package pl.edu.icm.unity.oauth.as.webauthz;

import com.nimbusds.oauth2.sdk.client.ClientType;
import java.util.Arrays;
import org.apache.logging.log4j.Logger;
import pl.edu.icm.unity.base.entity.EntityParam;
import pl.edu.icm.unity.base.exceptions.EngineException;
import pl.edu.icm.unity.base.message.MessageSource;
import pl.edu.icm.unity.base.utils.Log;
import pl.edu.icm.unity.engine.api.EnquiryManagement;
import pl.edu.icm.unity.engine.api.authn.InvocationContext;
import pl.edu.icm.unity.engine.api.enquiry.EnquirySelector;
import pl.edu.icm.unity.engine.api.idp.ActiveValueClientHelper;
import pl.edu.icm.unity.engine.api.idp.CommonIdPProperties;
import pl.edu.icm.unity.engine.api.policyAgreement.PolicyAgreementManagement;
import pl.edu.icm.unity.oauth.as.OAuthAuthzContext;
import pl.edu.icm.unity.oauth.as.preferences.OAuthPreferences;

/* loaded from: input_file:pl/edu/icm/unity/oauth/as/webauthz/ASConsentDecider.class */
class ASConsentDecider {
    private static final Logger log = Log.getLogger("unity.server.oauth", ASConsentDecider.class);
    private final EnquiryManagement enquiryManagement;
    private final PolicyAgreementManagement policyAgreementsMan;
    private final MessageSource msg;

    /* JADX INFO: Access modifiers changed from: package-private */
    public ASConsentDecider(EnquiryManagement enquiryManagement, PolicyAgreementManagement policyAgreementManagement, MessageSource messageSource) {
        this.enquiryManagement = enquiryManagement;
        this.policyAgreementsMan = policyAgreementManagement;
        this.msg = messageSource;
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isNonePrompt(OAuthAuthzContext oAuthAuthzContext) {
        return oAuthAuthzContext.getPrompts().contains(OAuthAuthzContext.Prompt.NONE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean forceConsentIfConsentPrompt(OAuthAuthzContext oAuthAuthzContext) {
        return oAuthAuthzContext.getPrompts().contains(OAuthAuthzContext.Prompt.CONSENT);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public boolean isInteractiveUIRequired(OAuthPreferences.OAuthClientSettings oAuthClientSettings, OAuthAuthzContext oAuthAuthzContext) {
        return isConsentRequired(oAuthClientSettings, oAuthAuthzContext) || isActiveValueSelectionRequired(oAuthAuthzContext) || isEnquiryWaiting() || isPolicyAgreementWaiting(oAuthAuthzContext);
    }

    private boolean isActiveValueSelectionRequired(OAuthAuthzContext oAuthAuthzContext) {
        return ActiveValueClientHelper.isActiveValueSelectionConfiguredForClient(oAuthAuthzContext.getConfig().getActiveValueClients(), oAuthAuthzContext.getClientUsername());
    }

    private boolean isConsentRequired(OAuthPreferences.OAuthClientSettings oAuthClientSettings, OAuthAuthzContext oAuthAuthzContext) {
        return (oAuthClientSettings.isDoNotAsk() && oAuthAuthzContext.getClientType() == ClientType.CONFIDENTIAL) ? areScopesChanged(oAuthClientSettings, oAuthAuthzContext) || isAudienceChanged(oAuthClientSettings, oAuthAuthzContext) : areScopesChanged(oAuthClientSettings, oAuthAuthzContext) || isAudienceChanged(oAuthClientSettings, oAuthAuthzContext) || !oAuthAuthzContext.getConfig().isSkipConsent();
    }

    private boolean areScopesChanged(OAuthPreferences.OAuthClientSettings oAuthClientSettings, OAuthAuthzContext oAuthAuthzContext) {
        return !oAuthClientSettings.getEffectiveRequestedScopes().containsAll(Arrays.asList(oAuthAuthzContext.getEffectiveRequestedScopesList()));
    }

    private boolean isAudienceChanged(OAuthPreferences.OAuthClientSettings oAuthClientSettings, OAuthAuthzContext oAuthAuthzContext) {
        return !oAuthClientSettings.getAudience().containsAll(oAuthAuthzContext.getAdditionalAudience());
    }

    private boolean isEnquiryWaiting() {
        try {
            return !this.enquiryManagement.getAvailableEnquires(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), EnquirySelector.builder().withAccessMode(EnquirySelector.AccessMode.NOT_BY_INVITATION_ONLY).withType(EnquirySelector.Type.REGULAR).build()).isEmpty();
        } catch (EngineException e) {
            log.warn("Can't retrieve pending enquiries for user", e);
            return false;
        }
    }

    private boolean isPolicyAgreementWaiting(OAuthAuthzContext oAuthAuthzContext) {
        try {
            return !this.policyAgreementsMan.filterAgreementToPresent(new EntityParam(Long.valueOf(InvocationContext.getCurrent().getLoginSession().getEntityId())), CommonIdPProperties.getPolicyAgreementsConfig(this.msg, oAuthAuthzContext.getConfig()).agreements).isEmpty();
        } catch (EngineException e) {
            log.error("Unable to determine policy agreements to accept");
            return false;
        }
    }
}
