package org.bremersee.security.authentication;

import org.bremersee.security.OAuth2Properties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.jwt.JwtException;
import org.springframework.security.oauth2.jwt.ReactiveJwtDecoder;
import org.springframework.security.oauth2.server.resource.BearerTokenError;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.authentication.ReactiveJwtAuthenticationConverterAdapter;
import org.springframework.util.MultiValueMap;
import org.springframework.web.reactive.function.client.WebClient;
import reactor.core.publisher.Mono;

/* loaded from: input_file:org/bremersee/security/authentication/PasswordFlowReactiveAuthenticationManager.class */
public class PasswordFlowReactiveAuthenticationManager extends AbstractPasswordFlowAuthenticationManager implements ReactiveAuthenticationManager {
    private static final Logger log = LoggerFactory.getLogger(PasswordFlowReactiveAuthenticationManager.class);
    private final AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> retriever;
    private final ReactiveJwtDecoder jwtDecoder;
    private Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> jwtConverter;

    public PasswordFlowReactiveAuthenticationManager(OAuth2Properties oAuth2Properties, ReactiveJwtDecoder reactiveJwtDecoder) {
        super(oAuth2Properties);
        this.jwtConverter = new ReactiveJwtAuthenticationConverterAdapter(new JwtAuthenticationConverter());
        this.jwtDecoder = reactiveJwtDecoder;
        this.retriever = new PasswordFlowAccessTokenReactiveRetriever(WebClient.builder().baseUrl(oAuth2Properties.getPasswordFlow().getTokenEndpoint()).build());
    }

    public PasswordFlowReactiveAuthenticationManager(OAuth2Properties oAuth2Properties, ReactiveJwtDecoder reactiveJwtDecoder, AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> accessTokenRetriever) {
        super(oAuth2Properties);
        this.jwtConverter = new ReactiveJwtAuthenticationConverterAdapter(new JwtAuthenticationConverter());
        this.jwtDecoder = reactiveJwtDecoder;
        this.retriever = accessTokenRetriever;
    }

    public Mono<Authentication> authenticate(Authentication authentication) {
        if (log.isDebugEnabled()) {
            log.debug("msg=[Authenticating basic authentication with OAuth2 password flow.]");
        }
        Mono just = Mono.just(createPasswordFlowBody(authentication));
        AccessTokenRetriever<MultiValueMap<String, String>, Mono<String>> accessTokenRetriever = this.retriever;
        accessTokenRetriever.getClass();
        Mono flatMap = just.flatMap((v1) -> {
            return r1.retrieveAccessToken(v1);
        });
        ReactiveJwtDecoder reactiveJwtDecoder = this.jwtDecoder;
        reactiveJwtDecoder.getClass();
        Mono flatMap2 = flatMap.flatMap(reactiveJwtDecoder::decode);
        Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> converter = this.jwtConverter;
        converter.getClass();
        return flatMap2.flatMap((v1) -> {
            return r1.convert(v1);
        }).cast(Authentication.class).onErrorMap(JwtException.class, this::onError);
    }

    private OAuth2AuthenticationException onError(JwtException jwtException) {
        log.error("msg=[Basic authentication with password flow failed.]", jwtException);
        return new OAuth2AuthenticationException(invalidToken(jwtException.getMessage()), jwtException.getMessage());
    }

    private static OAuth2Error invalidToken(String str) {
        return new BearerTokenError("invalid_token", HttpStatus.UNAUTHORIZED, str, "https://tools.ietf.org/html/rfc6750#section-3.1");
    }

    public void setJwtConverter(Converter<Jwt, ? extends Mono<? extends AbstractAuthenticationToken>> converter) {
        this.jwtConverter = converter;
    }
}
