package org.springframework.security.oauth2.client;

import io.r2dbc.spi.Row;
import io.r2dbc.spi.RowMetadata;
import java.nio.ByteBuffer;
import java.nio.charset.StandardCharsets;
import java.time.Instant;
import java.time.LocalDateTime;
import java.time.ZoneOffset;
import java.util.Collections;
import java.util.HashMap;
import java.util.Map;
import java.util.Set;
import java.util.function.BiFunction;
import java.util.function.Function;
import org.springframework.dao.DataRetrievalFailureException;
import org.springframework.r2dbc.core.DatabaseClient;
import org.springframework.r2dbc.core.Parameter;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.client.registration.ReactiveClientRegistrationRepository;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.4.3.jar:org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService.class */
public class R2dbcReactiveOAuth2AuthorizedClientService implements ReactiveOAuth2AuthorizedClientService {
    private static final String COLUMN_NAMES = "client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at";
    private static final String TABLE_NAME = "oauth2_authorized_client";
    private static final String PK_FILTER = "client_registration_id = :clientRegistrationId AND principal_name = :principalName";
    private static final String LOAD_AUTHORIZED_CLIENT_SQL = "SELECT client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at FROM oauth2_authorized_client WHERE client_registration_id = :clientRegistrationId AND principal_name = :principalName";
    private static final String SAVE_AUTHORIZED_CLIENT_SQL = "INSERT INTO oauth2_authorized_client (client_registration_id, principal_name, access_token_type, access_token_value, access_token_issued_at, access_token_expires_at, access_token_scopes, refresh_token_value, refresh_token_issued_at)VALUES (:clientRegistrationId, :principalName, :accessTokenType, :accessTokenValue, :accessTokenIssuedAt, :accessTokenExpiresAt, :accessTokenScopes, :refreshTokenValue, :refreshTokenIssuedAt)";
    private static final String REMOVE_AUTHORIZED_CLIENT_SQL = "DELETE FROM oauth2_authorized_client WHERE client_registration_id = :clientRegistrationId AND principal_name = :principalName";
    private static final String UPDATE_AUTHORIZED_CLIENT_SQL = "UPDATE oauth2_authorized_client SET access_token_type = :accessTokenType,  access_token_value = :accessTokenValue,  access_token_issued_at = :accessTokenIssuedAt, access_token_expires_at = :accessTokenExpiresAt,  access_token_scopes = :accessTokenScopes, refresh_token_value = :refreshTokenValue,  refresh_token_issued_at = :refreshTokenIssuedAt WHERE client_registration_id = :clientRegistrationId AND principal_name = :principalName";
    protected final DatabaseClient databaseClient;
    protected final ReactiveClientRegistrationRepository clientRegistrationRepository;
    protected Function<OAuth2AuthorizedClientHolder, Map<String, Parameter>> authorizedClientParametersMapper;
    protected BiFunction<Row, RowMetadata, OAuth2AuthorizedClientHolder> authorizedClientRowMapper;

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.4.3.jar:org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService$OAuth2AuthorizedClientHolder.class */
    public static final class OAuth2AuthorizedClientHolder {
        private final String clientRegistrationId;
        private final String principalName;
        private final OAuth2AccessToken accessToken;
        private final OAuth2RefreshToken refreshToken;

        public OAuth2AuthorizedClientHolder(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
            Assert.notNull(oAuth2AuthorizedClient, "authorizedClient cannot be null");
            Assert.notNull(authentication, "principal cannot be null");
            this.clientRegistrationId = oAuth2AuthorizedClient.getClientRegistration().getRegistrationId();
            this.principalName = authentication.getName();
            this.accessToken = oAuth2AuthorizedClient.getAccessToken();
            this.refreshToken = oAuth2AuthorizedClient.getRefreshToken();
        }

        public OAuth2AuthorizedClientHolder(String str, String str2, OAuth2AccessToken oAuth2AccessToken, OAuth2RefreshToken oAuth2RefreshToken) {
            Assert.hasText(str, "clientRegistrationId cannot be empty");
            Assert.hasText(str2, "principalName cannot be empty");
            Assert.notNull(oAuth2AccessToken, "accessToken cannot be null");
            this.clientRegistrationId = str;
            this.principalName = str2;
            this.accessToken = oAuth2AccessToken;
            this.refreshToken = oAuth2RefreshToken;
        }

        public String getClientRegistrationId() {
            return this.clientRegistrationId;
        }

        public String getPrincipalName() {
            return this.principalName;
        }

        public OAuth2AccessToken getAccessToken() {
            return this.accessToken;
        }

        public OAuth2RefreshToken getRefreshToken() {
            return this.refreshToken;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.4.3.jar:org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService$OAuth2AuthorizedClientParametersMapper.class */
    public static class OAuth2AuthorizedClientParametersMapper implements Function<OAuth2AuthorizedClientHolder, Map<String, Parameter>> {
        @Override // java.util.function.Function
        public Map<String, Parameter> apply(OAuth2AuthorizedClientHolder oAuth2AuthorizedClientHolder) {
            HashMap hashMap = new HashMap();
            OAuth2AccessToken accessToken = oAuth2AuthorizedClientHolder.getAccessToken();
            OAuth2RefreshToken refreshToken = oAuth2AuthorizedClientHolder.getRefreshToken();
            hashMap.put("clientRegistrationId", Parameter.fromOrEmpty(oAuth2AuthorizedClientHolder.getClientRegistrationId(), String.class));
            hashMap.put("principalName", Parameter.fromOrEmpty(oAuth2AuthorizedClientHolder.getPrincipalName(), String.class));
            hashMap.put("accessTokenType", Parameter.fromOrEmpty(accessToken.getTokenType().getValue(), String.class));
            hashMap.put("accessTokenValue", Parameter.fromOrEmpty(ByteBuffer.wrap(accessToken.getTokenValue().getBytes(StandardCharsets.UTF_8)), ByteBuffer.class));
            hashMap.put("accessTokenIssuedAt", Parameter.fromOrEmpty(LocalDateTime.ofInstant(accessToken.getIssuedAt(), ZoneOffset.UTC), LocalDateTime.class));
            hashMap.put("accessTokenExpiresAt", Parameter.fromOrEmpty(LocalDateTime.ofInstant(accessToken.getExpiresAt(), ZoneOffset.UTC), LocalDateTime.class));
            String str = null;
            if (!CollectionUtils.isEmpty(accessToken.getScopes())) {
                str = StringUtils.collectionToDelimitedString(accessToken.getScopes(), ",");
            }
            hashMap.put("accessTokenScopes", Parameter.fromOrEmpty(str, String.class));
            ByteBuffer byteBuffer = null;
            LocalDateTime localDateTime = null;
            if (refreshToken != null) {
                byteBuffer = ByteBuffer.wrap(refreshToken.getTokenValue().getBytes(StandardCharsets.UTF_8));
                if (refreshToken.getIssuedAt() != null) {
                    localDateTime = LocalDateTime.ofInstant(refreshToken.getIssuedAt(), ZoneOffset.UTC);
                }
            }
            hashMap.put("refreshTokenValue", Parameter.fromOrEmpty(byteBuffer, ByteBuffer.class));
            hashMap.put("refreshTokenIssuedAt", Parameter.fromOrEmpty(localDateTime, LocalDateTime.class));
            return hashMap;
        }
    }

    /* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-client-6.4.3.jar:org/springframework/security/oauth2/client/R2dbcReactiveOAuth2AuthorizedClientService$OAuth2AuthorizedClientRowMapper.class */
    public static class OAuth2AuthorizedClientRowMapper implements BiFunction<Row, RowMetadata, OAuth2AuthorizedClientHolder> {
        @Override // java.util.function.BiFunction
        public OAuth2AuthorizedClientHolder apply(Row row, RowMetadata rowMetadata) {
            String str = (String) row.get("client_registration_id", String.class);
            OAuth2AccessToken.TokenType tokenType = null;
            if (OAuth2AccessToken.TokenType.BEARER.getValue().equalsIgnoreCase((String) row.get("access_token_type", String.class))) {
                tokenType = OAuth2AccessToken.TokenType.BEARER;
            }
            String str2 = new String(((ByteBuffer) row.get("access_token_value", ByteBuffer.class)).array(), StandardCharsets.UTF_8);
            Instant instant = ((LocalDateTime) row.get("access_token_issued_at", LocalDateTime.class)).toInstant(ZoneOffset.UTC);
            Instant instant2 = ((LocalDateTime) row.get("access_token_expires_at", LocalDateTime.class)).toInstant(ZoneOffset.UTC);
            Set<String> emptySet = Collections.emptySet();
            String str3 = (String) row.get("access_token_scopes", String.class);
            if (str3 != null) {
                emptySet = StringUtils.commaDelimitedListToSet(str3);
            }
            OAuth2AccessToken oAuth2AccessToken = new OAuth2AccessToken(tokenType, str2, instant, instant2, emptySet);
            OAuth2RefreshToken oAuth2RefreshToken = null;
            ByteBuffer byteBuffer = (ByteBuffer) row.get("refresh_token_value", ByteBuffer.class);
            if (byteBuffer != null) {
                String str4 = new String(byteBuffer.array(), StandardCharsets.UTF_8);
                Instant instant3 = null;
                LocalDateTime localDateTime = (LocalDateTime) row.get("refresh_token_issued_at", LocalDateTime.class);
                if (localDateTime != null) {
                    instant3 = localDateTime.toInstant(ZoneOffset.UTC);
                }
                oAuth2RefreshToken = new OAuth2RefreshToken(str4, instant3);
            }
            return new OAuth2AuthorizedClientHolder(str, (String) row.get("principal_name", String.class), oAuth2AccessToken, oAuth2RefreshToken);
        }
    }

    public R2dbcReactiveOAuth2AuthorizedClientService(DatabaseClient databaseClient, ReactiveClientRegistrationRepository reactiveClientRegistrationRepository) {
        Assert.notNull(databaseClient, "databaseClient cannot be null");
        Assert.notNull(reactiveClientRegistrationRepository, "clientRegistrationRepository cannot be null");
        this.databaseClient = databaseClient;
        this.clientRegistrationRepository = reactiveClientRegistrationRepository;
        this.authorizedClientParametersMapper = new OAuth2AuthorizedClientParametersMapper();
        this.authorizedClientRowMapper = new OAuth2AuthorizedClientRowMapper();
    }

    @Override // org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
    public <T extends OAuth2AuthorizedClient> Mono<T> loadAuthorizedClient(String str, String str2) {
        Assert.hasText(str, "clientRegistrationId cannot be empty");
        Assert.hasText(str2, "principalName cannot be empty");
        return this.databaseClient.sql(LOAD_AUTHORIZED_CLIENT_SQL).bind("clientRegistrationId", str).bind("principalName", str2).map(this.authorizedClientRowMapper).first().flatMap(this::getAuthorizedClient);
    }

    private Mono<OAuth2AuthorizedClient> getAuthorizedClient(OAuth2AuthorizedClientHolder oAuth2AuthorizedClientHolder) {
        return this.clientRegistrationRepository.findByRegistrationId(oAuth2AuthorizedClientHolder.getClientRegistrationId()).switchIfEmpty(Mono.error(dataRetrievalFailureException(oAuth2AuthorizedClientHolder.getClientRegistrationId()))).map(clientRegistration -> {
            return new OAuth2AuthorizedClient(clientRegistration, oAuth2AuthorizedClientHolder.getPrincipalName(), oAuth2AuthorizedClientHolder.getAccessToken(), oAuth2AuthorizedClientHolder.getRefreshToken());
        });
    }

    private static Throwable dataRetrievalFailureException(String str) {
        return new DataRetrievalFailureException("The ClientRegistration with id '" + str + "' exists in the data source, however, it was not found in the ReactiveClientRegistrationRepository.");
    }

    @Override // org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
    public Mono<Void> saveAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        Assert.notNull(oAuth2AuthorizedClient, "authorizedClient cannot be null");
        Assert.notNull(authentication, "principal cannot be null");
        return loadAuthorizedClient(oAuth2AuthorizedClient.getClientRegistration().getRegistrationId(), authentication.getName()).flatMap(oAuth2AuthorizedClient2 -> {
            return updateAuthorizedClient(oAuth2AuthorizedClient, authentication);
        }).switchIfEmpty(Mono.defer(() -> {
            return insertAuthorizedClient(oAuth2AuthorizedClient, authentication);
        })).then();
    }

    private Mono<Long> updateAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        DatabaseClient.GenericExecuteSpec sql = this.databaseClient.sql(UPDATE_AUTHORIZED_CLIENT_SQL);
        for (Map.Entry<String, Parameter> entry : this.authorizedClientParametersMapper.apply(new OAuth2AuthorizedClientHolder(oAuth2AuthorizedClient, authentication)).entrySet()) {
            sql = sql.bind(entry.getKey(), entry.getValue());
        }
        return sql.fetch().rowsUpdated();
    }

    private Mono<Long> insertAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient, Authentication authentication) {
        DatabaseClient.GenericExecuteSpec sql = this.databaseClient.sql(SAVE_AUTHORIZED_CLIENT_SQL);
        for (Map.Entry<String, Parameter> entry : this.authorizedClientParametersMapper.apply(new OAuth2AuthorizedClientHolder(oAuth2AuthorizedClient, authentication)).entrySet()) {
            sql = sql.bind(entry.getKey(), entry.getValue());
        }
        return sql.fetch().rowsUpdated();
    }

    @Override // org.springframework.security.oauth2.client.ReactiveOAuth2AuthorizedClientService
    public Mono<Void> removeAuthorizedClient(String str, String str2) {
        Assert.hasText(str, "clientRegistrationId cannot be empty");
        Assert.hasText(str2, "principalName cannot be empty");
        return this.databaseClient.sql(REMOVE_AUTHORIZED_CLIENT_SQL).bind("clientRegistrationId", str).bind("principalName", str2).then();
    }

    public final void setAuthorizedClientParametersMapper(Function<OAuth2AuthorizedClientHolder, Map<String, Parameter>> function) {
        Assert.notNull(function, "authorizedClientParametersMapper cannot be null");
        this.authorizedClientParametersMapper = function;
    }

    public final void setAuthorizedClientRowMapper(BiFunction<Row, RowMetadata, OAuth2AuthorizedClientHolder> biFunction) {
        Assert.notNull(biFunction, "authorizedClientRowMapper cannot be null");
        this.authorizedClientRowMapper = biFunction;
    }
}
