package org.mitre.oauth2.web;

import com.google.common.collect.ImmutableSet;
import java.util.Iterator;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException;
import org.springframework.security.oauth2.provider.OAuth2Authentication;

/* loaded from: input_file:WEB-INF/lib/openid-connect-server-1.3.4.jar:org/mitre/oauth2/web/AuthenticationUtilities.class */
public abstract class AuthenticationUtilities {
    public static void ensureOAuthScope(Authentication authentication, String str) {
        if (authentication instanceof OAuth2Authentication) {
            OAuth2Authentication oAuth2Authentication = (OAuth2Authentication) authentication;
            if (oAuth2Authentication.getOAuth2Request().getScope() == null || !oAuth2Authentication.getOAuth2Request().getScope().contains(str)) {
                throw new InsufficientScopeException("Insufficient scope", ImmutableSet.of(str));
            }
        }
    }

    public static boolean isAdmin(Authentication authentication) {
        Iterator<? extends GrantedAuthority> it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (it.next().getAuthority().equals("ROLE_ADMIN")) {
                return true;
            }
        }
        return false;
    }

    public static boolean hasRole(Authentication authentication, String str) {
        Iterator<? extends GrantedAuthority> it = authentication.getAuthorities().iterator();
        while (it.hasNext()) {
            if (it.next().getAuthority().equals(str)) {
                return true;
            }
        }
        return false;
    }
}
