package org.springframework.security.oauth2.server.authorization;

import java.io.Serializable;
import java.time.Instant;
import java.util.Collections;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Iterator;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.UUID;
import java.util.function.Consumer;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2AccessToken;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.core.OAuth2Token;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenClaimNames;
import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/OAuth2Authorization.class */
public class OAuth2Authorization implements Serializable {
    private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
    private String id;
    private String registeredClientId;
    private String principalName;
    private AuthorizationGrantType authorizationGrantType;
    private Set<String> authorizedScopes;
    private Map<Class<? extends OAuth2Token>, Token<?>> tokens;
    private Map<String, Object> attributes;

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/OAuth2Authorization$Builder.class */
    public static class Builder implements Serializable {
        private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
        private String id;
        private final String registeredClientId;
        private String principalName;
        private AuthorizationGrantType authorizationGrantType;
        private Set<String> authorizedScopes;
        private Map<Class<? extends OAuth2Token>, Token<?>> tokens = new HashMap();
        private final Map<String, Object> attributes = new HashMap();

        protected Builder(String str) {
            this.registeredClientId = str;
        }

        public Builder id(String str) {
            this.id = str;
            return this;
        }

        public Builder principalName(String str) {
            this.principalName = str;
            return this;
        }

        public Builder authorizationGrantType(AuthorizationGrantType authorizationGrantType) {
            this.authorizationGrantType = authorizationGrantType;
            return this;
        }

        public Builder authorizedScopes(Set<String> set) {
            this.authorizedScopes = set;
            return this;
        }

        public Builder accessToken(OAuth2AccessToken oAuth2AccessToken) {
            return token(oAuth2AccessToken);
        }

        public Builder refreshToken(OAuth2RefreshToken oAuth2RefreshToken) {
            return token(oAuth2RefreshToken);
        }

        public <T extends OAuth2Token> Builder token(T t) {
            return token(t, map -> {
            });
        }

        /* JADX WARN: Multi-variable type inference failed */
        public <T extends OAuth2Token> Builder token(T t, Consumer<Map<String, Object>> consumer) {
            Assert.notNull(t, "token cannot be null");
            Map<String, Object> defaultMetadata = Token.defaultMetadata();
            Token<?> token = this.tokens.get(t.getClass());
            if (token != null) {
                defaultMetadata.putAll(token.getMetadata());
            }
            consumer.accept(defaultMetadata);
            this.tokens.put(t.getClass(), new Token(t, defaultMetadata));
            return this;
        }

        /* JADX WARN: Multi-variable type inference failed */
        public <T extends OAuth2Token> Builder invalidate(T t) {
            Assert.notNull(t, "token cannot be null");
            if (this.tokens.get(t.getClass()) == null) {
                return this;
            }
            token(t, map -> {
                map.put(Token.INVALIDATED_METADATA_NAME, true);
            });
            if (OAuth2RefreshToken.class.isAssignableFrom(t.getClass())) {
                token(this.tokens.get(OAuth2AccessToken.class).getToken(), map2 -> {
                    map2.put(Token.INVALIDATED_METADATA_NAME, true);
                });
                Token<?> token = this.tokens.get(OAuth2AuthorizationCode.class);
                if (token != null && !token.isInvalidated()) {
                    token(token.getToken(), map3 -> {
                        map3.put(Token.INVALIDATED_METADATA_NAME, true);
                    });
                }
            }
            return this;
        }

        protected final Builder tokens(Map<Class<? extends OAuth2Token>, Token<?>> map) {
            this.tokens = new HashMap(map);
            return this;
        }

        public Builder attribute(String str, Object obj) {
            Assert.hasText(str, "name cannot be empty");
            Assert.notNull(obj, "value cannot be null");
            this.attributes.put(str, obj);
            return this;
        }

        public Builder attributes(Consumer<Map<String, Object>> consumer) {
            consumer.accept(this.attributes);
            return this;
        }

        public OAuth2Authorization build() {
            Assert.hasText(this.principalName, "principalName cannot be empty");
            Assert.notNull(this.authorizationGrantType, "authorizationGrantType cannot be null");
            OAuth2Authorization oAuth2Authorization = new OAuth2Authorization();
            if (!StringUtils.hasText(this.id)) {
                this.id = UUID.randomUUID().toString();
            }
            oAuth2Authorization.id = this.id;
            oAuth2Authorization.registeredClientId = this.registeredClientId;
            oAuth2Authorization.principalName = this.principalName;
            oAuth2Authorization.authorizationGrantType = this.authorizationGrantType;
            oAuth2Authorization.authorizedScopes = Collections.unmodifiableSet(!CollectionUtils.isEmpty(this.authorizedScopes) ? new HashSet(this.authorizedScopes) : new HashSet());
            oAuth2Authorization.tokens = Collections.unmodifiableMap(this.tokens);
            oAuth2Authorization.attributes = Collections.unmodifiableMap(this.attributes);
            return oAuth2Authorization;
        }
    }

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/OAuth2Authorization$Token.class */
    public static class Token<T extends OAuth2Token> implements Serializable {
        private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
        protected static final String TOKEN_METADATA_NAMESPACE = "metadata.token.";
        public static final String INVALIDATED_METADATA_NAME = TOKEN_METADATA_NAMESPACE.concat("invalidated");
        public static final String CLAIMS_METADATA_NAME = TOKEN_METADATA_NAMESPACE.concat("claims");
        private final T token;
        private final Map<String, Object> metadata;

        protected Token(T t) {
            this(t, defaultMetadata());
        }

        protected Token(T t, Map<String, Object> map) {
            this.token = t;
            this.metadata = Collections.unmodifiableMap(map);
        }

        public T getToken() {
            return this.token;
        }

        public boolean isInvalidated() {
            return Boolean.TRUE.equals(getMetadata(INVALIDATED_METADATA_NAME));
        }

        public boolean isExpired() {
            return getToken().getExpiresAt() != null && Instant.now().isAfter(getToken().getExpiresAt());
        }

        public boolean isBeforeUse() {
            Instant instant = null;
            if (!CollectionUtils.isEmpty(getClaims())) {
                instant = (Instant) getClaims().get(OAuth2TokenClaimNames.NBF);
            }
            return instant != null && Instant.now().isBefore(instant);
        }

        public boolean isActive() {
            return (isInvalidated() || isExpired() || isBeforeUse()) ? false : true;
        }

        @Nullable
        public Map<String, Object> getClaims() {
            return (Map) getMetadata(CLAIMS_METADATA_NAME);
        }

        @Nullable
        public <V> V getMetadata(String str) {
            Assert.hasText(str, "name cannot be empty");
            return (V) this.metadata.get(str);
        }

        public Map<String, Object> getMetadata() {
            return this.metadata;
        }

        protected static Map<String, Object> defaultMetadata() {
            HashMap hashMap = new HashMap();
            hashMap.put(INVALIDATED_METADATA_NAME, false);
            return hashMap;
        }

        public boolean equals(Object obj) {
            if (this == obj) {
                return true;
            }
            if (obj == null || getClass() != obj.getClass()) {
                return false;
            }
            Token token = (Token) obj;
            return Objects.equals(this.token, token.token) && Objects.equals(this.metadata, token.metadata);
        }

        public int hashCode() {
            return Objects.hash(this.token, this.metadata);
        }
    }

    protected OAuth2Authorization() {
    }

    public String getId() {
        return this.id;
    }

    public String getRegisteredClientId() {
        return this.registeredClientId;
    }

    public String getPrincipalName() {
        return this.principalName;
    }

    public AuthorizationGrantType getAuthorizationGrantType() {
        return this.authorizationGrantType;
    }

    public Set<String> getAuthorizedScopes() {
        return this.authorizedScopes;
    }

    public Token<OAuth2AccessToken> getAccessToken() {
        return getToken(OAuth2AccessToken.class);
    }

    @Nullable
    public Token<OAuth2RefreshToken> getRefreshToken() {
        return getToken(OAuth2RefreshToken.class);
    }

    @Nullable
    public <T extends OAuth2Token> Token<T> getToken(Class<T> cls) {
        Assert.notNull(cls, "tokenType cannot be null");
        Token<T> token = (Token) this.tokens.get(cls);
        if (token != null) {
            return token;
        }
        return null;
    }

    @Nullable
    public <T extends OAuth2Token> Token<T> getToken(String str) {
        Assert.hasText(str, "tokenValue cannot be empty");
        Iterator<Token<?>> it = this.tokens.values().iterator();
        while (it.hasNext()) {
            Token<T> token = (Token) it.next();
            if (token.getToken().getTokenValue().equals(str)) {
                return token;
            }
        }
        return null;
    }

    public Map<String, Object> getAttributes() {
        return this.attributes;
    }

    @Nullable
    public <T> T getAttribute(String str) {
        Assert.hasText(str, "name cannot be empty");
        return (T) this.attributes.get(str);
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        OAuth2Authorization oAuth2Authorization = (OAuth2Authorization) obj;
        return Objects.equals(this.id, oAuth2Authorization.id) && Objects.equals(this.registeredClientId, oAuth2Authorization.registeredClientId) && Objects.equals(this.principalName, oAuth2Authorization.principalName) && Objects.equals(this.authorizationGrantType, oAuth2Authorization.authorizationGrantType) && Objects.equals(this.authorizedScopes, oAuth2Authorization.authorizedScopes) && Objects.equals(this.tokens, oAuth2Authorization.tokens) && Objects.equals(this.attributes, oAuth2Authorization.attributes);
    }

    public int hashCode() {
        return Objects.hash(this.id, this.registeredClientId, this.principalName, this.authorizationGrantType, this.authorizedScopes, this.tokens, this.attributes);
    }

    public static Builder withRegisteredClient(RegisteredClient registeredClient) {
        Assert.notNull(registeredClient, "registeredClient cannot be null");
        return new Builder(registeredClient.getId());
    }

    public static Builder from(OAuth2Authorization oAuth2Authorization) {
        Assert.notNull(oAuth2Authorization, "authorization cannot be null");
        return new Builder(oAuth2Authorization.getRegisteredClientId()).id(oAuth2Authorization.getId()).principalName(oAuth2Authorization.getPrincipalName()).authorizationGrantType(oAuth2Authorization.getAuthorizationGrantType()).authorizedScopes(oAuth2Authorization.getAuthorizedScopes()).tokens(oAuth2Authorization.tokens).attributes(map -> {
            map.putAll(oAuth2Authorization.getAttributes());
        });
    }
}
