package org.springdoc.core.configuration;

import io.fabric8.kubernetes.client.utils.OpenIDConnectionUtils;
import io.swagger.v3.core.util.AnnotationsUtils;
import io.swagger.v3.oas.annotations.enums.ParameterIn;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.headers.Header;
import io.swagger.v3.oas.models.media.ArraySchema;
import io.swagger.v3.oas.models.media.Content;
import io.swagger.v3.oas.models.media.MapSchema;
import io.swagger.v3.oas.models.media.MediaType;
import io.swagger.v3.oas.models.media.ObjectSchema;
import io.swagger.v3.oas.models.media.Schema;
import io.swagger.v3.oas.models.media.StringSchema;
import io.swagger.v3.oas.models.parameters.HeaderParameter;
import io.swagger.v3.oas.models.parameters.Parameter;
import io.swagger.v3.oas.models.parameters.RequestBody;
import io.swagger.v3.oas.models.responses.ApiResponse;
import io.swagger.v3.oas.models.responses.ApiResponses;
import org.apache.commons.lang3.reflect.FieldUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springdoc.core.configuration.oauth2.SpringDocOAuth2AuthorizationServerMetadata;
import org.springdoc.core.configuration.oauth2.SpringDocOAuth2Token;
import org.springdoc.core.configuration.oauth2.SpringDocOAuth2TokenIntrospection;
import org.springdoc.core.customizers.GlobalOpenApiCustomizer;
import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ApplicationContextAware;
import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.core.AuthorizationGrantType;
import org.springframework.security.oauth2.core.OAuth2Error;
import org.springframework.security.oauth2.server.authorization.web.NimbusJwkSetEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2AuthorizationServerMetadataEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenIntrospectionEndpointFilter;
import org.springframework.security.oauth2.server.authorization.web.OAuth2TokenRevocationEndpointFilter;
import org.springframework.security.web.FilterChainProxy;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;

/* loaded from: input_file:BOOT-INF/lib/springdoc-openapi-starter-common-2.1.0.jar:org/springdoc/core/configuration/SpringDocSecurityOAuth2Customizer.class */
public class SpringDocSecurityOAuth2Customizer implements GlobalOpenApiCustomizer, ApplicationContextAware {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) SpringDocSecurityOAuth2Customizer.class);
    private static final String OAUTH2_ENDPOINT_TAG = "authorization-server-endpoints";
    private ApplicationContext applicationContext;

    @Override // org.springdoc.core.customizers.OpenApiCustomizer
    public void customise(OpenAPI openAPI) {
        for (SecurityFilterChain securityFilterChain : ((FilterChainProxy) this.applicationContext.getBean("springSecurityFilterChain", FilterChainProxy.class)).getFilterChains()) {
            getNimbusJwkSetEndpoint(openAPI, securityFilterChain);
            getOAuth2AuthorizationServerMetadataEndpoint(openAPI, securityFilterChain);
            getOAuth2TokenEndpoint(openAPI, securityFilterChain);
            getOAuth2AuthorizationEndpoint(openAPI, securityFilterChain);
            getOAuth2TokenIntrospectionEndpointFilter(openAPI, securityFilterChain);
            getOAuth2TokenRevocationEndpointFilter(openAPI, securityFilterChain);
        }
    }

    private void getOAuth2TokenRevocationEndpointFilter(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenRevocationEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildApiResponsesOnBadRequest(apiResponses, openAPI);
            Operation buildOperation = buildOperation(apiResponses);
            buildOperation.setRequestBody(new RequestBody().content(new Content().addMediaType("application/x-www-form-urlencoded", new MediaType().schema(new ObjectSchema().addProperty("token", new StringSchema()).addProperty("token_type_hint", new StringSchema())))));
            buildPath(findEndpoint, "tokenRevocationEndpointMatcher", openAPI, buildOperation, HttpMethod.POST);
        }
    }

    private void getOAuth2TokenIntrospectionEndpointFilter(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenIntrospectionEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            buildApiResponsesOnSuccess(apiResponses, AnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2TokenIntrospection.class, openAPI.getComponents(), null));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildApiResponsesOnBadRequest(apiResponses, openAPI);
            Operation buildOperation = buildOperation(apiResponses);
            buildOperation.setRequestBody(new RequestBody().content(new Content().addMediaType("application/x-www-form-urlencoded", new MediaType().schema(new ObjectSchema().addProperty("token", new StringSchema()).addProperty("token_type_hint", new StringSchema()).addProperty("additionalParameters", new ObjectSchema().additionalProperties(new StringSchema()))))));
            buildPath(findEndpoint, "tokenIntrospectionEndpointMatcher", openAPI, buildOperation, HttpMethod.POST);
        }
    }

    private void getOAuth2AuthorizationServerMetadataEndpoint(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(OAuth2AuthorizationServerMetadataEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            buildApiResponsesOnSuccess(apiResponses, AnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2AuthorizationServerMetadata.class, openAPI.getComponents(), null));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildPath(findEndpoint, "requestMatcher", openAPI, buildOperation(apiResponses), HttpMethod.GET);
        }
    }

    private void getNimbusJwkSetEndpoint(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(NimbusJwkSetEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            MapSchema mapSchema = new MapSchema();
            mapSchema.addProperty("keys", new ArraySchema().items(new ObjectSchema().additionalProperties(true)));
            apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType("application/json", new MediaType().schema(mapSchema))));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildApiResponsesOnBadRequest(apiResponses, openAPI);
            Operation buildOperation = buildOperation(apiResponses);
            buildOperation.responses(apiResponses);
            buildPath(findEndpoint, "requestMatcher", openAPI, buildOperation, HttpMethod.GET);
        }
    }

    private void getOAuth2TokenEndpoint(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(OAuth2TokenEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            buildApiResponsesOnSuccess(apiResponses, AnnotationsUtils.resolveSchemaFromType(SpringDocOAuth2Token.class, openAPI.getComponents(), null));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildApiResponsesOnBadRequest(apiResponses, openAPI);
            buildOAuth2Error(openAPI, apiResponses, HttpStatus.UNAUTHORIZED);
            Operation buildOperation = buildOperation(apiResponses);
            buildOperation.setRequestBody(new RequestBody().content(new Content().addMediaType("application/x-www-form-urlencoded", new MediaType().schema(new ObjectSchema().addProperty(OpenIDConnectionUtils.GRANT_TYPE_PARAM, new StringSchema().addEnumItem(AuthorizationGrantType.AUTHORIZATION_CODE.getValue()).addEnumItem(AuthorizationGrantType.REFRESH_TOKEN.getValue()).addEnumItem(AuthorizationGrantType.CLIENT_CREDENTIALS.getValue())).addProperty("code", new StringSchema()).addProperty("redirect_uri", new StringSchema()).addProperty("refresh_token", new StringSchema()).addProperty("scope", new StringSchema()).addProperty(OpenIDConnectionUtils.CLIENT_ID_PARAM, new StringSchema()).addProperty(OpenIDConnectionUtils.CLIENT_SECRET_PARAM, new StringSchema()).addProperty("client_assertion_type", new StringSchema()).addProperty("client_assertion", new StringSchema()).addProperty("additionalParameters", new ObjectSchema().additionalProperties(new StringSchema()))))));
            buildOperation.addParametersItem(new HeaderParameter().name("Authorization"));
            buildPath(findEndpoint, "tokenEndpointMatcher", openAPI, buildOperation, HttpMethod.POST);
        }
    }

    private void getOAuth2AuthorizationEndpoint(OpenAPI openAPI, SecurityFilterChain securityFilterChain) {
        Object findEndpoint = new SpringDocSecurityOAuth2EndpointUtils(OAuth2AuthorizationEndpointFilter.class).findEndpoint(securityFilterChain);
        if (findEndpoint != null) {
            ApiResponses apiResponses = new ApiResponses();
            apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType("text/html", new MediaType())));
            buildApiResponsesOnInternalServerError(apiResponses);
            buildApiResponsesOnBadRequest(apiResponses, openAPI);
            apiResponses.addApiResponse(String.valueOf(HttpStatus.MOVED_TEMPORARILY.value()), new ApiResponse().description(HttpStatus.MOVED_TEMPORARILY.getReasonPhrase()).addHeaderObject("Location", new Header().schema(new StringSchema())));
            Operation buildOperation = buildOperation(apiResponses);
            buildOperation.addParametersItem(new Parameter().name("parameters").in(ParameterIn.QUERY.toString()).schema(new ObjectSchema().additionalProperties(new StringSchema())));
            buildPath(findEndpoint, "authorizationEndpointMatcher", openAPI, buildOperation, HttpMethod.POST);
        }
    }

    private Operation buildOperation(ApiResponses apiResponses) {
        Operation operation = new Operation();
        operation.addTagsItem(OAUTH2_ENDPOINT_TAG);
        operation.responses(apiResponses);
        return operation;
    }

    private ApiResponses buildApiResponsesOnSuccess(ApiResponses apiResponses, Schema schema) {
        apiResponses.addApiResponse(String.valueOf(HttpStatus.OK.value()), new ApiResponse().description(HttpStatus.OK.getReasonPhrase()).content(new Content().addMediaType("application/json", new MediaType().schema(schema))));
        return apiResponses;
    }

    private ApiResponses buildApiResponsesOnInternalServerError(ApiResponses apiResponses) {
        apiResponses.addApiResponse(String.valueOf(HttpStatus.INTERNAL_SERVER_ERROR.value()), new ApiResponse().description(HttpStatus.INTERNAL_SERVER_ERROR.getReasonPhrase()));
        return apiResponses;
    }

    private ApiResponses buildApiResponsesOnBadRequest(ApiResponses apiResponses, OpenAPI openAPI) {
        buildOAuth2Error(openAPI, apiResponses, HttpStatus.BAD_REQUEST);
        return apiResponses;
    }

    private static void buildOAuth2Error(OpenAPI openAPI, ApiResponses apiResponses, HttpStatus httpStatus) {
        apiResponses.addApiResponse(String.valueOf(httpStatus.value()), new ApiResponse().description(httpStatus.getReasonPhrase()).content(new Content().addMediaType("application/json", new MediaType().schema(AnnotationsUtils.resolveSchemaFromType(OAuth2Error.class, openAPI.getComponents(), null)))));
    }

    private void buildPath(Object obj, String str, OpenAPI openAPI, Operation operation, HttpMethod httpMethod) {
        try {
            AntPathRequestMatcher antPathRequestMatcher = (RequestMatcher) FieldUtils.getDeclaredField(obj.getClass(), str, true).get(obj);
            String str2 = null;
            if (antPathRequestMatcher instanceof AntPathRequestMatcher) {
                str2 = antPathRequestMatcher.getPattern();
            } else if (antPathRequestMatcher instanceof OrRequestMatcher) {
                for (OrRequestMatcher orRequestMatcher : (Iterable) FieldUtils.getDeclaredField(OrRequestMatcher.class, "requestMatchers", true).get((OrRequestMatcher) antPathRequestMatcher)) {
                    if (orRequestMatcher instanceof OrRequestMatcher) {
                        for (AntPathRequestMatcher antPathRequestMatcher2 : (Iterable) FieldUtils.getDeclaredField(OrRequestMatcher.class, "requestMatchers", true).get(orRequestMatcher)) {
                            if (antPathRequestMatcher2 instanceof AntPathRequestMatcher) {
                                str2 = antPathRequestMatcher2.getPattern();
                            }
                        }
                    }
                }
            }
            PathItem pathItem = new PathItem();
            if (HttpMethod.POST.equals(httpMethod)) {
                pathItem.post(operation);
            } else if (HttpMethod.GET.equals(httpMethod)) {
                pathItem.get(operation);
            }
            openAPI.getPaths().addPathItem(str2, pathItem);
        } catch (ClassCastException | IllegalAccessException e) {
            LOGGER.trace(e.getMessage());
        }
    }

    @Override // org.springframework.context.ApplicationContextAware
    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
        this.applicationContext = applicationContext;
    }
}
