package org.springframework.cloud.common.security;

import java.net.URI;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.boot.autoconfigure.security.oauth2.client.OAuth2ClientProperties;
import org.springframework.boot.autoconfigure.security.oauth2.resource.OAuth2ResourceServerProperties;
import org.springframework.cloud.common.security.core.support.OAuth2TokenUtilsService;
import org.springframework.cloud.common.security.support.AccessTokenClearingLogoutSuccessHandler;
import org.springframework.cloud.common.security.support.AuthoritiesMapper;
import org.springframework.cloud.common.security.support.CustomAuthoritiesOpaqueTokenIntrospector;
import org.springframework.cloud.common.security.support.CustomOAuth2OidcUserService;
import org.springframework.cloud.common.security.support.CustomPlainOAuth2UserService;
import org.springframework.cloud.common.security.support.DefaultAuthoritiesMapper;
import org.springframework.cloud.common.security.support.DefaultOAuth2TokenUtilsService;
import org.springframework.cloud.common.security.support.ExternalOauth2ResourceAuthoritiesMapper;
import org.springframework.cloud.common.security.support.MappingJwtGrantedAuthoritiesConverter;
import org.springframework.cloud.common.security.support.OnOAuth2SecurityEnabled;
import org.springframework.cloud.common.security.support.SecurityConfigUtils;
import org.springframework.cloud.common.security.support.SecurityStateBean;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Conditional;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.context.event.EventListener;
import org.springframework.core.convert.converter.Converter;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.ProviderManager;
import org.springframework.security.authentication.event.AbstractAuthenticationFailureEvent;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProvider;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientProviderBuilder;
import org.springframework.security.oauth2.client.OAuth2AuthorizedClientService;
import org.springframework.security.oauth2.client.endpoint.DefaultPasswordTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2AccessTokenResponseClient;
import org.springframework.security.oauth2.client.endpoint.OAuth2PasswordGrantRequest;
import org.springframework.security.oauth2.client.oidc.userinfo.OidcUserRequest;
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserRequest;
import org.springframework.security.oauth2.client.userinfo.OAuth2UserService;
import org.springframework.security.oauth2.client.web.DefaultOAuth2AuthorizedClientManager;
import org.springframework.security.oauth2.client.web.OAuth2AuthorizedClientRepository;
import org.springframework.security.oauth2.client.web.reactive.function.client.ServletOAuth2AuthorizedClientExchangeFilterFunction;
import org.springframework.security.oauth2.core.oidc.user.OidcUser;
import org.springframework.security.oauth2.core.user.OAuth2User;
import org.springframework.security.oauth2.jwt.Jwt;
import org.springframework.security.oauth2.server.resource.authentication.JwtAuthenticationConverter;
import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
import org.springframework.security.web.authentication.HttpStatusEntryPoint;
import org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
import org.springframework.security.web.authentication.www.BasicAuthenticationEntryPoint;
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
import org.springframework.security.web.util.matcher.AnyRequestMatcher;
import org.springframework.security.web.util.matcher.MediaTypeRequestMatcher;
import org.springframework.security.web.util.matcher.RequestHeaderRequestMatcher;
import org.springframework.util.StringUtils;
import org.springframework.web.HttpMediaTypeNotAcceptableException;
import org.springframework.web.accept.HeaderContentNegotiationStrategy;
import org.springframework.web.context.request.NativeWebRequest;
import org.springframework.web.reactive.function.client.WebClient;

@EnableWebSecurity
@ConditionalOnMissingBean({WebSecurityConfigurerAdapter.class})
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.ANY)
@Import({OAuth2AccessTokenResponseClientConfig.class, OAuth2AuthenticationFailureEventConfig.class, OpaqueTokenIntrospectorConfig.class, OidcUserServiceConfig.class, PlainOauth2UserServiceConfig.class, WebClientConfig.class, AuthoritiesMapperConfig.class, OAuth2TokenUtilsServiceConfig.class, LogoutSuccessHandlerConfig.class, ProviderManagerConfig.class, AuthenticationProviderConfig.class})
@Configuration(proxyBeanMethods = false)
@ConditionalOnClass({WebSecurityConfigurerAdapter.class})
@Conditional({OnOAuth2SecurityEnabled.class})
/* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration.class */
public class OAuthSecurityConfiguration extends WebSecurityConfigurerAdapter {
    private static final Logger logger = LoggerFactory.getLogger(OAuthSecurityConfiguration.class);

    @Autowired
    protected OAuth2ClientProperties oauth2ClientProperties;

    @Autowired
    protected SecurityStateBean securityStateBean;

    @Autowired
    protected SecurityProperties securityProperties;

    @Autowired
    protected ApplicationEventPublisher applicationEventPublisher;

    @Autowired
    protected AuthorizationProperties authorizationProperties;

    @Autowired
    protected OAuth2ResourceServerProperties oAuth2ResourceServerProperties;

    @Autowired
    protected OAuth2UserService<OAuth2UserRequest, OAuth2User> plainOauth2UserService;

    @Autowired
    protected OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService;

    @Autowired
    protected LogoutSuccessHandler logoutSuccessHandler;
    protected OpaqueTokenIntrospector opaqueTokenIntrospector;
    protected ProviderManager providerManager;

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnProperty(prefix = "spring.security.oauth2.resourceserver.opaquetoken", value = {"introspection-uri"})
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$AuthenticationProviderConfig.class */
    protected static class AuthenticationProviderConfig {
        protected OpaqueTokenIntrospector opaqueTokenIntrospector;

        protected AuthenticationProviderConfig() {
        }

        @Autowired(required = false)
        public void setOpaqueTokenIntrospector(OpaqueTokenIntrospector opaqueTokenIntrospector) {
            this.opaqueTokenIntrospector = opaqueTokenIntrospector;
        }

        @Bean
        protected AuthenticationProvider authenticationProvider(OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> oAuth2AccessTokenResponseClient, ClientRegistrationRepository clientRegistrationRepository, AuthorizationProperties authorizationProperties, OAuth2ClientProperties oAuth2ClientProperties) {
            return new ManualOAuthAuthenticationProvider(oAuth2AccessTokenResponseClient, clientRegistrationRepository, this.opaqueTokenIntrospector, OAuthSecurityConfiguration.calculateDefaultProviderId(authorizationProperties, oAuth2ClientProperties));
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$AuthoritiesMapperConfig.class */
    protected static class AuthoritiesMapperConfig {
        protected AuthoritiesMapperConfig() {
        }

        @Bean
        protected AuthoritiesMapper authorityMapper(AuthorizationProperties authorizationProperties, OAuth2ClientProperties oAuth2ClientProperties) {
            return !StringUtils.hasText(authorizationProperties.getExternalAuthoritiesUrl()) ? new DefaultAuthoritiesMapper(authorizationProperties.getProviderRoleMappings(), OAuthSecurityConfiguration.calculateDefaultProviderId(authorizationProperties, oAuth2ClientProperties)) : new ExternalOauth2ResourceAuthoritiesMapper(URI.create(authorizationProperties.getExternalAuthoritiesUrl()));
        }
    }

    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$BrowserDetectingContentNegotiationStrategy.class */
    protected static class BrowserDetectingContentNegotiationStrategy extends HeaderContentNegotiationStrategy {
        protected BrowserDetectingContentNegotiationStrategy() {
        }

        public List<MediaType> resolveMediaTypes(NativeWebRequest nativeWebRequest) throws HttpMediaTypeNotAcceptableException {
            List resolveMediaTypes = super.resolveMediaTypes(nativeWebRequest);
            String header = nativeWebRequest.getHeader("User-Agent");
            return (header == null || !header.contains("Mozilla/5.0") || resolveMediaTypes.contains(MediaType.APPLICATION_JSON)) ? Collections.singletonList(MediaType.APPLICATION_JSON) : Collections.singletonList(MediaType.TEXT_HTML);
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$LogoutSuccessHandlerConfig.class */
    protected static class LogoutSuccessHandlerConfig {
        protected LogoutSuccessHandlerConfig() {
        }

        @Bean
        protected LogoutSuccessHandler logoutSuccessHandler(AuthorizationProperties authorizationProperties, OAuth2TokenUtilsService oAuth2TokenUtilsService) {
            AccessTokenClearingLogoutSuccessHandler accessTokenClearingLogoutSuccessHandler = new AccessTokenClearingLogoutSuccessHandler(oAuth2TokenUtilsService);
            accessTokenClearingLogoutSuccessHandler.setDefaultTargetUrl(OAuthSecurityConfiguration.dashboard(authorizationProperties, "/logout-success-oauth.html"));
            return accessTokenClearingLogoutSuccessHandler;
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OAuth2AccessTokenResponseClientConfig.class */
    protected static class OAuth2AccessTokenResponseClientConfig {
        protected OAuth2AccessTokenResponseClientConfig() {
        }

        @Bean
        OAuth2AccessTokenResponseClient<OAuth2PasswordGrantRequest> oAuth2PasswordTokenResponseClient() {
            return new DefaultPasswordTokenResponseClient();
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OAuth2AuthenticationFailureEventConfig.class */
    protected static class OAuth2AuthenticationFailureEventConfig {
        protected OAuth2AuthenticationFailureEventConfig() {
        }

        @EventListener
        public void handleOAuth2AuthenticationFailureEvent(AbstractAuthenticationFailureEvent abstractAuthenticationFailureEvent) {
            OAuthSecurityConfiguration.logger.warn("An authentication failure event occurred while accessing a REST resource that requires authentication.", abstractAuthenticationFailureEvent.getException());
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OAuth2AuthorizedClientManagerConfig.class */
    protected static class OAuth2AuthorizedClientManagerConfig {
        protected OAuth2AuthorizedClientManagerConfig() {
        }

        @Bean
        protected OAuth2AuthorizedClientManager authorizedClientManager(ClientRegistrationRepository clientRegistrationRepository, OAuth2AuthorizedClientRepository oAuth2AuthorizedClientRepository) {
            OAuth2AuthorizedClientProvider build = OAuth2AuthorizedClientProviderBuilder.builder().authorizationCode().refreshToken().clientCredentials().password().build();
            DefaultOAuth2AuthorizedClientManager defaultOAuth2AuthorizedClientManager = new DefaultOAuth2AuthorizedClientManager(clientRegistrationRepository, oAuth2AuthorizedClientRepository);
            defaultOAuth2AuthorizedClientManager.setAuthorizedClientProvider(build);
            return defaultOAuth2AuthorizedClientManager;
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OAuth2TokenUtilsServiceConfig.class */
    protected static class OAuth2TokenUtilsServiceConfig {
        protected OAuth2TokenUtilsServiceConfig() {
        }

        @Bean
        protected OAuth2TokenUtilsService oauth2TokenUtilsService(OAuth2AuthorizedClientService oAuth2AuthorizedClientService) {
            return new DefaultOAuth2TokenUtilsService(oAuth2AuthorizedClientService);
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OidcUserServiceConfig.class */
    protected static class OidcUserServiceConfig {
        protected OidcUserServiceConfig() {
        }

        @Bean
        protected OAuth2UserService<OidcUserRequest, OidcUser> oidcUserService(AuthoritiesMapper authoritiesMapper) {
            return new CustomOAuth2OidcUserService(authoritiesMapper);
        }
    }

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnProperty(prefix = "spring.security.oauth2.resourceserver.opaquetoken", value = {"introspection-uri"})
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$OpaqueTokenIntrospectorConfig.class */
    protected static class OpaqueTokenIntrospectorConfig {
        protected OpaqueTokenIntrospectorConfig() {
        }

        @Bean
        protected OpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2ResourceServerProperties oAuth2ResourceServerProperties, AuthoritiesMapper authoritiesMapper) {
            return new CustomAuthoritiesOpaqueTokenIntrospector(oAuth2ResourceServerProperties.getOpaquetoken().getIntrospectionUri(), oAuth2ResourceServerProperties.getOpaquetoken().getClientId(), oAuth2ResourceServerProperties.getOpaquetoken().getClientSecret(), authoritiesMapper);
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$PlainOauth2UserServiceConfig.class */
    protected static class PlainOauth2UserServiceConfig {
        protected PlainOauth2UserServiceConfig() {
        }

        @Bean
        protected OAuth2UserService<OAuth2UserRequest, OAuth2User> plainOauth2UserService(AuthoritiesMapper authoritiesMapper) {
            return new CustomPlainOAuth2UserService(authoritiesMapper);
        }
    }

    @Configuration(proxyBeanMethods = false)
    @ConditionalOnProperty(prefix = "spring.security.oauth2.resourceserver.opaquetoken", value = {"introspection-uri"})
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$ProviderManagerConfig.class */
    protected static class ProviderManagerConfig {
        private AuthenticationProvider authenticationProvider;

        protected ProviderManagerConfig() {
        }

        protected AuthenticationProvider getAuthenticationProvider() {
            return this.authenticationProvider;
        }

        @Autowired(required = false)
        protected void setAuthenticationProvider(AuthenticationProvider authenticationProvider) {
            this.authenticationProvider = authenticationProvider;
        }

        @Bean
        protected ProviderManager providerManager() {
            ArrayList arrayList = new ArrayList();
            arrayList.add(this.authenticationProvider);
            return new ProviderManager(arrayList);
        }
    }

    @Configuration(proxyBeanMethods = false)
    /* loaded from: input_file:org/springframework/cloud/common/security/OAuthSecurityConfiguration$WebClientConfig.class */
    protected static class WebClientConfig {
        protected WebClientConfig() {
        }

        @Bean
        protected WebClient webClient(OAuth2AuthorizedClientManager oAuth2AuthorizedClientManager) {
            ServletOAuth2AuthorizedClientExchangeFilterFunction servletOAuth2AuthorizedClientExchangeFilterFunction = new ServletOAuth2AuthorizedClientExchangeFilterFunction(oAuth2AuthorizedClientManager);
            servletOAuth2AuthorizedClientExchangeFilterFunction.setDefaultOAuth2AuthorizedClient(true);
            return WebClient.builder().apply(servletOAuth2AuthorizedClientExchangeFilterFunction.oauth2Configuration()).build();
        }
    }

    public AuthorizationProperties getAuthorizationProperties() {
        return this.authorizationProperties;
    }

    public void setAuthorizationProperties(AuthorizationProperties authorizationProperties) {
        this.authorizationProperties = authorizationProperties;
    }

    public OpaqueTokenIntrospector getOpaqueTokenIntrospector() {
        return this.opaqueTokenIntrospector;
    }

    @Autowired(required = false)
    public void setOpaqueTokenIntrospector(OpaqueTokenIntrospector opaqueTokenIntrospector) {
        this.opaqueTokenIntrospector = opaqueTokenIntrospector;
    }

    public ProviderManager getProviderManager() {
        return this.providerManager;
    }

    @Autowired(required = false)
    public void setProviderManager(ProviderManager providerManager) {
        this.providerManager = providerManager;
    }

    public OAuth2ResourceServerProperties getoAuth2ResourceServerProperties() {
        return this.oAuth2ResourceServerProperties;
    }

    public void setoAuth2ResourceServerProperties(OAuth2ResourceServerProperties oAuth2ResourceServerProperties) {
        this.oAuth2ResourceServerProperties = oAuth2ResourceServerProperties;
    }

    public SecurityStateBean getSecurityStateBean() {
        return this.securityStateBean;
    }

    public void setSecurityStateBean(SecurityStateBean securityStateBean) {
        this.securityStateBean = securityStateBean;
    }

    protected void configure(HttpSecurity httpSecurity) throws Exception {
        MediaTypeRequestMatcher mediaTypeRequestMatcher = new MediaTypeRequestMatcher(new BrowserDetectingContentNegotiationStrategy(), new MediaType[]{MediaType.TEXT_HTML});
        BasicAuthenticationEntryPoint basicAuthenticationEntryPoint = new BasicAuthenticationEntryPoint();
        basicAuthenticationEntryPoint.setRealmName(SecurityConfigUtils.BASIC_AUTH_REALM_NAME);
        basicAuthenticationEntryPoint.afterPropertiesSet();
        if (this.opaqueTokenIntrospector != null) {
            httpSecurity.addFilter(new BasicAuthenticationFilter(this.providerManager, basicAuthenticationEntryPoint));
        }
        this.authorizationProperties.getAuthenticatedPaths().add("/");
        this.authorizationProperties.getAuthenticatedPaths().add(dashboard(this.authorizationProperties, "/**"));
        this.authorizationProperties.getAuthenticatedPaths().add(this.authorizationProperties.getDashboardUrl());
        this.authorizationProperties.getPermitAllPaths().add(this.authorizationProperties.getDashboardUrl());
        this.authorizationProperties.getPermitAllPaths().add(dashboard(this.authorizationProperties, "/**"));
        ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) SecurityConfigUtils.configureSimpleSecurity(((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) ((ExpressionUrlAuthorizationConfigurer.AuthorizedUrl) httpSecurity.authorizeRequests().antMatchers((String[]) this.authorizationProperties.getPermitAllPaths().toArray(new String[0]))).permitAll().antMatchers((String[]) this.authorizationProperties.getAuthenticatedPaths().toArray(new String[0]))).authenticated(), this.authorizationProperties).anyRequest()).denyAll();
        httpSecurity.httpBasic().and().logout().logoutSuccessHandler(this.logoutSuccessHandler).and().csrf().disable().exceptionHandling().defaultAuthenticationEntryPointFor(new HttpStatusEntryPoint(HttpStatus.UNAUTHORIZED), new RequestHeaderRequestMatcher("X-Requested-With", "XMLHttpRequest")).defaultAuthenticationEntryPointFor(new LoginUrlAuthenticationEntryPoint(this.authorizationProperties.getLoginProcessingUrl()), mediaTypeRequestMatcher).defaultAuthenticationEntryPointFor(basicAuthenticationEntryPoint, AnyRequestMatcher.INSTANCE);
        httpSecurity.oauth2Login().userInfoEndpoint().userService(this.plainOauth2UserService).oidcUserService(this.oidcUserService);
        if (this.opaqueTokenIntrospector != null) {
            httpSecurity.oauth2ResourceServer().opaqueToken().introspector(this.opaqueTokenIntrospector);
        } else if (this.oAuth2ResourceServerProperties.getJwt().getJwkSetUri() != null) {
            httpSecurity.oauth2ResourceServer().jwt().jwtAuthenticationConverter(grantedAuthoritiesExtractor());
        }
        this.securityStateBean.setAuthenticationEnabled(true);
    }

    protected static String dashboard(AuthorizationProperties authorizationProperties, String str) {
        return authorizationProperties.getDashboardUrl() + str;
    }

    protected Converter<Jwt, AbstractAuthenticationToken> grantedAuthoritiesExtractor() {
        ProviderRoleMapping providerRoleMapping = this.authorizationProperties.getProviderRoleMappings().get(calculateDefaultProviderId(this.authorizationProperties, this.oauth2ClientProperties));
        JwtAuthenticationConverter jwtAuthenticationConverter = new JwtAuthenticationConverter();
        MappingJwtGrantedAuthoritiesConverter mappingJwtGrantedAuthoritiesConverter = new MappingJwtGrantedAuthoritiesConverter();
        mappingJwtGrantedAuthoritiesConverter.setAuthorityPrefix("");
        jwtAuthenticationConverter.setJwtGrantedAuthoritiesConverter(mappingJwtGrantedAuthoritiesConverter);
        if (providerRoleMapping != null) {
            mappingJwtGrantedAuthoritiesConverter.setAuthoritiesMapping(providerRoleMapping.getRoleMappings());
            mappingJwtGrantedAuthoritiesConverter.setGroupAuthoritiesMapping(providerRoleMapping.getGroupMappings());
            if (StringUtils.hasText(providerRoleMapping.getPrincipalClaimName())) {
                jwtAuthenticationConverter.setPrincipalClaimName(providerRoleMapping.getPrincipalClaimName());
            }
        }
        return jwtAuthenticationConverter;
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static String calculateDefaultProviderId(AuthorizationProperties authorizationProperties, OAuth2ClientProperties oAuth2ClientProperties) {
        if (authorizationProperties.getDefaultProviderId() != null) {
            return authorizationProperties.getDefaultProviderId();
        }
        if (oAuth2ClientProperties.getRegistration().size() == 1) {
            return (String) ((Map.Entry) oAuth2ClientProperties.getRegistration().entrySet().iterator().next()).getKey();
        }
        if (oAuth2ClientProperties.getRegistration().size() <= 1 || StringUtils.hasText(authorizationProperties.getDefaultProviderId())) {
            throw new IllegalStateException("Unable to retrieve default provider id.");
        }
        throw new IllegalStateException("defaultProviderId must be set if more than 1 Registration is provided.");
    }
}
