package org.cloudfoundry.identity.uaa.security;

import java.util.Collection;
import java.util.Collections;
import java.util.Set;
import org.cloudfoundry.identity.uaa.authentication.UaaAuthentication;
import org.cloudfoundry.identity.uaa.authentication.UaaPrincipal;
import org.cloudfoundry.identity.uaa.zone.IdentityZone;
import org.cloudfoundry.identity.uaa.zone.IdentityZoneHolder;
import org.cloudfoundry.identity.uaa.zone.ZoneManagementScopes;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.expression.OAuth2ExpressionUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.27.0.jar:org/cloudfoundry/identity/uaa/security/DefaultSecurityContextAccessor.class */
public class DefaultSecurityContextAccessor implements SecurityContextAccessor {
    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isClient() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return ((OAuth2Authentication) authentication).isClientOnly();
        }
        return false;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isUser() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return !isClient();
        }
        if (authentication instanceof UaaAuthentication) {
            return true;
        }
        return authentication != null && (authentication.getPrincipal() instanceof UaaPrincipal);
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public boolean isAdmin() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String[] strArr = {"uaa.admin"};
        if (authentication == null) {
            return false;
        }
        boolean hasAnyScope = authentication instanceof OAuth2Authentication ? OAuth2ExpressionUtils.hasAnyScope((OAuth2Authentication) authentication, strArr) : hasAnyAdminScope(authentication, strArr);
        String str = ZoneManagementScopes.ZONES_ZONE_ID_PREFIX + IdentityZoneHolder.get().getId() + ".admin";
        if (!hasAnyScope) {
            hasAnyScope = new ContextSensitiveOAuth2SecurityExpressionMethods(authentication, IdentityZone.getUaa()).hasScopeInAuthZone(str);
        }
        return hasAnyScope;
    }

    private boolean hasAnyAdminScope(Authentication authentication, String... strArr) {
        Set<String> emptySet = authentication == null ? Collections.emptySet() : AuthorityUtils.authorityListToSet(authentication.getAuthorities());
        for (String str : strArr) {
            if (emptySet.contains(str)) {
                return true;
            }
        }
        return false;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getUserId() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        return ((UaaPrincipal) authentication.getPrincipal()).getId();
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getUserName() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            return null;
        }
        return authentication.getName();
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getAuthenticationInfo() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof OAuth2Authentication)) {
            return authentication.getName();
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
        String clientId = getClientId();
        if (!oAuth2Authentication.isClientOnly()) {
            clientId = clientId + "; " + authentication.getName() + "; " + getUserId();
        }
        return clientId;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public String getClientId() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof OAuth2Authentication) {
            return ((OAuth2Authentication) authentication).getOAuth2Request().getClientId();
        }
        return null;
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public Collection<? extends GrantedAuthority> getAuthorities() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return authentication == null ? Collections.emptySet() : authentication.getAuthorities();
    }

    @Override // org.cloudfoundry.identity.uaa.security.SecurityContextAccessor
    public Collection<String> getScopes() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return !(authentication instanceof OAuth2Authentication) ? Collections.emptySet() : ((OAuth2Authentication) authentication).getOAuth2Request().getScope();
    }
}
