package org.springframework.security.test.web.reactive.server;

import com.nimbusds.oauth2.sdk.util.StringUtils;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.function.Consumer;
import java.util.function.Supplier;
import java.util.stream.Collectors;
import org.springframework.context.ApplicationContext;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.client.reactive.ClientHttpConnector;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.ReactiveSecurityContextHolder;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.registration.ClientRegistration;
import org.springframework.security.oauth2.client.web.reactive.result.method.annotation.OAuth2AuthorizedClientArgumentResolver;
import org.springframework.security.oauth2.client.web.server.ServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.server.WebSessionServerOAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2AuthenticatedPrincipal;
import org.springframework.security.oauth2.core.oidc.OidcIdToken;
import org.springframework.security.oauth2.core.oidc.OidcUserInfo;
import org.springframework.security.oauth2.core.oidc.user.DefaultOidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.oidc.user.OidcUserAuthority;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.security.oauth2.server.resource.authentication.JwtGrantedAuthoritiesConverter;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionAuthenticatedPrincipal;
import org.springframework.security.web.server.csrf.CsrfWebFilter;
import org.springframework.security.web.server.util.matcher.ServerWebExchangeMatcher;
import org.springframework.test.util.ReflectionTestUtils;
import org.springframework.test.web.reactive.server.MockServerConfigurer;
import org.springframework.test.web.reactive.server.WebTestClient;
import org.springframework.test.web.reactive.server.WebTestClientConfigurer;
import org.springframework.util.Assert;
import org.springframework.util.ClassUtils;
import org.springframework.web.reactive.result.method.HandlerMethodArgumentResolver;
import org.springframework.web.reactive.result.method.annotation.ArgumentResolverConfigurer;
import org.springframework.web.reactive.result.method.annotation.RequestMappingHandlerAdapter;
import org.springframework.web.server.ServerWebExchange;
import org.springframework.web.server.WebFilter;
import org.springframework.web.server.WebFilterChain;
import org.springframework.web.server.adapter.WebHttpHandlerBuilder;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers.class */
public class SecurityMockServerConfigurers {

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$CsrfMutator.class */
    public static class CsrfMutator implements WebTestClientConfigurer, MockServerConfigurer {
        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            CsrfWebFilter csrfWebFilter = new CsrfWebFilter();
            csrfWebFilter.setRequireCsrfProtectionMatcher(serverWebExchange -> {
                return ServerWebExchangeMatcher.MatchResult.notMatch();
            });
            webHttpHandlerBuilder.filters(list -> {
                list.add(0, csrfWebFilter);
            });
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
        }

        private CsrfMutator() {
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$JwtMutator.class */
    public static class JwtMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private Jwt jwt;
        private Converter<Jwt, Collection<GrantedAuthority>> authoritiesConverter;

        private JwtMutator() {
            this.authoritiesConverter = new JwtGrantedAuthoritiesConverter();
            jwt(builder -> {
            });
        }

        public JwtMutator jwt(Consumer<Jwt.Builder> consumer) {
            Jwt.Builder claim = Jwt.withTokenValue("token").header("alg", "none").claim("sub", "user").claim("scope", "read");
            consumer.accept(claim);
            this.jwt = claim.build();
            return this;
        }

        public JwtMutator jwt(Jwt jwt) {
            this.jwt = jwt;
            return this;
        }

        public JwtMutator authorities(Collection<GrantedAuthority> collection) {
            Assert.notNull(collection, "authorities cannot be null");
            this.authoritiesConverter = jwt -> {
                return collection;
            };
            return this;
        }

        public JwtMutator authorities(GrantedAuthority... grantedAuthorityArr) {
            Assert.notNull(grantedAuthorityArr, "authorities cannot be null");
            this.authoritiesConverter = jwt -> {
                return Arrays.asList(grantedAuthorityArr);
            };
            return this;
        }

        public JwtMutator authorities(Converter<Jwt, Collection<GrantedAuthority>> converter) {
            Assert.notNull(converter, "authoritiesConverter cannot be null");
            this.authoritiesConverter = converter;
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            configurer().beforeServerCreated(webHttpHandlerBuilder);
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
            configurer().afterConfigureAdded(mockServerSpec);
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            webHttpHandlerBuilder.filter(new WebFilter[]{(serverWebExchange, webFilterChain) -> {
                CsrfWebFilter.skipExchange(serverWebExchange);
                return webFilterChain.filter(serverWebExchange);
            }});
            ((MockServerConfigurer) configurer()).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
        }

        private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
            return (T) SecurityMockServerConfigurers.mockAuthentication(new JwtAuthenticationToken(this.jwt, (Collection) this.authoritiesConverter.convert(this.jwt)));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$MutatorFilter.class */
    public static class MutatorFilter implements WebFilter {
        public static final String ATTRIBUTE_NAME = "context";

        private MutatorFilter() {
        }

        public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
            Supplier supplier = (Supplier) serverWebExchange.getAttribute(ATTRIBUTE_NAME);
            if (supplier == null) {
                return webFilterChain.filter(serverWebExchange);
            }
            serverWebExchange.getAttributes().remove(ATTRIBUTE_NAME);
            return webFilterChain.filter(serverWebExchange).subscriberContext(ReactiveSecurityContextHolder.withSecurityContext((Mono) supplier.get()));
        }
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$MutatorWebTestClientConfigurer.class */
    public static class MutatorWebTestClientConfigurer implements WebTestClientConfigurer, MockServerConfigurer {
        private final Supplier<Mono<SecurityContext>> context;

        private MutatorWebTestClientConfigurer(Supplier<Mono<SecurityContext>> supplier) {
            this.context = supplier;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            webHttpHandlerBuilder.filters(addSetupMutatorFilter());
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            webHttpHandlerBuilder.filters(addSetupMutatorFilter());
        }

        private Consumer<List<WebFilter>> addSetupMutatorFilter() {
            return list -> {
                list.add(0, new SetupMutatorFilter(this.context));
            };
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OAuth2ClientMutator.class */
    public static final class OAuth2ClientMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private String registrationId;
        private ClientRegistration clientRegistration;
        private String principalName;
        private OAuth2AccessToken accessToken;
        private ServerOAuth2AuthorizedClientRepository authorizedClientRepository;

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OAuth2ClientMutator$OAuth2ClientServerTestUtils.class */
        public static class OAuth2ClientServerTestUtils {
            private static final ServerOAuth2AuthorizedClientRepository DEFAULT_CLIENT_REPO = new WebSessionServerOAuth2AuthorizedClientRepository();

            /* JADX INFO: Access modifiers changed from: private */
            /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OAuth2ClientMutator$OAuth2ClientServerTestUtils$WebFluxClasspathGuard.class */
            public static class WebFluxClasspathGuard {
                private WebFluxClasspathGuard() {
                }

                static <T extends HandlerMethodArgumentResolver> T findResolver(ServerWebExchange serverWebExchange, Class<T> cls) {
                    ArgumentResolverConfigurer argumentResolverConfigurer;
                    List<T> list;
                    RequestMappingHandlerAdapter requestMappingHandlerAdapter = getRequestMappingHandlerAdapter(serverWebExchange);
                    if (requestMappingHandlerAdapter == null || (argumentResolverConfigurer = requestMappingHandlerAdapter.getArgumentResolverConfigurer()) == null || (list = (List) ReflectionTestUtils.invokeGetterMethod(argumentResolverConfigurer, "customResolvers")) == null) {
                        return null;
                    }
                    for (T t : list) {
                        if (cls.isAssignableFrom(t.getClass())) {
                            return t;
                        }
                    }
                    return null;
                }

                private static RequestMappingHandlerAdapter getRequestMappingHandlerAdapter(ServerWebExchange serverWebExchange) {
                    ApplicationContext applicationContext = serverWebExchange.getApplicationContext();
                    if (applicationContext == null) {
                        return null;
                    }
                    String[] beanNamesForType = applicationContext.getBeanNamesForType(RequestMappingHandlerAdapter.class);
                    if (beanNamesForType.length > 0) {
                        return (RequestMappingHandlerAdapter) applicationContext.getBean(beanNamesForType[0]);
                    }
                    return null;
                }
            }

            public static ReactiveOAuth2AuthorizedClientManager getOAuth2AuthorizedClientManager(ServerWebExchange serverWebExchange) {
                OAuth2AuthorizedClientArgumentResolver findResolver = findResolver(serverWebExchange, OAuth2AuthorizedClientArgumentResolver.class);
                return findResolver == null ? oAuth2AuthorizeRequest -> {
                    return DEFAULT_CLIENT_REPO.loadAuthorizedClient(oAuth2AuthorizeRequest.getClientRegistrationId(), oAuth2AuthorizeRequest.getPrincipal(), serverWebExchange);
                } : (ReactiveOAuth2AuthorizedClientManager) ReflectionTestUtils.getField(findResolver, "authorizedClientManager");
            }

            public static void setOAuth2AuthorizedClientManager(ServerWebExchange serverWebExchange, ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager) {
                OAuth2AuthorizedClientArgumentResolver findResolver = findResolver(serverWebExchange, OAuth2AuthorizedClientArgumentResolver.class);
                if (findResolver == null) {
                    return;
                }
                ReflectionTestUtils.setField(findResolver, "authorizedClientManager", reactiveOAuth2AuthorizedClientManager);
            }

            static <T extends HandlerMethodArgumentResolver> T findResolver(ServerWebExchange serverWebExchange, Class<T> cls) {
                if (ClassUtils.isPresent("org.springframework.web.reactive.result.method.annotation.RequestMappingHandlerAdapter", (ClassLoader) null)) {
                    return (T) WebFluxClasspathGuard.findResolver(serverWebExchange, cls);
                }
                return null;
            }

            private OAuth2ClientServerTestUtils() {
            }
        }

        /* JADX INFO: Access modifiers changed from: private */
        /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OAuth2ClientMutator$TestReactiveOAuth2AuthorizedClientManager.class */
        public static class TestReactiveOAuth2AuthorizedClientManager implements ReactiveOAuth2AuthorizedClientManager {
            static final String TOKEN_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName().concat(".TOKEN");
            static final String ENABLED_ATTR_NAME = TestReactiveOAuth2AuthorizedClientManager.class.getName().concat(".ENABLED");
            private final ReactiveOAuth2AuthorizedClientManager delegate;

            private TestReactiveOAuth2AuthorizedClientManager(ReactiveOAuth2AuthorizedClientManager reactiveOAuth2AuthorizedClientManager) {
                this.delegate = reactiveOAuth2AuthorizedClientManager;
            }

            public Mono<OAuth2AuthorizedClient> authorize(OAuth2AuthorizeRequest oAuth2AuthorizeRequest) {
                ServerWebExchange serverWebExchange = (ServerWebExchange) oAuth2AuthorizeRequest.getAttribute(ServerWebExchange.class.getName());
                return isEnabled(serverWebExchange) ? Mono.just((OAuth2AuthorizedClient) serverWebExchange.getAttribute(TOKEN_ATTR_NAME)) : this.delegate.authorize(oAuth2AuthorizeRequest);
            }

            public static void enable(ServerWebExchange serverWebExchange) {
                serverWebExchange.getAttributes().put(ENABLED_ATTR_NAME, Boolean.TRUE);
            }

            public boolean isEnabled(ServerWebExchange serverWebExchange) {
                return Boolean.TRUE.equals(serverWebExchange.getAttribute(ENABLED_ATTR_NAME));
            }
        }

        private OAuth2ClientMutator() {
            this.registrationId = "test";
            this.principalName = "user";
            this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", (Instant) null, (Instant) null, Collections.singleton("read"));
            this.authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
        }

        private OAuth2ClientMutator(String str) {
            this.registrationId = "test";
            this.principalName = "user";
            this.accessToken = new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", (Instant) null, (Instant) null, Collections.singleton("read"));
            this.authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
            this.registrationId = str;
            clientRegistration(builder -> {
            });
        }

        public OAuth2ClientMutator clientRegistration(ClientRegistration clientRegistration) {
            this.clientRegistration = clientRegistration;
            return this;
        }

        public OAuth2ClientMutator clientRegistration(Consumer<ClientRegistration.Builder> consumer) {
            ClientRegistration.Builder clientRegistrationBuilder = clientRegistrationBuilder();
            consumer.accept(clientRegistrationBuilder);
            this.clientRegistration = clientRegistrationBuilder.build();
            return this;
        }

        public OAuth2ClientMutator principalName(String str) {
            Assert.notNull(str, "principalName cannot be null");
            this.principalName = str;
            return this;
        }

        public OAuth2ClientMutator accessToken(OAuth2AccessToken oAuth2AccessToken) {
            this.accessToken = oAuth2AccessToken;
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            webHttpHandlerBuilder.filters(addAuthorizedClientFilter());
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            webHttpHandlerBuilder.filters(addAuthorizedClientFilter());
        }

        private Consumer<List<WebFilter>> addAuthorizedClientFilter() {
            OAuth2AuthorizedClient client = getClient();
            return list -> {
                list.add(0, (serverWebExchange, webFilterChain) -> {
                    ReactiveOAuth2AuthorizedClientManager oAuth2AuthorizedClientManager = OAuth2ClientServerTestUtils.getOAuth2AuthorizedClientManager(serverWebExchange);
                    if (!(oAuth2AuthorizedClientManager instanceof TestReactiveOAuth2AuthorizedClientManager)) {
                        OAuth2ClientServerTestUtils.setOAuth2AuthorizedClientManager(serverWebExchange, new TestReactiveOAuth2AuthorizedClientManager(oAuth2AuthorizedClientManager));
                    }
                    TestReactiveOAuth2AuthorizedClientManager.enable(serverWebExchange);
                    serverWebExchange.getAttributes().put(TestReactiveOAuth2AuthorizedClientManager.TOKEN_ATTR_NAME, client);
                    return webFilterChain.filter(serverWebExchange);
                });
            };
        }

        private OAuth2AuthorizedClient getClient() {
            if (this.clientRegistration == null) {
                throw new IllegalArgumentException("Please specify a ClientRegistration via one of the clientRegistration methods");
            }
            return new OAuth2AuthorizedClient(this.clientRegistration, this.principalName, this.accessToken);
        }

        private ClientRegistration.Builder clientRegistrationBuilder() {
            return ClientRegistration.withRegistrationId(this.registrationId).authorizationGrantType(AuthorizationGrantType.PASSWORD).clientId("test-client").clientSecret("test-secret").tokenUri("https://idp.example.org/oauth/token");
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OAuth2LoginMutator.class */
    public static final class OAuth2LoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private final String nameAttributeKey = "sub";
        private ClientRegistration clientRegistration;
        private OAuth2AccessToken accessToken;
        private Supplier<Collection<GrantedAuthority>> authorities;
        private Supplier<Map<String, Object>> attributes;
        private Supplier<OAuth2User> oauth2User;
        private final ServerOAuth2AuthorizedClientRepository authorizedClientRepository;

        private OAuth2LoginMutator(OAuth2AccessToken oAuth2AccessToken) {
            this.nameAttributeKey = "sub";
            this.authorities = this::defaultAuthorities;
            this.attributes = this::defaultAttributes;
            this.oauth2User = this::defaultPrincipal;
            this.authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
            this.accessToken = oAuth2AccessToken;
            this.clientRegistration = clientRegistrationBuilder().build();
        }

        public OAuth2LoginMutator authorities(Collection<GrantedAuthority> collection) {
            Assert.notNull(collection, "authorities cannot be null");
            this.authorities = () -> {
                return collection;
            };
            this.oauth2User = this::defaultPrincipal;
            return this;
        }

        public OAuth2LoginMutator authorities(GrantedAuthority... grantedAuthorityArr) {
            Assert.notNull(grantedAuthorityArr, "authorities cannot be null");
            this.authorities = () -> {
                return Arrays.asList(grantedAuthorityArr);
            };
            this.oauth2User = this::defaultPrincipal;
            return this;
        }

        public OAuth2LoginMutator attributes(Consumer<Map<String, Object>> consumer) {
            Assert.notNull(consumer, "attributesConsumer cannot be null");
            this.attributes = () -> {
                Map<String, Object> defaultAttributes = defaultAttributes();
                consumer.accept(defaultAttributes);
                return defaultAttributes;
            };
            this.oauth2User = this::defaultPrincipal;
            return this;
        }

        public OAuth2LoginMutator oauth2User(OAuth2User oAuth2User) {
            this.oauth2User = () -> {
                return oAuth2User;
            };
            return this;
        }

        public OAuth2LoginMutator clientRegistration(ClientRegistration clientRegistration) {
            this.clientRegistration = clientRegistration;
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration).principalName(token.getPrincipal().getName()).beforeServerCreated(webHttpHandlerBuilder);
            SecurityMockServerConfigurers.mockAuthentication(token).beforeServerCreated(webHttpHandlerBuilder);
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration).principalName(token.getPrincipal().getName()).afterConfigureAdded(mockServerSpec);
            SecurityMockServerConfigurers.mockAuthentication(token).afterConfigureAdded(mockServerSpec);
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).clientRegistration(this.clientRegistration).principalName(token.getPrincipal().getName()).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
            ((MockServerConfigurer) SecurityMockServerConfigurers.mockAuthentication(token)).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
        }

        private OAuth2AuthenticationToken getToken() {
            OAuth2User oAuth2User = this.oauth2User.get();
            return new OAuth2AuthenticationToken(oAuth2User, oAuth2User.getAuthorities(), this.clientRegistration.getRegistrationId());
        }

        private ClientRegistration.Builder clientRegistrationBuilder() {
            return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD).clientId("test-client").tokenUri("https://token-uri.example.org");
        }

        private Collection<GrantedAuthority> defaultAuthorities() {
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.add(new OAuth2UserAuthority(this.attributes.get()));
            Iterator it = this.accessToken.getScopes().iterator();
            while (it.hasNext()) {
                linkedHashSet.add(new SimpleGrantedAuthority("SCOPE_" + ((String) it.next())));
            }
            return linkedHashSet;
        }

        private Map<String, Object> defaultAttributes() {
            HashMap hashMap = new HashMap();
            getClass();
            hashMap.put("sub", "user");
            return hashMap;
        }

        private OAuth2User defaultPrincipal() {
            Collection<GrantedAuthority> collection = this.authorities.get();
            Map<String, Object> map = this.attributes.get();
            getClass();
            return new DefaultOAuth2User(collection, map, "sub");
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OidcLoginMutator.class */
    public static final class OidcLoginMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private ClientRegistration clientRegistration;
        private OAuth2AccessToken accessToken;
        private OidcIdToken idToken;
        private OidcUserInfo userInfo;
        private Supplier<OidcUser> oidcUser;
        private Collection<GrantedAuthority> authorities;
        ServerOAuth2AuthorizedClientRepository authorizedClientRepository;

        private OidcLoginMutator(OAuth2AccessToken oAuth2AccessToken) {
            this.oidcUser = this::defaultPrincipal;
            this.authorizedClientRepository = new WebSessionServerOAuth2AuthorizedClientRepository();
            this.accessToken = oAuth2AccessToken;
            this.clientRegistration = clientRegistrationBuilder().build();
        }

        public OidcLoginMutator authorities(Collection<GrantedAuthority> collection) {
            Assert.notNull(collection, "authorities cannot be null");
            this.authorities = collection;
            this.oidcUser = this::defaultPrincipal;
            return this;
        }

        public OidcLoginMutator authorities(GrantedAuthority... grantedAuthorityArr) {
            Assert.notNull(grantedAuthorityArr, "authorities cannot be null");
            this.authorities = Arrays.asList(grantedAuthorityArr);
            this.oidcUser = this::defaultPrincipal;
            return this;
        }

        public OidcLoginMutator idToken(Consumer<OidcIdToken.Builder> consumer) {
            OidcIdToken.Builder withTokenValue = OidcIdToken.withTokenValue("id-token");
            withTokenValue.subject("user");
            consumer.accept(withTokenValue);
            this.idToken = withTokenValue.build();
            this.oidcUser = this::defaultPrincipal;
            return this;
        }

        public OidcLoginMutator userInfoToken(Consumer<OidcUserInfo.Builder> consumer) {
            OidcUserInfo.Builder builder = OidcUserInfo.builder();
            consumer.accept(builder);
            this.userInfo = builder.build();
            this.oidcUser = this::defaultPrincipal;
            return this;
        }

        public OidcLoginMutator oidcUser(OidcUser oidcUser) {
            this.oidcUser = () -> {
                return oidcUser;
            };
            return this;
        }

        public OidcLoginMutator clientRegistration(ClientRegistration clientRegistration) {
            this.clientRegistration = clientRegistration;
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName()).clientRegistration(this.clientRegistration).beforeServerCreated(webHttpHandlerBuilder);
            SecurityMockServerConfigurers.mockAuthentication(token).beforeServerCreated(webHttpHandlerBuilder);
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName()).clientRegistration(this.clientRegistration).afterConfigureAdded(mockServerSpec);
            SecurityMockServerConfigurers.mockAuthentication(token).afterConfigureAdded(mockServerSpec);
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            OAuth2AuthenticationToken token = getToken();
            SecurityMockServerConfigurers.mockOAuth2Client().accessToken(this.accessToken).principalName(token.getPrincipal().getName()).clientRegistration(this.clientRegistration).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
            ((MockServerConfigurer) SecurityMockServerConfigurers.mockAuthentication(token)).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
        }

        private ClientRegistration.Builder clientRegistrationBuilder() {
            return ClientRegistration.withRegistrationId("test").authorizationGrantType(AuthorizationGrantType.PASSWORD).clientId("test-client").tokenUri("https://token-uri.example.org");
        }

        private OAuth2AuthenticationToken getToken() {
            OidcUser oidcUser = this.oidcUser.get();
            return new OAuth2AuthenticationToken(oidcUser, oidcUser.getAuthorities(), this.clientRegistration.getRegistrationId());
        }

        private Collection<GrantedAuthority> getAuthorities() {
            if (this.authorities != null) {
                return this.authorities;
            }
            LinkedHashSet linkedHashSet = new LinkedHashSet();
            linkedHashSet.add(new OidcUserAuthority(getOidcIdToken(), getOidcUserInfo()));
            Iterator it = this.accessToken.getScopes().iterator();
            while (it.hasNext()) {
                linkedHashSet.add(new SimpleGrantedAuthority("SCOPE_" + ((String) it.next())));
            }
            return linkedHashSet;
        }

        private OidcIdToken getOidcIdToken() {
            return this.idToken == null ? new OidcIdToken("id-token", (Instant) null, (Instant) null, Collections.singletonMap("sub", "user")) : this.idToken;
        }

        private OidcUserInfo getOidcUserInfo() {
            return this.userInfo;
        }

        private OidcUser defaultPrincipal() {
            return new DefaultOidcUser(getAuthorities(), getOidcIdToken(), this.userInfo);
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$OpaqueTokenMutator.class */
    public static final class OpaqueTokenMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private Supplier<Map<String, Object>> attributes;
        private Supplier<Collection<GrantedAuthority>> authorities;
        private Supplier<OAuth2AuthenticatedPrincipal> principal;

        private OpaqueTokenMutator() {
            this.attributes = this::defaultAttributes;
            this.authorities = this::defaultAuthorities;
            this.principal = this::defaultPrincipal;
        }

        public OpaqueTokenMutator attributes(Consumer<Map<String, Object>> consumer) {
            Assert.notNull(consumer, "attributesConsumer cannot be null");
            this.attributes = () -> {
                Map<String, Object> defaultAttributes = defaultAttributes();
                consumer.accept(defaultAttributes);
                return defaultAttributes;
            };
            this.principal = this::defaultPrincipal;
            return this;
        }

        public OpaqueTokenMutator authorities(Collection<GrantedAuthority> collection) {
            Assert.notNull(collection, "authorities cannot be null");
            this.authorities = () -> {
                return collection;
            };
            this.principal = this::defaultPrincipal;
            return this;
        }

        public OpaqueTokenMutator authorities(GrantedAuthority... grantedAuthorityArr) {
            Assert.notNull(grantedAuthorityArr, "authorities cannot be null");
            this.authorities = () -> {
                return Arrays.asList(grantedAuthorityArr);
            };
            this.principal = this::defaultPrincipal;
            return this;
        }

        public OpaqueTokenMutator principal(OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal) {
            Assert.notNull(oAuth2AuthenticatedPrincipal, "principal cannot be null");
            this.principal = () -> {
                return oAuth2AuthenticatedPrincipal;
            };
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            configurer().beforeServerCreated(webHttpHandlerBuilder);
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
            configurer().afterConfigureAdded(mockServerSpec);
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            webHttpHandlerBuilder.filter(new WebFilter[]{(serverWebExchange, webFilterChain) -> {
                CsrfWebFilter.skipExchange(serverWebExchange);
                return webFilterChain.filter(serverWebExchange);
            }});
            ((MockServerConfigurer) configurer()).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
        }

        private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
            OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal = this.principal.get();
            return (T) SecurityMockServerConfigurers.mockAuthentication(new BearerTokenAuthentication(oAuth2AuthenticatedPrincipal, getOAuth2AccessToken(oAuth2AuthenticatedPrincipal), oAuth2AuthenticatedPrincipal.getAuthorities()));
        }

        private Map<String, Object> defaultAttributes() {
            HashMap hashMap = new HashMap();
            hashMap.put("sub", "user");
            hashMap.put("scope", "read");
            return hashMap;
        }

        private Collection<GrantedAuthority> defaultAuthorities() {
            Object obj = this.attributes.get().get("scope");
            if (obj == null) {
                return Collections.emptyList();
            }
            if (obj instanceof Collection) {
                return getAuthorities((Collection) obj);
            }
            String obj2 = obj.toString();
            return StringUtils.isBlank(obj2) ? Collections.emptyList() : getAuthorities(Arrays.asList(obj2.split(" ")));
        }

        private OAuth2AuthenticatedPrincipal defaultPrincipal() {
            return new OAuth2IntrospectionAuthenticatedPrincipal(this.attributes.get(), this.authorities.get());
        }

        private Collection<GrantedAuthority> getAuthorities(Collection<?> collection) {
            return (Collection) collection.stream().map(obj -> {
                return new SimpleGrantedAuthority("SCOPE_" + obj);
            }).collect(Collectors.toList());
        }

        private OAuth2AccessToken getOAuth2AccessToken(OAuth2AuthenticatedPrincipal oAuth2AuthenticatedPrincipal) {
            Instant instant = getInstant(oAuth2AuthenticatedPrincipal.getAttributes(), "exp");
            return new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "token", getInstant(oAuth2AuthenticatedPrincipal.getAttributes(), "iat"), instant);
        }

        private Instant getInstant(Map<String, Object> map, String str) {
            Object obj = map.get(str);
            if (obj == null) {
                return null;
            }
            if (obj instanceof Instant) {
                return (Instant) obj;
            }
            throw new IllegalArgumentException(str + " attribute must be of type Instant");
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$SetupMutatorFilter.class */
    private static class SetupMutatorFilter implements WebFilter {
        private final Supplier<Mono<SecurityContext>> context;

        private SetupMutatorFilter(Supplier<Mono<SecurityContext>> supplier) {
            this.context = supplier;
        }

        public Mono<Void> filter(ServerWebExchange serverWebExchange, WebFilterChain webFilterChain) {
            serverWebExchange.getAttributes().computeIfAbsent(MutatorFilter.ATTRIBUTE_NAME, str -> {
                return this.context;
            });
            return webFilterChain.filter(serverWebExchange);
        }
    }

    /* loaded from: input_file:org/springframework/security/test/web/reactive/server/SecurityMockServerConfigurers$UserExchangeMutator.class */
    public static class UserExchangeMutator implements WebTestClientConfigurer, MockServerConfigurer {
        private final User.UserBuilder userBuilder;

        private UserExchangeMutator(String str) {
            this.userBuilder = User.withUsername(str);
            password("password");
            roles("USER");
        }

        public UserExchangeMutator password(String str) {
            this.userBuilder.password(str);
            return this;
        }

        public UserExchangeMutator roles(String... strArr) {
            this.userBuilder.roles(strArr);
            return this;
        }

        public UserExchangeMutator authorities(GrantedAuthority... grantedAuthorityArr) {
            this.userBuilder.authorities(grantedAuthorityArr);
            return this;
        }

        public UserExchangeMutator authorities(Collection<? extends GrantedAuthority> collection) {
            this.userBuilder.authorities(collection);
            return this;
        }

        public UserExchangeMutator authorities(String... strArr) {
            this.userBuilder.authorities(strArr);
            return this;
        }

        public UserExchangeMutator accountExpired(boolean z) {
            this.userBuilder.accountExpired(z);
            return this;
        }

        public UserExchangeMutator accountLocked(boolean z) {
            this.userBuilder.accountLocked(z);
            return this;
        }

        public UserExchangeMutator credentialsExpired(boolean z) {
            this.userBuilder.credentialsExpired(z);
            return this;
        }

        public UserExchangeMutator disabled(boolean z) {
            this.userBuilder.disabled(z);
            return this;
        }

        public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
            configurer().beforeServerCreated(webHttpHandlerBuilder);
        }

        public void afterConfigureAdded(WebTestClient.MockServerSpec<?> mockServerSpec) {
            configurer().afterConfigureAdded(mockServerSpec);
        }

        public void afterConfigurerAdded(WebTestClient.Builder builder, @Nullable WebHttpHandlerBuilder webHttpHandlerBuilder, @Nullable ClientHttpConnector clientHttpConnector) {
            ((MockServerConfigurer) configurer()).afterConfigurerAdded(builder, webHttpHandlerBuilder, clientHttpConnector);
        }

        private <T extends WebTestClientConfigurer & MockServerConfigurer> T configurer() {
            return (T) SecurityMockServerConfigurers.mockUser(this.userBuilder.build());
        }
    }

    public static MockServerConfigurer springSecurity() {
        return new MockServerConfigurer() { // from class: org.springframework.security.test.web.reactive.server.SecurityMockServerConfigurers.1
            public void beforeServerCreated(WebHttpHandlerBuilder webHttpHandlerBuilder) {
                webHttpHandlerBuilder.filters(list -> {
                    list.add(0, new MutatorFilter());
                });
            }
        };
    }

    public static <T extends WebTestClientConfigurer & MockServerConfigurer> T mockAuthentication(Authentication authentication) {
        return new MutatorWebTestClientConfigurer(() -> {
            return Mono.just(authentication).map(SecurityContextImpl::new);
        });
    }

    public static <T extends WebTestClientConfigurer & MockServerConfigurer> T mockUser(UserDetails userDetails) {
        return (T) mockAuthentication(new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities()));
    }

    public static UserExchangeMutator mockUser() {
        return mockUser("user");
    }

    public static UserExchangeMutator mockUser(String str) {
        return new UserExchangeMutator(str);
    }

    public static JwtMutator mockJwt() {
        return new JwtMutator();
    }

    public static OpaqueTokenMutator mockOpaqueToken() {
        return new OpaqueTokenMutator();
    }

    public static OAuth2LoginMutator mockOAuth2Login() {
        return new OAuth2LoginMutator(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", (Instant) null, (Instant) null, Collections.singleton("read")));
    }

    public static OidcLoginMutator mockOidcLogin() {
        return new OidcLoginMutator(new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, "access-token", (Instant) null, (Instant) null, Collections.singleton("read")));
    }

    public static OAuth2ClientMutator mockOAuth2Client() {
        return new OAuth2ClientMutator();
    }

    public static OAuth2ClientMutator mockOAuth2Client(String str) {
        return new OAuth2ClientMutator(str);
    }

    public static CsrfMutator csrf() {
        return new CsrfMutator();
    }
}
