package uk.co.epsilontechnologies.hmrc4j.core.oauth20.aop;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.aspectj.lang.JoinPoint;
import org.aspectj.lang.NoAspectBoundException;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.annotation.Before;
import org.aspectj.lang.annotation.Pointcut;
import uk.co.epsilontechnologies.hmrc4j.core.API;
import uk.co.epsilontechnologies.hmrc4j.core.model.error.TokenInvalidForScopeException;
import uk.co.epsilontechnologies.hmrc4j.core.model.error.TokenNotFoundException;
import uk.co.epsilontechnologies.hmrc4j.core.oauth20.Scope;
import uk.co.epsilontechnologies.hmrc4j.core.oauth20.Token;
import uk.co.epsilontechnologies.hmrc4j.core.oauth20.TokenManager;

@Aspect
/* loaded from: input_file:uk/co/epsilontechnologies/hmrc4j/core/oauth20/aop/OAuth20TokenAspect.class */
public class OAuth20TokenAspect {
    private static final Log LOG = LogFactory.getLog(OAuth20TokenAspect.class);
    private static Throwable ajc$initFailureCause;
    public static final OAuth20TokenAspect ajc$perSingletonInstance = null;

    static {
        try {
            ajc$postClinit();
        } catch (Throwable th) {
            ajc$initFailureCause = th;
        }
    }

    @Pointcut("execution(public !static * uk.co.epsilontechnologies.hmrc4j.core.API+.*(..))")
    public /* synthetic */ void publicApiMethodInvocation() {
    }

    @Before("publicApiMethodInvocation() && @annotation(userRestricted)")
    public void checkOAuthToken(JoinPoint joinPoint, UserRestricted userRestricted) throws Throwable {
        LOG.debug("checking OAuth 2.0 Token");
        TokenManager tokenManager = getTokenManager((API) joinPoint.getThis());
        Token token = getToken(tokenManager);
        if (!hasRequiredScope(token, userRestricted.scope())) {
            throw new TokenInvalidForScopeException(token, userRestricted.scope());
        }
        if (token.isExpired()) {
            LOG.debug("refreshing OAuth 2.0 Token");
            tokenManager.refreshToken();
        }
    }

    private TokenManager getTokenManager(API api) {
        return api.getContext().getTokenManager().orElseThrow(() -> {
            return new IllegalStateException("no token manager was configured");
        });
    }

    private Token getToken(TokenManager tokenManager) {
        return tokenManager.getToken().orElseThrow(TokenNotFoundException::new);
    }

    private boolean hasRequiredScope(Token token, Scope scope) {
        return token.getScope().contains(scope);
    }

    public static OAuth20TokenAspect aspectOf() {
        if (ajc$perSingletonInstance == null) {
            throw new NoAspectBoundException("uk.co.epsilontechnologies.hmrc4j.core.oauth20.aop.OAuth20TokenAspect", ajc$initFailureCause);
        }
        return ajc$perSingletonInstance;
    }

    public static boolean hasAspect() {
        return ajc$perSingletonInstance != null;
    }

    private static void ajc$postClinit() {
        ajc$perSingletonInstance = new OAuth20TokenAspect();
    }
}
