package com.supwisdom.institute.poa.oascomplcheck.validator.operation;

import com.supwisdom.institute.oasv.common.OasObjectPropertyLocation;
import com.supwisdom.institute.oasv.common.OasObjectType;
import com.supwisdom.institute.oasv.util.StringCaseUtils;
import com.supwisdom.institute.oasv.validation.api.OasValidationContext;
import com.supwisdom.institute.oasv.validation.api.OasViolation;
import com.supwisdom.institute.oasv.validation.api.OperationValidator;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Set;
import org.apache.commons.collections4.CollectionUtils;

/* loaded from: input_file:com/supwisdom/institute/poa/oascomplcheck/validator/operation/OperationSecurityOauth2Validator.class */
public class OperationSecurityOauth2Validator implements OperationValidator {
    public List<OasViolation> validate(OasValidationContext oasValidationContext, OasObjectPropertyLocation oasObjectPropertyLocation, Operation operation) {
        ArrayList arrayList = new ArrayList();
        List security = operation.getSecurity();
        if (security == null) {
            return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security", OasObjectType.SECURITY_REQUIREMENT), "必须提供"));
        }
        if (CollectionUtils.size(security) != 1) {
            return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security", OasObjectType.SECURITY_REQUIREMENT), "必须提供且仅提供一个名称为oauth2的Security Requirement Object"));
        }
        List list = (List) ((SecurityRequirement) security.get(0)).get("oauth2");
        if (list == null) {
            return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security[0]", OasObjectType.SECURITY_REQUIREMENT), "必须提供且仅提供一个名称为oauth2的Security Requirement Object"));
        }
        if (CollectionUtils.size(list) != 1) {
            return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security[0]", OasObjectType.SECURITY_REQUIREMENT).property("oauth2"), "必须提供且仅提供一个oauth2 scope"));
        }
        String str = (String) list.get(0);
        for (String str2 : str.split(":")) {
            if (oasValidationContext.getAttribute("_SKIP_CASE_CHECK_") == null && !StringCaseUtils.isLowerCamelCase(str2)) {
                return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security[0]", OasObjectType.SECURITY_REQUIREMENT).property("oauth2"), "scope必须为用:分割的lower camel case"));
            }
        }
        return !CollectionUtils.containsAny(getSecuritySchemeDefinedScopes(oasValidationContext.getOpenAPI()), new String[]{str}) ? Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("security[0]", OasObjectType.SECURITY_REQUIREMENT).property("oauth2"), "scope不存在于$.components.securitySchemes.oauth2.flows.clientCredentials.scopes中")) : arrayList;
    }

    private Set<String> getSecuritySchemeDefinedScopes(OpenAPI openAPI) {
        try {
            return ((SecurityScheme) openAPI.getComponents().getSecuritySchemes().get("oauth2")).getFlows().getClientCredentials().getScopes().keySet();
        } catch (NullPointerException e) {
            return Collections.emptySet();
        }
    }
}
