package com.supwisdom.institute.poa.oascomplcheck.validator.securityscheme;

import com.supwisdom.institute.oasv.common.OasObjectPropertyLocation;
import com.supwisdom.institute.oasv.common.OasObjectType;
import com.supwisdom.institute.oasv.validation.api.OasValidationContext;
import com.supwisdom.institute.oasv.validation.api.OasViolation;
import com.supwisdom.institute.oasv.validation.api.SecuritySchemeValidator;
import com.supwisdom.institute.oasv.validation.api.ViolationMessages;
import com.supwisdom.institute.poa.oascomplcheck.AttrConstants;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.Paths;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.OAuthFlows;
import io.swagger.v3.oas.models.security.Scopes;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.collections4.MapUtils;
import org.apache.commons.lang3.StringUtils;

/* loaded from: input_file:BOOT-INF/lib/platform-openapi-oas-compliance-check-0.1.0.jar:com/supwisdom/institute/poa/oascomplcheck/validator/securityscheme/SecuritySchemeOauth2Validator.class */
public class SecuritySchemeOauth2Validator implements SecuritySchemeValidator {
    @Override // com.supwisdom.institute.oasv.validation.api.OasObjectValidator
    public List<OasViolation> validate(OasValidationContext oasValidationContext, OasObjectPropertyLocation oasObjectPropertyLocation, SecurityScheme securityScheme) {
        if (StringUtils.isNotBlank(securityScheme.get$ref())) {
            return Collections.emptyList();
        }
        if (!SecurityScheme.Type.OAUTH2.equals(securityScheme.getType())) {
            return Collections.singletonList(new OasViolation(oasObjectPropertyLocation.property("type"), "必须为oauth2"));
        }
        OAuthFlows flows = securityScheme.getFlows();
        OasObjectPropertyLocation property = oasObjectPropertyLocation.property("flows", OasObjectType.OAUTH_FLOWS).property("clientCredentials", OasObjectType.OAUTH_FLOW);
        OAuthFlow clientCredentials = flows.getClientCredentials();
        if (clientCredentials == null) {
            return Collections.singletonList(new OasViolation(property, ViolationMessages.REQUIRED));
        }
        ArrayList arrayList = new ArrayList();
        String correctTokenUrl = getCorrectTokenUrl(oasValidationContext);
        if (!correctTokenUrl.equals(clientCredentials.getTokenUrl())) {
            arrayList.add(new OasViolation(property.property("tokenUrl"), "必须为" + correctTokenUrl));
        }
        Scopes scopes = clientCredentials.getScopes();
        if (MapUtils.isEmpty(scopes)) {
            return arrayList;
        }
        Set<String> keySet = scopes.keySet();
        String str = oasValidationContext.getAttribute(AttrConstants.SERVICE_ID) + ":" + oasValidationContext.getAttribute(AttrConstants.API_VERSION) + ":";
        arrayList.addAll((Collection) keySet.stream().filter(str2 -> {
            return !str2.startsWith(str);
        }).map(str3 -> {
            return new OasViolation(property.property("scopes.'" + str3 + "'"), "没有以" + str + "作为前缀");
        }).collect(Collectors.toList()));
        Set<String> allOperationsScopes = getAllOperationsScopes(oasValidationContext);
        arrayList.addAll((Collection) keySet.stream().filter(str4 -> {
            return !allOperationsScopes.contains(str4);
        }).map(str5 -> {
            return new OasViolation(property.property("scopes.'" + str5 + "'"), "有被使用过");
        }).collect(Collectors.toList()));
        return arrayList;
    }

    private String getCorrectTokenUrl(OasValidationContext oasValidationContext) {
        return ((String) oasValidationContext.getAttribute(AttrConstants.BASE_URL)) + "/oauth2/token";
    }

    private Set<String> getAllOperationsScopes(OasValidationContext oasValidationContext) {
        List<String> list;
        HashSet hashSet = new HashSet();
        Paths paths = oasValidationContext.getOpenAPI().getPaths();
        if (MapUtils.isEmpty(paths)) {
            return Collections.emptySet();
        }
        Collection<PathItem> values = paths.values();
        if (CollectionUtils.isEmpty(values)) {
            return Collections.emptySet();
        }
        Iterator<PathItem> it = values.iterator();
        while (it.hasNext()) {
            List<Operation> readOperations = it.next().readOperations();
            if (!CollectionUtils.isEmpty(readOperations)) {
                Iterator<Operation> it2 = readOperations.iterator();
                while (it2.hasNext()) {
                    List<SecurityRequirement> security = it2.next().getSecurity();
                    if (!CollectionUtils.isEmpty(security)) {
                        for (SecurityRequirement securityRequirement : security) {
                            if (!MapUtils.isEmpty(securityRequirement) && (list = securityRequirement.get("oauth2")) != null) {
                                hashSet.addAll(list);
                            }
                        }
                    }
                }
            }
        }
        return hashSet;
    }
}
