package org.mitre.openid.connect.token;

import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import java.util.Calendar;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Set;
import org.eclipse.persistence.config.PersistenceUnitProperties;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.approval.UserApprovalHandler;
import org.springframework.stereotype.Component;

@Component("tofuUserApprovalHandler")
/* loaded from: input_file:WEB-INF/classes/org/mitre/openid/connect/token/TofuUserApprovalHandler.class */
public class TofuUserApprovalHandler implements UserApprovalHandler {

    @Autowired
    private ApprovedSiteService approvedSiteService;

    @Autowired
    private WhitelistedSiteService whitelistedSiteService;

    @Autowired
    private ClientDetailsService clientDetailsService;

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication authentication) {
        if (authorizationRequest.isApproved()) {
            return true;
        }
        return authentication.isAuthenticated() && Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL));
    }

    private boolean scopesMatch(Set<String> set, Set<String> set2) {
        Iterator<String> it = set.iterator();
        while (it.hasNext()) {
            if (!set2.contains(it.next())) {
                return false;
            }
        }
        return true;
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public AuthorizationRequest updateBeforeApproval(AuthorizationRequest authorizationRequest, Authentication authentication) {
        String name = authentication.getName();
        String clientId = authorizationRequest.getClientId();
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(clientId);
        if (!"consent".equals(authorizationRequest.getAuthorizationParameters().get("prompt"))) {
            for (ApprovedSite approvedSite : this.approvedSiteService.getByClientIdAndUserId(clientId, name)) {
                if (!approvedSite.isExpired() && scopesMatch(authorizationRequest.getScope(), approvedSite.getAllowedScopes())) {
                    approvedSite.setAccessDate(new Date());
                    this.approvedSiteService.save(approvedSite);
                    DefaultAuthorizationRequest defaultAuthorizationRequest = new DefaultAuthorizationRequest(authorizationRequest);
                    defaultAuthorizationRequest.setApproved(true);
                    return defaultAuthorizationRequest;
                }
            }
            WhitelistedSite byClientId = this.whitelistedSiteService.getByClientId(clientId);
            if (byClientId != null && scopesMatch(authorizationRequest.getScope(), byClientId.getAllowedScopes())) {
                this.approvedSiteService.createApprovedSite(clientId, name, null, byClientId.getAllowedScopes(), byClientId);
                DefaultAuthorizationRequest defaultAuthorizationRequest2 = new DefaultAuthorizationRequest(authorizationRequest);
                defaultAuthorizationRequest2.setApproved(true);
                return defaultAuthorizationRequest2;
            }
        }
        if (!Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get(AuthorizationRequest.USER_OAUTH_APPROVAL)) || authorizationRequest.getApprovalParameters().isEmpty()) {
            return authorizationRequest;
        }
        DefaultAuthorizationRequest defaultAuthorizationRequest3 = new DefaultAuthorizationRequest(authorizationRequest);
        HashSet newHashSet = Sets.newHashSet();
        Map<String, String> approvalParameters = defaultAuthorizationRequest3.getApprovalParameters();
        for (String str : approvalParameters.keySet()) {
            if (str.startsWith("scope_")) {
                String str2 = approvalParameters.get(str);
                if (loadClientByClientId.getScope().contains(str2)) {
                    newHashSet.add(str2);
                }
            }
        }
        defaultAuthorizationRequest3.setScope(newHashSet);
        String str3 = defaultAuthorizationRequest3.getApprovalParameters().get("remember");
        if (!Strings.isNullOrEmpty(str3) && !str3.equals(PersistenceUnitProperties.NONE)) {
            Date date = null;
            if (str3.equals("one-hour")) {
                Calendar calendar = Calendar.getInstance();
                calendar.add(10, 1);
                date = calendar.getTime();
            }
            this.approvedSiteService.createApprovedSite(clientId, name, date, newHashSet, null);
        }
        return defaultAuthorizationRequest3;
    }
}
