package org.cloudfoundry.identity.uaa.security;

import java.util.Collection;
import java.util.Collections;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.expression.OAuth2ExpressionUtils;

/* loaded from: input_file:org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessor.class */
public class DefaultSecurityContextAccessor implements SecurityContextAccessor {
    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isClient() {
        OAuth2Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return authentication.isClientOnly();
        }
        return false;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return !isClient();
        }
        if (authentication instanceof UaaAuthentication) {
            return true;
        }
        return authentication != null && (authentication.getPrincipal() instanceof UaaPrincipal);
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isAdmin() {
        OAuth2Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (isUser() && (authentication instanceof OAuth2Authentication)) {
            return authentication != null && OAuth2ExpressionUtils.hasAnyScope(authentication, new String[]{"uaa.admin", new StringBuilder().append("zones.").append(IdentityZoneHolder.get().getId()).append(".admin").toString()});
        }
        return hasUaaAdminScope(authentication);
    }

    private boolean hasUaaAdminScope(Authentication authentication) {
        return authentication != null && AuthorityUtils.authorityListToSet(authentication.getAuthorities()).contains("uaa.admin");
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getUserId() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        return ((UaaPrincipal) authentication.getPrincipal()).getId();
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getUserName() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        return authentication.getName();
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getAuthenticationInfo() {
        OAuth2Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof OAuth2Authentication)) {
            return authentication.getName();
        }
        OAuth2Authentication oAuth2Authentication = authentication;
        String clientId = getClientId();
        if (!oAuth2Authentication.isClientOnly()) {
            clientId = clientId + "; " + authentication.getName() + "; " + getUserId();
        }
        return clientId;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getClientId() {
        OAuth2Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return authentication.getOAuth2Request().getClientId();
        }
        return null;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public Collection<? extends GrantedAuthority> getAuthorities() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication == null ? Collections.emptySet() : authentication.getAuthorities();
    }
}
