package org.springframework.security.oauth2.server.resource.authentication;

import java.time.Instant;
import java.util.Objects;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.ReactiveAuthenticationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.server.resource.BearerTokenAuthenticationToken;
import org.springframework.security.oauth2.server.resource.InvalidBearerTokenException;
import org.springframework.security.oauth2.server.resource.introspection.BadOpaqueTokenException;
import org.springframework.security.oauth2.server.resource.introspection.OAuth2IntrospectionException;
import org.springframework.security.oauth2.server.resource.introspection.ReactiveOpaqueTokenIntrospector;
import org.springframework.util.Assert;
import reactor.core.publisher.Mono;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-resource-server-5.6.0.jar:org/springframework/security/oauth2/server/resource/authentication/OpaqueTokenReactiveAuthenticationManager.class */
public class OpaqueTokenReactiveAuthenticationManager implements ReactiveAuthenticationManager {
    private final ReactiveOpaqueTokenIntrospector introspector;

    public OpaqueTokenReactiveAuthenticationManager(ReactiveOpaqueTokenIntrospector reactiveOpaqueTokenIntrospector) {
        Assert.notNull(reactiveOpaqueTokenIntrospector, "introspector cannot be null");
        this.introspector = reactiveOpaqueTokenIntrospector;
    }

    @Override // org.springframework.security.authentication.ReactiveAuthenticationManager
    public Mono<Authentication> authenticate(Authentication authentication) {
        Mono justOrEmpty = Mono.justOrEmpty(authentication);
        Class<BearerTokenAuthenticationToken> cls = BearerTokenAuthenticationToken.class;
        Objects.requireNonNull(BearerTokenAuthenticationToken.class);
        return justOrEmpty.filter((v1) -> {
            return r1.isInstance(v1);
        }).cast(BearerTokenAuthenticationToken.class).map((v0) -> {
            return v0.getToken();
        }).flatMap(this::authenticate).cast(Authentication.class);
    }

    private Mono<BearerTokenAuthentication> authenticate(String str) {
        return this.introspector.introspect(str).map(oAuth2AuthenticatedPrincipal -> {
            return new BearerTokenAuthentication(oAuth2AuthenticatedPrincipal, new OAuth2AccessToken(OAuth2AccessToken.TokenType.BEARER, str, (Instant) oAuth2AuthenticatedPrincipal.getAttribute("iat"), (Instant) oAuth2AuthenticatedPrincipal.getAttribute("exp")), oAuth2AuthenticatedPrincipal.getAuthorities());
        }).onErrorMap(OAuth2IntrospectionException.class, this::onError);
    }

    private AuthenticationException onError(OAuth2IntrospectionException oAuth2IntrospectionException) {
        return oAuth2IntrospectionException instanceof BadOpaqueTokenException ? new InvalidBearerTokenException(oAuth2IntrospectionException.getMessage(), oAuth2IntrospectionException) : new AuthenticationServiceException(oAuth2IntrospectionException.getMessage(), oAuth2IntrospectionException);
    }
}
