package org.apache.cxf.rs.security.oauth2.grants;

import java.util.Collections;
import java.util.List;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthError;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler;
import org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider;
import org.apache.cxf.rs.security.oauth2.provider.OAuthServiceException;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;

/* loaded from: input_file:org/apache/cxf/rs/security/oauth2/grants/AbstractGrantHandler.class */
public abstract class AbstractGrantHandler implements AccessTokenGrantHandler {
    private String supportedGrant;
    private OAuthDataProvider dataProvider;
    private boolean partialMatchScopeValidation;
    private boolean canSupportPublicClients;

    /* JADX INFO: Access modifiers changed from: protected */
    public AbstractGrantHandler(String str) {
        this.supportedGrant = str;
    }

    public void setDataProvider(OAuthDataProvider oAuthDataProvider) {
        this.dataProvider = oAuthDataProvider;
    }

    public OAuthDataProvider getDataProvider() {
        return this.dataProvider;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.AccessTokenGrantHandler
    public List<String> getSupportedGrantTypes() {
        return Collections.singletonList(this.supportedGrant);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkIfGrantSupported(Client client) {
        if (!OAuthUtils.isGrantSupportedForClient(client, this.canSupportPublicClients, OAuthConstants.AUTHORIZATION_CODE_GRANT)) {
            throw new OAuthServiceException(OAuthConstants.UNAUTHORIZED_CLIENT);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerAccessToken doCreateAccessToken(Client client, UserSubject userSubject, List<String> list) {
        if (!OAuthUtils.validateScopes(list, client.getRegisteredScopes(), this.partialMatchScopeValidation)) {
            throw new OAuthServiceException(new OAuthError(OAuthConstants.INVALID_SCOPE));
        }
        ServerAccessToken preauthorizedToken = this.dataProvider.getPreauthorizedToken(client, list, userSubject, this.supportedGrant);
        if (preauthorizedToken != null) {
            return preauthorizedToken;
        }
        AccessTokenRegistration accessTokenRegistration = new AccessTokenRegistration();
        accessTokenRegistration.setClient(client);
        accessTokenRegistration.setGrantType(this.supportedGrant);
        accessTokenRegistration.setSubject(userSubject);
        accessTokenRegistration.setRequestedScope(list);
        return this.dataProvider.createAccessToken(accessTokenRegistration);
    }

    public void setPartialMatchScopeValidation(boolean z) {
        this.partialMatchScopeValidation = z;
    }

    public void setCanSupportPublicClients(boolean z) {
        this.canSupportPublicClients = z;
    }

    public boolean isCanSupportPublicClients() {
        return this.canSupportPublicClients;
    }
}
