package io.gardenerframework.camellia.authentication.server.main.event.listener;

import io.gardenerframework.camellia.authentication.common.client.schema.OAuth2RequestingClient;
import io.gardenerframework.camellia.authentication.server.common.annotation.AuthenticationServerEngineComponent;
import io.gardenerframework.camellia.authentication.server.main.event.schema.ClientAuthenticatedEvent;
import io.gardenerframework.camellia.authentication.server.main.exception.client.ClientNotFoundException;
import io.gardenerframework.camellia.authentication.server.main.exception.client.UnauthorizedGrantTypeException;
import io.gardenerframework.camellia.authentication.server.main.exception.client.UnauthorizedScopeException;
import java.util.Objects;
import org.springframework.context.event.EventListener;
import org.springframework.core.annotation.Order;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.server.authorization.client.RegisteredClient;
import org.springframework.util.CollectionUtils;

@AuthenticationServerEngineComponent
/* loaded from: input_file:io/gardenerframework/camellia/authentication/server/main/event/listener/OAuth2ClientValidationListener.class */
public class OAuth2ClientValidationListener implements AuthenticationEventListenerSkeleton {
    @EventListener
    @Order(Integer.MIN_VALUE)
    public void onClientAuthenticated(ClientAuthenticatedEvent clientAuthenticatedEvent) throws AuthenticationException {
        OAuth2RequestingClient oAuth2RequestingClient = (OAuth2RequestingClient) Objects.requireNonNull(clientAuthenticatedEvent.getClient());
        RegisteredClient registeredClient = (RegisteredClient) clientAuthenticatedEvent.getContext().get(RegisteredClient.class.getCanonicalName());
        if (registeredClient == null) {
            throw new ClientNotFoundException(oAuth2RequestingClient.getClientId());
        }
        if (!registeredClient.getAuthorizationGrantTypes().contains(new AuthorizationGrantType(((OAuth2RequestingClient) Objects.requireNonNull(oAuth2RequestingClient)).getGrantType()))) {
            throw new UnauthorizedGrantTypeException(oAuth2RequestingClient.getGrantType());
        }
        if (CollectionUtils.isEmpty(oAuth2RequestingClient.getScopes())) {
            return;
        }
        for (String str : oAuth2RequestingClient.getScopes()) {
            if (!registeredClient.getScopes().contains(str)) {
                throw new UnauthorizedScopeException(str);
            }
        }
    }
}
