package org.zalando.zally.ruleset.zalando;

import com.typesafe.config.Config;
import io.swagger.v3.oas.models.OpenAPI;
import io.swagger.v3.oas.models.Operation;
import io.swagger.v3.oas.models.PathItem;
import io.swagger.v3.oas.models.security.SecurityRequirement;
import io.swagger.v3.oas.models.security.SecurityScheme;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import kotlin.Metadata;
import kotlin.collections.CollectionsKt;
import kotlin.jvm.functions.Function1;
import kotlin.jvm.internal.Intrinsics;
import kotlin.text.Regex;
import org.jetbrains.annotations.NotNull;
import org.zalando.zally.core.util.OpenApiUtilKt;
import org.zalando.zally.rule.api.Check;
import org.zalando.zally.rule.api.Context;
import org.zalando.zally.rule.api.Rule;
import org.zalando.zally.rule.api.Severity;
import org.zalando.zally.rule.api.Violation;

/* compiled from: SecureAllEndpointsWithScopesRule.kt */
@Rule(ruleSet = ZalandoRuleSet.class, id = "105", severity = Severity.MUST, title = "Secure All Endpoints With Scopes")
@Metadata(mv = {1, 4, 2}, bv = {1, 0, 3}, k = 1, d1 = {"��\\\n\u0002\u0018\u0002\n\u0002\u0010��\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0010 \n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n\u0002\b\u0002\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0018\u0002\n��\n\u0002\u0010\u000b\n��\n\u0002\u0010&\n\u0002\u0010\u000e\n\u0002\u0018\u0002\n\u0002\b\u0004\n\u0002\u0018\u0002\n\u0002\b\u0002\b\u0007\u0018��2\u00020\u0001B\r\u0012\u0006\u0010\u0002\u001a\u00020\u0003¢\u0006\u0002\u0010\u0004J\u0016\u0010\t\u001a\b\u0012\u0004\u0012\u00020\n0\u00062\u0006\u0010\u000b\u001a\u00020\fH\u0007J\u0016\u0010\r\u001a\b\u0012\u0004\u0012\u00020\n0\u00062\u0006\u0010\u000b\u001a\u00020\fH\u0007J\u001e\u0010\u000e\u001a\b\u0012\u0004\u0012\u00020\u000f0\u00062\u0006\u0010\u0010\u001a\u00020\u00112\u0006\u0010\u0012\u001a\u00020\u0013H\u0002J\u001e\u0010\u0014\u001a\u00020\u00152\u0014\u0010\u0016\u001a\u0010\u0012\u0004\u0012\u00020\u0018\u0012\u0006\u0012\u0004\u0018\u00010\u00190\u0017H\u0002J:\u0010\u001a\u001a\u0004\u0018\u00010\n2\u0006\u0010\u000b\u001a\u00020\f2\u0006\u0010\u001b\u001a\u00020\u00112\u000e\u0010\u001c\u001a\n\u0012\u0006\u0012\u0004\u0018\u00010\u00180\u00062\u0006\u0010\u001d\u001a\u00020\u001e2\u0006\u0010\u001f\u001a\u00020\u0018H\u0002R\u0014\u0010\u0005\u001a\b\u0012\u0004\u0012\u00020\u00070\u0006X\u0082\u0004¢\u0006\u0002\n��R\u000e\u0010\b\u001a\u00020\u0007X\u0082\u0004¢\u0006\u0002\n��¨\u0006 "}, d2 = {"Lorg/zalando/zally/ruleset/zalando/SecureAllEndpointsWithScopesRule;", "", "rulesConfig", "Lcom/typesafe/config/Config;", "(Lcom/typesafe/config/Config;)V", "pathWhitelist", "", "Lkotlin/text/Regex;", "scopeRegex", "checkDefinedScopeFormats", "Lorg/zalando/zally/rule/api/Violation;", "context", "Lorg/zalando/zally/rule/api/Context;", "checkOperationsAreScoped", "definedSecurityRequirements", "Lio/swagger/v3/oas/models/security/SecurityRequirement;", "operation", "Lio/swagger/v3/oas/models/Operation;", "api", "Lio/swagger/v3/oas/models/OpenAPI;", "pathFilter", "", "entry", "", "", "Lio/swagger/v3/oas/models/PathItem;", "validateOAuth2Schema", "op", "requestedScopes", "definedScheme", "Lio/swagger/v3/oas/models/security/SecurityScheme;", "schemeName", "zally-ruleset-zalando"})
/* loaded from: input_file:org/zalando/zally/ruleset/zalando/SecureAllEndpointsWithScopesRule.class */
public final class SecureAllEndpointsWithScopesRule {
    private final Regex scopeRegex;
    private final List<Regex> pathWhitelist;

    /* JADX WARN: Removed duplicated region for block: B:12:0x0062  */
    /* JADX WARN: Removed duplicated region for block: B:23:0x00c8 A[LOOP:1: B:21:0x00be->B:23:0x00c8, LOOP_END] */
    /* JADX WARN: Removed duplicated region for block: B:28:0x0122  */
    /* JADX WARN: Removed duplicated region for block: B:8:0x002f  */
    @org.zalando.zally.rule.api.Check(severity = org.zalando.zally.rule.api.Severity.MUST)
    @org.jetbrains.annotations.NotNull
    /*
        Code decompiled incorrectly, please refer to instructions dump.
        To view partially-correct add '--show-bad-code' argument
    */
    public final java.util.List<org.zalando.zally.rule.api.Violation> checkDefinedScopeFormats(@org.jetbrains.annotations.NotNull org.zalando.zally.rule.api.Context r7) {
        /*
            Method dump skipped, instructions count: 621
            To view this dump add '--comments-level debug' option
        */
        throw new UnsupportedOperationException("Method not decompiled: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule.checkDefinedScopeFormats(org.zalando.zally.rule.api.Context):java.util.List");
    }

    @Check(severity = Severity.MUST)
    @NotNull
    public final List<Violation> checkOperationsAreScoped(@NotNull final Context context) {
        Intrinsics.checkNotNullParameter(context, "context");
        final Map allSecuritySchemes = OpenApiUtilKt.getAllSecuritySchemes(context.getApi());
        return Context.DefaultImpls.validateOperations$default(context, new SecureAllEndpointsWithScopesRule$checkOperationsAreScoped$1(this), (Function1) null, new Function1<Map.Entry<? extends PathItem.HttpMethod, ? extends Operation>, List<? extends Violation>>() { // from class: org.zalando.zally.ruleset.zalando.SecureAllEndpointsWithScopesRule$checkOperationsAreScoped$2
            @NotNull
            public final List<Violation> invoke(@NotNull Map.Entry<? extends PathItem.HttpMethod, ? extends Operation> entry) {
                ArrayList arrayList;
                List definedSecurityRequirements;
                Violation violation;
                Intrinsics.checkNotNullParameter(entry, "<name for destructuring parameter 0>");
                List list = (Operation) entry.getValue();
                if (list != null) {
                    definedSecurityRequirements = SecureAllEndpointsWithScopesRule.this.definedSecurityRequirements(list, context.getApi());
                    if (definedSecurityRequirements.isEmpty()) {
                        Context context2 = context;
                        List security = list.getSecurity();
                        if (security == null) {
                            security = list;
                        }
                        arrayList = context2.violations("Endpoint is not secured by scope(s)", security);
                    } else {
                        List<Map> list2 = definedSecurityRequirements;
                        ArrayList arrayList2 = new ArrayList();
                        for (Map map : list2) {
                            ArrayList arrayList3 = new ArrayList(map.size());
                            for (Map.Entry entry2 : map.entrySet()) {
                                String str = (String) entry2.getKey();
                                List list3 = (List) entry2.getValue();
                                SecurityScheme securityScheme = (SecurityScheme) allSecuritySchemes.get(str);
                                if (securityScheme == null) {
                                    violation = context.violation("Security scheme " + str + " not found", list);
                                } else if (OpenApiUtilKt.isOAuth2(securityScheme)) {
                                    SecureAllEndpointsWithScopesRule secureAllEndpointsWithScopesRule = SecureAllEndpointsWithScopesRule.this;
                                    Context context3 = context;
                                    Intrinsics.checkNotNullExpressionValue(list3, "opScopes");
                                    Intrinsics.checkNotNullExpressionValue(str, "opSchemeName");
                                    violation = secureAllEndpointsWithScopesRule.validateOAuth2Schema(context3, list, list3, securityScheme, str);
                                } else {
                                    violation = null;
                                }
                                arrayList3.add(violation);
                            }
                            CollectionsKt.addAll(arrayList2, arrayList3);
                        }
                        arrayList = arrayList2;
                    }
                } else {
                    arrayList = null;
                }
                List<Violation> list4 = arrayList;
                return list4 != null ? list4 : CollectionsKt.emptyList();
            }

            /* JADX INFO: Access modifiers changed from: package-private */
            /* JADX WARN: 'super' call moved to the top of the method (can break code semantics) */
            {
                super(1);
            }
        }, 2, (Object) null);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final List<SecurityRequirement> definedSecurityRequirements(Operation operation, OpenAPI openAPI) {
        List<SecurityRequirement> security = operation.getSecurity();
        if (security == null) {
            security = CollectionsKt.emptyList();
        }
        List<SecurityRequirement> list = security;
        if (!list.isEmpty()) {
            return list;
        }
        List<SecurityRequirement> security2 = openAPI.getSecurity();
        return security2 != null ? security2 : CollectionsKt.emptyList();
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final Violation validateOAuth2Schema(Context context, Operation operation, List<String> list, SecurityScheme securityScheme, String str) {
        if (list.isEmpty()) {
            Operation security = operation.getSecurity();
            if (security == null) {
                security = operation;
            }
            return context.violation("Endpoint is not secured by OAuth2 scope(s)", security);
        }
        List allScopes = OpenApiUtilKt.allScopes(securityScheme);
        List filterNotNull = CollectionsKt.filterNotNull(list);
        ArrayList arrayList = new ArrayList();
        for (Object obj : filterNotNull) {
            if (!allScopes.contains((String) obj)) {
                arrayList.add(obj);
            }
        }
        ArrayList arrayList2 = arrayList;
        if (!(!arrayList2.isEmpty())) {
            return null;
        }
        String str2 = "Endpoint is secured by undefined OAuth2 scope(s): " + str + ':' + CollectionsKt.joinToString$default(arrayList2, (CharSequence) null, (CharSequence) null, (CharSequence) null, 0, (CharSequence) null, (Function1) null, 63, (Object) null);
        Operation security2 = operation.getSecurity();
        if (security2 == null) {
            security2 = operation;
        }
        return context.violation(str2, security2);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public final boolean pathFilter(Map.Entry<String, ? extends PathItem> entry) {
        List<Regex> list = this.pathWhitelist;
        if ((list instanceof Collection) && list.isEmpty()) {
            return true;
        }
        Iterator<T> it = list.iterator();
        while (it.hasNext()) {
            if (((Regex) it.next()).containsMatchIn(entry.getKey())) {
                return false;
            }
        }
        return true;
    }

    public SecureAllEndpointsWithScopesRule(@NotNull Config config) {
        Intrinsics.checkNotNullParameter(config, "rulesConfig");
        String string = config.getString(SecureAllEndpointsWithScopesRule.class.getSimpleName() + ".scope_regex");
        Intrinsics.checkNotNullExpressionValue(string, "rulesConfig.getString(\n …e}.scope_regex\"\n        )");
        this.scopeRegex = new Regex(string);
        List stringList = config.getStringList(SecureAllEndpointsWithScopesRule.class.getSimpleName() + ".path_whitelist");
        Intrinsics.checkNotNullExpressionValue(stringList, "rulesConfig.getStringLis…me}.path_whitelist\"\n    )");
        List<String> list = stringList;
        ArrayList arrayList = new ArrayList(CollectionsKt.collectionSizeOrDefault(list, 10));
        for (String str : list) {
            Intrinsics.checkNotNullExpressionValue(str, "it");
            arrayList.add(new Regex(str));
        }
        this.pathWhitelist = arrayList;
    }
}
