package org.springframework.security.oauth2.provider.approval;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.security.core.Authentication;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.util.Assert;

/* loaded from: input_file:org/springframework/security/oauth2/provider/approval/TokenServicesUserApprovalHandler.class */
public class TokenServicesUserApprovalHandler implements UserApprovalHandler, InitializingBean {
    private static Log logger = LogFactory.getLog(TokenServicesUserApprovalHandler.class);
    private AuthorizationServerTokenServices tokenServices;

    public void setTokenServices(AuthorizationServerTokenServices authorizationServerTokenServices) {
        this.tokenServices = authorizationServerTokenServices;
    }

    public void afterPropertiesSet() {
        Assert.state(this.tokenServices != null, "AuthorizationServerTokenServices must be provided");
    }

    @Override // org.springframework.security.oauth2.provider.approval.UserApprovalHandler
    public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication authentication) {
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(authorizationRequest, authentication);
        if (logger.isDebugEnabled()) {
            StringBuilder sb = new StringBuilder("Looking up existing token for ");
            sb.append("client_id=" + authorizationRequest.getClientId());
            sb.append(", scope=" + authorizationRequest.getScope());
            sb.append("and username=" + authentication.getName());
            logger.debug(sb.toString());
        }
        OAuth2AccessToken accessToken = this.tokenServices.getAccessToken(oAuth2Authentication);
        logger.debug("Existing access token=" + accessToken);
        if (accessToken == null || accessToken.isExpired()) {
            logger.debug("Checking explicit approval");
            return authentication.isAuthenticated() && authorizationRequest.isApproved();
        }
        logger.debug("User already approved with token=" + accessToken);
        return true;
    }
}
