package org.springframework.security.oauth2.client.web.method.annotation;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.core.MethodParameter;
import org.springframework.core.annotation.AnnotatedElementUtils;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.config.Elements;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizeRequest;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2ClientCredentialsGrantRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.support.WebDataBinderFactory;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.method.support.HandlerMethodArgumentResolver;
import org.springframework.web.method.support.ModelAndViewContainer;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-client-5.3.2.RELEASE.jar:org/springframework/security/oauth2/client/web/method/annotation/OAuth2AuthorizedClientArgumentResolver.class */
public final class OAuth2AuthorizedClientArgumentResolver implements HandlerMethodArgumentResolver {
    private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(Elements.ANONYMOUS, "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
    private OAuth2AuthorizedClientManager authorizedClientManager;
    private boolean defaultAuthorizedClientManager;

    public OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
        Assert.notNull(oAuth2AuthorizedClientManager, "authorizedClientManager cannot be null");
        this.authorizedClientManager = oAuth2AuthorizedClientManager;
    }

    public OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
        Assert.notNull(clientRegistrationRepository, "clientRegistrationRepository cannot be null");
        Assert.notNull(oAuth2AuthorizedClientRepository, "authorizedClientRepository cannot be null");
        this.authorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
        this.defaultAuthorizedClientManager = true;
    }

    @Override // org.springframework.web.method.support.HandlerMethodArgumentResolver
    public boolean supportsParameter(MethodParameter methodParameter) {
        return OAuth2AuthorizedClient.class.isAssignableFrom(methodParameter.getParameterType()) && AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class) != null;
    }

    @Override // org.springframework.web.method.support.HandlerMethodArgumentResolver
    @NonNull
    public Object resolveArgument(MethodParameter methodParameter, @Nullable ModelAndViewContainer modelAndViewContainer, NativeWebRequest nativeWebRequest, @Nullable WebDataBinderFactory webDataBinderFactory) {
        String resolveClientRegistrationId = resolveClientRegistrationId(methodParameter);
        if (StringUtils.isEmpty(resolveClientRegistrationId)) {
            throw new IllegalArgumentException("Unable to resolve the Client Registration Identifier. It must be provided via @RegisteredOAuth2AuthorizedClient(\"client1\") or @RegisteredOAuth2AuthorizedClient(registrationId = \"client1\").");
        }
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            authentication = ANONYMOUS_AUTHENTICATION;
        }
        HttpServletRequest httpServletRequest = (HttpServletRequest) nativeWebRequest.getNativeRequest(HttpServletRequest.class);
        return this.authorizedClientManager.authorize(OAuth2AuthorizeRequest.withClientRegistrationId(resolveClientRegistrationId).principal(authentication).attribute(HttpServletRequest.class.getName(), httpServletRequest).attribute(HttpServletResponse.class.getName(), (HttpServletResponse) nativeWebRequest.getNativeResponse(HttpServletResponse.class)).build());
    }

    private String resolveClientRegistrationId(MethodParameter methodParameter) {
        RegisteredOAuth2AuthorizedClient registeredOAuth2AuthorizedClient = (RegisteredOAuth2AuthorizedClient) AnnotatedElementUtils.findMergedAnnotation(methodParameter.getParameter(), RegisteredOAuth2AuthorizedClient.class);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = null;
        if (!StringUtils.isEmpty(registeredOAuth2AuthorizedClient.registrationId())) {
            str = registeredOAuth2AuthorizedClient.registrationId();
        } else if (!StringUtils.isEmpty(registeredOAuth2AuthorizedClient.value())) {
            str = registeredOAuth2AuthorizedClient.value();
        } else if (authentication != null && OAuth2AuthenticationToken.class.isAssignableFrom(authentication.getClass())) {
            str = ((OAuth2AuthenticationToken) authentication).getAuthorizedClientRegistrationId();
        }
        return str;
    }

    @Deprecated
    public void setClientCredentialsTokenResponseClient(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> oAuth2AccessTokenResponseClient) {
        Assert.notNull(oAuth2AccessTokenResponseClient, "clientCredentialsTokenResponseClient cannot be null");
        Assert.state(this.defaultAuthorizedClientManager, "The client cannot be set when the constructor used is \"OAuth2AuthorizedClientArgumentResolver(OAuth2AuthorizedClientManager)\". Instead, use the constructor \"OAuth2AuthorizedClientArgumentResolver(ClientRegistrationRepository, OAuth2AuthorizedClientRepository)\".");
        updateDefaultAuthorizedClientManager(oAuth2AccessTokenResponseClient);
    }

    private void updateDefaultAuthorizedClientManager(OAuth2AccessTokenResponseClient<OAuth2ClientCredentialsGrantRequest> oAuth2AccessTokenResponseClient) {
        ((DefaultOAuth2AuthorizedClientManager) this.authorizedClientManager).setAuthorizedClientProvider(OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().refreshToken().clientCredentials(clientCredentialsGrantBuilder -> {
            clientCredentialsGrantBuilder.accessTokenResponseClient(oAuth2AccessTokenResponseClient);
        }).password().build());
    }
}
