package org.springframework.security.oauth2.client.web.reactive.function.client;

import java.time.Duration;
import java.util.Collections;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
import java.util.function.Consumer;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.ClientAuthorizationException;
import org.springframework.security.oauth2.client.OAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.RemoveAuthorizedClientOAuth2AuthorizationFailureHandler;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.reactive.function.client.ClientRequest;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.ExchangeFilterFunction;
import org.springframework.web.reactive.function.client.ExchangeFunction;
import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.reactive.function.client.WebClientResponseException;
import reactor.core.publisher.Mono;
import reactor.core.scheduler.Schedulers;
import reactor.util.context.Context;

/* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction.class */
public final class ServletOAuth2AuthorizedClientExchangeFilterFunction implements ExchangeFilterFunction {
    static final String SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY = "org.springframework.security.SECURITY_CONTEXT_ATTRIBUTES";
    private static final String OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME = OAuth2AuthorizedClient.class.getName();
    private static final String CLIENT_REGISTRATION_ID_ATTR_NAME = OAuth2AuthorizedClient.class.getName().concat(".CLIENT_REGISTRATION_ID");
    private static final String AUTHENTICATION_ATTR_NAME = Authentication.class.getName();
    private static final String HTTP_SERVLET_REQUEST_ATTR_NAME = HttpServletRequest.class.getName();
    private static final String HTTP_SERVLET_RESPONSE_ATTR_NAME = HttpServletResponse.class.getName();
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken("anonymous", "anonymousUser", AuthorityUtils.createAuthorityList(new String[]{"ROLE_ANONYMOUS"}));

    @Deprecated
    private Duration accessTokenExpiresSkew = Duration.ofMinutes(1);

    @Deprecated
    private OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> clientCredentialsTokenResponseClient;
    private OAuth2AuthorizedClientManager authorizedClientManager;
    private boolean defaultAuthorizedClientManager;
    private boolean defaultOAuth2AuthorizedClient;
    private String defaultClientRegistrationId;
    private ClientResponseHandler clientResponseHandler;

    /* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction$AuthorizationFailureForwarder.class */
    private static final class AuthorizationFailureForwarder implements ClientResponseHandler {
        private final Map<Integer, String> httpStatusToOAuth2ErrorCodeMap;
        private final OAuth2AuthorizationFailureHandler authorizationFailureHandler;

        private AuthorizationFailureForwarder(OAuth2AuthorizationFailureHandler oAuth2AuthorizationFailureHandler) {
            Assert.notNull(oAuth2AuthorizationFailureHandler, "authorizationFailureHandler cannot be null");
            this.authorizationFailureHandler = oAuth2AuthorizationFailureHandler;
            HashMap hashMap = new HashMap();
            hashMap.put(Integer.valueOf(HttpStatus.UNAUTHORIZED.value()), "invalid_token");
            hashMap.put(Integer.valueOf(HttpStatus.FORBIDDEN.value()), "insufficient_scope");
            this.httpStatusToOAuth2ErrorCodeMap = Collections.unmodifiableMap(hashMap);
        }

        @Override // org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.ClientResponseHandler
        public Mono<ClientResponse> handleResponse(ClientRequest clientRequest, Mono<ClientResponse> mono) {
            return mono.flatMap(clientResponse -> {
                return handleResponse(clientRequest, clientResponse).thenReturn(clientResponse);
            }).onErrorResume(WebClientResponseException.class, webClientResponseException -> {
                return handleWebClientResponseException(clientRequest, webClientResponseException).then(Mono.error(webClientResponseException));
            }).onErrorResume(OAuth2AuthorizationException.class, oAuth2AuthorizationException -> {
                return handleAuthorizationException(clientRequest, oAuth2AuthorizationException).then(Mono.error(oAuth2AuthorizationException));
            });
        }

        private Mono<Void> handleResponse(ClientRequest clientRequest, ClientResponse clientResponse) {
            return Mono.justOrEmpty(resolveErrorIfPossible(clientResponse)).flatMap(oAuth2Error -> {
                Map attributes = clientRequest.attributes();
                OAuth2AuthorizedClient oAuth2AuthorizedClient = ServletOAuth2AuthorizedClientExchangeFilterFunction.getOAuth2AuthorizedClient(attributes);
                return oAuth2AuthorizedClient == null ? Mono.empty() : handleAuthorizationFailure(new ClientAuthorizationException(oAuth2Error, oAuth2AuthorizedClient.getClientRegistration().getRegistrationId()), ServletOAuth2AuthorizedClientExchangeFilterFunction.createAuthentication(oAuth2AuthorizedClient.getPrincipalName()), ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest(attributes), ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse(attributes));
            });
        }

        private OAuth2Error resolveErrorIfPossible(ClientResponse clientResponse) {
            if (!clientResponse.headers().header("WWW-Authenticate").isEmpty()) {
                Map<String, String> parseAuthParameters = parseAuthParameters((String) clientResponse.headers().header("WWW-Authenticate").get(0));
                if (parseAuthParameters.containsKey("error")) {
                    return new OAuth2Error(parseAuthParameters.get("error"), parseAuthParameters.get("error_description"), parseAuthParameters.get("error_uri"));
                }
            }
            return resolveErrorIfPossible(clientResponse.rawStatusCode());
        }

        private OAuth2Error resolveErrorIfPossible(int i) {
            if (this.httpStatusToOAuth2ErrorCodeMap.containsKey(Integer.valueOf(i))) {
                return new OAuth2Error(this.httpStatusToOAuth2ErrorCodeMap.get(Integer.valueOf(i)), (String) null, "https://tools.ietf.org/html/rfc6750#section-3.1");
            }
            return null;
        }

        private Map<String, String> parseAuthParameters(String str) {
            return (Map) Stream.of(str).filter(str2 -> {
                return !StringUtils.isEmpty(str2);
            }).filter(str3 -> {
                return str3.toLowerCase(Locale.ENGLISH).startsWith("bearer");
            }).map(str4 -> {
                return str4.substring("bearer".length());
            }).map(str5 -> {
                return str5.split(",");
            }).flatMap((v0) -> {
                return Stream.of(v0);
            }).map(str6 -> {
                return str6.split("=");
            }).filter(strArr -> {
                return strArr.length > 1;
            }).collect(Collectors.toMap(strArr2 -> {
                return strArr2[0].trim();
            }, strArr3 -> {
                return strArr3[1].trim().replace("\"", "");
            }));
        }

        private Mono<Void> handleWebClientResponseException(ClientRequest clientRequest, WebClientResponseException webClientResponseException) {
            return Mono.justOrEmpty(resolveErrorIfPossible(webClientResponseException.getRawStatusCode())).flatMap(oAuth2Error -> {
                Map attributes = clientRequest.attributes();
                OAuth2AuthorizedClient oAuth2AuthorizedClient = ServletOAuth2AuthorizedClientExchangeFilterFunction.getOAuth2AuthorizedClient(attributes);
                return oAuth2AuthorizedClient == null ? Mono.empty() : handleAuthorizationFailure(new ClientAuthorizationException(oAuth2Error, oAuth2AuthorizedClient.getClientRegistration().getRegistrationId(), (Throwable) webClientResponseException), ServletOAuth2AuthorizedClientExchangeFilterFunction.createAuthentication(oAuth2AuthorizedClient.getPrincipalName()), ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest(attributes), ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse(attributes));
            });
        }

        private Mono<Void> handleAuthorizationException(ClientRequest clientRequest, OAuth2AuthorizationException oAuth2AuthorizationException) {
            return Mono.justOrEmpty(clientRequest).flatMap(clientRequest2 -> {
                Map attributes = clientRequest2.attributes();
                OAuth2AuthorizedClient oAuth2AuthorizedClient = ServletOAuth2AuthorizedClientExchangeFilterFunction.getOAuth2AuthorizedClient(attributes);
                return oAuth2AuthorizedClient == null ? Mono.empty() : handleAuthorizationFailure(oAuth2AuthorizationException, ServletOAuth2AuthorizedClientExchangeFilterFunction.createAuthentication(oAuth2AuthorizedClient.getPrincipalName()), ServletOAuth2AuthorizedClientExchangeFilterFunction.getRequest(attributes), ServletOAuth2AuthorizedClientExchangeFilterFunction.getResponse(attributes));
            });
        }

        private Mono<Void> handleAuthorizationFailure(OAuth2AuthorizationException oAuth2AuthorizationException, Authentication authentication, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            return Mono.fromRunnable(() -> {
                this.authorizationFailureHandler.onAuthorizationFailure(oAuth2AuthorizationException, authentication, createAttributes(httpServletRequest, httpServletResponse));
            }).subscribeOn(Schedulers.boundedElastic()).then();
        }

        private static Map<String, Object> createAttributes(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
            HashMap hashMap = new HashMap();
            hashMap.put(HttpServletRequest.class.getName(), httpServletRequest);
            hashMap.put(HttpServletResponse.class.getName(), httpServletResponse);
            return hashMap;
        }
    }

    @FunctionalInterface
    /* loaded from: input_file:org/springframework/security/oauth2/client/web/reactive/function/client/ServletOAuth2AuthorizedClientExchangeFilterFunction$ClientResponseHandler.class */
    private interface ClientResponseHandler {
        Mono<ClientResponse> handleResponse(ClientRequest clientRequest, Mono<ClientResponse> mono);
    }

    public ServletOAuth2AuthorizedClientExchangeFilterFunction() {
    }

    public ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        Assert.notNull(oAuth2AuthorizedClientManager, "authorizedClientManager cannot be null");
        this.authorizedClientManager = oAuth2AuthorizedClientManager;
        this.clientResponseHandler = (clientRequest, mono) -> {
            return mono;
        };
    }

    public ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        RemoveAuthorizedClientOAuth2AuthorizationFailureHandler removeAuthorizedClientOAuth2AuthorizationFailureHandler = new RemoveAuthorizedClientOAuth2AuthorizationFailureHandler((str, authentication, map) -> {
            removeAuthorizedClient(oAuth2AuthorizedClientRepository, str, authentication, map);
        });
        DefaultOAuth2AuthorizedClientManager defaultOAuth2AuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
        defaultOAuth2AuthorizedClientManager.setAuthorizationFailureHandler(removeAuthorizedClientOAuth2AuthorizationFailureHandler);
        this.authorizedClientManager = defaultOAuth2AuthorizedClientManager;
        this.defaultAuthorizedClientManager = true;
        this.clientResponseHandler = new AuthorizationFailureForwarder(removeAuthorizedClientOAuth2AuthorizationFailureHandler);
    }

    private void removeAuthorizedClient(OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository, String str, Authentication authentication, Map<String, Object> map) {
        oAuth2AuthorizedClientRepository.removeAuthorizedClient(str, authentication, getRequest(map), getResponse(map));
    }

    @Deprecated
    public void setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> oAuth2AccessTokenResponseClient) {
        Assert.notNull(oAuth2AccessTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
        Assert.state(this.defaultAuthorizedClientManager, "The client cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
        this.clientCredentialsTokenResponseClient = oAuth2AccessTokenResponseClient;
        updateDefaultAuthorizedClientManager();
    }

    private void updateDefaultAuthorizedClientManager() {
        ((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().refreshToken(refreshTokenGrantBuilder -> {
            refreshTokenGrantBuilder.clockSkew(this.accessTokenExpiresSkew);
        }).clientCredentials(this::updateClientCredentialsProvider).password(passwordGrantBuilder -> {
            passwordGrantBuilder.clockSkew(this.accessTokenExpiresSkew);
        }).build());
    }

    private void updateClientCredentialsProvider(OAuth2AuthorizedClientProviderBuilder.ClientCredentialsGrantBuilder clientCredentialsGrantBuilder) {
        if (this.clientCredentialsTokenResponseClient != null) {
            clientCredentialsGrantBuilder.accessTokenResponseClient(this.clientCredentialsTokenResponseClient);
        }
        clientCredentialsGrantBuilder.clockSkew(this.accessTokenExpiresSkew);
    }

    public void setDefaultOAuth2AuthorizedClient(boolean z) {
        this.defaultOAuth2AuthorizedClient = z;
    }

    public void setDefaultClientRegistrationId(String str) {
        this.defaultClientRegistrationId = str;
    }

    public Consumer<WebClient.Builder> oauth2Configuration() {
        return builder -> {
            builder.defaultRequest(defaultRequest()).filter(this);
        };
    }

    public Consumer<WebClient.RequestHeadersSpec<?>> defaultRequest() {
        return requestHeadersSpec -> {
            requestHeadersSpec.attributes(map -> {
                populateDefaultRequestResponse(map);
                populateDefaultAuthentication(map);
            });
        };
    }

    public static Consumer<Map<String, Object>> oauth2AuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        return map -> {
            if (oAuth2AuthorizedClient == null) {
                map.remove(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME);
            } else {
                map.put(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME, oAuth2AuthorizedClient);
            }
        };
    }

    public static Consumer<Map<String, Object>> clientRegistrationId(String str) {
        return map -> {
            map.put(CLIENT_REGISTRATION_ID_ATTR_NAME, str);
        };
    }

    public static Consumer<Map<String, Object>> authentication(Authentication authentication) {
        return map -> {
            map.put(AUTHENTICATION_ATTR_NAME, authentication);
        };
    }

    public static Consumer<Map<String, Object>> httpServletRequest(HttpServletRequest httpServletRequest) {
        return map -> {
            map.put(HTTP_SERVLET_REQUEST_ATTR_NAME, httpServletRequest);
        };
    }

    public static Consumer<Map<String, Object>> httpServletResponse(HttpServletResponse httpServletResponse) {
        return map -> {
            map.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, httpServletResponse);
        };
    }

    @Deprecated
    public void setAccessTokenExpiresSkew(Duration duration) {
        Assert.notNull(duration, "accessTokenExpiresSkew cannot be null");
        Assert.state(this.defaultAuthorizedClientManager, "The accessTokenExpiresSkew cannot be set when the constructor used is \"ServletOAuth2AuthorizedClientExchangeFilterFunction(OAuth2AuthorizedClientManager)\". Instead, use the constructor \"ServletOAuth2AuthorizedClientExchangeFilterFunction(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
        this.accessTokenExpiresSkew = duration;
        updateDefaultAuthorizedClientManager();
    }

    public void setAuthorizationFailureHandler(OAuth2AuthorizationFailureHandler oAuth2AuthorizationFailureHandler) {
        Assert.notNull(oAuth2AuthorizationFailureHandler, "authorizationFailureHandler cannot be null");
        this.clientResponseHandler = new AuthorizationFailureForwarder(oAuth2AuthorizationFailureHandler);
    }

    public Mono<ClientResponse> filter(ClientRequest clientRequest, ExchangeFunction exchangeFunction) {
        return mergeRequestAttributesIfNecessary(clientRequest).filter(clientRequest2 -> {
            return clientRequest2.attribute(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME).isPresent();
        }).flatMap(clientRequest3 -> {
            return reauthorizeClient(getOAuth2AuthorizedClient(clientRequest3.attributes()), clientRequest3);
        }).switchIfEmpty(Mono.defer(() -> {
            return mergeRequestAttributesIfNecessary(clientRequest).filter(clientRequest4 -> {
                return resolveClientRegistrationId(clientRequest4) != null;
            }).flatMap(clientRequest5 -> {
                return authorizeClient(resolveClientRegistrationId(clientRequest5), clientRequest5);
            });
        })).map(oAuth2AuthorizedClient -> {
            return bearer(clientRequest, oAuth2AuthorizedClient);
        }).flatMap(clientRequest4 -> {
            return exchangeAndHandleResponse(clientRequest4, exchangeFunction);
        }).switchIfEmpty(Mono.defer(() -> {
            return exchangeAndHandleResponse(clientRequest, exchangeFunction);
        }));
    }

    private Mono<ClientResponse> exchangeAndHandleResponse(ClientRequest clientRequest, ExchangeFunction exchangeFunction) {
        return exchangeFunction.exchange(clientRequest).transform(mono -> {
            return this.clientResponseHandler.handleResponse(clientRequest, mono);
        });
    }

    private Mono<ClientRequest> mergeRequestAttributesIfNecessary(ClientRequest clientRequest) {
        return (clientRequest.attribute(HTTP_SERVLET_REQUEST_ATTR_NAME).isPresent() && clientRequest.attribute(HTTP_SERVLET_RESPONSE_ATTR_NAME).isPresent() && clientRequest.attribute(AUTHENTICATION_ATTR_NAME).isPresent()) ? Mono.just(clientRequest) : mergeRequestAttributesFromContext(clientRequest);
    }

    private Mono<ClientRequest> mergeRequestAttributesFromContext(ClientRequest clientRequest) {
        ClientRequest.Builder from = ClientRequest.from(clientRequest);
        return Mono.subscriberContext().map(context -> {
            return from.attributes(map -> {
                populateRequestAttributes(map, context);
            });
        }).map((v0) -> {
            return v0.build();
        });
    }

    private void populateRequestAttributes(Map<String, Object> map, Context context) {
        if (context.hasKey(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY)) {
            Map map2 = (Map) context.get(SECURITY_REACTOR_CONTEXT_ATTRIBUTES_KEY);
            HttpServletRequest httpServletRequest = (HttpServletRequest) map2.get(HttpServletRequest.class);
            if (httpServletRequest != null) {
                map.putIfAbsent(HTTP_SERVLET_REQUEST_ATTR_NAME, httpServletRequest);
            }
            HttpServletResponse httpServletResponse = (HttpServletResponse) map2.get(HttpServletResponse.class);
            if (httpServletResponse != null) {
                map.putIfAbsent(HTTP_SERVLET_RESPONSE_ATTR_NAME, httpServletResponse);
            }
            Authentication authentication = (Authentication) map2.get(Authentication.class);
            if (authentication != null) {
                map.putIfAbsent(AUTHENTICATION_ATTR_NAME, authentication);
            }
        }
    }

    private void populateDefaultRequestResponse(Map<String, Object> map) {
        if (map.containsKey(HTTP_SERVLET_REQUEST_ATTR_NAME) && map.containsKey(HTTP_SERVLET_RESPONSE_ATTR_NAME)) {
            return;
        }
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            map.putIfAbsent(HTTP_SERVLET_REQUEST_ATTR_NAME, requestAttributes.getRequest());
            map.putIfAbsent(HTTP_SERVLET_RESPONSE_ATTR_NAME, requestAttributes.getResponse());
        }
    }

    private void populateDefaultAuthentication(Map<String, Object> map) {
        if (map.containsKey(AUTHENTICATION_ATTR_NAME)) {
            return;
        }
        map.putIfAbsent(AUTHENTICATION_ATTR_NAME, SecurityContextHolder.getContext().getAuthentication());
    }

    private String resolveClientRegistrationId(ClientRequest clientRequest) {
        Map attributes = clientRequest.attributes();
        String clientRegistrationId = getClientRegistrationId(attributes);
        if (clientRegistrationId == null) {
            clientRegistrationId = this.defaultClientRegistrationId;
        }
        OAuth2AuthenticationToken authentication = getAuthentication(attributes);
        if (clientRegistrationId == null && this.defaultOAuth2AuthorizedClient && (authentication instanceof OAuth2AuthenticationToken)) {
            clientRegistrationId = authentication.getAuthorizedClientRegistrationId();
        }
        return clientRegistrationId;
    }

    private Mono<OAuth2AuthorizedClient> authorizeClient(String str, ClientRequest clientRequest) {
        if (this.authorizedClientManager == null) {
            return Mono.empty();
        }
        Map attributes = clientRequest.attributes();
        Authentication authentication = getAuthentication(attributes);
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        HttpServletRequest request = getRequest(attributes);
        HttpServletResponse response = getResponse(attributes);
        OAuth2AuthorizeRequest.Builder principal = OAuth2AuthorizeRequest.withClientRegistrationId(str).principal(authentication);
        principal.attributes(map -> {
            addToAttributes(map, request, response);
        });
        OAuth2AuthorizeRequest build = principal.build();
        return Mono.fromSupplier(() -> {
            return this.authorizedClientManager.authorize(build);
        }).subscribeOn(Schedulers.boundedElastic());
    }

    private Mono<OAuth2AuthorizedClient> reauthorizeClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, ClientRequest clientRequest) {
        if (this.authorizedClientManager == null) {
            return Mono.just(oAuth2AuthorizedClient);
        }
        Map attributes = clientRequest.attributes();
        Authentication authentication = getAuthentication(attributes);
        if (authentication == null) {
            authentication = createAuthentication(oAuth2AuthorizedClient.getPrincipalName());
        }
        HttpServletRequest request = getRequest(attributes);
        HttpServletResponse response = getResponse(attributes);
        OAuth2AuthorizeRequest.Builder principal = OAuth2AuthorizeRequest.withAuthorizedClient(oAuth2AuthorizedClient).principal(authentication);
        principal.attributes(map -> {
            addToAttributes(map, request, response);
        });
        OAuth2AuthorizeRequest build = principal.build();
        return Mono.fromSupplier(() -> {
            return this.authorizedClientManager.authorize(build);
        }).subscribeOn(Schedulers.boundedElastic());
    }

    private void addToAttributes(Map<String, Object> map, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest != null) {
            map.put(HTTP_SERVLET_REQUEST_ATTR_NAME, httpServletRequest);
        }
        if (httpServletResponse != null) {
            map.put(HTTP_SERVLET_RESPONSE_ATTR_NAME, httpServletResponse);
        }
    }

    private ClientRequest bearer(ClientRequest clientRequest, OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        return ClientRequest.from(clientRequest).headers(httpHeaders -> {
            httpHeaders.setBearerAuth(oAuth2AuthorizedClient.getAccessToken().getTokenValue());
        }).attributes(oauth2AuthorizedClient(oAuth2AuthorizedClient)).build();
    }

    static OAuth2AuthorizedClient getOAuth2AuthorizedClient(Map<String, Object> map) {
        return (OAuth2AuthorizedClient) map.get(OAUTH2_AUTHORIZED_CLIENT_ATTR_NAME);
    }

    static String getClientRegistrationId(Map<String, Object> map) {
        return (String) map.get(CLIENT_REGISTRATION_ID_ATTR_NAME);
    }

    static Authentication getAuthentication(Map<String, Object> map) {
        return (Authentication) map.get(AUTHENTICATION_ATTR_NAME);
    }

    static HttpServletRequest getRequest(Map<String, Object> map) {
        return (HttpServletRequest) map.get(HTTP_SERVLET_REQUEST_ATTR_NAME);
    }

    static HttpServletResponse getResponse(Map<String, Object> map) {
        return (HttpServletResponse) map.get(HTTP_SERVLET_RESPONSE_ATTR_NAME);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Authentication createAuthentication(final String str) {
        Assert.hasText(str, "principalName cannot be empty");
        return new AbstractAuthenticationToken(null) { // from class: org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction.1
            public Object getCredentials() {
                return "";
            }

            public Object getPrincipal() {
                return str;
            }
        };
    }
}
