package org.zalando.zally.ruleset.zalando;

import com.typesafe.config.Config;
import io.swagger.v3.oas.models.Components;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.security.OAuthFlow;
import io.swagger.v3.oas.models.security.Scopes;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.SortedSet;
import kotlin.Metadata;
import kotlin.Pair;
import kotlin.collections.CollectionsKt;
import kotlin.collections.MapsKt;
import kotlin.collections.SetsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;
import org.jetbrains.annotations.NotNull;
import org.zalando.zally.rule.api.Check;
import org.zalando.zally.rule.api.Context;
import org.zalando.zally.rule.api.Rule;
import org.zalando.zally.rule.api.Severity;
import org.zalando.zally.rule.api.Violation;

/* compiled from: SecureAllEndpointsWithScopesRule.kt */
@Rule(ruleSet = ZalandoRuleSet.class, id = "105", severity = Severity.MUST, title = "Secure All Endpoints With Scopes")
@Metadata(mv = {1, 1, 13}, bv = {1, 0, 3}, k = 1, d1 = {"��l\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010$\n\u0002\u0010\u000e\n\u0002\u0010\"\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0010&\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\u0018\u0002\n��\b\u0007\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0016\u0010\t\u001a\b\u0012\u0004\u0012\u00020\n0\u00062\u0006\u0010\u000b\u001a\u00020\fH\u0007J\u0016\u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\u00062\u0006\u0010\u000b\u001a\u00020\fH\u0007J\"\u0010\u000e\u001a\u0014\u0012\u0004\u0012\u00020\u0010\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00100\u00110\u000f2\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\u001e\u0010\u0014\u001a\u00020\u00152\u0014\u0010\u0016\u001a\u0010\u0012\u0004\u0012\u00020\u0010\u0012\u0006\u0012\u0004\u0018\u00010\u00180\u0017H\u0002JF\u0010\u0019\u001a\u0014\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u00100\u001a0\u00062\u0006\u0010\u0012\u001a\u00020\u00132\b\u0010\u001b\u001a\u0004\u0018\u00010\u001c2\u0018\u0010\u000e\u001a\u0014\u0012\u0004\u0012\u00020\u0010\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00100\u00110\u000fH\u0002JB\u0010\u001d\u001a\b\u0012\u0004\u0012\u00020\u00100\u001e2\u0018\u0010\u0019\u001a\u0014\u0012\u0010\u0012\u000e\u0012\u0004\u0012\u00020\u0010\u0012\u0004\u0012\u00020\u00100\u001a0\u00062\u0018\u0010\u000e\u001a\u0014\u0012\u0004\u0012\u00020\u0010\u0012\n\u0012\b\u0012\u0004\u0012\u00020\u00100\u00110\u000fH\u0002J\u0014\u0010\u001f\u001a\b\u0012\u0004\u0012\u00020 0\u0006*\u0004\u0018\u00010!H\u0002R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006\""}, d2 = {"Lorg/zalando/zally/ruleset/zalando/SecureAllEndpointsWithScopesRule;", "", "rulesConfig", "Lcom/typesafe/config/Config;", "(Lcom/typesafe/config/Config;)V", "pathWhitelist", "", "Lkotlin/text/Regex;", "scopeRegex", "checkDefinedScopeFormats", "Lorg/zalando/zally/rule/api/Violation;", "context", "Lorg/zalando/zally/rule/api/Context;", "checkOperationsAreScoped", "defined", "", "", "", "api", "Lio/swagger/v3/oas/models/OpenAPI;", "pathFilter", "", "entry", "", "Lio/swagger/v3/oas/models/PathItem;", "requested", "Lkotlin/Pair;", "op", "Lio/swagger/v3/oas/models/Operation;", "undefined", "Ljava/util/SortedSet;", "allFlows", "Lio/swagger/v3/oas/models/security/OAuthFlow;", "Lio/swagger/v3/oas/models/security/SecurityScheme;", "zally-ruleset-zalando"})
/* loaded from: input_file:org/zalando/zally/ruleset/zalando/SecureAllEndpointsWithScopesRule.class */
public final class SecureAllEndpointsWithScopesRule {
    private final Regex scopeRegex;
    private final List<Regex> pathWhitelist;

    /* JADX WARN: Removed duplicated region for block: B:12:0x0061  */
    /* JADX WARN: Removed duplicated region for block: B:26:0x00ca A[LOOP:1: B:24:0x00c0->B:26:0x00ca, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:31:0x0123  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x002f  */
    @org.zalando.zally.rule.api.Check(severity = org.zalando.zally.rule.api.Severity.MUST)
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<org.zalando.zally.rule.api.Violation> checkDefinedScopeFormats(@org.jetbrains.annotations.NotNull org.zalando.zally.rule.api.Context r7) {
        /*
            Method dump skipped, instructions count: 618
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule.checkDefinedScopeFormats(org.zalando.zally.rule.api.Context):java.util.List");
    }

    @Check(severity = Severity.MUST)
    @NotNull
    public final List<Violation> checkOperationsAreScoped(@NotNull final Context context) {
        Intrinsics.checkParameterIsNotNull(context, "context");
        final Map<String, Set<String>> defined = defined(context.getApi());
        return Context.DefaultImpls.validateOperations$default(context, new SecureAllEndpointsWithScopesRule$checkOperationsAreScoped$1(this), (Function1) null, new Function1<Map.Entry<? extends PathItem.HttpMethod, ? extends Operation>, List<? extends Violation>>() { // from class: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule$checkOperationsAreScoped$2
            @NotNull
            public final List<Violation> invoke(@NotNull Map.Entry<? extends PathItem.HttpMethod, ? extends Operation> entry) {
                List<Violation> list;
                List requested;
                SortedSet undefined;
                Intrinsics.checkParameterIsNotNull(entry, "<name for destructuring parameter 0>");
                List list2 = (Operation) entry.getValue();
                if (list2 != null) {
                    requested = SecureAllEndpointsWithScopesRule.this.requested(context.getApi(), list2, defined);
                    undefined = SecureAllEndpointsWithScopesRule.this.undefined(requested, defined);
                    if (requested.isEmpty()) {
                        Context context2 = context;
                        List security = list2.getSecurity();
                        if (security == null) {
                            security = list2;
                        }
                        list = context2.violations("Endpoint not secured by OAuth2 scope(s)", security);
                    } else {
                        if (!undefined.isEmpty()) {
                            Context context3 = context;
                            String str = "Endpoint secured by undefined OAuth2 scope(s): " + CollectionsKt.joinToString$default(undefined, (CharSequence) null, (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 63, (Object) null);
                            List security2 = list2.getSecurity();
                            if (security2 == null) {
                                security2 = list2;
                            }
                            list = context3.violations(str, security2);
                        } else {
                            list = CollectionsKt.emptyList();
                        }
                    }
                } else {
                    list = null;
                }
                List<Violation> list3 = list;
                return list3 != null ? list3 : CollectionsKt.emptyList();
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        }, 2, (Object) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean pathFilter(Map.Entry<String, ? extends PathItem> entry) {
        List<Regex> list = this.pathWhitelist;
        if ((list instanceof Collection) && list.isEmpty()) {
            return true;
        }
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            if (((Regex) it.next()).containsMatchIn(entry.getKey())) {
                return false;
            }
        }
        return true;
    }

    /* JADX WARN: Removed duplicated region for block: B:13:0x0039  */
    /* JADX WARN: Removed duplicated region for block: B:18:0x0050  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x0022  */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    private final java.util.List<io.swagger.v3.oas.models.security.OAuthFlow> allFlows(@org.jetbrains.annotations.Nullable io.swagger.v3.oas.models.security.SecurityScheme r7) {
        /*
            r6 = this;
            r0 = 4
            io.swagger.v3.oas.models.security.OAuthFlow[] r0 = new io.swagger.v3.oas.models.security.OAuthFlow[r0]
            r1 = r0
            r2 = 0
            r3 = r7
            r4 = r3
            if (r4 == 0) goto L18
            io.swagger.v3.oas.models.security.OAuthFlows r3 = r3.getFlows()
            r4 = r3
            if (r4 == 0) goto L18
            io.swagger.v3.oas.models.security.OAuthFlow r3 = r3.getImplicit()
            goto L1a
        L18:
            r3 = 0
        L1a:
            r1[r2] = r3
            r1 = r0
            r2 = 1
            r3 = r7
            r4 = r3
            if (r4 == 0) goto L2f
            io.swagger.v3.oas.models.security.OAuthFlows r3 = r3.getFlows()
            r4 = r3
            if (r4 == 0) goto L2f
            io.swagger.v3.oas.models.security.OAuthFlow r3 = r3.getPassword()
            goto L31
        L2f:
            r3 = 0
        L31:
            r1[r2] = r3
            r1 = r0
            r2 = 2
            r3 = r7
            r4 = r3
            if (r4 == 0) goto L46
            io.swagger.v3.oas.models.security.OAuthFlows r3 = r3.getFlows()
            r4 = r3
            if (r4 == 0) goto L46
            io.swagger.v3.oas.models.security.OAuthFlow r3 = r3.getClientCredentials()
            goto L48
        L46:
            r3 = 0
        L48:
            r1[r2] = r3
            r1 = r0
            r2 = 3
            r3 = r7
            r4 = r3
            if (r4 == 0) goto L5d
            io.swagger.v3.oas.models.security.OAuthFlows r3 = r3.getFlows()
            r4 = r3
            if (r4 == 0) goto L5d
            io.swagger.v3.oas.models.security.OAuthFlow r3 = r3.getAuthorizationCode()
            goto L5f
        L5d:
            r3 = 0
        L5f:
            r1[r2] = r3
            java.util.List r0 = kotlin.collections.CollectionsKt.listOfNotNull(r0)
            return r0
        */
        throw new UnsupportedOperationException("Method not decompiled: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule.allFlows(io.swagger.v3.oas.models.security.SecurityScheme):java.util.List");
    }

    private final Map<String, Set<String>> defined(OpenAPI openAPI) {
        Components components = openAPI.getComponents();
        Map securitySchemes = components != null ? components.getSecuritySchemes() : null;
        if (securitySchemes == null) {
            securitySchemes = MapsKt.emptyMap();
        }
        Map map = securitySchemes;
        LinkedHashMap linkedHashMap = new LinkedHashMap();
        for (Map.Entry entry : map.entrySet()) {
            SecurityScheme securityScheme = (SecurityScheme) entry.getValue();
            Intrinsics.checkExpressionValueIsNotNull(securityScheme, "scheme");
            if (securityScheme.getType() == SecurityScheme.Type.OAUTH2) {
                linkedHashMap.put(entry.getKey(), entry.getValue());
            }
        }
        LinkedHashMap linkedHashMap2 = linkedHashMap;
        LinkedHashMap linkedHashMap3 = new LinkedHashMap(MapsKt.mapCapacity(linkedHashMap2.size()));
        for (Object obj : linkedHashMap2.entrySet()) {
            Object key = ((Map.Entry) obj).getKey();
            List<OAuthFlow> allFlows = allFlows((SecurityScheme) ((Map.Entry) obj).getValue());
            ArrayList arrayList = new ArrayList();
            Iterator<T> it = allFlows.iterator();
            while (it.hasNext()) {
                Scopes scopes = ((OAuthFlow) it.next()).getScopes();
                Set keySet = scopes != null ? scopes.keySet() : null;
                if (keySet == null) {
                    keySet = SetsKt.emptySet();
                }
                CollectionsKt.addAll(arrayList, keySet);
            }
            linkedHashMap3.put(key, CollectionsKt.toSet(arrayList));
        }
        return linkedHashMap3;
    }

    /* JADX INFO: Access modifiers changed from: private */
    /* JADX WARN: Code restructure failed: missing block: B:4:0x0009, code lost:
    
        if (r0 != null) goto L8;
     */
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<kotlin.Pair<java.lang.String, java.lang.String>> requested(io.swagger.v3.oas.models.OpenAPI r6, io.swagger.v3.oas.models.Operation r7, java.util.Map<java.lang.String, ? extends java.util.Set<java.lang.String>> r8) {
        /*
            Method dump skipped, instructions count: 488
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule.requested(io.swagger.v3.oas.models.OpenAPI, io.swagger.v3.oas.models.Operation, java.util.Map):java.util.List");
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final SortedSet<String> undefined(List<Pair<String, String>> list, Map<String, ? extends Set<String>> map) {
        ArrayList arrayList = new ArrayList();
        for (Object obj : list) {
            Pair pair = (Pair) obj;
            String str = (String) pair.component1();
            String str2 = (String) pair.component2();
            Set<String> set = map.get(str);
            if (set == null) {
                set = SetsKt.emptySet();
            }
            if (!set.contains(str2)) {
                arrayList.add(obj);
            }
        }
        ArrayList<Pair> arrayList2 = arrayList;
        ArrayList arrayList3 = new ArrayList(CollectionsKt.collectionSizeOrDefault(arrayList2, 10));
        for (Pair pair2 : arrayList2) {
            arrayList3.add(((String) pair2.getFirst()) + ':' + ((String) pair2.getSecond()));
        }
        return CollectionsKt.toSortedSet(arrayList3);
    }

    public SecureAllEndpointsWithScopesRule(@NotNull Config config) {
        Intrinsics.checkParameterIsNotNull(config, "rulesConfig");
        String string = config.getString(SecureAllEndpointsWithScopesRule.class.getSimpleName() + ".scope_regex");
        Intrinsics.checkExpressionValueIsNotNull(string, "rulesConfig.getString(\n …e}.scope_regex\"\n        )");
        this.scopeRegex = new Regex(string);
        List stringList = config.getStringList(SecureAllEndpointsWithScopesRule.class.getSimpleName() + ".path_whitelist");
        Intrinsics.checkExpressionValueIsNotNull(stringList, "rulesConfig.getStringLis…me}.path_whitelist\"\n    )");
        List<String> list = stringList;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list, 10));
        for (String str : list) {
            Intrinsics.checkExpressionValueIsNotNull(str, "it");
            arrayList.add(new Regex(str));
        }
        this.pathWhitelist = arrayList;
    }
}
