package org.springframework.security.oauth2.provider.approval;

import java.util.Calendar;
import java.util.Collection;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.Map;
import java.util.Set;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.ClientRegistrationException;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.approval.Approval;
import org.springframework.util.Assert;

/* loaded from: input_file:org/sakuli/common/libs/ui/java/sakuli-ui-web.jar:BOOT-INF/lib/spring-security-oauth2-2.1.0.RELEASE.jar:org/springframework/security/oauth2/provider/approval/ApprovalStoreUserApprovalHandler.class */
public class ApprovalStoreUserApprovalHandler implements UserApprovalHandler, InitializingBean {
    private static Log logger = LogFactory.getLog(ApprovalStoreUserApprovalHandler.class);
    private ApprovalStore approvalStore;
    private ClientDetailsService clientDetailsService;
    private OAuth2RequestFactory requestFactory;
    private String scopePrefix = OAuth2Utils.SCOPE_PREFIX;
    private int approvalExpirySeconds = -1;

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public void setScopePrefix(String str) {
        this.scopePrefix = str;
    }

    public void setApprovalStore(ApprovalStore approvalStore) {
        this.approvalStore = approvalStore;
    }

    public void setRequestFactory(OAuth2RequestFactory oAuth2RequestFactory) {
        this.requestFactory = oAuth2RequestFactory;
    }

    public void setApprovalExpiryInSeconds(int i) {
        this.approvalExpirySeconds = i;
    }

    @Override // org.springframework.beans.factory.InitializingBean
    public void afterPropertiesSet() {
        Assert.state(this.approvalStore != null, "ApprovalStore must be provided");
        Assert.state(this.requestFactory != null, "OAuth2RequestFactory must be provided");
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication authentication) {
        return authorizationRequest.isApproved();
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication authentication) {
        String clientId = authorizationRequest.getClientId();
        Set<String> scope = authorizationRequest.getScope();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        if (this.clientDetailsService != null) {
            try {
                ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(clientId);
                for (String str : scope) {
                    if (loadClientByClientId.isAutoApprove(str)) {
                        hashSet.add(str);
                    }
                }
                if (hashSet.containsAll(scope)) {
                    HashSet hashSet3 = new HashSet();
                    Date computeExpiry = computeExpiry();
                    Iterator it = hashSet.iterator();
                    while (it.hasNext()) {
                        hashSet3.add(new Approval(authentication.getName(), authorizationRequest.getClientId(), (String) it.next(), computeExpiry, Approval.ApprovalStatus.APPROVED));
                    }
                    this.approvalStore.addApprovals(hashSet3);
                    authorizationRequest.setApproved(true);
                    return authorizationRequest;
                }
            } catch (ClientRegistrationException e) {
                logger.warn("Client registration problem prevent autoapproval check for client=" + clientId);
            }
        }
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("Looking up user approved authorizations for ");
            sb.append("client_id=" + clientId);
            sb.append(" and username=" + authentication.getName());
            logger.debug(sb.toString());
        }
        Collection<Approval> approvals = this.approvalStore.getApprovals(authentication.getName(), clientId);
        Date date = new Date();
        for (Approval approval : approvals) {
            if (approval.getExpiresAt().after(date) && approval.getStatus() == Approval.ApprovalStatus.APPROVED) {
                hashSet2.add(approval.getScope());
                hashSet.add(approval.getScope());
            }
        }
        if (logger.isDebugEnabled()) {
            logger.debug("Valid user approved/denied scopes are " + hashSet2);
        }
        if (hashSet2.containsAll(scope)) {
            hashSet.retainAll(scope);
            authorizationRequest.setScope(hashSet);
            authorizationRequest.setApproved(true);
        }
        return authorizationRequest;
    }

    private Date computeExpiry() {
        Calendar calendar = Calendar.getInstance();
        if (this.approvalExpirySeconds == -1) {
            calendar.add(2, 1);
        } else {
            calendar.add(13, this.approvalExpirySeconds);
        }
        return calendar.getTime();
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication authentication) {
        Set<String> scope = authorizationRequest.getScope();
        HashSet hashSet = new HashSet();
        HashSet hashSet2 = new HashSet();
        Date computeExpiry = computeExpiry();
        Map<String, String> approvalParameters = authorizationRequest.getApprovalParameters();
        for (String str : scope) {
            String str2 = approvalParameters.get(this.scopePrefix + str);
            String lowerCase = str2 == null ? "" : str2.toLowerCase();
            if ("true".equals(lowerCase) || lowerCase.startsWith("approve")) {
                hashSet.add(str);
                hashSet2.add(new Approval(authentication.getName(), authorizationRequest.getClientId(), str, computeExpiry, Approval.ApprovalStatus.APPROVED));
            } else {
                hashSet2.add(new Approval(authentication.getName(), authorizationRequest.getClientId(), str, computeExpiry, Approval.ApprovalStatus.DENIED));
            }
        }
        this.approvalStore.addApprovals(hashSet2);
        authorizationRequest.setScope(hashSet);
        authorizationRequest.setApproved(!hashSet.isEmpty() || scope.isEmpty());
        return authorizationRequest;
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public Map<String, Object> getUserApprovalRequest(AuthorizationRequest authorizationRequest, Authentication authentication) {
        HashMap hashMap = new HashMap();
        hashMap.putAll(authorizationRequest.getRequestParameters());
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        Iterator it = authorizationRequest.getScope().iterator();
        while (it.hasNext()) {
            linkedHashMap.put(this.scopePrefix + ((String) it.next()), "false");
        }
        for (Approval approval : this.approvalStore.getApprovals(authentication.getName(), authorizationRequest.getClientId())) {
            if (authorizationRequest.getScope().contains(approval.getScope())) {
                linkedHashMap.put(this.scopePrefix + approval.getScope(), approval.getStatus() == Approval.ApprovalStatus.APPROVED ? "true" : "false");
            }
        }
        hashMap.put("scopes", linkedHashMap);
        return hashMap;
    }
}
