package org.cloudfoundry.identity.uaa.security;

import javax.servlet.http.HttpServletRequest;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.oauth.token.RevocableToken;
import org.cloudfoundry.identity.uaa.oauth.token.RevocableTokenProvisioning;
import org.cloudfoundry.identity.uaa.util.UaaUrlUtils;
import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-3.9.1.jar:org/cloudfoundry/identity/uaa/security/IsSelfCheck.class */
public class IsSelfCheck {
    private static Log logger = LogFactory.getLog(IsSelfCheck.class);
    private final RevocableTokenProvisioning tokenProvisioning;

    public IsSelfCheck(RevocableTokenProvisioning revocableTokenProvisioning) {
        this.tokenProvisioning = revocableTokenProvisioning;
    }

    public boolean isUserSelf(HttpServletRequest httpServletRequest, int i) {
        String extractIdFromUrl = extractIdFromUrl(i, UaaUrlUtils.getRequestPath(httpServletRequest));
        String extractUserIdFromAuthentication = extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
        return extractUserIdFromAuthentication != null && extractUserIdFromAuthentication.equals(extractIdFromUrl);
    }

    protected String extractClientIdFromAuthentication(Authentication authentication) {
        if (authentication != null && (authentication instanceof OAuth2Authentication)) {
            return ((OAuth2Authentication) authentication).getOAuth2Request().getClientId();
        }
        return null;
    }

    protected String extractUserIdFromAuthentication(Authentication authentication) {
        if (authentication == null) {
            return null;
        }
        if (authentication.getPrincipal() instanceof UaaPrincipal) {
            return ((UaaPrincipal) authentication.getPrincipal()).getId();
        }
        if (!(authentication instanceof OAuth2Authentication)) {
            return null;
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
        if (oAuth2Authentication.isClientOnly() || !(oAuth2Authentication.getUserAuthentication().getPrincipal() instanceof UaaPrincipal)) {
            return null;
        }
        return ((UaaPrincipal) oAuth2Authentication.getUserAuthentication().getPrincipal()).getId();
    }

    protected String extractIdFromUrl(int i, String str) {
        if (StringUtils.hasText(str)) {
            return UaaUrlUtils.extractPathVariableFromUrl(i, str);
        }
        return null;
    }

    public boolean isTokenRevocationForSelf(HttpServletRequest httpServletRequest, int i) {
        String requestPath = UaaUrlUtils.getRequestPath(httpServletRequest);
        String extractIdFromUrl = extractIdFromUrl(i, requestPath);
        if (!StringUtils.hasText(requestPath) || !StringUtils.hasText(extractIdFromUrl)) {
            return false;
        }
        try {
            RevocableToken retrieve = this.tokenProvisioning.retrieve(extractIdFromUrl);
            if (retrieve.getClientId().equals(extractClientIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication()))) {
                return true;
            }
            String userId = retrieve.getUserId();
            String extractUserIdFromAuthentication = extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
            if (StringUtils.hasText(userId)) {
                return userId.equals(extractUserIdFromAuthentication);
            }
            return false;
        } catch (EmptyResultDataAccessException e) {
            logger.debug("Token not found:" + extractIdFromUrl);
            return false;
        }
    }

    public boolean isUserTokenRevocationForSelf(HttpServletRequest httpServletRequest, int i) {
        String extractIdFromUrl = extractIdFromUrl(i, UaaUrlUtils.getRequestPath(httpServletRequest));
        return StringUtils.hasText(extractIdFromUrl) && extractIdFromUrl.equals(extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication()));
    }

    public boolean isClientTokenRevocationForSelf(HttpServletRequest httpServletRequest, int i) {
        String extractIdFromUrl = extractIdFromUrl(i, UaaUrlUtils.getRequestPath(httpServletRequest));
        return StringUtils.hasText(extractIdFromUrl) && extractIdFromUrl.equals(extractClientIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication()));
    }

    public boolean isTokenListForAuthenticatedClient(HttpServletRequest httpServletRequest) {
        String extractIdFromUrl = extractIdFromUrl(4, UaaUrlUtils.getRequestPath(httpServletRequest));
        String extractClientIdFromAuthentication = extractClientIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
        return StringUtils.hasText(extractClientIdFromAuthentication) && extractClientIdFromAuthentication.equals(extractIdFromUrl);
    }

    public boolean isTokenListForAuthenticatedUser(HttpServletRequest httpServletRequest) {
        String extractIdFromUrl = extractIdFromUrl(4, UaaUrlUtils.getRequestPath(httpServletRequest));
        String extractUserIdFromAuthentication = extractUserIdFromAuthentication(SecurityContextHolder.getContext().getAuthentication());
        return StringUtils.hasText(extractUserIdFromAuthentication) && extractUserIdFromAuthentication.equals(extractIdFromUrl);
    }
}
