package org.springframework.security.oauth2.server.resource.web.server;

import java.util.LinkedHashMap;
import java.util.Map;
import org.apache.activemq.artemis.api.config.ActiveMQDefaultConfiguration;
import org.apache.hc.client5.http.auth.StandardAuthScheme;
import org.springframework.http.HttpStatus;
import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames;
import org.springframework.security.oauth2.server.resource.BearerTokenError;
import org.springframework.security.web.server.ServerAuthenticationEntryPoint;
import org.springframework.util.StringUtils;
import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-resource-server-6.3.9.jar:org/springframework/security/oauth2/server/resource/web/server/BearerTokenServerAuthenticationEntryPoint.class */
public final class BearerTokenServerAuthenticationEntryPoint implements ServerAuthenticationEntryPoint {
    private String realmName;

    public void setRealmName(String str) {
        this.realmName = str;
    }

    @Override // org.springframework.security.web.server.ServerAuthenticationEntryPoint
    public Mono<Void> commence(ServerWebExchange serverWebExchange, AuthenticationException authenticationException) {
        return Mono.defer(() -> {
            HttpStatus status = getStatus(authenticationException);
            String computeWWWAuthenticateHeaderValue = computeWWWAuthenticateHeaderValue(createParameters(authenticationException));
            ServerHttpResponse response = serverWebExchange.getResponse();
            response.getHeaders().set("WWW-Authenticate", computeWWWAuthenticateHeaderValue);
            response.setStatusCode(status);
            return response.setComplete();
        });
    }

    private Map<String, String> createParameters(AuthenticationException authenticationException) {
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        if (this.realmName != null) {
            linkedHashMap.put("realm", this.realmName);
        }
        if (authenticationException instanceof OAuth2AuthenticationException) {
            OAuth2Error error = ((OAuth2AuthenticationException) authenticationException).getError();
            linkedHashMap.put("error", error.getErrorCode());
            if (StringUtils.hasText(error.getDescription())) {
                linkedHashMap.put(OAuth2ParameterNames.ERROR_DESCRIPTION, error.getDescription());
            }
            if (StringUtils.hasText(error.getUri())) {
                linkedHashMap.put(OAuth2ParameterNames.ERROR_URI, error.getUri());
            }
            if (error instanceof BearerTokenError) {
                BearerTokenError bearerTokenError = (BearerTokenError) error;
                if (StringUtils.hasText(bearerTokenError.getScope())) {
                    linkedHashMap.put("scope", bearerTokenError.getScope());
                }
            }
        }
        return linkedHashMap;
    }

    private HttpStatus getStatus(AuthenticationException authenticationException) {
        if (authenticationException instanceof OAuth2AuthenticationException) {
            OAuth2Error error = ((OAuth2AuthenticationException) authenticationException).getError();
            if (error instanceof BearerTokenError) {
                return ((BearerTokenError) error).getHttpStatus();
            }
        }
        return HttpStatus.UNAUTHORIZED;
    }

    private static String computeWWWAuthenticateHeaderValue(Map<String, String> map) {
        StringBuilder sb = new StringBuilder();
        sb.append(StandardAuthScheme.BEARER);
        if (!map.isEmpty()) {
            sb.append(" ");
            int i = 0;
            for (Map.Entry<String, String> entry : map.entrySet()) {
                sb.append(entry.getKey()).append("=\"").append(entry.getValue()).append(ActiveMQDefaultConfiguration.BROKER_PROPERTIES_KEY_SURROUND);
                if (i != map.size() - 1) {
                    sb.append(", ");
                }
                i++;
            }
        }
        return sb.toString();
    }
}
