package com.linecorp.armeria.server.auth.oauth2;

import com.linecorp.armeria.common.HttpResponse;
import com.linecorp.armeria.common.annotation.Nullable;
import com.linecorp.armeria.common.auth.oauth2.OAuth2TokenDescriptor;
import com.linecorp.armeria.server.ServiceRequestContext;
import io.netty.util.AttributeKey;
import java.util.Objects;
import java.util.Set;

/* loaded from: input_file:com/linecorp/armeria/server/auth/oauth2/OAuth2TokenScopeValidator.class */
public final class OAuth2TokenScopeValidator {
    static final AttributeKey<OAuth2TokenDescriptor> OAUTH2_TOKEN = AttributeKey.valueOf("x-oauth2-token");
    static final AttributeKey<String> OAUTH2_REALM = AttributeKey.valueOf("x-oauth2-realm");
    static final String INSUFFICIENT_SCOPE = "insufficient_scope";

    public static boolean validateScope(ServiceRequestContext serviceRequestContext, Set<String> set) {
        OAuth2TokenDescriptor oAuth2TokenDescriptor = (OAuth2TokenDescriptor) serviceRequestContext.attr(OAUTH2_TOKEN);
        if (oAuth2TokenDescriptor == null) {
            return false;
        }
        return validateScope(oAuth2TokenDescriptor, set);
    }

    public static boolean validateScope(OAuth2TokenDescriptor oAuth2TokenDescriptor, Set<String> set) {
        Objects.requireNonNull(set, "permittedScope");
        return set.isEmpty() || oAuth2TokenDescriptor.scopeSet().containsAll(set);
    }

    public static HttpResponse insufficientScopeErrorResponse() {
        return OAuth2AuthorizationErrorReporter.forbidden(INSUFFICIENT_SCOPE);
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public static void setOauth2Context(ServiceRequestContext serviceRequestContext, OAuth2TokenDescriptor oAuth2TokenDescriptor, @Nullable String str) {
        serviceRequestContext.setAttr(OAUTH2_TOKEN, oAuth2TokenDescriptor);
        if (str != null) {
            serviceRequestContext.setAttr(OAUTH2_REALM, str);
        }
    }

    private OAuth2TokenScopeValidator() {
    }
}
