package org.springframework.security.oauth2.client.authentication;

import java.util.function.Function;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.endpoint.OAuth2AuthorizationCodeGrantRequest;
import org.springframework.security.oauth2.client.endpoint.ReactiveOAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.core.OAuth2AuthorizationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2AccessTokenResponse;
import org.springframework.security.oauth2.core.endpoint.OAuth2AuthorizationResponse;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-5.8.8.jar:org/springframework/security/oauth2/client/authentication/OAuth2AuthorizationCodeReactiveAuthenticationManager.class */
public class OAuth2AuthorizationCodeReactiveAuthenticationManager implements ReactiveAuthenticationManager {
    private static final String INVALID_STATE_PARAMETER_ERROR_CODE = "invalid_state_parameter";
    private final ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> accessTokenResponseClient;

    public OAuth2AuthorizationCodeReactiveAuthenticationManager(ReactiveOAuth2AccessTokenResponseClient<OAuth2AuthorizationCodeGrantRequest> reactiveOAuth2AccessTokenResponseClient) {
        Assert.notNull(reactiveOAuth2AccessTokenResponseClient, "accessTokenResponseClient cannot be null");
        this.accessTokenResponseClient = reactiveOAuth2AccessTokenResponseClient;
    }

    @Override // org.springframework.security.authentication.ReactiveAuthenticationManager
    public Mono<Authentication> authenticate(Authentication authentication) {
        return Mono.defer(() -> {
            OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken = (OAuth2AuthorizationCodeAuthenticationToken) authentication;
            OAuth2AuthorizationResponse authorizationResponse = oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange().getAuthorizationResponse();
            if (authorizationResponse.statusError()) {
                return Mono.error(new OAuth2AuthorizationException(authorizationResponse.getError()));
            }
            if (!authorizationResponse.getState().equals(oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange().getAuthorizationRequest().getState())) {
                return Mono.error(new OAuth2AuthorizationException(new OAuth2Error(INVALID_STATE_PARAMETER_ERROR_CODE)));
            }
            return this.accessTokenResponseClient.getTokenResponse(new OAuth2AuthorizationCodeGrantRequest(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange())).map(onSuccess(oAuth2AuthorizationCodeAuthenticationToken));
        });
    }

    private Function<OAuth2AccessTokenResponse, OAuth2AuthorizationCodeAuthenticationToken> onSuccess(OAuth2AuthorizationCodeAuthenticationToken oAuth2AuthorizationCodeAuthenticationToken) {
        return oAuth2AccessTokenResponse -> {
            return new OAuth2AuthorizationCodeAuthenticationToken(oAuth2AuthorizationCodeAuthenticationToken.getClientRegistration(), oAuth2AuthorizationCodeAuthenticationToken.getAuthorizationExchange(), oAuth2AccessTokenResponse.getAccessToken(), oAuth2AccessTokenResponse.getRefreshToken(), oAuth2AccessTokenResponse.getAdditionalParameters());
        };
    }
}
