package io.smallrye.openapi.runtime.scanner.processor;

import io.smallrye.openapi.api.constants.SecurityConstants;
import io.smallrye.openapi.api.models.security.ScopesImpl;
import io.smallrye.openapi.api.models.security.SecurityRequirementImpl;
import io.smallrye.openapi.runtime.util.TypeUtil;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import org.eclipse.microprofile.openapi.models.OpenAPI;
import org.eclipse.microprofile.openapi.models.Operation;
import org.eclipse.microprofile.openapi.models.security.OAuthFlow;
import org.eclipse.microprofile.openapi.models.security.OAuthFlows;
import org.eclipse.microprofile.openapi.models.security.SecurityRequirement;
import org.eclipse.microprofile.openapi.models.security.SecurityScheme;
import org.jboss.jandex.MethodInfo;

/* loaded from: input_file:BOOT-INF/lib/smallrye-open-api-core-2.0.22.redhat-00001.jar:io/smallrye/openapi/runtime/scanner/processor/JavaSecurityProcessor.class */
public class JavaSecurityProcessor {
    private static final ThreadLocal<JavaSecurityProcessor> current = new ThreadLocal<>();
    private String currentSecurityScheme;
    private List<OAuthFlow> currentFlows;
    private String[] resourceRolesAllowed;

    public static void register(OpenAPI openAPI) {
        current.set(new JavaSecurityProcessor(openAPI));
    }

    public static void addRolesAllowedToScopes(String[] strArr) {
        current.get().resourceRolesAllowed = strArr;
        current.get().addScopes(strArr);
    }

    public static void addDeclaredRolesToScopes(String[] strArr) {
        current.get().addScopes(strArr);
    }

    public static void processSecurityRoles(MethodInfo methodInfo, Operation operation) {
        current.get().processSecurityRolesForMethodOperation(methodInfo, operation);
    }

    public static void remove() {
        current.remove();
    }

    private JavaSecurityProcessor(OpenAPI openAPI) {
        checkSecurityScheme(openAPI);
    }

    private void addScopes(String[] strArr) {
        if (strArr == null || this.currentFlows == null) {
            return;
        }
        this.currentFlows.forEach(oAuthFlow -> {
            if (oAuthFlow.getScopes() == null) {
                oAuthFlow.setScopes(new ScopesImpl());
            }
            Arrays.stream(strArr).forEach(str -> {
                oAuthFlow.getScopes().addScope(str, str + " role");
            });
        });
    }

    private void processSecurityRolesForMethodOperation(MethodInfo methodInfo, Operation operation) {
        if (this.currentSecurityScheme != null) {
            String[] strArr = (String[]) TypeUtil.getAnnotationValue(methodInfo, SecurityConstants.ROLES_ALLOWED);
            if (strArr != null) {
                addScopes(strArr);
                addRolesAllowed(operation, strArr);
            } else if (this.resourceRolesAllowed != null) {
                boolean z = TypeUtil.getAnnotation(methodInfo, SecurityConstants.DENY_ALL) != null;
                boolean z2 = TypeUtil.getAnnotation(methodInfo, SecurityConstants.PERMIT_ALL) != null;
                if (z) {
                    addRolesAllowed(operation, new String[0]);
                } else {
                    if (z2) {
                        return;
                    }
                    addRolesAllowed(operation, this.resourceRolesAllowed);
                }
            }
        }
    }

    private void addRolesAllowed(Operation operation, String[] strArr) {
        List<SecurityRequirement> security = operation.getSecurity();
        if (security == null) {
            SecurityRequirementImpl securityRequirementImpl = new SecurityRequirementImpl();
            securityRequirementImpl.addScheme(this.currentSecurityScheme, new ArrayList(Arrays.asList(strArr)));
            operation.setSecurity(new ArrayList(Arrays.asList(securityRequirementImpl)));
        } else if (security.size() == 1) {
            SecurityRequirement securityRequirement = security.get(0);
            if (securityRequirement.hasScheme(this.currentSecurityScheme)) {
                List<String> scheme = securityRequirement.getScheme(this.currentSecurityScheme);
                for (String str : strArr) {
                    if (!scheme.contains(str)) {
                        scheme.add(str);
                    }
                }
            }
        }
    }

    private void checkSecurityScheme(OpenAPI openAPI) {
        Map<String, SecurityScheme> securitySchemes;
        if (openAPI.getComponents() == null || (securitySchemes = openAPI.getComponents().getSecuritySchemes()) == null || securitySchemes.size() != 1) {
            return;
        }
        Map.Entry<String, SecurityScheme> next = securitySchemes.entrySet().iterator().next();
        SecurityScheme.Type type = next.getValue().getType();
        if (type != null) {
            switch (type) {
                case OAUTH2:
                case OPENIDCONNECT:
                    saveSecurityScheme(next.getKey(), next.getValue());
                    return;
                default:
                    return;
            }
        }
    }

    private void saveSecurityScheme(String str, SecurityScheme securityScheme) {
        this.currentSecurityScheme = str;
        this.currentFlows = new ArrayList();
        OAuthFlows flows = securityScheme.getFlows();
        if (flows != null) {
            saveFlow(flows.getAuthorizationCode());
            saveFlow(flows.getClientCredentials());
            saveFlow(flows.getImplicit());
            saveFlow(flows.getPassword());
        }
    }

    private void saveFlow(OAuthFlow oAuthFlow) {
        if (oAuthFlow == null || oAuthFlow.getScopes() != null) {
            return;
        }
        this.currentFlows.add(oAuthFlow);
    }
}
