package org.springframework.security.oauth.provider.expression;

import java.util.List;
import java.util.Set;
import org.aopalliance.intercept.MethodInvocation;
import org.springframework.core.convert.TypeDescriptor;
import org.springframework.expression.AccessException;
import org.springframework.expression.EvaluationContext;
import org.springframework.expression.MethodExecutor;
import org.springframework.expression.MethodResolver;
import org.springframework.expression.TypedValue;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.security.access.expression.SecurityExpressionRoot;
import org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth.provider.OAuthAuthenticationDetails;

/* loaded from: input_file:lib/spring-security-oauth-2.0.7.RELEASE.jar:org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler.class */
public class OAuthMethodSecurityExpressionHandler extends DefaultMethodSecurityExpressionHandler {

    /* loaded from: input_file:lib/spring-security-oauth-2.0.7.RELEASE.jar:org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler$DenyOAuthClientRoleExecutor.class */
    private static class DenyOAuthClientRoleExecutor implements MethodExecutor {
        private DenyOAuthClientRoleExecutor() {
        }

        @Override // org.springframework.expression.MethodExecutor
        public TypedValue execute(EvaluationContext evaluationContext, Object obj, Object... objArr) throws AccessException {
            return new TypedValue(Boolean.valueOf(!OAuthMethodSecurityExpressionHandler.isOAuthConsumerAuth((SecurityExpressionRoot) obj)));
        }

        /* synthetic */ DenyOAuthClientRoleExecutor(DenyOAuthClientRoleExecutor denyOAuthClientRoleExecutor) {
            this();
        }
    }

    /* loaded from: input_file:lib/spring-security-oauth-2.0.7.RELEASE.jar:org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler$OAuthClientRoleExecutor.class */
    private static class OAuthClientRoleExecutor implements MethodExecutor {
        private OAuthClientRoleExecutor() {
        }

        @Override // org.springframework.expression.MethodExecutor
        public TypedValue execute(EvaluationContext evaluationContext, Object obj, Object... objArr) throws AccessException {
            String[] strArr = new String[objArr.length];
            for (int i = 0; i < objArr.length; i++) {
                strArr[i] = String.valueOf(objArr[i]);
            }
            return new TypedValue(Boolean.valueOf(OAuthMethodSecurityExpressionHandler.consumerHasAnyRole((SecurityExpressionRoot) obj, strArr)));
        }

        /* synthetic */ OAuthClientRoleExecutor(OAuthClientRoleExecutor oAuthClientRoleExecutor) {
            this();
        }
    }

    /* loaded from: input_file:lib/spring-security-oauth-2.0.7.RELEASE.jar:org/springframework/security/oauth/provider/expression/OAuthMethodSecurityExpressionHandler$OAuthMethodResolver.class */
    private static class OAuthMethodResolver implements MethodResolver {
        private OAuthMethodResolver() {
        }

        @Override // org.springframework.expression.MethodResolver
        public MethodExecutor resolve(EvaluationContext evaluationContext, Object obj, String str, List<TypeDescriptor> list) throws AccessException {
            if (!(obj instanceof SecurityExpressionRoot)) {
                return null;
            }
            if ("oauthConsumerHasRole".equals(str) || "oauthConsumerHasAnyRole".equals(str)) {
                return new OAuthClientRoleExecutor(null);
            }
            if ("denyOAuthConsumer".equals(str)) {
                return new DenyOAuthClientRoleExecutor(null);
            }
            return null;
        }

        /* synthetic */ OAuthMethodResolver(OAuthMethodResolver oAuthMethodResolver) {
            this();
        }
    }

    @Override // org.springframework.security.access.expression.method.DefaultMethodSecurityExpressionHandler
    public StandardEvaluationContext createEvaluationContextInternal(Authentication authentication, MethodInvocation methodInvocation) {
        StandardEvaluationContext createEvaluationContextInternal = super.createEvaluationContextInternal(authentication, methodInvocation);
        createEvaluationContextInternal.addMethodResolver(new OAuthMethodResolver(null));
        return createEvaluationContextInternal;
    }

    public static boolean consumerHasAnyRole(SecurityExpressionRoot securityExpressionRoot, String... strArr) {
        List<GrantedAuthority> authorities;
        Authentication authentication = securityExpressionRoot.getAuthentication();
        if (!(authentication.getDetails() instanceof OAuthAuthenticationDetails) || (authorities = ((OAuthAuthenticationDetails) authentication.getDetails()).getConsumerDetails().getAuthorities()) == null) {
            return false;
        }
        Set<String> authorityListToSet = AuthorityUtils.authorityListToSet(authorities);
        for (String str : strArr) {
            if (authorityListToSet.contains(str)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isOAuthConsumerAuth(SecurityExpressionRoot securityExpressionRoot) {
        return securityExpressionRoot.getAuthentication().getDetails() instanceof OAuthAuthenticationDetails;
    }
}
