package io.smallrye.openapi.runtime.scanner.processor;

import io.smallrye.openapi.api.constants.SecurityConstants;
import io.smallrye.openapi.runtime.scanner.spi.AnnotationScannerContext;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.eclipse.microprofile.openapi.OASFactory;
import org.eclipse.microprofile.openapi.models.OpenAPI;
import org.eclipse.microprofile.openapi.models.Operation;
import org.eclipse.microprofile.openapi.models.security.OAuthFlow;
import org.eclipse.microprofile.openapi.models.security.OAuthFlows;
import org.eclipse.microprofile.openapi.models.security.SecurityRequirement;
import org.eclipse.microprofile.openapi.models.security.SecurityScheme;
import org.jboss.jandex.AnnotationTarget;
import org.jboss.jandex.DotName;
import org.jboss.jandex.MethodInfo;

/* loaded from: input_file:io/smallrye/openapi/runtime/scanner/processor/JavaSecurityProcessor.class */
public class JavaSecurityProcessor {
    private final AnnotationScannerContext context;
    private String currentSecurityScheme;
    private List<OAuthFlow> currentFlows;
    private String[] resourceRolesAllowed;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* renamed from: io.smallrye.openapi.runtime.scanner.processor.JavaSecurityProcessor$1, reason: invalid class name */
    /* loaded from: input_file:io/smallrye/openapi/runtime/scanner/processor/JavaSecurityProcessor$1.class */
    public static /* synthetic */ class AnonymousClass1 {
        static final /* synthetic */ int[] $SwitchMap$org$eclipse$microprofile$openapi$models$security$SecurityScheme$Type = new int[SecurityScheme.Type.values().length];

        static {
            try {
                $SwitchMap$org$eclipse$microprofile$openapi$models$security$SecurityScheme$Type[SecurityScheme.Type.OAUTH2.ordinal()] = 1;
            } catch (NoSuchFieldError e) {
            }
            try {
                $SwitchMap$org$eclipse$microprofile$openapi$models$security$SecurityScheme$Type[SecurityScheme.Type.OPENIDCONNECT.ordinal()] = 2;
            } catch (NoSuchFieldError e2) {
            }
        }
    }

    public void addRolesAllowedToScopes(String[] strArr) {
        this.resourceRolesAllowed = strArr;
        addScopes(strArr);
    }

    public void addDeclaredRolesToScopes(String[] strArr) {
        addScopes(strArr);
    }

    public void processSecurityRoles(MethodInfo methodInfo, Operation operation) {
        processSecurityRolesForMethodOperation(methodInfo, operation);
    }

    public JavaSecurityProcessor(AnnotationScannerContext annotationScannerContext) {
        this.context = annotationScannerContext;
    }

    public void initialize(OpenAPI openAPI) {
        this.currentSecurityScheme = null;
        this.currentFlows = null;
        this.resourceRolesAllowed = null;
        checkSecurityScheme(openAPI);
    }

    private void addScopes(String[] strArr) {
        if (strArr == null || this.currentFlows == null) {
            return;
        }
        this.currentFlows.forEach(oAuthFlow -> {
            if (oAuthFlow.getScopes() == null) {
                oAuthFlow.setScopes(new LinkedHashMap());
            }
            Arrays.stream(strArr).forEach(str -> {
                oAuthFlow.addScope(str, str + " role");
            });
        });
    }

    private void processSecurityRolesForMethodOperation(MethodInfo methodInfo, Operation operation) {
        if (this.currentSecurityScheme != null) {
            String[] strArr = (String[]) this.context.annotations().getAnnotationValue((AnnotationTarget) methodInfo, SecurityConstants.ROLES_ALLOWED);
            if (strArr != null) {
                addScopes(strArr);
                addRolesAllowed(operation, strArr);
            } else if (this.resourceRolesAllowed != null) {
                boolean z = this.context.annotations().getAnnotation((AnnotationTarget) methodInfo, (Collection<DotName>) SecurityConstants.DENY_ALL) != null;
                boolean z2 = this.context.annotations().getAnnotation((AnnotationTarget) methodInfo, (Collection<DotName>) SecurityConstants.PERMIT_ALL) != null;
                if (z) {
                    addRolesAllowed(operation, new String[0]);
                } else {
                    if (z2) {
                        return;
                    }
                    addRolesAllowed(operation, this.resourceRolesAllowed);
                }
            }
        }
    }

    private void addRolesAllowed(Operation operation, String[] strArr) {
        List security = operation.getSecurity();
        if (security == null) {
            SecurityRequirement createSecurityRequirement = OASFactory.createSecurityRequirement();
            createSecurityRequirement.addScheme(this.currentSecurityScheme, new ArrayList(Arrays.asList(strArr)));
            operation.setSecurity(new ArrayList(Arrays.asList(createSecurityRequirement)));
        } else if (security.size() == 1) {
            SecurityRequirement securityRequirement = (SecurityRequirement) security.get(0);
            if (securityRequirement.hasScheme(this.currentSecurityScheme)) {
                securityRequirement.addScheme(this.currentSecurityScheme, (List) Stream.concat(securityRequirement.getScheme(this.currentSecurityScheme).stream(), Arrays.stream(strArr)).distinct().collect(Collectors.toList()));
            }
        }
    }

    private void checkSecurityScheme(OpenAPI openAPI) {
        Map securitySchemes;
        if (openAPI.getComponents() == null || (securitySchemes = openAPI.getComponents().getSecuritySchemes()) == null || securitySchemes.size() != 1) {
            return;
        }
        Map.Entry entry = (Map.Entry) securitySchemes.entrySet().iterator().next();
        SecurityScheme.Type type = ((SecurityScheme) entry.getValue()).getType();
        if (type != null) {
            switch (AnonymousClass1.$SwitchMap$org$eclipse$microprofile$openapi$models$security$SecurityScheme$Type[type.ordinal()]) {
                case 1:
                case 2:
                    saveSecurityScheme((String) entry.getKey(), (SecurityScheme) entry.getValue());
                    return;
                default:
                    return;
            }
        }
    }

    private void saveSecurityScheme(String str, SecurityScheme securityScheme) {
        this.currentSecurityScheme = str;
        this.currentFlows = new ArrayList();
        OAuthFlows flows = securityScheme.getFlows();
        if (flows != null) {
            saveFlow(flows.getAuthorizationCode());
            saveFlow(flows.getClientCredentials());
            saveFlow(flows.getImplicit());
            saveFlow(flows.getPassword());
        }
    }

    private void saveFlow(OAuthFlow oAuthFlow) {
        if (oAuthFlow == null || oAuthFlow.getScopes() != null) {
            return;
        }
        this.currentFlows.add(oAuthFlow);
    }
}
