package org.apache.cxf.rs.security.oauth2.provider;

import jakarta.ws.rs.core.MultivaluedMap;
import java.util.ArrayList;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.cxf.jaxrs.ext.MessageContext;
import org.apache.cxf.rs.security.jose.jwt.JwtClaims;
import org.apache.cxf.rs.security.jose.jwt.JwtConstants;
import org.apache.cxf.rs.security.jose.jwt.JwtToken;
import org.apache.cxf.rs.security.oauth2.common.AccessTokenRegistration;
import org.apache.cxf.rs.security.oauth2.common.Client;
import org.apache.cxf.rs.security.oauth2.common.OAuthPermission;
import org.apache.cxf.rs.security.oauth2.common.ServerAccessToken;
import org.apache.cxf.rs.security.oauth2.common.UserSubject;
import org.apache.cxf.rs.security.oauth2.tokens.bearer.BearerAccessToken;
import org.apache.cxf.rs.security.oauth2.tokens.refresh.RefreshToken;
import org.apache.cxf.rs.security.oauth2.utils.JwtTokenUtils;
import org.apache.cxf.rs.security.oauth2.utils.OAuthConstants;
import org.apache.cxf.rs.security.oauth2.utils.OAuthUtils;
import org.apache.cxf.ws.security.tokenstore.MemoryTokenStore;

/* loaded from: input_file:lib/cxf-shade-9.0.0.jar:org/apache/cxf/rs/security/oauth2/provider/AbstractOAuthDataProvider.class */
public abstract class AbstractOAuthDataProvider implements OAuthDataProvider, ClientRegistrationProvider {
    private long refreshTokenLifetime;
    private Object refreshTokenLock;
    private MessageContext messageContext;
    private List<String> defaultScopes;
    private List<String> requiredScopes;
    private List<String> invisibleToClientScopes;
    private boolean supportPreauthorizedTokens;
    private boolean useJwtFormatForAccessTokens;
    private OAuthJoseJwtProducer jwtAccessTokenProducer;
    private Map<String, String> jwtAccessTokenClaimMap;
    private ProviderAuthenticationStrategy authenticationStrategy;
    private String issuer;
    private long accessTokenLifetime = MemoryTokenStore.MAX_TTL;
    private boolean recycleRefreshTokens = true;
    private Map<String, OAuthPermission> permissionMap = new HashMap();
    private boolean persistJwtEncoding = true;

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken createAccessToken(AccessTokenRegistration accessTokenRegistration) throws OAuthServiceException {
        ServerAccessToken doCreateAccessToken = doCreateAccessToken(accessTokenRegistration);
        saveAccessToken(doCreateAccessToken);
        if (isRefreshTokenSupported(accessTokenRegistration.getApprovedScope())) {
            createNewRefreshToken(doCreateAccessToken);
        }
        return doCreateAccessToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ServerAccessToken doCreateAccessToken(AccessTokenRegistration accessTokenRegistration) {
        String str;
        ServerAccessToken doCreateAccessToken = doCreateAccessToken(accessTokenRegistration.getAudiences(), accessTokenRegistration.getClient(), accessTokenRegistration.getClientCodeVerifier(), accessTokenRegistration.getExtraProperties(), accessTokenRegistration.getGrantCode(), accessTokenRegistration.getGrantType(), accessTokenRegistration.getNonce(), accessTokenRegistration.getResponseType(), convertScopeToPermissions(accessTokenRegistration.getClient(), accessTokenRegistration.getApprovedScope()), accessTokenRegistration.getSubject());
        if (this.messageContext != null && (str = (String) this.messageContext.get("x5t#S256")) != null) {
            doCreateAccessToken.getExtraProperties().put("x5t#S256", str);
        }
        if (isUseJwtFormatForAccessTokens()) {
            convertToJWTAccessToken(doCreateAccessToken);
        }
        return doCreateAccessToken;
    }

    protected ServerAccessToken doCreateAccessToken(List<String> list, Client client, String str, Map<String, String> map, String str2, String str3, String str4, String str5, List<OAuthPermission> list2, UserSubject userSubject) {
        ServerAccessToken createNewAccessToken = createNewAccessToken(client, userSubject);
        createNewAccessToken.setAudiences(list);
        createNewAccessToken.setGrantType(str3);
        createNewAccessToken.setScopes(list2);
        createNewAccessToken.setSubject(userSubject);
        createNewAccessToken.setClientCodeVerifier(str);
        createNewAccessToken.setNonce(str4);
        createNewAccessToken.setResponseType(str5);
        createNewAccessToken.setGrantCode(str2);
        createNewAccessToken.getExtraProperties().putAll(map);
        return createNewAccessToken;
    }

    protected JwtClaims createJwtAccessToken(ServerAccessToken serverAccessToken) {
        JwtClaims jwtClaims = new JwtClaims();
        jwtClaims.setTokenId(serverAccessToken.getTokenKey());
        jwtClaims.setClaim(JwtTokenUtils.getClaimName("client_id", "client_id", getJwtAccessTokenClaimMap()), serverAccessToken.getClient().getClientId());
        jwtClaims.setIssuedAt(Long.valueOf(serverAccessToken.getIssuedAt()));
        if (serverAccessToken.getExpiresIn() > 0) {
            jwtClaims.setExpiryTime(Long.valueOf(serverAccessToken.getIssuedAt() + serverAccessToken.getExpiresIn()));
        }
        UserSubject subject = serverAccessToken.getSubject();
        if (subject != null) {
            if (subject.getId() != null) {
                jwtClaims.setSubject(subject.getId());
            }
            jwtClaims.setClaim(JwtTokenUtils.getClaimName(OAuthConstants.RESOURCE_OWNER_NAME, OAuthConstants.RESOURCE_OWNER_NAME, getJwtAccessTokenClaimMap()), subject.getLogin());
        }
        if (serverAccessToken.getIssuer() != null) {
            jwtClaims.setIssuer(serverAccessToken.getIssuer());
        }
        if (!serverAccessToken.getScopes().isEmpty()) {
            jwtClaims.setClaim("scope", OAuthUtils.convertListOfScopesToString(OAuthUtils.convertPermissionsToScopeList(serverAccessToken.getScopes())));
        }
        if (!serverAccessToken.getAudiences().isEmpty()) {
            List<String> audiences = serverAccessToken.getAudiences();
            if (audiences.size() == 1) {
                jwtClaims.setAudience(audiences.get(0));
            } else {
                jwtClaims.setAudiences(audiences);
            }
        }
        if (!serverAccessToken.getExtraProperties().isEmpty()) {
            HashMap hashMap = new HashMap();
            for (Map.Entry<String, String> entry : serverAccessToken.getExtraProperties().entrySet()) {
                if ("x5t#S256".equals(entry.getKey())) {
                    jwtClaims.setClaim(JwtConstants.CLAIM_CONFIRMATION, Collections.singletonMap("x5t#S256", entry.getValue()));
                } else {
                    hashMap.put(entry.getKey(), entry.getValue());
                }
            }
            jwtClaims.setClaim("extra_properties", hashMap);
        }
        if (serverAccessToken.getGrantType() != null) {
            jwtClaims.setClaim(OAuthConstants.GRANT_TYPE, serverAccessToken.getGrantType());
        }
        if (serverAccessToken.getGrantCode() != null) {
            jwtClaims.setClaim(OAuthConstants.AUTHORIZATION_CODE_GRANT, serverAccessToken.getGrantCode());
        }
        if (serverAccessToken.getClientCodeVerifier() != null) {
            jwtClaims.setClaim(OAuthConstants.AUTHORIZATION_CODE_VERIFIER, serverAccessToken.getClientCodeVerifier());
        }
        if (serverAccessToken.getNonce() != null) {
            jwtClaims.setClaim("nonce", serverAccessToken.getNonce());
        }
        return jwtClaims;
    }

    protected void convertToJWTAccessToken(ServerAccessToken serverAccessToken) {
        String processJwtAccessToken = processJwtAccessToken(createJwtAccessToken(serverAccessToken));
        if (isPersistJwtEncoding()) {
            serverAccessToken.setTokenKey(processJwtAccessToken);
        } else {
            serverAccessToken.setEncodedToken(processJwtAccessToken);
        }
    }

    protected ServerAccessToken createNewAccessToken(Client client, UserSubject userSubject) {
        BearerAccessToken bearerAccessToken = new BearerAccessToken(client, this.accessTokenLifetime);
        if (getIssuer() != null) {
            bearerAccessToken.setIssuer(getIssuer());
        }
        return bearerAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken refreshAccessToken(Client client, String str, List<String> list) throws OAuthServiceException {
        RefreshToken revokeRefreshToken = this.recycleRefreshTokens ? revokeRefreshToken(client, str) : getRefreshToken(str);
        if (revokeRefreshToken == null) {
            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
        }
        if (OAuthUtils.isExpired(Long.valueOf(revokeRefreshToken.getIssuedAt()), Long.valueOf(revokeRefreshToken.getExpiresIn()))) {
            if (!this.recycleRefreshTokens) {
                revokeRefreshToken(client, str);
            }
            throw new OAuthServiceException(OAuthConstants.ACCESS_DENIED);
        }
        if (this.recycleRefreshTokens) {
            revokeAccessTokens(client, revokeRefreshToken);
        }
        ServerAccessToken doRefreshAccessToken = doRefreshAccessToken(client, revokeRefreshToken, list);
        saveAccessToken(doRefreshAccessToken);
        if (this.recycleRefreshTokens) {
            createNewRefreshToken(doRefreshAccessToken);
        } else {
            updateExistingRefreshToken(revokeRefreshToken, doRefreshAccessToken);
        }
        return doRefreshAccessToken;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public void revokeToken(Client client, String str, String str2) throws OAuthServiceException {
        ServerAccessToken serverAccessToken = null;
        if (!"refresh_token".equals(str2)) {
            serverAccessToken = revokeAccessToken(client, str);
        }
        if (serverAccessToken != null) {
            handleLinkedRefreshToken(client, serverAccessToken);
        } else {
            if (OAuthConstants.ACCESS_TOKEN.equals(str2)) {
                return;
            }
            revokeAccessTokens(client, revokeRefreshToken(client, str));
        }
    }

    protected void handleLinkedRefreshToken(Client client, ServerAccessToken serverAccessToken) {
        RefreshToken refreshToken;
        if (serverAccessToken == null || serverAccessToken.getRefreshToken() == null || (refreshToken = getRefreshToken(serverAccessToken.getRefreshToken())) == null) {
            return;
        }
        unlinkRefreshAccessToken(refreshToken, serverAccessToken.getTokenKey());
        if (refreshToken.getAccessTokens().isEmpty()) {
            revokeRefreshToken(client, refreshToken.getTokenKey());
        } else {
            saveRefreshToken(refreshToken);
        }
    }

    protected void revokeAccessTokens(Client client, RefreshToken refreshToken) {
        if (refreshToken != null) {
            Iterator<String> it = refreshToken.getAccessTokens().iterator();
            while (it.hasNext()) {
                revokeAccessToken(client, it.next());
            }
        }
    }

    protected void unlinkRefreshAccessToken(RefreshToken refreshToken, String str) {
        List<String> accessTokens = refreshToken.getAccessTokens();
        for (int i = 0; i < accessTokens.size(); i++) {
            if (accessTokens.get(i).equals(str)) {
                accessTokens.remove(i);
                return;
            }
        }
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public List<OAuthPermission> convertScopeToPermissions(Client client, List<String> list) {
        checkRequestedScopes(client, list);
        if (list.isEmpty()) {
            return Collections.emptyList();
        }
        ArrayList arrayList = new ArrayList();
        Iterator<String> it = list.iterator();
        while (it.hasNext()) {
            convertSingleScopeToPermission(client, it.next(), arrayList);
        }
        if (arrayList.isEmpty()) {
            throw new OAuthServiceException("Requested scopes can not be mapped");
        }
        return arrayList;
    }

    protected void checkRequestedScopes(Client client, List<String> list) {
        if (this.requiredScopes != null && !list.containsAll(this.requiredScopes)) {
            throw new OAuthServiceException("Required scopes are missing");
        }
    }

    protected void convertSingleScopeToPermission(Client client, String str, List<OAuthPermission> list) {
        OAuthPermission oAuthPermission = this.permissionMap.get(str);
        if (oAuthPermission == null) {
            throw new OAuthServiceException("Unexpected scope: " + str);
        }
        list.add(oAuthPermission);
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider
    public ServerAccessToken getPreauthorizedToken(Client client, List<String> list, UserSubject userSubject, String str) throws OAuthServiceException {
        if (!isSupportPreauthorizedTokens()) {
            return null;
        }
        ServerAccessToken serverAccessToken = null;
        for (ServerAccessToken serverAccessToken2 : getAccessTokens(client, userSubject)) {
            if (serverAccessToken2.getClient().getClientId().equals(client.getClientId()) && serverAccessToken2.getGrantType().equals(str) && ((userSubject == null && serverAccessToken2.getSubject() == null) || (userSubject != null && serverAccessToken2.getSubject().getLogin().equals(userSubject.getLogin())))) {
                if (OAuthUtils.isExpired(Long.valueOf(serverAccessToken2.getIssuedAt()), Long.valueOf(serverAccessToken2.getExpiresIn()))) {
                    revokeToken(client, serverAccessToken2.getTokenKey(), OAuthConstants.ACCESS_TOKEN);
                } else {
                    serverAccessToken = serverAccessToken2;
                }
                return serverAccessToken;
            }
        }
        return serverAccessToken;
    }

    protected boolean isRefreshTokenSupported(List<String> list) {
        return list.contains(OAuthConstants.REFRESH_TOKEN_SCOPE);
    }

    protected String getCurrentRequestedGrantType() {
        if (this.messageContext != null) {
            return (String) this.messageContext.get(OAuthConstants.GRANT_TYPE);
        }
        return null;
    }

    protected String getCurrentClientSecret() {
        if (this.messageContext != null) {
            return (String) this.messageContext.get("client_secret");
        }
        return null;
    }

    protected MultivaluedMap<String, String> getCurrentTokenRequestParams() {
        if (this.messageContext != null) {
            return (MultivaluedMap) this.messageContext.get(OAuthConstants.TOKEN_REQUEST_PARAMS);
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RefreshToken updateExistingRefreshToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        RefreshToken updateRefreshToken;
        synchronized (this.refreshTokenLock) {
            updateRefreshToken = updateRefreshToken(refreshToken, serverAccessToken);
        }
        return updateRefreshToken;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public RefreshToken updateRefreshToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        linkAccessTokenToRefreshToken(refreshToken, serverAccessToken);
        saveRefreshToken(refreshToken);
        linkRefreshTokenToAccessToken(refreshToken, serverAccessToken);
        return refreshToken;
    }

    protected RefreshToken createNewRefreshToken(ServerAccessToken serverAccessToken) {
        return updateRefreshToken(doCreateNewRefreshToken(serverAccessToken), serverAccessToken);
    }

    protected RefreshToken doCreateNewRefreshToken(ServerAccessToken serverAccessToken) {
        RefreshToken refreshToken = new RefreshToken(serverAccessToken.getClient(), this.refreshTokenLifetime);
        if (serverAccessToken.getAudiences() != null) {
            refreshToken.setAudiences(new ArrayList(serverAccessToken.getAudiences()));
        }
        refreshToken.setGrantType(serverAccessToken.getGrantType());
        if (serverAccessToken.getScopes() != null) {
            refreshToken.setScopes(new ArrayList(serverAccessToken.getScopes()));
        }
        refreshToken.setGrantCode(serverAccessToken.getGrantCode());
        refreshToken.setNonce(serverAccessToken.getNonce());
        refreshToken.setSubject(serverAccessToken.getSubject());
        refreshToken.setClientCodeVerifier(serverAccessToken.getClientCodeVerifier());
        return refreshToken;
    }

    protected void linkAccessTokenToRefreshToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        if (refreshToken.getAccessTokens().contains(serverAccessToken.getTokenKey())) {
            return;
        }
        refreshToken.getAccessTokens().add(serverAccessToken.getTokenKey());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void linkRefreshTokenToAccessToken(RefreshToken refreshToken, ServerAccessToken serverAccessToken) {
        serverAccessToken.setRefreshToken(refreshToken.getTokenKey());
    }

    protected ServerAccessToken doRefreshAccessToken(Client client, RefreshToken refreshToken, List<String> list) {
        List<OAuthPermission> convertScopeToPermissions;
        if (list.isEmpty()) {
            convertScopeToPermissions = refreshToken.getScopes() != null ? new ArrayList(refreshToken.getScopes()) : null;
        } else {
            convertScopeToPermissions = convertScopeToPermissions(client, list);
            if (!refreshToken.getScopes().containsAll(convertScopeToPermissions)) {
                throw new OAuthServiceException("Invalid scopes");
            }
        }
        ServerAccessToken doCreateAccessToken = doCreateAccessToken(refreshToken.getAudiences() != null ? new ArrayList(refreshToken.getAudiences()) : null, client, refreshToken.getClientCodeVerifier(), refreshToken.getExtraProperties(), refreshToken.getGrantCode(), refreshToken.getGrantType(), refreshToken.getNonce(), null, convertScopeToPermissions, refreshToken.getSubject());
        if (isUseJwtFormatForAccessTokens()) {
            convertToJWTAccessToken(doCreateAccessToken);
        }
        return doCreateAccessToken;
    }

    public void setAccessTokenLifetime(long j) {
        this.accessTokenLifetime = j;
    }

    public void setRefreshTokenLifetime(long j) {
        this.refreshTokenLifetime = j;
    }

    public void setRecycleRefreshTokens(boolean z) {
        this.recycleRefreshTokens = z;
        this.refreshTokenLock = z ? null : new Object();
    }

    public boolean isRecycleRefreshTokens() {
        return this.recycleRefreshTokens;
    }

    public void init() {
        for (OAuthPermission oAuthPermission : this.permissionMap.values()) {
            if (this.defaultScopes != null && this.defaultScopes.contains(oAuthPermission.getPermission())) {
                oAuthPermission.setDefaultPermission(true);
            }
            if (this.invisibleToClientScopes != null && this.invisibleToClientScopes.contains(oAuthPermission.getPermission())) {
                oAuthPermission.setInvisibleToClient(true);
            }
        }
    }

    public void close() {
    }

    public Map<String, OAuthPermission> getPermissionMap() {
        return this.permissionMap;
    }

    public void setPermissionMap(Map<String, OAuthPermission> map) {
        this.permissionMap = map;
    }

    public void setSupportedScopes(Map<String, String> map) {
        for (Map.Entry<String, String> entry : map.entrySet()) {
            this.permissionMap.put(entry.getKey(), new OAuthPermission(entry.getKey(), entry.getValue()));
        }
    }

    public MessageContext getMessageContext() {
        return this.messageContext;
    }

    public void setMessageContext(MessageContext messageContext) {
        this.messageContext = messageContext;
        if (this.authenticationStrategy != null) {
            OAuthUtils.injectContextIntoOAuthProvider(messageContext, this.authenticationStrategy);
        }
    }

    protected void removeClientTokens(Client client) {
        List<RefreshToken> refreshTokens = getRefreshTokens(client, null);
        if (refreshTokens != null) {
            Iterator<RefreshToken> it = refreshTokens.iterator();
            while (it.hasNext()) {
                revokeRefreshToken(client, it.next().getTokenKey());
            }
        }
        List<ServerAccessToken> accessTokens = getAccessTokens(client, null);
        if (accessTokens != null) {
            Iterator<ServerAccessToken> it2 = accessTokens.iterator();
            while (it2.hasNext()) {
                revokeAccessToken(client, it2.next().getTokenKey());
            }
        }
    }

    public Client removeClient(String str) {
        Client doGetClient = doGetClient(str);
        removeClientTokens(doGetClient);
        doRemoveClient(doGetClient);
        return doGetClient;
    }

    @Override // org.apache.cxf.rs.security.oauth2.provider.OAuthDataProvider, org.apache.cxf.rs.security.oauth2.provider.ClientRegistrationProvider
    public Client getClient(String str) {
        String currentClientSecret;
        Client doGetClient = doGetClient(str);
        if (doGetClient != null) {
            return doGetClient;
        }
        if (!OAuthConstants.CLIENT_CREDENTIALS_GRANT.equals(getCurrentRequestedGrantType()) || (currentClientSecret = getCurrentClientSecret()) == null) {
            return null;
        }
        return createClientCredentialsClient(str, currentClientSecret);
    }

    public void setAuthenticationStrategy(ProviderAuthenticationStrategy providerAuthenticationStrategy) {
        this.authenticationStrategy = providerAuthenticationStrategy;
    }

    protected boolean authenticateUnregisteredClient(String str, String str2) {
        return this.authenticationStrategy != null && this.authenticationStrategy.authenticate(str, str2);
    }

    protected Client createClientCredentialsClient(String str, String str2) {
        if (!authenticateUnregisteredClient(str, str2)) {
            return null;
        }
        Client client = new Client(str, str2, true);
        client.setAllowedGrantTypes(Collections.singletonList(OAuthConstants.CLIENT_CREDENTIALS_GRANT));
        return client;
    }

    protected ServerAccessToken revokeAccessToken(Client client, String str) {
        ServerAccessToken accessToken = getAccessToken(str);
        if (accessToken != null) {
            if (!accessToken.getClient().getClientId().equals(client.getClientId())) {
                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
            }
            doRevokeAccessToken(accessToken);
        }
        return accessToken;
    }

    protected RefreshToken revokeRefreshToken(Client client, String str) {
        RefreshToken refreshToken = getRefreshToken(str);
        if (refreshToken != null) {
            if (!refreshToken.getClient().getClientId().equals(client.getClientId())) {
                throw new OAuthServiceException(OAuthConstants.INVALID_GRANT);
            }
            doRevokeRefreshToken(refreshToken);
        }
        return refreshToken;
    }

    protected abstract void saveAccessToken(ServerAccessToken serverAccessToken);

    protected abstract void saveRefreshToken(RefreshToken refreshToken);

    protected abstract void doRevokeAccessToken(ServerAccessToken serverAccessToken);

    protected abstract void doRevokeRefreshToken(RefreshToken refreshToken);

    protected abstract RefreshToken getRefreshToken(String str);

    protected abstract Client doGetClient(String str);

    protected abstract void doRemoveClient(Client client);

    public List<String> getDefaultScopes() {
        return this.defaultScopes;
    }

    public void setDefaultScopes(List<String> list) {
        this.defaultScopes = list;
    }

    public List<String> getRequiredScopes() {
        return this.requiredScopes;
    }

    public void setRequiredScopes(List<String> list) {
        this.requiredScopes = list;
    }

    public List<String> getInvisibleToClientScopes() {
        return this.invisibleToClientScopes;
    }

    public void setInvisibleToClientScopes(List<String> list) {
        this.invisibleToClientScopes = list;
    }

    public boolean isSupportPreauthorizedTokens() {
        return this.supportPreauthorizedTokens;
    }

    public void setSupportPreauthorizedTokens(boolean z) {
        this.supportPreauthorizedTokens = z;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isClientMatched(Client client, UserSubject userSubject) {
        return userSubject == null || (client.getResourceOwnerSubject() != null && client.getResourceOwnerSubject().getLogin().equals(userSubject.getLogin()));
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean isTokenMatched(ServerAccessToken serverAccessToken, Client client, UserSubject userSubject) {
        if (serverAccessToken == null) {
            return false;
        }
        if (client != null && !serverAccessToken.getClient().getClientId().equals(client.getClientId())) {
            return false;
        }
        UserSubject subject = serverAccessToken.getSubject();
        if (userSubject != null) {
            return subject != null && subject.getLogin().equals(userSubject.getLogin());
        }
        return true;
    }

    public void setClients(List<Client> list) {
        Iterator<Client> it = list.iterator();
        while (it.hasNext()) {
            setClient(it.next());
        }
    }

    public boolean isUseJwtFormatForAccessTokens() {
        return this.useJwtFormatForAccessTokens;
    }

    public void setUseJwtFormatForAccessTokens(boolean z) {
        this.useJwtFormatForAccessTokens = z;
    }

    public OAuthJoseJwtProducer getJwtAccessTokenProducer() {
        return this.jwtAccessTokenProducer;
    }

    public void setJwtAccessTokenProducer(OAuthJoseJwtProducer oAuthJoseJwtProducer) {
        this.jwtAccessTokenProducer = oAuthJoseJwtProducer;
    }

    protected String processJwtAccessToken(JwtClaims jwtClaims) {
        return (getJwtAccessTokenProducer() == null ? new OAuthJoseJwtProducer() : getJwtAccessTokenProducer()).processJwt(new JwtToken(jwtClaims));
    }

    public Map<String, String> getJwtAccessTokenClaimMap() {
        return this.jwtAccessTokenClaimMap;
    }

    public void setJwtAccessTokenClaimMap(Map<String, String> map) {
        this.jwtAccessTokenClaimMap = map;
    }

    public boolean isPersistJwtEncoding() {
        return this.persistJwtEncoding;
    }

    public void setPersistJwtEncoding(boolean z) {
        this.persistJwtEncoding = z;
    }

    public String getIssuer() {
        return this.issuer;
    }

    public void setIssuer(String str) {
        this.issuer = str;
    }
}
