package org.springframework.security.oauth2.client.userinfo;

import com.nimbusds.oauth2.sdk.ErrorObject;
import com.nimbusds.openid.connect.sdk.UserInfoErrorResponse;
import java.io.IOException;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import net.minidev.json.JSONObject;
import org.springframework.core.ParameterizedTypeReference;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.oauth2.core.AuthenticationMethod;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.user.DefaultOAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.core.user.OAuth2UserAuthority;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.reactive.function.UnsupportedMediaTypeException;
import org.springframework.web.reactive.function.client.ClientResponse;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/springframework/security/oauth2/client/userinfo/DefaultReactiveOAuth2UserService.class */
public class DefaultReactiveOAuth2UserService implements ReactiveOAuth2UserService<OAuth2UserRequest, OAuth2User> {
    private static final String INVALID_USER_INFO_RESPONSE_ERROR_CODE = "invalid_user_info_response";
    private static final String MISSING_USER_INFO_URI_ERROR_CODE = "missing_user_info_uri";
    private static final String MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE = "missing_user_name_attribute";
    private WebClient webClient = WebClient.create();

    @Override // org.springframework.security.oauth2.client.userinfo.ReactiveOAuth2UserService
    public Mono<OAuth2User> loadUser(OAuth2UserRequest oAuth2UserRequest) throws OAuth2AuthenticationException {
        return Mono.defer(() -> {
            Assert.notNull(oAuth2UserRequest, "userRequest cannot be null");
            String uri = oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri();
            if (!StringUtils.hasText(uri)) {
                OAuth2Error oAuth2Error = new OAuth2Error(MISSING_USER_INFO_URI_ERROR_CODE, "Missing required UserInfo Uri in UserInfoEndpoint for Client Registration: " + oAuth2UserRequest.getClientRegistration().getRegistrationId(), (String) null);
                throw new OAuth2AuthenticationException(oAuth2Error, oAuth2Error.toString());
            }
            String userNameAttributeName = oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUserNameAttributeName();
            if (StringUtils.hasText(userNameAttributeName)) {
                return (AuthenticationMethod.FORM.equals(oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getAuthenticationMethod()) ? this.webClient.post().uri(uri, new Object[0]).header("Accept", new String[]{"application/json"}).header("Content-Type", new String[]{"application/x-www-form-urlencoded"}).syncBody("access_token=" + oAuth2UserRequest.getAccessToken().getTokenValue()) : this.webClient.get().uri(uri, new Object[0]).header("Accept", new String[]{"application/json"}).headers(httpHeaders -> {
                    httpHeaders.setBearerAuth(oAuth2UserRequest.getAccessToken().getTokenValue());
                })).retrieve().onStatus(httpStatus -> {
                    return httpStatus != HttpStatus.OK;
                }, clientResponse -> {
                    return parse(clientResponse).map(userInfoErrorResponse -> {
                        OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, userInfoErrorResponse.getErrorObject().getDescription(), (String) null);
                        throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString());
                    });
                }).bodyToMono(new ParameterizedTypeReference<Map<String, Object>>() { // from class: org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService.1
                }).map(map -> {
                    OAuth2UserAuthority oAuth2UserAuthority = new OAuth2UserAuthority(map);
                    HashSet hashSet = new HashSet();
                    hashSet.add(oAuth2UserAuthority);
                    Iterator it = oAuth2UserRequest.getAccessToken().getScopes().iterator();
                    while (it.hasNext()) {
                        hashSet.add(new SimpleGrantedAuthority("SCOPE_" + ((String) it.next())));
                    }
                    return new DefaultOAuth2User(hashSet, map, userNameAttributeName);
                }).onErrorMap(IOException.class, iOException -> {
                    return new AuthenticationServiceException("Unable to access the userInfoEndpoint " + uri, iOException);
                }).onErrorMap(UnsupportedMediaTypeException.class, unsupportedMediaTypeException -> {
                    OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred while attempting to retrieve the UserInfo Resource from '" + oAuth2UserRequest.getClientRegistration().getProviderDetails().getUserInfoEndpoint().getUri() + "': response contains invalid content type '" + unsupportedMediaTypeException.getContentType().toString() + "'. The UserInfo Response should return a JSON object (content type 'application/json') that contains a collection of name and value pairs of the claims about the authenticated End-User. Please ensure the UserInfo Uri in UserInfoEndpoint for Client Registration '" + oAuth2UserRequest.getClientRegistration().getRegistrationId() + "' conforms to the UserInfo Endpoint, as defined in OpenID Connect 1.0: 'https://openid.net/specs/openid-connect-core-1_0.html#UserInfo'", (String) null);
                    throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString(), unsupportedMediaTypeException);
                }).onErrorMap(th -> {
                    return !(th instanceof AuthenticationServiceException);
                }, th2 -> {
                    OAuth2Error oAuth2Error2 = new OAuth2Error(INVALID_USER_INFO_RESPONSE_ERROR_CODE, "An error occurred reading the UserInfo Success response: " + th2.getMessage(), (String) null);
                    return new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString(), th2);
                });
            }
            OAuth2Error oAuth2Error2 = new OAuth2Error(MISSING_USER_NAME_ATTRIBUTE_ERROR_CODE, "Missing required \"user name\" attribute name in UserInfoEndpoint for Client Registration: " + oAuth2UserRequest.getClientRegistration().getRegistrationId(), (String) null);
            throw new OAuth2AuthenticationException(oAuth2Error2, oAuth2Error2.toString());
        });
    }

    public void setWebClient(WebClient webClient) {
        Assert.notNull(webClient, "webClient cannot be null");
        this.webClient = webClient;
    }

    private static Mono<UserInfoErrorResponse> parse(ClientResponse clientResponse) {
        String first = clientResponse.headers().asHttpHeaders().getFirst("WWW-Authenticate");
        return !StringUtils.isEmpty(first) ? Mono.fromCallable(() -> {
            return UserInfoErrorResponse.parse(first);
        }) : clientResponse.bodyToMono(new ParameterizedTypeReference<Map<String, String>>() { // from class: org.springframework.security.oauth2.client.userinfo.DefaultReactiveOAuth2UserService.2
        }).map(map -> {
            return new UserInfoErrorResponse(ErrorObject.parse(new JSONObject(map)));
        });
    }
}
