package org.cloudfoundry.identity.uaa.oauth.openid;

import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import java.util.List;
import java.util.Objects;
import java.util.Set;
import org.cloudfoundry.identity.uaa.approval.ApprovalService;
import org.cloudfoundry.identity.uaa.oauth.token.TokenConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.client.BaseClientDetails;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.27.0.jar:org/cloudfoundry/identity/uaa/oauth/openid/IdTokenGranter.class */
public class IdTokenGranter {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) IdTokenGranter.class);
    private final String REQUIRED_OPENID_SCOPE = "openid";
    private final List<String> GRANT_TYPES_THAT_MAY_GET_ID_TOKENS = Lists.newArrayList(TokenConstants.GRANT_TYPE_AUTHORIZATION_CODE, "password", TokenConstants.GRANT_TYPE_IMPLICIT, "refresh_token");
    private final ApprovalService approvalService;

    public IdTokenGranter(ApprovalService approvalService) {
        this.approvalService = approvalService;
    }

    public boolean shouldSendIdToken(String str, BaseClientDetails baseClientDetails, Set<String> set, String str2) {
        if (!this.GRANT_TYPES_THAT_MAY_GET_ID_TOKENS.contains(str2)) {
            return false;
        }
        try {
            this.approvalService.ensureRequiredApprovals(str, Sets.newHashSet("openid"), str2, baseClientDetails);
            Set<String> scope = baseClientDetails.getScope();
            if (null == scope || scope.isEmpty()) {
                return false;
            }
            String str3 = "openid";
            if (scope.stream().filter((v0) -> {
                return Objects.nonNull(v0);
            }).noneMatch((v1) -> {
                return r1.equals(v1);
            })) {
                return false;
            }
            if (set == null || set.isEmpty() || set.contains("openid")) {
                return true;
            }
            logger.info("an ID token was requested but 'openid' is missing from the requested scopes");
            return false;
        } catch (InvalidTokenException e) {
            return false;
        }
    }
}
