package org.springframework.security.oauth2.server.authorization.client;

import java.io.Serializable;
import java.net.URI;
import java.net.URISyntaxException;
import java.time.Instant;
import java.util.Collections;
import java.util.HashSet;
import java.util.Objects;
import java.util.Set;
import java.util.function.Consumer;
import org.springframework.lang.Nullable;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.ClientAuthenticationMethod;
import org.springframework.security.oauth2.server.authorization.settings.ClientSettings;
import org.springframework.security.oauth2.server.authorization.settings.TokenSettings;
import org.springframework.security.oauth2.server.authorization.util.SpringAuthorizationServerVersion;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/RegisteredClient.class */
public class RegisteredClient implements Serializable {
    private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
    private String id;
    private String clientId;
    private Instant clientIdIssuedAt;
    private String clientSecret;
    private Instant clientSecretExpiresAt;
    private String clientName;
    private Set<ClientAuthenticationMethod> clientAuthenticationMethods;
    private Set<AuthorizationGrantType> authorizationGrantTypes;
    private Set<String> redirectUris;
    private Set<String> scopes;
    private ClientSettings clientSettings;
    private TokenSettings tokenSettings;

    /* loaded from: input_file:org/springframework/security/oauth2/server/authorization/client/RegisteredClient$Builder.class */
    public static class Builder implements Serializable {
        private static final long serialVersionUID = SpringAuthorizationServerVersion.SERIAL_VERSION_UID;
        private String id;
        private String clientId;
        private Instant clientIdIssuedAt;
        private String clientSecret;
        private Instant clientSecretExpiresAt;
        private String clientName;
        private final Set<ClientAuthenticationMethod> clientAuthenticationMethods = new HashSet();
        private final Set<AuthorizationGrantType> authorizationGrantTypes = new HashSet();
        private final Set<String> redirectUris = new HashSet();
        private final Set<String> scopes = new HashSet();
        private ClientSettings clientSettings;
        private TokenSettings tokenSettings;

        protected Builder(String str) {
            this.id = str;
        }

        protected Builder(RegisteredClient registeredClient) {
            this.id = registeredClient.getId();
            this.clientId = registeredClient.getClientId();
            this.clientIdIssuedAt = registeredClient.getClientIdIssuedAt();
            this.clientSecret = registeredClient.getClientSecret();
            this.clientSecretExpiresAt = registeredClient.getClientSecretExpiresAt();
            this.clientName = registeredClient.getClientName();
            if (!CollectionUtils.isEmpty(registeredClient.getClientAuthenticationMethods())) {
                this.clientAuthenticationMethods.addAll(registeredClient.getClientAuthenticationMethods());
            }
            if (!CollectionUtils.isEmpty(registeredClient.getAuthorizationGrantTypes())) {
                this.authorizationGrantTypes.addAll(registeredClient.getAuthorizationGrantTypes());
            }
            if (!CollectionUtils.isEmpty(registeredClient.getRedirectUris())) {
                this.redirectUris.addAll(registeredClient.getRedirectUris());
            }
            if (!CollectionUtils.isEmpty(registeredClient.getScopes())) {
                this.scopes.addAll(registeredClient.getScopes());
            }
            this.clientSettings = ClientSettings.withSettings(registeredClient.getClientSettings().getSettings()).build();
            this.tokenSettings = TokenSettings.withSettings(registeredClient.getTokenSettings().getSettings()).build();
        }

        public Builder id(String str) {
            this.id = str;
            return this;
        }

        public Builder clientId(String str) {
            this.clientId = str;
            return this;
        }

        public Builder clientIdIssuedAt(Instant instant) {
            this.clientIdIssuedAt = instant;
            return this;
        }

        public Builder clientSecret(String str) {
            this.clientSecret = str;
            return this;
        }

        public Builder clientSecretExpiresAt(Instant instant) {
            this.clientSecretExpiresAt = instant;
            return this;
        }

        public Builder clientName(String str) {
            this.clientName = str;
            return this;
        }

        public Builder clientAuthenticationMethod(ClientAuthenticationMethod clientAuthenticationMethod) {
            this.clientAuthenticationMethods.add(clientAuthenticationMethod);
            return this;
        }

        public Builder clientAuthenticationMethods(Consumer<Set<ClientAuthenticationMethod>> consumer) {
            consumer.accept(this.clientAuthenticationMethods);
            return this;
        }

        public Builder authorizationGrantType(AuthorizationGrantType authorizationGrantType) {
            this.authorizationGrantTypes.add(authorizationGrantType);
            return this;
        }

        public Builder authorizationGrantTypes(Consumer<Set<AuthorizationGrantType>> consumer) {
            consumer.accept(this.authorizationGrantTypes);
            return this;
        }

        public Builder redirectUri(String str) {
            this.redirectUris.add(str);
            return this;
        }

        public Builder redirectUris(Consumer<Set<String>> consumer) {
            consumer.accept(this.redirectUris);
            return this;
        }

        public Builder scope(String str) {
            this.scopes.add(str);
            return this;
        }

        public Builder scopes(Consumer<Set<String>> consumer) {
            consumer.accept(this.scopes);
            return this;
        }

        public Builder clientSettings(ClientSettings clientSettings) {
            this.clientSettings = clientSettings;
            return this;
        }

        public Builder tokenSettings(TokenSettings tokenSettings) {
            this.tokenSettings = tokenSettings;
            return this;
        }

        public RegisteredClient build() {
            Assert.hasText(this.clientId, "clientId cannot be empty");
            Assert.notEmpty(this.authorizationGrantTypes, "authorizationGrantTypes cannot be empty");
            if (this.authorizationGrantTypes.contains(AuthorizationGrantType.AUTHORIZATION_CODE)) {
                Assert.notEmpty(this.redirectUris, "redirectUris cannot be empty");
            }
            if (!StringUtils.hasText(this.clientName)) {
                this.clientName = this.id;
            }
            if (CollectionUtils.isEmpty(this.clientAuthenticationMethods)) {
                this.clientAuthenticationMethods.add(ClientAuthenticationMethod.CLIENT_SECRET_BASIC);
            }
            if (this.clientSettings == null) {
                ClientSettings.Builder builder = ClientSettings.builder();
                if (isPublicClientType()) {
                    builder.requireProofKey(true).requireAuthorizationConsent(true);
                }
                this.clientSettings = builder.build();
            }
            if (this.tokenSettings == null) {
                this.tokenSettings = TokenSettings.builder().build();
            }
            validateScopes();
            validateRedirectUris();
            return create();
        }

        private boolean isPublicClientType() {
            return this.authorizationGrantTypes.contains(AuthorizationGrantType.AUTHORIZATION_CODE) && this.clientAuthenticationMethods.size() == 1 && this.clientAuthenticationMethods.contains(ClientAuthenticationMethod.NONE);
        }

        private RegisteredClient create() {
            RegisteredClient registeredClient = new RegisteredClient();
            registeredClient.id = this.id;
            registeredClient.clientId = this.clientId;
            registeredClient.clientIdIssuedAt = this.clientIdIssuedAt;
            registeredClient.clientSecret = this.clientSecret;
            registeredClient.clientSecretExpiresAt = this.clientSecretExpiresAt;
            registeredClient.clientName = this.clientName;
            registeredClient.clientAuthenticationMethods = Collections.unmodifiableSet(new HashSet(this.clientAuthenticationMethods));
            registeredClient.authorizationGrantTypes = Collections.unmodifiableSet(new HashSet(this.authorizationGrantTypes));
            registeredClient.redirectUris = Collections.unmodifiableSet(new HashSet(this.redirectUris));
            registeredClient.scopes = Collections.unmodifiableSet(new HashSet(this.scopes));
            registeredClient.clientSettings = this.clientSettings;
            registeredClient.tokenSettings = this.tokenSettings;
            return registeredClient;
        }

        private void validateScopes() {
            if (CollectionUtils.isEmpty(this.scopes)) {
                return;
            }
            for (String str : this.scopes) {
                Assert.isTrue(validateScope(str), "scope \"" + str + "\" contains invalid characters");
            }
        }

        private static boolean validateScope(String str) {
            return str == null || str.chars().allMatch(i -> {
                return withinTheRangeOf(i, 33, 33) || withinTheRangeOf(i, 35, 91) || withinTheRangeOf(i, 93, 126);
            });
        }

        private static boolean withinTheRangeOf(int i, int i2, int i3) {
            return i >= i2 && i <= i3;
        }

        private void validateRedirectUris() {
            if (CollectionUtils.isEmpty(this.redirectUris)) {
                return;
            }
            for (String str : this.redirectUris) {
                Assert.isTrue(validateRedirectUri(str), "redirect_uri \"" + str + "\" is not a valid redirect URI or contains fragment");
            }
        }

        private static boolean validateRedirectUri(String str) {
            try {
                return new URI(str).getFragment() == null;
            } catch (URISyntaxException e) {
                return false;
            }
        }
    }

    protected RegisteredClient() {
    }

    public String getId() {
        return this.id;
    }

    public String getClientId() {
        return this.clientId;
    }

    @Nullable
    public Instant getClientIdIssuedAt() {
        return this.clientIdIssuedAt;
    }

    @Nullable
    public String getClientSecret() {
        return this.clientSecret;
    }

    @Nullable
    public Instant getClientSecretExpiresAt() {
        return this.clientSecretExpiresAt;
    }

    public String getClientName() {
        return this.clientName;
    }

    public Set<ClientAuthenticationMethod> getClientAuthenticationMethods() {
        return this.clientAuthenticationMethods;
    }

    public Set<AuthorizationGrantType> getAuthorizationGrantTypes() {
        return this.authorizationGrantTypes;
    }

    public Set<String> getRedirectUris() {
        return this.redirectUris;
    }

    public Set<String> getScopes() {
        return this.scopes;
    }

    public ClientSettings getClientSettings() {
        return this.clientSettings;
    }

    public TokenSettings getTokenSettings() {
        return this.tokenSettings;
    }

    public boolean equals(Object obj) {
        if (this == obj) {
            return true;
        }
        if (obj == null || getClass() != obj.getClass()) {
            return false;
        }
        RegisteredClient registeredClient = (RegisteredClient) obj;
        return Objects.equals(this.id, registeredClient.id) && Objects.equals(this.clientId, registeredClient.clientId) && Objects.equals(this.clientIdIssuedAt, registeredClient.clientIdIssuedAt) && Objects.equals(this.clientSecret, registeredClient.clientSecret) && Objects.equals(this.clientSecretExpiresAt, registeredClient.clientSecretExpiresAt) && Objects.equals(this.clientName, registeredClient.clientName) && Objects.equals(this.clientAuthenticationMethods, registeredClient.clientAuthenticationMethods) && Objects.equals(this.authorizationGrantTypes, registeredClient.authorizationGrantTypes) && Objects.equals(this.redirectUris, registeredClient.redirectUris) && Objects.equals(this.scopes, registeredClient.scopes) && Objects.equals(this.clientSettings, registeredClient.clientSettings) && Objects.equals(this.tokenSettings, registeredClient.tokenSettings);
    }

    public int hashCode() {
        return Objects.hash(this.id, this.clientId, this.clientIdIssuedAt, this.clientSecret, this.clientSecretExpiresAt, this.clientName, this.clientAuthenticationMethods, this.authorizationGrantTypes, this.redirectUris, this.scopes, this.clientSettings, this.tokenSettings);
    }

    public String toString() {
        return "RegisteredClient {id='" + this.id + "', clientId='" + this.clientId + "', clientName='" + this.clientName + "', clientAuthenticationMethods=" + this.clientAuthenticationMethods + ", authorizationGrantTypes=" + this.authorizationGrantTypes + ", redirectUris=" + this.redirectUris + ", scopes=" + this.scopes + ", clientSettings=" + this.clientSettings + ", tokenSettings=" + this.tokenSettings + "}";
    }

    public static Builder withId(String str) {
        Assert.hasText(str, "id cannot be empty");
        return new Builder(str);
    }

    public static Builder from(RegisteredClient registeredClient) {
        Assert.notNull(registeredClient, "registeredClient cannot be null");
        return new Builder(registeredClient);
    }
}
