package org.springframework.security.oauth2.provider.endpoint;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;

@SessionAttributes({"authorizationRequest"})
@FrameworkEndpoint
/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.0.8.RELEASE.jar:org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.class */
public class WhitelabelApprovalEndpoint {
    private static String CSRF = "<input type='hidden' name='${_csrf.parameterName}' value='${_csrf.token}' />";
    private static String DENIAL = "<form id='denialForm' name='denialForm' action='${path}/oauth/authorize' method='post'><input name='user_oauth_approval' value='false' type='hidden'/>%csrf%<label><input name='deny' value='Deny' type='submit'/></label></form>";
    private static String TEMPLATE = "<html><body><h1>OAuth Approval</h1><p>Do you authorize '${authorizationRequest.clientId}' to access your protected resources?</p><form id='confirmationForm' name='confirmationForm' action='${path}/oauth/authorize' method='post'><input name='user_oauth_approval' value='true' type='hidden'/>%csrf%%scopes%<label><input name='authorize' value='Authorize' type='submit'/></label></form>%denial%</body></html>";
    private static String SCOPE = "<li><div class='form-group'>%scope%: <input type='radio' name='%key%' value='true'%approved%>Approve</input> <input type='radio' name='%key%' value='false'%denied%>Deny</input></div></li>";

    @RequestMapping({"/oauth/confirm_access"})
    public ModelAndView getAccessConfirmation(Map<String, Object> map, HttpServletRequest httpServletRequest) throws Exception {
        String createTemplate = createTemplate(map, httpServletRequest);
        if (httpServletRequest.getAttribute("_csrf") != null) {
            map.put("_csrf", httpServletRequest.getAttribute("_csrf"));
        }
        return new ModelAndView(new SpelView(createTemplate), (Map<String, ?>) map);
    }

    protected String createTemplate(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        String str = TEMPLATE;
        String replace = (map.containsKey("scopes") || httpServletRequest.getAttribute("scopes") != null) ? str.replace("%scopes%", createScopes(map, httpServletRequest)).replace("%denial%", "") : str.replace("%scopes%", "").replace("%denial%", DENIAL);
        return (map.containsKey("_csrf") || httpServletRequest.getAttribute("_csrf") != null) ? replace.replace("%csrf%", CSRF) : replace.replace("%csrf%", "");
    }

    private CharSequence createScopes(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder("<ul>");
        Map map2 = (Map) (map.containsKey("scopes") ? map.get("scopes") : httpServletRequest.getAttribute("scopes"));
        for (String str : map2.keySet()) {
            sb.append(SCOPE.replace("%scope%", str).replace("%key%", str).replace("%approved%", "true".equals(map2.get(str)) ? " checked" : "").replace("%denied%", !"true".equals(map2.get(str)) ? " checked" : ""));
        }
        sb.append("</ul>");
        return sb.toString();
    }
}
