package org.cloudfoundry.identity.uaa.security;

import javax.servlet.http.HttpServletRequest;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken;
import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.4.3.jar:org/cloudfoundry/identity/uaa/security/IsSelfCheck.class */
public class IsSelfCheck {
    private final RevocableTokenProvisioning tokenProvisioning;

    public IsSelfCheck(RevocableTokenProvisioning revocableTokenProvisioning) {
        this.tokenProvisioning = revocableTokenProvisioning;
    }

    public boolean isUserSelf(HttpServletRequest httpServletRequest, int i) {
        String extractIdFromUrl;
        String extractIdFromAuthentication;
        String requestPath = UaaUrlUtils.getRequestPath(httpServletRequest);
        if (!StringUtils.hasText(requestPath) || (extractIdFromUrl = extractIdFromUrl(i, requestPath)) == null || (extractIdFromAuthentication = extractIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication(), false)) == null) {
            return false;
        }
        return extractIdFromAuthentication.equals(extractIdFromUrl);
    }

    protected String extractIdFromAuthentication(Authentication authentication, boolean z) {
        if (authentication == null) {
            return null;
        }
        if (authentication.getPrincipal() instanceof UaaPrincipal) {
            return ((UaaPrincipal) authentication.getPrincipal()).getId();
        }
        if (!(authentication instanceof OAuth2Authentication)) {
            return null;
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
        if (oAuth2Authentication.isClientOnly()) {
            if (z) {
                return oAuth2Authentication.getOAuth2Request().getClientId();
            }
            return null;
        }
        if (oAuth2Authentication.getUserAuthentication().getPrincipal() instanceof UaaPrincipal) {
            return ((UaaPrincipal) oAuth2Authentication.getUserAuthentication().getPrincipal()).getId();
        }
        return null;
    }

    protected String extractIdFromUrl(int i, String str) {
        return UaaUrlUtils.extractPathVariableFromUrl(i, str);
    }

    public boolean isTokenRevocationForSelf(HttpServletRequest httpServletRequest) {
        String extractIdFromUrl;
        String extractIdFromAuthentication;
        String requestPath = UaaUrlUtils.getRequestPath(httpServletRequest);
        if (!StringUtils.hasText(requestPath) || (extractIdFromUrl = extractIdFromUrl(3, requestPath)) == null || (extractIdFromAuthentication = extractIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication(), true)) == null) {
            return false;
        }
        RevocableToken retrieve = this.tokenProvisioning.retrieve(extractIdFromUrl);
        return extractIdFromAuthentication.equals(retrieve.getUserId() != null ? retrieve.getUserId() : retrieve.getClientId());
    }
}
