package org.springframework.cloud.common.security.support;

import org.springframework.cloud.common.security.core.support.OAuth2TokenUtilsService;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.authentication.OAuth2AuthenticationToken;
import org.springframework.security.oauth2.core.AbstractOAuth2Token;
import org.springframework.security.oauth2.server.resource.authentication.BearerTokenAuthentication;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationToken;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/cloud/common/security/support/DefaultOAuth2TokenUtilsService.class */
public class DefaultOAuth2TokenUtilsService implements OAuth2TokenUtilsService {
    private final OAuth2AuthorizedClientService oauth2AuthorizedClientService;

    public DefaultOAuth2TokenUtilsService(OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
        Assert.notNull(oAuth2AuthorizedClientService, "oauth2AuthorizedClientService must not be null.");
        this.oauth2AuthorizedClientService = oAuth2AuthorizedClientService;
    }

    public String getAccessTokenOfAuthenticatedUser() {
        String tokenValue;
        BearerTokenAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            throw new IllegalStateException("Cannot retrieve the authentication object from the SecurityContext. Are you authenticated?");
        }
        if (authentication instanceof BearerTokenAuthentication) {
            tokenValue = authentication.getToken().getTokenValue();
        } else if (authentication instanceof OAuth2AuthenticationToken) {
            tokenValue = getAuthorizedClient((OAuth2AuthenticationToken) authentication).getAccessToken().getTokenValue();
        } else {
            if (!(authentication instanceof JwtAuthenticationToken)) {
                throw new IllegalStateException("Unsupported authentication object type " + authentication);
            }
            tokenValue = ((AbstractOAuth2Token) authentication.getCredentials()).getTokenValue();
        }
        return tokenValue;
    }

    public OAuth2AuthorizedClient getAuthorizedClient(OAuth2AuthenticationToken oAuth2AuthenticationToken) {
        String name = oAuth2AuthenticationToken.getName();
        String authorizedClientRegistrationId = oAuth2AuthenticationToken.getAuthorizedClientRegistrationId();
        if (!StringUtils.hasText(name)) {
            throw new IllegalStateException("The retrieved principalName must not be null or empty.");
        }
        if (!StringUtils.hasText(authorizedClientRegistrationId)) {
            throw new IllegalStateException("The retrieved clientRegistrationId must not be null or empty.");
        }
        OAuth2AuthorizedClient loadAuthorizedClient = this.oauth2AuthorizedClientService.loadAuthorizedClient(authorizedClientRegistrationId, name);
        if (loadAuthorizedClient == null) {
            throw new IllegalStateException(String.format("No oauth2AuthorizedClient returned for clientRegistrationId '%s' and principalName '%s'.", authorizedClientRegistrationId, name));
        }
        return loadAuthorizedClient;
    }

    public void removeAuthorizedClient(OAuth2AuthorizedClient oAuth2AuthorizedClient) {
        Assert.notNull(oAuth2AuthorizedClient, "The auth2AuthorizedClient must not be null.");
        this.oauth2AuthorizedClientService.removeAuthorizedClient(oAuth2AuthorizedClient.getClientRegistration().getRegistrationId(), oAuth2AuthorizedClient.getPrincipalName());
    }
}
