package org.fcrepo.auth.oauth.impl;

import com.google.common.collect.Sets;
import java.security.AccessControlException;
import java.util.HashSet;
import java.util.Set;
import javax.jcr.Node;
import javax.jcr.PathNotFoundException;
import javax.jcr.RepositoryException;
import javax.jcr.Session;
import org.apache.oltu.oauth2.as.request.OAuthTokenRequest;
import org.fcrepo.auth.oauth.Constants;
import org.fcrepo.auth.oauth.TokenRequestValidations;
import org.fcrepo.http.commons.session.SessionFactory;
import org.fcrepo.kernel.utils.FedoraTypesUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:org/fcrepo/auth/oauth/impl/DefaultTokenRequestValidations.class */
public class DefaultTokenRequestValidations implements TokenRequestValidations {
    private static final Logger LOGGER = LoggerFactory.getLogger(DefaultTokenRequestValidations.class);
    private SessionFactory sessions;

    public DefaultTokenRequestValidations(SessionFactory sessionFactory) {
        this.sessions = sessionFactory;
    }

    @Override // org.fcrepo.auth.oauth.TokenRequestValidations
    public boolean isValidAuthCode(OAuthTokenRequest oAuthTokenRequest) throws RepositoryException {
        boolean z;
        String clientId = oAuthTokenRequest.getClientId();
        LOGGER.debug("Request has authorization client: {}", clientId);
        String code = oAuthTokenRequest.getCode();
        if (code == null) {
            return false;
        }
        Set scopes = oAuthTokenRequest.getScopes();
        Session internalSession = this.sessions.getInternalSession(Constants.OAUTH_WORKSPACE);
        try {
            try {
                Node node = internalSession.getNode("/authorization-codes/" + code);
                LOGGER.debug("Found authorization code node stored: {}", node.getPath());
                if (!node.getProperty(Constants.CLIENT_PROPERTY).getString().equals(clientId)) {
                    internalSession.logout();
                    throw new AccessControlException("Could not establish validity or invalidity of authorization code! Code:" + code);
                }
                if (node.getProperty(Constants.SCOPES_PROPERTY) == null) {
                    internalSession.logout();
                    return true;
                }
                HashSet newHashSet = Sets.newHashSet(FedoraTypesUtils.map(node.getProperty(Constants.SCOPES_PROPERTY).getValues(), FedoraTypesUtils.value2string));
                if (!newHashSet.isEmpty()) {
                    if (Sets.intersection(newHashSet, scopes).isEmpty()) {
                        z = false;
                        return z;
                    }
                }
                z = true;
                return z;
            } catch (PathNotFoundException e) {
                LOGGER.trace("Missing authorization token for code {}", code, e);
                internalSession.logout();
                return false;
            }
        } finally {
            internalSession.logout();
        }
    }

    @Override // org.fcrepo.auth.oauth.TokenRequestValidations
    public boolean isValidClient(OAuthTokenRequest oAuthTokenRequest) {
        return oAuthTokenRequest != null;
    }

    @Override // org.fcrepo.auth.oauth.TokenRequestValidations
    public boolean isValidSecret(OAuthTokenRequest oAuthTokenRequest) {
        return oAuthTokenRequest != null;
    }

    @Override // org.fcrepo.auth.oauth.TokenRequestValidations
    public boolean isValidCredentials(OAuthTokenRequest oAuthTokenRequest) {
        return oAuthTokenRequest != null;
    }
}
