package org.springframework.security.web.server.authentication;

import java.util.Iterator;
import java.util.List;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.ReactiveSessionInformation;
import org.springframework.security.core.session.ReactiveSessionRegistry;
import org.springframework.security.web.server.WebFilterExchange;
import org.springframework.util.Assert;
import org.springframework.web.server.WebSession;
import reactor.core.publisher.Mono;
import reactor.util.function.Tuples;

/* loaded from: input_file:BOOT-INF/lib/spring-security-web-6.4.6.jar:org/springframework/security/web/server/authentication/ConcurrentSessionControlServerAuthenticationSuccessHandler.class */
public final class ConcurrentSessionControlServerAuthenticationSuccessHandler implements ServerAuthenticationSuccessHandler {
    private final ReactiveSessionRegistry sessionRegistry;
    private final ServerMaximumSessionsExceededHandler maximumSessionsExceededHandler;
    private SessionLimit sessionLimit = SessionLimit.of(1);

    public ConcurrentSessionControlServerAuthenticationSuccessHandler(ReactiveSessionRegistry reactiveSessionRegistry, ServerMaximumSessionsExceededHandler serverMaximumSessionsExceededHandler) {
        Assert.notNull(reactiveSessionRegistry, "sessionRegistry cannot be null");
        Assert.notNull(serverMaximumSessionsExceededHandler, "maximumSessionsExceededHandler cannot be null");
        this.sessionRegistry = reactiveSessionRegistry;
        this.maximumSessionsExceededHandler = serverMaximumSessionsExceededHandler;
    }

    @Override // org.springframework.security.web.server.authentication.ServerAuthenticationSuccessHandler
    public Mono<Void> onAuthenticationSuccess(WebFilterExchange webFilterExchange, Authentication authentication) {
        return this.sessionLimit.apply(authentication).flatMap(num -> {
            return handleConcurrency(webFilterExchange, authentication, num);
        });
    }

    private Mono<Void> handleConcurrency(WebFilterExchange webFilterExchange, Authentication authentication, Integer num) {
        return this.sessionRegistry.getAllSessions(authentication.getPrincipal()).collectList().flatMap(list -> {
            return webFilterExchange.getExchange().getSession().map(webSession -> {
                return Tuples.of(webSession, list);
            });
        }).flatMap(tuple2 -> {
            WebSession webSession = (WebSession) tuple2.getT1();
            List list2 = (List) tuple2.getT2();
            int size = list2.size();
            if (size < num.intValue()) {
                return Mono.empty();
            }
            if (size == num.intValue()) {
                Iterator it = list2.iterator();
                while (it.hasNext()) {
                    if (((ReactiveSessionInformation) it.next()).getSessionId().equals(webSession.getId())) {
                        return Mono.empty();
                    }
                }
            }
            return this.maximumSessionsExceededHandler.handle(new MaximumSessionsContext(authentication, list2, num.intValue(), webSession));
        });
    }

    public void setSessionLimit(SessionLimit sessionLimit) {
        Assert.notNull(sessionLimit, "sessionLimit cannot be null");
        this.sessionLimit = sessionLimit;
    }
}
