package org.springframework.security.oauth2.provider.endpoint;

import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.View;
import org.springframework.web.servlet.support.ServletUriComponentsBuilder;
import org.springframework.web.util.HtmlUtils;

@SessionAttributes({"authorizationRequest"})
@FrameworkEndpoint
@Deprecated
/* loaded from: input_file:org/springframework/security/oauth2/provider/endpoint/WhitelabelApprovalEndpoint.class */
public class WhitelabelApprovalEndpoint {
    @RequestMapping({"/oauth/confirm_access"})
    public ModelAndView getAccessConfirmation(Map<String, Object> map, HttpServletRequest httpServletRequest) throws Exception {
        final String createTemplate = createTemplate(map, httpServletRequest);
        if (httpServletRequest.getAttribute("_csrf") != null) {
            map.put("_csrf", httpServletRequest.getAttribute("_csrf"));
        }
        return new ModelAndView(new View() { // from class: org.springframework.security.oauth2.provider.endpoint.WhitelabelApprovalEndpoint.1
            public String getContentType() {
                return "text/html";
            }

            public void render(Map<String, ?> map2, HttpServletRequest httpServletRequest2, HttpServletResponse httpServletResponse) throws Exception {
                httpServletResponse.setContentType(getContentType());
                httpServletResponse.getWriter().append((CharSequence) createTemplate);
            }
        }, map);
    }

    protected String createTemplate(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        String clientId = ((AuthorizationRequest) map.get("authorizationRequest")).getClientId();
        StringBuilder sb = new StringBuilder();
        sb.append("<html><body><h1>OAuth Approval</h1>");
        sb.append("<p>Do you authorize \"").append(HtmlUtils.htmlEscape(clientId));
        sb.append("\" to access your protected resources?</p>");
        sb.append("<form id=\"confirmationForm\" name=\"confirmationForm\" action=\"");
        String path = ServletUriComponentsBuilder.fromContextPath(httpServletRequest).build().getPath();
        if (path == null) {
            path = "";
        }
        sb.append(path).append("/oauth/authorize\" method=\"post\">");
        sb.append("<input name=\"user_oauth_approval\" value=\"true\" type=\"hidden\"/>");
        String str = null;
        CsrfToken csrfToken = (CsrfToken) (map.containsKey("_csrf") ? map.get("_csrf") : httpServletRequest.getAttribute("_csrf"));
        if (csrfToken != null) {
            str = "<input type=\"hidden\" name=\"" + HtmlUtils.htmlEscape(csrfToken.getParameterName()) + "\" value=\"" + HtmlUtils.htmlEscape(csrfToken.getToken()) + "\" />";
        }
        if (str != null) {
            sb.append(str);
        }
        if (map.containsKey("scopes") || httpServletRequest.getAttribute("scopes") != null) {
            sb.append(createScopes(map, httpServletRequest));
            sb.append("<label><input name=\"authorize\" value=\"Authorize\" type=\"submit\"/></label></form>");
        } else {
            sb.append("<label><input name=\"authorize\" value=\"Authorize\" type=\"submit\"/></label></form>");
            sb.append("<form id=\"denialForm\" name=\"denialForm\" action=\"");
            sb.append(path).append("/oauth/authorize\" method=\"post\">");
            sb.append("<input name=\"user_oauth_approval\" value=\"false\" type=\"hidden\"/>");
            if (str != null) {
                sb.append(str);
            }
            sb.append("<label><input name=\"deny\" value=\"Deny\" type=\"submit\"/></label></form>");
        }
        sb.append("</body></html>");
        return sb.toString();
    }

    private CharSequence createScopes(Map<String, Object> map, HttpServletRequest httpServletRequest) {
        StringBuilder sb = new StringBuilder("<ul>");
        Map map2 = (Map) (map.containsKey("scopes") ? map.get("scopes") : httpServletRequest.getAttribute("scopes"));
        for (String str : map2.keySet()) {
            String str2 = "true".equals(map2.get(str)) ? " checked" : "";
            String str3 = !"true".equals(map2.get(str)) ? " checked" : "";
            String htmlEscape = HtmlUtils.htmlEscape(str);
            sb.append("<li><div class=\"form-group\">");
            sb.append(htmlEscape).append(": <input type=\"radio\" name=\"");
            sb.append(htmlEscape).append("\" value=\"true\"").append(str2).append(">Approve</input> ");
            sb.append("<input type=\"radio\" name=\"").append(htmlEscape).append("\" value=\"false\"");
            sb.append(str3).append(">Deny</input></div></li>");
        }
        sb.append("</ul>");
        return sb.toString();
    }
}
