package ma.co.omnidata.framework.oauth2.aspect;

import java.util.StringTokenizer;
import ma.co.omnidata.framework.oauth2.annotation.HasScope;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import org.keycloak.KeycloakPrincipal;
import org.keycloak.representations.AccessToken;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Aspect
@Component
/* loaded from: input_file:ma/co/omnidata/framework/oauth2/aspect/HasScopeAspect.class */
public class HasScopeAspect {
    private Logger logger = LoggerFactory.getLogger(getClass());

    @Pointcut("@annotation(hasScope)")
    public void hasScopeAnnotation(HasScope hasScope) {
    }

    @Pointcut("execution(* *(..)) && hasScopeAnnotation(hasScope)")
    public void hasScopeMethod(HasScope hasScope) {
    }

    @Before("hasScopeMethod(hasScope)")
    public void beforeMethodExecution(JoinPoint joinPoint, HasScope hasScope) {
        this.logger.debug("checking scope authorities");
        if (SecurityContextHolder.getContext().getAuthentication() == null || !SecurityContextHolder.getContext().getAuthentication().isAuthenticated()) {
            this.logger.debug("Security context is null or user not connected");
            throw new AccessDeniedException("No authentication context found!");
        }
        AccessToken token = ((KeycloakPrincipal) SecurityContextHolder.getContext().getAuthentication().getPrincipal()).getKeycloakSecurityContext().getToken();
        if (hasScope.value().isEmpty() || clientHasScope(token, hasScope.value())) {
            return;
        }
        AccessDeniedException accessDeniedException = new AccessDeniedException("Insufficient scope for this resource");
        throw new AccessDeniedException(accessDeniedException.getMessage(), accessDeniedException);
    }

    private boolean clientHasScope(AccessToken accessToken, String str) {
        StringTokenizer stringTokenizer = new StringTokenizer(accessToken.getScope(), " ");
        if (stringTokenizer.countTokens() <= 0) {
            return false;
        }
        while (stringTokenizer.hasMoreTokens()) {
            if (stringTokenizer.nextToken().equalsIgnoreCase(str)) {
                return true;
            }
        }
        return false;
    }
}
