package com.atlassian.oai.validator.interaction.request;

import com.atlassian.oai.validator.model.ApiOperation;
import com.atlassian.oai.validator.model.Headers;
import com.atlassian.oai.validator.model.Request;
import com.atlassian.oai.validator.report.MessageResolver;
import com.atlassian.oai.validator.report.ValidationReport;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import javax.annotation.Nonnull;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/atlassian/oai/validator/interaction/request/SecurityValidator.class */
class SecurityValidator {
    private static final Logger log = LoggerFactory.getLogger(SecurityValidator.class);
    private static final String MISSING_SECURITY_PARAMETER_KEY = "validation.request.security.missing";
    private static final String INVALID_SECURITY_PARAMETER_KEY = "validation.request.security.invalid";
    private final MessageResolver messages;
    private final OpenAPI api;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: com.atlassian.oai.validator.interaction.request.SecurityValidator$1, reason: invalid class name */
    /* loaded from: input_file:com/atlassian/oai/validator/interaction/request/SecurityValidator$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In;
        static final /* synthetic */ int[] $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$Type = new int[SecurityScheme.Type.values().length];

        static {
            try {
                $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$Type[SecurityScheme.Type.APIKEY.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$Type[SecurityScheme.Type.HTTP.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
            $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In = new int[SecurityScheme.In.values().length];
            try {
                $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In[SecurityScheme.In.HEADER.ordinal()] = 1;
            } catch (NoSuchFieldError e3) {
            }
            try {
                $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In[SecurityScheme.In.QUERY.ordinal()] = 2;
            } catch (NoSuchFieldError e4) {
            }
            try {
                $SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In[SecurityScheme.In.COOKIE.ordinal()] = 3;
            } catch (NoSuchFieldError e5) {
            }
        }
    }

    /* JADX INFO: Access modifiers changed from: package-private */
    public SecurityValidator(MessageResolver messageResolver, OpenAPI openAPI) {
        this.messages = messageResolver;
        this.api = openAPI;
    }

    @Nonnull
    public ValidationReport validateSecurity(Request request, ApiOperation apiOperation) {
        List security = apiOperation.getOperation().getSecurity();
        if (security == null || security.isEmpty()) {
            return ValidationReport.empty();
        }
        if (this.api.getComponents() == null || this.api.getComponents().getSecuritySchemes() == null) {
            log.warn("Operation '{} {}' defines a 'security' block but no 'securitySchemes' are defined", apiOperation.getMethod().name(), apiOperation.getApiPath().normalised());
            return ValidationReport.empty();
        }
        List<ValidationReport> list = (List) security.stream().map(securityRequirement -> {
            return validateSecurityRequirement(request, securityRequirement);
        }).collect(Collectors.toList());
        return atLeastOneRequirementFulfilled(list) ? ValidationReport.empty() : allSecurityRequirementsMissing(list) ? missingSecurityParameter(request) : findMostFulfilledRequirement(list).orElse(combineAllReports(list));
    }

    @Nonnull
    private ValidationReport validateSecurityRequirement(Request request, SecurityRequirement securityRequirement) {
        return (ValidationReport) securityRequirement.keySet().stream().map(str -> {
            SecurityScheme securityScheme = (SecurityScheme) this.api.getComponents().getSecuritySchemes().get(str);
            if (securityScheme == null) {
                log.warn("Security scheme definition not found for {}", str);
            }
            return securityScheme;
        }).filter((v0) -> {
            return Objects.nonNull(v0);
        }).map(securityScheme -> {
            return validateSecurityScheme(request, securityScheme);
        }).reduce(ValidationReport.empty(), (v0, v1) -> {
            return v0.merge(v1);
        });
    }

    @Nonnull
    private ValidationReport validateSecurityScheme(Request request, SecurityScheme securityScheme) {
        switch (AnonymousClass1.$SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$Type[securityScheme.getType().ordinal()]) {
            case 1:
                switch (AnonymousClass1.$SwitchMap$io$swagger$v3$oas$models$security$SecurityScheme$In[securityScheme.getIn().ordinal()]) {
                    case 1:
                        return validateApiKeyAuthByHeader(request, securityScheme);
                    case 2:
                        return validateApiKeyAuthByQueryParameter(request, securityScheme);
                    case 3:
                        return validateApiKeyAuthByCookie(request, securityScheme);
                    default:
                        return ValidationReport.empty();
                }
            case 2:
                return validateHttpAuthorization(request, securityScheme);
            default:
                log.info("Security scheme '{}' not currently supported", securityScheme.getType());
                return ValidationReport.empty();
        }
    }

    @Nonnull
    private ValidationReport validateHttpAuthorization(Request request, SecurityScheme securityScheme) {
        return "BASIC".equalsIgnoreCase(securityScheme.getScheme()) ? validateBasicAuthHeader(request) : "BEARER".equalsIgnoreCase(securityScheme.getScheme()) ? validateBearerAuthHeader(request) : ValidationReport.empty();
    }

    private ValidationReport validateBasicAuthHeader(Request request) {
        return (ValidationReport) request.getHeaderValue(Headers.AUTHORIZATION).map(str -> {
            return str.startsWith("Basic ") ? ValidationReport.empty() : invalidSecurityParameter(request);
        }).orElse(missingSecurityParameter(request));
    }

    private ValidationReport validateBearerAuthHeader(Request request) {
        return (ValidationReport) request.getHeaderValue(Headers.AUTHORIZATION).map(str -> {
            return str.startsWith("Bearer ") ? ValidationReport.empty() : invalidSecurityParameter(request);
        }).orElse(missingSecurityParameter(request));
    }

    @Nonnull
    private ValidationReport validateApiKeyAuthByQueryParameter(Request request, SecurityScheme securityScheme) {
        return !request.getQueryParameterValues(securityScheme.getName()).stream().findFirst().isPresent() ? missingSecurityParameter(request) : ValidationReport.empty();
    }

    @Nonnull
    private ValidationReport validateApiKeyAuthByHeader(Request request, SecurityScheme securityScheme) {
        Optional<String> headerValue = request.getHeaderValue(securityScheme.getName());
        return (!headerValue.isPresent() || headerValue.get().isEmpty()) ? missingSecurityParameter(request) : ValidationReport.empty();
    }

    @Nonnull
    private ValidationReport validateApiKeyAuthByCookie(Request request, SecurityScheme securityScheme) {
        return !((Boolean) request.getHeaderValue("Cookie").map(str -> {
            return str.split("; ");
        }).map(strArr -> {
            return Boolean.valueOf(Arrays.stream(strArr).filter(str2 -> {
                return str2.toLowerCase().startsWith(securityScheme.getName().toLowerCase());
            }).anyMatch(str3 -> {
                return !StringUtils.isBlank(StringUtils.substringAfter(str3, "="));
            }));
        }).orElse(false)).booleanValue() ? missingSecurityParameter(request) : ValidationReport.empty();
    }

    @Nonnull
    private ValidationReport missingSecurityParameter(Request request) {
        return ValidationReport.singleton(this.messages.get(MISSING_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath()));
    }

    @Nonnull
    private ValidationReport invalidSecurityParameter(Request request) {
        return ValidationReport.singleton(this.messages.get(INVALID_SECURITY_PARAMETER_KEY, request.getMethod(), request.getPath()));
    }

    @Nonnull
    private Optional<ValidationReport> findMostFulfilledRequirement(List<ValidationReport> list) {
        return list.stream().filter(validationReport -> {
            return validationReport.getMessages().stream().noneMatch(message -> {
                return MISSING_SECURITY_PARAMETER_KEY.equals(message.getKey());
            });
        }).findFirst();
    }

    private boolean atLeastOneRequirementFulfilled(List<ValidationReport> list) {
        return list.stream().anyMatch(validationReport -> {
            return !validationReport.hasErrors();
        });
    }

    private boolean allSecurityRequirementsMissing(List<ValidationReport> list) {
        return list.stream().allMatch(validationReport -> {
            return validationReport.getMessages().stream().anyMatch(message -> {
                return MISSING_SECURITY_PARAMETER_KEY.equals(message.getKey());
            });
        });
    }

    @Nonnull
    private ValidationReport combineAllReports(List<ValidationReport> list) {
        return list.stream().reduce(ValidationReport.empty(), (v0, v1) -> {
            return v0.merge(v1);
        });
    }
}
