package org.springframework.security.oauth2.provider.request;

import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.Map;
import java.util.Set;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.DefaultSecurityContextAccessor;
import org.springframework.security.oauth2.provider.OAuth2Request;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.SecurityContextAccessor;
import org.springframework.security.oauth2.provider.TokenRequest;

/* loaded from: input_file:BOOT-INF/lib/spring-security-oauth2-2.3.4.RELEASE.jar:org/springframework/security/oauth2/provider/request/DefaultOAuth2RequestFactory.class */
public class DefaultOAuth2RequestFactory implements OAuth2RequestFactory {
    private final ClientDetailsService clientDetailsService;
    private SecurityContextAccessor securityContextAccessor = new DefaultSecurityContextAccessor();
    private boolean checkUserScopes = false;

    public DefaultOAuth2RequestFactory(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public void setSecurityContextAccessor(SecurityContextAccessor securityContextAccessor) {
        this.securityContextAccessor = securityContextAccessor;
    }

    public void setCheckUserScopes(boolean z) {
        this.checkUserScopes = z;
    }

    @Override // org.springframework.security.oauth2.provider.OAuth2RequestFactory
    public AuthorizationRequest createAuthorizationRequest(Map<String, String> map) {
        String str = map.get("client_id");
        String str2 = map.get("state");
        String str3 = map.get("redirect_uri");
        Set<String> parseParameterList = OAuth2Utils.parseParameterList(map.get("response_type"));
        AuthorizationRequest authorizationRequest = new AuthorizationRequest(map, Collections.emptyMap(), str, extractScopes(map, str), null, null, false, str2, str3, parseParameterList);
        authorizationRequest.setResourceIdsAndAuthoritiesFromClientDetails(this.clientDetailsService.loadClientByClientId(str));
        return authorizationRequest;
    }

    @Override // org.springframework.security.oauth2.provider.OAuth2RequestFactory
    public OAuth2Request createOAuth2Request(AuthorizationRequest authorizationRequest) {
        return authorizationRequest.createOAuth2Request();
    }

    @Override // org.springframework.security.oauth2.provider.OAuth2RequestFactory
    public TokenRequest createTokenRequest(Map<String, String> map, ClientDetails clientDetails) {
        String str = map.get("client_id");
        if (str == null) {
            str = clientDetails.getClientId();
        } else if (!str.equals(clientDetails.getClientId())) {
            throw new InvalidClientException("Given client ID does not match authenticated client");
        }
        return new TokenRequest(map, str, extractScopes(map, str), map.get("grant_type"));
    }

    @Override // org.springframework.security.oauth2.provider.OAuth2RequestFactory
    public TokenRequest createTokenRequest(AuthorizationRequest authorizationRequest, String str) {
        return new TokenRequest(authorizationRequest.getRequestParameters(), authorizationRequest.getClientId(), authorizationRequest.getScope(), str);
    }

    @Override // org.springframework.security.oauth2.provider.OAuth2RequestFactory
    public OAuth2Request createOAuth2Request(ClientDetails clientDetails, TokenRequest tokenRequest) {
        return tokenRequest.createOAuth2Request(clientDetails);
    }

    private Set<String> extractScopes(Map<String, String> map, String str) {
        Set<String> parseParameterList = OAuth2Utils.parseParameterList(map.get("scope"));
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(str);
        if (parseParameterList == null || parseParameterList.isEmpty()) {
            parseParameterList = loadClientByClientId.getScope();
        }
        if (this.checkUserScopes) {
            parseParameterList = checkUserScopes(parseParameterList, loadClientByClientId);
        }
        return parseParameterList;
    }

    private Set<String> checkUserScopes(Set<String> set, ClientDetails clientDetails) {
        if (!this.securityContextAccessor.isUser()) {
            return set;
        }
        LinkedHashSet linkedHashSet = new LinkedHashSet();
        Set<String> authorityListToSet = AuthorityUtils.authorityListToSet(this.securityContextAccessor.getAuthorities());
        for (String str : set) {
            if (authorityListToSet.contains(str) || authorityListToSet.contains(str.toUpperCase()) || authorityListToSet.contains("ROLE_" + str.toUpperCase())) {
                linkedHashSet.add(str);
            }
        }
        return linkedHashSet;
    }
}
