package com.liferay.oauth2.provider.rest.internal.endpoint.access.token.grant.handler;

import com.liferay.oauth2.provider.model.OAuth2Application;
import com.liferay.oauth2.provider.rest.internal.endpoint.constants.OAuth2ProviderRestEndpointConstants;
import com.liferay.petra.string.StringBundler;
import com.liferay.portal.kernel.exception.PortalException;
import com.liferay.portal.kernel.log.Log;
import com.liferay.portal.kernel.log.LogFactoryUtil;
import com.liferay.portal.kernel.security.permission.PermissionCheckerFactoryUtil;
import com.liferay.portal.kernel.security.permission.resource.ModelResourcePermission;
import com.liferay.portal.kernel.service.UserLocalService;
import com.liferay.portal.kernel.util.MapUtil;
import java.util.List;
import java.util.Objects;
import javax.ws.rs.core.MultivaluedMap;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.osgi.service.component.annotations.Reference;

/* loaded from: input_file:com/liferay/oauth2/provider/rest/internal/endpoint/access/token/grant/handler/BaseAccessTokenGrantHandler.class */
public abstract class BaseAccessTokenGrantHandler implements AccessTokenGrantHandler {

    @Reference(target = "(model.class.name=com.liferay.oauth2.provider.model.OAuth2Application)")
    protected ModelResourcePermission<OAuth2Application> modelResourcePermission;

    @Reference
    protected UserLocalService userLocalService;
    private static final Log _log = LogFactoryUtil.getLog(BaseAccessTokenGrantHandler.class);

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler
    public ServerAccessToken createAccessToken(Client client, MultivaluedMap<String, String> multivaluedMap) throws OAuthServiceException {
        if (!isGrantHandlerEnabled()) {
            throw new OAuthServiceException("Grant handler is not enabled");
        }
        if (hasPermission(client, multivaluedMap)) {
            return getAccessTokenGrantHandler().createAccessToken(client, multivaluedMap);
        }
        throw new OAuthServiceException("User does not have permission to create token");
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler
    public List<String> getSupportedGrantTypes() {
        return getAccessTokenGrantHandler().getSupportedGrantTypes();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean clientsMatch(Client client, Client client2) {
        return Objects.equals(client.getClientId(), client2.getClientId()) && Objects.equals(MapUtil.getString(client.getProperties(), OAuth2ProviderRestEndpointConstants.PROPERTY_KEY_COMPANY_ID), MapUtil.getString(client2.getProperties(), OAuth2ProviderRestEndpointConstants.PROPERTY_KEY_COMPANY_ID));
    }

    protected abstract AccessTokenGrantHandler getAccessTokenGrantHandler();

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasCreateTokenPermission(long j, OAuth2Application oAuth2Application) {
        try {
            try {
                if (this.modelResourcePermission.contains(PermissionCheckerFactoryUtil.create(this.userLocalService.getUserById(j)), oAuth2Application, "CREATE_TOKEN")) {
                    return true;
                }
            } catch (PortalException e) {
                if (_log.isDebugEnabled()) {
                    _log.debug("Unable to check permissions for application " + oAuth2Application, e);
                }
            }
            if (!_log.isDebugEnabled()) {
                return false;
            }
            StringBundler stringBundler = new StringBundler(5);
            stringBundler.append("User ");
            stringBundler.append(j);
            stringBundler.append(" does not have permission to create access token for ");
            stringBundler.append("client ");
            stringBundler.append(oAuth2Application.getClientId());
            _log.debug(stringBundler.toString());
            return false;
        } catch (Exception e2) {
            if (!_log.isDebugEnabled()) {
                return false;
            }
            _log.debug("Unable to create permission checker for user " + j);
            return false;
        }
    }

    protected abstract boolean hasPermission(Client client, MultivaluedMap<String, String> multivaluedMap);

    protected abstract boolean isGrantHandlerEnabled();
}
