncludingAncestors(this.beanFactory, ReactiveOAuth2AuthorizedClientService.class, true, true));
            }
            Collection<ReactiveOAuth2AuthorizedClientProvider> values = BeanFactoryUtils.beansOfTypeIncludingAncestors(this.beanFactory, ReactiveOAuth2AuthorizedClientProvider.class, true, true).values();
            if (hasDelegatingAuthorizedClientProvider(values)) {
                delegatingReactiveOAuth2AuthorizedClientProvider = values.iterator().next();
            } else {
                ArrayList arrayList = new ArrayList();
                arrayList.add(getAuthorizationCodeAuthorizedClientProvider(values));
                arrayList.add(getRefreshTokenAuthorizedClientProvider(values));
                arrayList.add(getClientCredentialsAuthorizedClientProvider(values));
                arrayList.add(getPasswordAuthorizedClientProvider(values));
                ReactiveOAuth2AuthorizedClientProvider jwtBearerAuthorizedClientProvider = getJwtBearerAuthorizedClientProvider(values);
                if (jwtBearerAuthorizedClientProvider != null) {
                    arrayList.add(jwtBearerAuthorizedClientProvider);
                }
                ReactiveOAuth2AuthorizedClientProvider tokenExchangeAuthorizedClientProvider = getTokenExchangeAuthorizedClientProvider(values);
                if (tokenExchangeAuthorizedClientProvider != null) {
                    arrayList.add(tokenExchangeAuthorizedClientProvider);
                }
                arrayList.addAll(getAdditionalAuthorizedClientProviders(values));
                delegatingReactiveOAuth2AuthorizedClientProvider = new DelegatingReactiveOAuth2AuthorizedClientProvider(arrayList);
            }
            DefaultReactiveOAuth2AuthorizedClientManager defaultReactiveOAuth2AuthorizedClientManager = new DefaultReactiveOAuth2AuthorizedClientManager(reactiveClientRegistrationRepository, authenticatedPrincipalServerOAuth2AuthorizedClientRepository);
            defaultReactiveOAuth2AuthorizedClientManager.setAuthorizedClientProvider(delegatingReactiveOAuth2AuthorizedClientProvider);
            Consumer consumer = (Consumer) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) Consumer.class, (Class<?>[]) new Class[]{DefaultReactiveOAuth2AuthorizedClientManager.class}));
            if (consumer != null) {
                consumer.accept(defaultReactiveOAuth2AuthorizedClientManager);
            }
            return defaultReactiveOAuth2AuthorizedClientManager;
        }

        private boolean hasDelegatingAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            if (collection.size() != 1) {
                return false;
            }
            return collection.iterator().next() instanceof DelegatingReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getAuthorizationCodeAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            AuthorizationCodeReactiveOAuth2AuthorizedClientProvider authorizationCodeReactiveOAuth2AuthorizedClientProvider = (AuthorizationCodeReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, AuthorizationCodeReactiveOAuth2AuthorizedClientProvider.class);
            if (authorizationCodeReactiveOAuth2AuthorizedClientProvider == null) {
                authorizationCodeReactiveOAuth2AuthorizedClientProvider = new AuthorizationCodeReactiveOAuth2AuthorizedClientProvider();
            }
            return authorizationCodeReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getRefreshTokenAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            RefreshTokenReactiveOAuth2AuthorizedClientProvider refreshTokenReactiveOAuth2AuthorizedClientProvider = (RefreshTokenReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, RefreshTokenReactiveOAuth2AuthorizedClientProvider.class);
            if (refreshTokenReactiveOAuth2AuthorizedClientProvider == null) {
                refreshTokenReactiveOAuth2AuthorizedClientProvider = new RefreshTokenReactiveOAuth2AuthorizedClientProvider();
            }
            ReactiveOAuth2AccessTokenResponseClient<OAuth2RefreshTokenGrantRequest> reactiveOAuth2AccessTokenResponseClient = (ReactiveOAuth2AccessTokenResponseClient) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) ReactiveOAuth2AccessTokenResponseClient.class, (Class<?>[]) new Class[]{OAuth2RefreshTokenGrantRequest.class}));
            if (reactiveOAuth2AccessTokenResponseClient != null) {
                refreshTokenReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(reactiveOAuth2AccessTokenResponseClient);
            }
            return refreshTokenReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getClientCredentialsAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            ClientCredentialsReactiveOAuth2AuthorizedClientProvider clientCredentialsReactiveOAuth2AuthorizedClientProvider = (ClientCredentialsReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, ClientCredentialsReactiveOAuth2AuthorizedClientProvider.class);
            if (clientCredentialsReactiveOAuth2AuthorizedClientProvider == null) {
                clientCredentialsReactiveOAuth2AuthorizedClientProvider = new ClientCredentialsReactiveOAuth2AuthorizedClientProvider();
            }
            ReactiveOAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> reactiveOAuth2AccessTokenResponseClient = (ReactiveOAuth2AccessTokenResponseClient) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) ReactiveOAuth2AccessTokenResponseClient.class, (Class<?>[]) new Class[]{OAuth2ClientCredentialsGrantRequest.class}));
            if (reactiveOAuth2AccessTokenResponseClient != null) {
                clientCredentialsReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(reactiveOAuth2AccessTokenResponseClient);
            }
            return clientCredentialsReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getPasswordAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            PasswordReactiveOAuth2AuthorizedClientProvider passwordReactiveOAuth2AuthorizedClientProvider = (PasswordReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, PasswordReactiveOAuth2AuthorizedClientProvider.class);
            if (passwordReactiveOAuth2AuthorizedClientProvider == null) {
                passwordReactiveOAuth2AuthorizedClientProvider = new PasswordReactiveOAuth2AuthorizedClientProvider();
            }
            ReactiveOAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> reactiveOAuth2AccessTokenResponseClient = (ReactiveOAuth2AccessTokenResponseClient) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) ReactiveOAuth2AccessTokenResponseClient.class, (Class<?>[]) new Class[]{OAuth2PasswordGrantRequest.class}));
            if (reactiveOAuth2AccessTokenResponseClient != null) {
                passwordReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(reactiveOAuth2AccessTokenResponseClient);
            }
            return passwordReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getJwtBearerAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            JwtBearerReactiveOAuth2AuthorizedClientProvider jwtBearerReactiveOAuth2AuthorizedClientProvider = (JwtBearerReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, JwtBearerReactiveOAuth2AuthorizedClientProvider.class);
            ReactiveOAuth2AccessTokenResponseClient<JwtBearerGrantRequest> reactiveOAuth2AccessTokenResponseClient = (ReactiveOAuth2AccessTokenResponseClient) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) ReactiveOAuth2AccessTokenResponseClient.class, (Class<?>[]) new Class[]{JwtBearerGrantRequest.class}));
            if (reactiveOAuth2AccessTokenResponseClient != null) {
                if (jwtBearerReactiveOAuth2AuthorizedClientProvider == null) {
                    jwtBearerReactiveOAuth2AuthorizedClientProvider = new JwtBearerReactiveOAuth2AuthorizedClientProvider();
                }
                jwtBearerReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(reactiveOAuth2AccessTokenResponseClient);
            }
            return jwtBearerReactiveOAuth2AuthorizedClientProvider;
        }

        private ReactiveOAuth2AuthorizedClientProvider getTokenExchangeAuthorizedClientProvider(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            TokenExchangeReactiveOAuth2AuthorizedClientProvider tokenExchangeReactiveOAuth2AuthorizedClientProvider = (TokenExchangeReactiveOAuth2AuthorizedClientProvider) getAuthorizedClientProviderByType(collection, TokenExchangeReactiveOAuth2AuthorizedClientProvider.class);
            ReactiveOAuth2AccessTokenResponseClient<TokenExchangeGrantRequest> reactiveOAuth2AccessTokenResponseClient = (ReactiveOAuth2AccessTokenResponseClient) getBeanOfType(ResolvableType.forClassWithGenerics((Class<?>) ReactiveOAuth2AccessTokenResponseClient.class, (Class<?>[]) new Class[]{TokenExchangeGrantRequest.class}));
            if (reactiveOAuth2AccessTokenResponseClient != null) {
                if (tokenExchangeReactiveOAuth2AuthorizedClientProvider == null) {
                    tokenExchangeReactiveOAuth2AuthorizedClientProvider = new TokenExchangeReactiveOAuth2AuthorizedClientProvider();
                }
                tokenExchangeReactiveOAuth2AuthorizedClientProvider.setAccessTokenResponseClient(reactiveOAuth2AccessTokenResponseClient);
            }
            return tokenExchangeReactiveOAuth2AuthorizedClientProvider;
        }

        private List<ReactiveOAuth2AuthorizedClientProvider> getAdditionalAuthorizedClientProviders(Collection<ReactiveOAuth2AuthorizedClientProvider> collection) {
            ArrayList arrayList = new ArrayList(collection);
            arrayList.removeIf(reactiveOAuth2AuthorizedClientProvider -> {
                return KNOWN_AUTHORIZED_CLIENT_PROVIDERS.contains(reactiveOAuth2AuthorizedClientProvider.getClass());
            });
            return arrayList;
        }

        private <T extends ReactiveOAuth2AuthorizedClientProvider> T getAuthorizedClientProviderByType(Collection<ReactiveOAuth2AuthorizedClientProvider> collection, Class<T> cls) {
            T t = null;
            for (ReactiveOAuth2AuthorizedClientProvider reactiveOAuth2AuthorizedClientProvider : collection) {
                if (cls.isInstance(reactiveOAuth2AuthorizedClientProvider)) {
                    assertAuthorizedClientProviderIsNull(t);
                    t = cls.cast(reactiveOAuth2AuthorizedClientProvider);
                }
            }
            return t;
        }

        private static void assertAuthorizedClientProviderIsNull(ReactiveOAuth2AuthorizedClientProvider reactiveOAuth2AuthorizedClientProvider) {
            if (reactiveOAuth2AuthorizedClientProvider != null) {
                throw new BeanInitializationException(String.format("Unable to create a %s bean. Expected one bean of type %s, but found multiple. Please consider defining only a single bean of this type, or define a %s bean yourself.", ReactiveOAuth2AuthorizedClientManager.class.getName(), reactiveOAuth2AuthorizedClientProvider.getClass().getName(), ReactiveOAuth2AuthorizedClientManager.class.getName()));
            }
        }

        private <T> String[] getBeanNamesForType(Class<T> cls) {
            return BeanFactoryUtils.beanNamesForTypeIncludingAncestors(this.beanFactory, (Class<?>) cls, true, true);
        }

        private <T> T getBeanOfType(ResolvableType resolvableType) {
            return this.beanFactory.getBeanProvider(resolvableType, true).getIfAvailable();
        }
    }

    ReactiveOAuth2ClientConfiguration() {
    }
}
