package org.sonar.samples.openapi.checks.security;

import com.google.common.collect.ImmutableSet;
import com.sonar.sslr.api.AstNodeType;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apiaddicts.apitools.dosonarapi.api.v2.OpenApi2Grammar;
import org.apiaddicts.apitools.dosonarapi.api.v3.OpenApi3Grammar;
import org.apiaddicts.apitools.dosonarapi.sslr.yaml.grammar.JsonNode;
import org.sonar.check.Rule;
import org.sonar.check.RuleProperty;
import org.sonar.samples.openapi.checks.BaseCheck;
import org.sonar.samples.openapi.utils.JsonNodeUtils;

@Rule(key = OAR053ResponseHeadersCheck.KEY)
/* loaded from: input_file:org/sonar/samples/openapi/checks/security/OAR053ResponseHeadersCheck.class */
public class OAR053ResponseHeadersCheck extends BaseCheck {
    public static final String KEY = "OAR053";
    private static final String MANDATORY_HEADERS = "X-Trace-ID";
    private static final String ALLOWED_HEADERS = "idCorrelacion, X-CorrelacionId, X-Global-Trasaction-Id, x-power-by, X-Trace-ID";
    private static final String INCLUDED_RESPONSE_CODES = "*";
    private static final String EXCLUDED_RESPONSE_CODES = "204";
    private static final String DEFAULT_EXCLUSION = "/status";

    @RuleProperty(key = "mandatory-headers", description = "List of mandatory headers. Comma separated", defaultValue = MANDATORY_HEADERS)
    private String mandatoryHeadersStr = MANDATORY_HEADERS;

    @RuleProperty(key = "allowed-headers", description = "List of allowed headers. Comma separated", defaultValue = ALLOWED_HEADERS)
    private String allowedHeadersStr = ALLOWED_HEADERS;

    @RuleProperty(key = "included-response-codes", description = "List of allowed response codes. Comma separated", defaultValue = "*")
    private String includedResponseCodesStr = "*";

    @RuleProperty(key = "excluded-response-codes", description = "List of excluded response codes. Comma separated", defaultValue = EXCLUDED_RESPONSE_CODES)
    private String excludedResponseCodesStr = EXCLUDED_RESPONSE_CODES;

    @RuleProperty(key = "path-exclusions", description = "List of explicit paths to exclude from this rule.", defaultValue = DEFAULT_EXCLUSION)
    private String exclusionStr = DEFAULT_EXCLUSION;
    private Set<String> mandatoryHeaders = new HashSet();
    private Set<String> allowedHeaders = new HashSet();
    private Set<String> includedResponseCodes = new HashSet();
    private Set<String> excludedResponseCodes = new HashSet();
    private Set<String> exclusion;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiVisitor
    public void visitFile(JsonNode jsonNode) {
        if (!this.mandatoryHeadersStr.trim().isEmpty()) {
            this.mandatoryHeaders.addAll((Collection) Stream.of((Object[]) this.mandatoryHeadersStr.split(",")).map(str -> {
                return str.toLowerCase().trim();
            }).collect(Collectors.toSet()));
        }
        if (!this.allowedHeadersStr.trim().isEmpty()) {
            this.allowedHeaders.addAll((Collection) Stream.of((Object[]) this.allowedHeadersStr.split(",")).map(str2 -> {
                return str2.toLowerCase().trim();
            }).collect(Collectors.toSet()));
        }
        if (!this.includedResponseCodesStr.trim().isEmpty()) {
            this.includedResponseCodes.addAll((Collection) Stream.of((Object[]) this.includedResponseCodesStr.split(",")).map(str3 -> {
                return str3.toLowerCase().trim();
            }).collect(Collectors.toSet()));
        }
        if (!this.excludedResponseCodesStr.trim().isEmpty()) {
            this.excludedResponseCodes.addAll((Collection) Stream.of((Object[]) this.excludedResponseCodesStr.split(",")).map(str4 -> {
                return str4.toLowerCase().trim();
            }).collect(Collectors.toSet()));
        }
        if (this.exclusionStr.trim().isEmpty()) {
            return;
        }
        this.exclusion = (Set) Arrays.stream(this.exclusionStr.split(",")).map((v0) -> {
            return v0.trim();
        }).collect(Collectors.toSet());
    }

    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiCheck
    public Set<AstNodeType> subscribedKinds() {
        return ImmutableSet.of((OpenApi3Grammar) OpenApi2Grammar.PATH, OpenApi3Grammar.PATH);
    }

    @Override // org.apiaddicts.apitools.dosonarapi.api.OpenApiVisitor
    public void visitNode(JsonNode jsonNode) {
        visitPathNode(jsonNode);
    }

    private void visitPathNode(JsonNode jsonNode) {
        if (this.exclusion.contains(jsonNode.key().getTokenValue())) {
            return;
        }
        Iterator it = ((Collection) jsonNode.properties().stream().filter(jsonNode2 -> {
            return JsonNodeUtils.isOperation(jsonNode2);
        }).collect(Collectors.toList())).iterator();
        while (it.hasNext()) {
            visitResponsesNode(((JsonNode) it.next()).at("/responses"));
        }
    }

    private void visitResponsesNode(JsonNode jsonNode) {
        for (JsonNode jsonNode2 : (List) jsonNode.properties().stream().collect(Collectors.toList())) {
            String tokenValue = jsonNode2.key().getTokenValue();
            if (!this.excludedResponseCodes.contains(tokenValue) && (this.includedResponseCodes.contains(tokenValue) || this.includedResponseCodes.contains("*"))) {
                visitResponseNode(JsonNodeUtils.resolve(jsonNode2));
            }
        }
    }

    private void visitResponseNode(JsonNode jsonNode) {
        List<JsonNode> list = (List) jsonNode.get("headers").propertyMap().values().stream().collect(Collectors.toList());
        List list2 = (List) list.stream().map(jsonNode2 -> {
            return jsonNode2.key().getTokenValue().toLowerCase().trim();
        }).collect(Collectors.toList());
        if (this.mandatoryHeaders != null && !this.mandatoryHeaders.isEmpty() && !list2.containsAll(this.mandatoryHeaders)) {
            addIssue(KEY, translate("generic.mandatory-headers", this.mandatoryHeadersStr), jsonNode.key());
        }
        for (JsonNode jsonNode3 : list) {
            String trim = jsonNode3.key().getTokenValue().toLowerCase().trim();
            if (this.allowedHeaders != null && !this.allowedHeaders.isEmpty() && !this.allowedHeaders.contains(trim)) {
                addIssue(KEY, translate("generic.not-allowed-header", new Object[0]), jsonNode3.key());
            }
        }
    }
}
