package org.springframework.security.oauth2.provider.token.store;

import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.DefaultExpiringOAuth2RefreshToken;
import org.springframework.security.oauth2.common.DefaultOAuth2RefreshToken;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.approval.Approval;
import org.springframework.security.oauth2.provider.approval.ApprovalStore;
import org.springframework.security.oauth2.provider.token.TokenStore;

@Deprecated
/* loaded from: input_file:datasets/datasets-service.jar:BOOT-INF/lib/spring-security-oauth2-2.5.0.RELEASE.jar:org/springframework/security/oauth2/provider/token/store/JwtTokenStore.class */
public class JwtTokenStore implements TokenStore {
    private JwtAccessTokenConverter jwtTokenEnhancer;
    private ApprovalStore approvalStore;

    public JwtTokenStore(JwtAccessTokenConverter jwtAccessTokenConverter) {
        this.jwtTokenEnhancer = jwtAccessTokenConverter;
    }

    public void setApprovalStore(ApprovalStore approvalStore) {
        this.approvalStore = approvalStore;
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthentication(OAuth2AccessToken oAuth2AccessToken) {
        return readAuthentication(oAuth2AccessToken.getValue());
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthentication(String str) {
        return this.jwtTokenEnhancer.extractAuthentication(this.jwtTokenEnhancer.decode(str));
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void storeAccessToken(OAuth2AccessToken oAuth2AccessToken, OAuth2Authentication oAuth2Authentication) {
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2AccessToken readAccessToken(String str) {
        OAuth2AccessToken convertAccessToken = convertAccessToken(str);
        if (this.jwtTokenEnhancer.isRefreshToken(convertAccessToken)) {
            throw new InvalidTokenException("Encoded token is a refresh token");
        }
        return convertAccessToken;
    }

    private OAuth2AccessToken convertAccessToken(String str) {
        return this.jwtTokenEnhancer.extractAccessToken(str, this.jwtTokenEnhancer.decode(str));
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeAccessToken(OAuth2AccessToken oAuth2AccessToken) {
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void storeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken, OAuth2Authentication oAuth2Authentication) {
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2RefreshToken readRefreshToken(String str) {
        OAuth2RefreshToken createRefreshToken = createRefreshToken(convertAccessToken(str));
        if (this.approvalStore != null) {
            OAuth2Authentication readAuthentication = readAuthentication(str);
            if (readAuthentication.getUserAuthentication() != null) {
                Collection<Approval> approvals = this.approvalStore.getApprovals(readAuthentication.getUserAuthentication().getName(), readAuthentication.getOAuth2Request().getClientId());
                HashSet hashSet = new HashSet();
                for (Approval approval : approvals) {
                    if (approval.isApproved()) {
                        hashSet.add(approval.getScope());
                    }
                }
                if (!hashSet.containsAll(readAuthentication.getOAuth2Request().getScope())) {
                    return null;
                }
            }
        }
        return createRefreshToken;
    }

    private OAuth2RefreshToken createRefreshToken(OAuth2AccessToken oAuth2AccessToken) {
        if (this.jwtTokenEnhancer.isRefreshToken(oAuth2AccessToken)) {
            return oAuth2AccessToken.getExpiration() != null ? new DefaultExpiringOAuth2RefreshToken(oAuth2AccessToken.getValue(), oAuth2AccessToken.getExpiration()) : new DefaultOAuth2RefreshToken(oAuth2AccessToken.getValue());
        }
        throw new InvalidTokenException("Encoded token is not a refresh token");
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2Authentication readAuthenticationForRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        return readAuthentication(oAuth2RefreshToken.getValue());
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
        remove(oAuth2RefreshToken.getValue());
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public void removeAccessTokenUsingRefreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public OAuth2AccessToken getAccessToken(OAuth2Authentication oAuth2Authentication) {
        return null;
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public Collection<OAuth2AccessToken> findTokensByClientIdAndUserName(String str, String str2) {
        return Collections.emptySet();
    }

    @Override // org.springframework.security.oauth2.provider.token.TokenStore
    public Collection<OAuth2AccessToken> findTokensByClientId(String str) {
        return Collections.emptySet();
    }

    public void setTokenEnhancer(JwtAccessTokenConverter jwtAccessTokenConverter) {
        this.jwtTokenEnhancer = jwtAccessTokenConverter;
    }

    private void remove(String str) {
        if (this.approvalStore != null) {
            OAuth2Authentication readAuthentication = readAuthentication(str);
            String clientId = readAuthentication.getOAuth2Request().getClientId();
            Authentication userAuthentication = readAuthentication.getUserAuthentication();
            if (userAuthentication != null) {
                ArrayList arrayList = new ArrayList();
                Iterator it = readAuthentication.getOAuth2Request().getScope().iterator();
                while (it.hasNext()) {
                    arrayList.add(new Approval(userAuthentication.getName(), clientId, (String) it.next(), new Date(), Approval.ApprovalStatus.APPROVED));
                }
                this.approvalStore.revokeApprovals(arrayList);
            }
        }
    }
}
