package org.springframework.security.authorization.method;

import java.lang.reflect.Method;
import java.util.function.Supplier;
import kotlinx.coroutines.reactive.ReactiveFlowKt;
import org.aopalliance.aop.Advice;
import org.aopalliance.intercept.MethodInvocation;
import org.reactivestreams.Publisher;
import org.springframework.aop.Pointcut;
import org.springframework.core.KotlinDetector;
import org.springframework.core.MethodParameter;
import org.springframework.core.ReactiveAdapter;
import org.springframework.core.ReactiveAdapterRegistry;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.AuthorizationDeniedException;
import org.springframework.security.authorization.AuthorizationResult;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.util.Assert;
import reactor.core.publisher.Flux;
import reactor.core.publisher.Mono;

/* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.3.7.jar:org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor.class */
public final class AuthorizationManagerBeforeReactiveMethodInterceptor implements AuthorizationAdvisor {
    private static final String COROUTINES_FLOW_CLASS_NAME = "kotlinx.coroutines.flow.Flow";
    private static final int RETURN_TYPE_METHOD_PARAMETER_INDEX = -1;
    private final Pointcut pointcut;
    private final ReactiveAuthorizationManager<MethodInvocation> authorizationManager;
    private int order = AuthorizationInterceptorsOrder.FIRST.getOrder();
    private final MethodAuthorizationDeniedHandler defaultHandler = new ThrowingMethodAuthorizationDeniedHandler();

    /* loaded from: input_file:BOOT-INF/lib/spring-security-core-6.3.7.jar:org/springframework/security/authorization/method/AuthorizationManagerBeforeReactiveMethodInterceptor$KotlinDelegate.class */
    private static class KotlinDelegate {
        private KotlinDelegate() {
        }

        private static Object asFlow(Publisher<?> publisher) {
            return ReactiveFlowKt.asFlow(publisher);
        }
    }

    public static AuthorizationManagerBeforeReactiveMethodInterceptor preAuthorize() {
        return preAuthorize(new PreAuthorizeReactiveAuthorizationManager());
    }

    public static AuthorizationManagerBeforeReactiveMethodInterceptor preAuthorize(ReactiveAuthorizationManager<MethodInvocation> reactiveAuthorizationManager) {
        AuthorizationManagerBeforeReactiveMethodInterceptor authorizationManagerBeforeReactiveMethodInterceptor = new AuthorizationManagerBeforeReactiveMethodInterceptor(AuthorizationMethodPointcuts.forAnnotations(PreAuthorize.class), reactiveAuthorizationManager);
        authorizationManagerBeforeReactiveMethodInterceptor.setOrder(AuthorizationInterceptorsOrder.PRE_AUTHORIZE.getOrder());
        return authorizationManagerBeforeReactiveMethodInterceptor;
    }

    public AuthorizationManagerBeforeReactiveMethodInterceptor(Pointcut pointcut, ReactiveAuthorizationManager<MethodInvocation> reactiveAuthorizationManager) {
        Assert.notNull(pointcut, "pointcut cannot be null");
        Assert.notNull(reactiveAuthorizationManager, "authorizationManager cannot be null");
        this.pointcut = pointcut;
        this.authorizationManager = reactiveAuthorizationManager;
    }

    @Override // org.aopalliance.intercept.MethodInterceptor
    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
        Method method = methodInvocation.getMethod();
        Class<?> returnType = method.getReturnType();
        boolean isSuspendingFunction = KotlinDetector.isSuspendingFunction(method);
        boolean equals = COROUTINES_FLOW_CLASS_NAME.equals(new MethodParameter(method, -1).getParameterType().getName());
        Assert.state(Publisher.class.isAssignableFrom(returnType) || isSuspendingFunction || equals, (Supplier<String>) () -> {
            return "The returnType " + returnType + " on " + method + " must return an instance of org.reactivestreams.Publisher (for example, a Mono or Flux) or the function must be a Kotlin coroutine in order to support Reactor Context";
        });
        ReactiveAdapter adapter = ReactiveAdapterRegistry.getSharedInstance().getAdapter(returnType);
        if (equals) {
            if (isSuspendingFunction) {
                return preAuthorized(methodInvocation, Flux.defer(() -> {
                    return (Publisher) ReactiveMethodInvocationUtils.proceed(methodInvocation);
                }));
            }
            Assert.state(adapter != null, (Supplier<String>) () -> {
                return "The returnType " + returnType + " on " + method + " must have a org.springframework.core.ReactiveAdapter registered";
            });
            return KotlinDelegate.asFlow(preAuthorized(methodInvocation, Flux.defer(() -> {
                return adapter.toPublisher(ReactiveMethodInvocationUtils.proceed(methodInvocation));
            })));
        }
        if (isMultiValue(returnType, adapter)) {
            Flux<Object> preAuthorized = preAuthorized(methodInvocation, Flux.defer(() -> {
                return (Publisher) ReactiveMethodInvocationUtils.proceed(methodInvocation);
            }));
            return adapter != null ? adapter.fromPublisher(preAuthorized) : preAuthorized;
        }
        Mono<Object> preAuthorized2 = preAuthorized(methodInvocation, Mono.defer(() -> {
            return (Mono) ReactiveMethodInvocationUtils.proceed(methodInvocation);
        }));
        return adapter != null ? adapter.fromPublisher(preAuthorized2) : preAuthorized2;
    }

    private Flux<Object> preAuthorized(MethodInvocation methodInvocation, Flux<Object> flux) {
        return this.authorizationManager.check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation).switchIfEmpty(Mono.just(new AuthorizationDecision(false))).flatMapMany(authorizationDecision -> {
            return authorizationDecision.isGranted() ? flux.onErrorResume(AuthorizationDeniedException.class, authorizationDeniedException -> {
                return postProcess(authorizationDeniedException, methodInvocation);
            }) : postProcess(authorizationDecision, methodInvocation);
        });
    }

    private Mono<Object> preAuthorized(MethodInvocation methodInvocation, Mono<Object> mono) {
        return this.authorizationManager.check(ReactiveAuthenticationUtils.getAuthentication(), methodInvocation).switchIfEmpty(Mono.just(new AuthorizationDecision(false))).flatMap(authorizationDecision -> {
            return authorizationDecision.isGranted() ? mono.onErrorResume(AuthorizationDeniedException.class, authorizationDeniedException -> {
                return postProcess(authorizationDeniedException, methodInvocation);
            }) : postProcess(authorizationDecision, methodInvocation);
        });
    }

    private Mono<Object> postProcess(AuthorizationResult authorizationResult, MethodInvocation methodInvocation) {
        return Mono.fromSupplier(() -> {
            ReactiveAuthorizationManager<MethodInvocation> reactiveAuthorizationManager = this.authorizationManager;
            return reactiveAuthorizationManager instanceof MethodAuthorizationDeniedHandler ? ((MethodAuthorizationDeniedHandler) reactiveAuthorizationManager).handleDeniedInvocation(methodInvocation, authorizationResult) : this.defaultHandler.handleDeniedInvocation(methodInvocation, authorizationResult);
        }).flatMap(obj -> {
            return Mono.class.isAssignableFrom(obj.getClass()) ? (Mono) obj : Mono.justOrEmpty(obj);
        });
    }

    private boolean isMultiValue(Class<?> cls, ReactiveAdapter reactiveAdapter) {
        if (Flux.class.isAssignableFrom(cls)) {
            return true;
        }
        return reactiveAdapter != null && reactiveAdapter.isMultiValue();
    }

    @Override // org.springframework.aop.PointcutAdvisor
    public Pointcut getPointcut() {
        return this.pointcut;
    }

    @Override // org.springframework.aop.Advisor
    public Advice getAdvice() {
        return this;
    }

    @Override // org.springframework.aop.Advisor
    public boolean isPerInstance() {
        return true;
    }

    @Override // org.springframework.core.Ordered
    public int getOrder() {
        return this.order;
    }

    public void setOrder(int i) {
        this.order = i;
    }
}
