package com.google.api.tools.framework.importers.swagger.aspects.auth;

import com.google.api.AuthProvider;
import com.google.api.AuthenticationRule;
import com.google.api.Service;
import com.google.api.UsageRule;
import com.google.api.tools.framework.importers.swagger.OpenApiLocations;
import com.google.api.tools.framework.importers.swagger.aspects.AspectBuilder;
import com.google.api.tools.framework.importers.swagger.aspects.auth.model.SecurityRequirementModel;
import com.google.api.tools.framework.importers.swagger.aspects.utils.ExtensionNames;
import com.google.api.tools.framework.importers.swagger.aspects.utils.NameConverter;
import com.google.api.tools.framework.importers.swagger.aspects.utils.OpenApiUtils;
import com.google.api.tools.framework.importers.swagger.aspects.utils.VendorExtensionUtils;
import com.google.api.tools.framework.model.Diag;
import com.google.api.tools.framework.model.DiagCollector;
import com.google.api.tools.framework.model.SimpleLocation;
import com.google.common.base.Function;
import com.google.common.base.Strings;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
import io.swagger.models.Operation;
import io.swagger.models.SecurityRequirement;
import io.swagger.models.Swagger;
import io.swagger.models.auth.ApiKeyAuthDefinition;
import io.swagger.models.auth.In;
import io.swagger.models.auth.OAuth2Definition;
import io.swagger.models.auth.SecuritySchemeDefinition;
import java.util.Iterator;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Map;
import java.util.Set;

/* loaded from: input_file:com/google/api/tools/framework/importers/swagger/aspects/auth/AuthBuilder.class */
public final class AuthBuilder implements AspectBuilder {
    private final DiagCollector diagCollector;
    private final Set<String> apiKeyDefinitions = new LinkedHashSet();
    private boolean requiresApiKeyAtTopLevel = false;
    private final AuthRuleGenerator authRuleGenerator;
    private final String namespacePrefix;

    /* JADX INFO: Access modifiers changed from: private */
    /* loaded from: input_file:com/google/api/tools/framework/importers/swagger/aspects/auth/AuthBuilder$SecurityRequirementsExtractor.class */
    public enum SecurityRequirementsExtractor implements Function<SecurityRequirement, Map<String, List<String>>> {
        INSTANCE;

        public Map<String, List<String>> apply(SecurityRequirement securityRequirement) {
            return securityRequirement.getRequirements();
        }
    }

    public AuthBuilder(String str, DiagCollector diagCollector, AuthRuleGenerator authRuleGenerator) {
        this.namespacePrefix = (str.isEmpty() || str.endsWith(".")) ? str : str + ".";
        this.diagCollector = diagCollector;
        this.authRuleGenerator = authRuleGenerator;
    }

    @Override // com.google.api.tools.framework.importers.swagger.aspects.AspectBuilder
    public void addFromSwagger(Service.Builder builder, Swagger swagger) {
        if (swagger.getSecurityDefinitions() == null) {
            return;
        }
        Iterator it = Sets.newTreeSet(swagger.getSecurityDefinitions().keySet()).iterator();
        while (it.hasNext()) {
            String str = (String) it.next();
            addAuthProvider(builder, str, (SecuritySchemeDefinition) swagger.getSecurityDefinitions().get(str));
        }
        addSecurityRequirementForEntireService(builder, swagger.getSecurity());
        addSecurityRequirementExtensionForEntireService(builder, swagger);
    }

    private void addAuthProvider(Service.Builder builder, String str, SecuritySchemeDefinition securitySchemeDefinition) {
        String str2;
        String str3;
        String str4;
        if (securitySchemeDefinition == null) {
            return;
        }
        if (!securitySchemeDefinition.getType().equalsIgnoreCase("oauth2")) {
            if (!securitySchemeDefinition.getType().equalsIgnoreCase("apiKey")) {
                this.diagCollector.addDiag(Diag.warning(SimpleLocation.UNKNOWN, "Security Schema '%s' is not supported. Only support schema are OAuth2", str));
                return;
            } else {
                if (isValidApiKeyDefinition((ApiKeyAuthDefinition) securitySchemeDefinition)) {
                    this.apiKeyDefinitions.add(str);
                    return;
                }
                return;
            }
        }
        OAuth2Definition oAuth2Definition = (OAuth2Definition) securitySchemeDefinition;
        AuthProvider.Builder newBuilder = AuthProvider.newBuilder();
        newBuilder.setId(str);
        String usedExtension = VendorExtensionUtils.usedExtension(this.diagCollector, securitySchemeDefinition.getVendorExtensions(), ExtensionNames.OAUTH_ISSUER_SWAGGER_EXTENSION, ExtensionNames.OAUTH_ISSUER_SWAGGER_EXTENSION_LEGACY);
        if (!Strings.isNullOrEmpty(usedExtension) && (str4 = (String) VendorExtensionUtils.getExtensionValue(securitySchemeDefinition.getVendorExtensions(), String.class, this.diagCollector, usedExtension)) != null) {
            newBuilder.setIssuer(str4);
        }
        if (oAuth2Definition.getAuthorizationUrl() != null) {
            newBuilder.setAuthorizationUrl(oAuth2Definition.getAuthorizationUrl());
        }
        String usedExtension2 = VendorExtensionUtils.usedExtension(this.diagCollector, securitySchemeDefinition.getVendorExtensions(), ExtensionNames.JWKS_SWAGGER_EXTENSION, ExtensionNames.JWKS_SWAGGER_EXTENSION_LEGACY);
        if (!Strings.isNullOrEmpty(usedExtension2) && (str3 = (String) VendorExtensionUtils.getExtensionValue(securitySchemeDefinition.getVendorExtensions(), String.class, this.diagCollector, usedExtension2)) != null) {
            newBuilder.setJwksUri(str3);
        }
        String usedExtension3 = VendorExtensionUtils.usedExtension(this.diagCollector, securitySchemeDefinition.getVendorExtensions(), ExtensionNames.AUDIENCES_SWAGGER_EXTENSION, new String[0]);
        if (!Strings.isNullOrEmpty(usedExtension3) && (str2 = (String) VendorExtensionUtils.getExtensionValue(securitySchemeDefinition.getVendorExtensions(), String.class, this.diagCollector, usedExtension3)) != null) {
            newBuilder.setAudiences(str2);
        }
        builder.getAuthenticationBuilder().addProviders(newBuilder.build());
        this.authRuleGenerator.registerAuthSchemaName(str);
    }

    public UsageRule createUsageRule(Operation operation, String str, String str2) {
        return createUsageRulePerMethod(operation.getSecurity(), str, str2, this.namespacePrefix + NameConverter.operationIdToMethodName(operation.getOperationId()));
    }

    private UsageRule createUsageRulePerMethod(Iterable<Map<String, List<String>>> iterable, String str, String str2, String str3) {
        boolean isApiKeyRequired = isApiKeyRequired(iterable, this.requiresApiKeyAtTopLevel, this.apiKeyDefinitions);
        if (!isApiKeyRequired && !str2.equals(OpenApiUtils.WILDCARD_URL_PATH)) {
            this.diagCollector.addDiag(Diag.warning(OpenApiLocations.createOperationLocation(str, str2), "Operation does not require an API key; callers may invoke the method without specifying an associated API-consuming project. To enable API key all the SecurityRequirement Objects (https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object) inside security definition must reference at least one SecurityDefinition of type : 'apiKey'.", new Object[0]));
        }
        return UsageRule.newBuilder().setSelector(str3).setAllowUnregisteredCalls(!isApiKeyRequired).build();
    }

    public static boolean isApiKeyRequired(Iterable<Map<String, List<String>>> iterable, boolean z, Set<String> set) {
        if (iterable == null) {
            return z;
        }
        boolean z2 = false;
        for (Map<String, List<String>> map : iterable) {
            if (map == null) {
                return false;
            }
            boolean z3 = false;
            Iterator<String> it = set.iterator();
            while (true) {
                if (!it.hasNext()) {
                    break;
                }
                if (map.containsKey(it.next())) {
                    z3 = true;
                    break;
                }
            }
            if (!z3) {
                return false;
            }
            z2 = true;
        }
        return z2;
    }

    private boolean isValidApiKeyDefinition(ApiKeyAuthDefinition apiKeyAuthDefinition) {
        if (apiKeyAuthDefinition.getName().equalsIgnoreCase("key") || apiKeyAuthDefinition.getIn() == In.QUERY) {
            return true;
        }
        this.diagCollector.addDiag(Diag.warning(SimpleLocation.UNKNOWN, "apiKey '%s' is ignored. Only apiKey with 'name' as 'key' and 'in' as 'query' are supported", apiKeyAuthDefinition.getName()));
        return false;
    }

    public void addSecurityRequirementExtensionForEntireService(Service.Builder builder, Swagger swagger) {
        AuthenticationRule.Builder newBuilder = AuthenticationRule.newBuilder();
        Map<String, SecurityRequirementModel> securityRequirements = this.authRuleGenerator.getSecurityRequirements(swagger.getSecurity() != null ? Iterables.transform(swagger.getSecurity(), SecurityRequirementsExtractor.INSTANCE) : null, swagger.getVendorExtensions(), new SimpleLocation("OpenAPI"));
        if (securityRequirements == null || securityRequirements.isEmpty()) {
            return;
        }
        newBuilder.addAllRequirements(SecurityRequirementModel.createAuthRequirements(securityRequirements));
        newBuilder.setSelector("*");
        builder.getAuthenticationBuilder().addRules(newBuilder.build());
    }

    public void addSecurityRequirementForEntireService(Service.Builder builder, Iterable<SecurityRequirement> iterable) {
        if (iterable == null) {
            this.requiresApiKeyAtTopLevel = false;
        } else {
            this.requiresApiKeyAtTopLevel = isApiKeyRequired(Iterables.transform(iterable, SecurityRequirementsExtractor.INSTANCE), false, this.apiKeyDefinitions);
        }
        builder.getUsageBuilder().addRules(UsageRule.newBuilder().setSelector("*").setAllowUnregisteredCalls(!this.requiresApiKeyAtTopLevel).build());
    }
}
