package org.springframework.security.oauth2.provider.vote;

import java.util.Collection;
import java.util.Iterator;
import java.util.Set;
import org.springframework.security.access.AccessDecisionVoter;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2Request;

/* loaded from: input_file:WEB-INF/lib/spring-security-oauth2-2.0.17.RELEASE.jar:org/springframework/security/oauth2/provider/vote/ClientScopeVoter.class */
public class ClientScopeVoter implements AccessDecisionVoter<Object> {
    private ClientDetailsService clientDetailsService;
    private String clientHasScope = "CLIENT_HAS_SCOPE";
    private boolean throwException = true;
    private boolean clientAuthoritiesAreScopes = true;

    public void setClientDetailsService(ClientDetailsService clientDetailsService) {
        this.clientDetailsService = clientDetailsService;
    }

    public void setThrowException(boolean z) {
        this.throwException = z;
    }

    public void setClientAuthoritiesAreScopes(boolean z) {
        this.clientAuthoritiesAreScopes = z;
    }

    public void setDenyAccess(String str) {
        this.clientHasScope = str;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(ConfigAttribute configAttribute) {
        return this.clientHasScope.equals(configAttribute.getAttribute());
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public boolean supports(Class<?> cls) {
        return true;
    }

    @Override // org.springframework.security.access.AccessDecisionVoter
    public int vote(Authentication authentication, Object obj, Collection<ConfigAttribute> collection) {
        if (!(authentication instanceof OAuth2Authentication)) {
            return 0;
        }
        OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
        OAuth2Request oAuth2Request = oAuth2Authentication.getOAuth2Request();
        ClientDetails loadClientByClientId = this.clientDetailsService.loadClientByClientId(oAuth2Request.getClientId());
        Set<String> scope = oAuth2Request.getScope();
        if (oAuth2Authentication.isClientOnly() && this.clientAuthoritiesAreScopes) {
            scope = AuthorityUtils.authorityListToSet(oAuth2Request.getAuthorities());
        }
        Iterator<ConfigAttribute> it2 = collection.iterator();
        while (it2.hasNext()) {
            if (supports(it2.next())) {
                int i = 1;
                Iterator<String> it3 = scope.iterator();
                while (true) {
                    if (!it3.hasNext()) {
                        break;
                    }
                    if (!loadClientByClientId.getScope().contains(it3.next())) {
                        i = -1;
                        break;
                    }
                }
                if (i != -1 || !this.throwException) {
                    return i;
                }
                InsufficientScopeException insufficientScopeException = new InsufficientScopeException("Insufficient scope for this resource", loadClientByClientId.getScope());
                throw new AccessDeniedException(insufficientScopeException.getMessage(), insufficientScopeException);
            }
        }
        return 0;
    }
}
