package org.mule.connectivity.restconnect.internal.modelGeneration.ramlParser.security;

import edu.emory.mathcs.backport.java.util.Arrays;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.mule.connectivity.restconnect.exception.UnsupportedSecuritySchemeException;
import org.mule.connectivity.restconnect.internal.model.parameter.Parameter;
import org.mule.connectivity.restconnect.internal.model.parameter.ParameterType;
import org.mule.connectivity.restconnect.internal.model.security.APISecurityScheme;
import org.mule.connectivity.restconnect.internal.model.security.BasicAuthScheme;
import org.mule.connectivity.restconnect.internal.model.security.CustomAuthenticationScheme;
import org.mule.connectivity.restconnect.internal.model.security.DigestAuthenticationScheme;
import org.mule.connectivity.restconnect.internal.model.security.JwtAuthenticationScheme;
import org.mule.connectivity.restconnect.internal.model.security.OAuth2AuthorizationCodeScheme;
import org.mule.connectivity.restconnect.internal.model.security.OAuth2ClientCredentialsScheme;
import org.mule.connectivity.restconnect.internal.model.security.PassThroughScheme;
import org.mule.connectivity.restconnect.internal.model.security.UnsecuredScheme;
import org.mule.connectivity.restconnect.internal.model.typesource.PrimitiveTypeSource;
import org.mule.connectivity.restconnect.internal.modelGeneration.JsonSchemaPool;
import org.mule.connectivity.restconnect.internal.modelGeneration.common.security.SecuritySchemeFactory;
import org.mule.connectivity.restconnect.internal.modelGeneration.ramlParser.util.RamlParserUtils;
import org.raml.v2.api.model.v10.api.Api;
import org.raml.v2.api.model.v10.datamodel.TypeInstance;
import org.raml.v2.api.model.v10.datamodel.TypeInstanceProperty;
import org.raml.v2.api.model.v10.methods.Method;
import org.raml.v2.api.model.v10.security.SecurityScheme;
import org.raml.v2.api.model.v10.security.SecuritySchemePart;

/* loaded from: input_file:org/mule/connectivity/restconnect/internal/modelGeneration/ramlParser/security/RamlParserSecuritySchemeFactory.class */
public class RamlParserSecuritySchemeFactory {
    public static List<APISecurityScheme> getOperationSecuritySchemes(Api api, Method method, JsonSchemaPool jsonSchemaPool) throws Exception {
        return getMethodSecuritySchemes(method, (List) method.resource().securedBy().stream().map(securitySchemeRef -> {
            if (securitySchemeRef != null) {
                return securitySchemeRef.securityScheme();
            }
            return null;
        }).collect(Collectors.toList()), (List) api.securedBy().stream().map(securitySchemeRef2 -> {
            if (securitySchemeRef2 != null) {
                return securitySchemeRef2.securityScheme();
            }
            return null;
        }).collect(Collectors.toList()), jsonSchemaPool);
    }

    private static List<APISecurityScheme> getAPISecuritySchemes(List<SecurityScheme> list, JsonSchemaPool jsonSchemaPool) throws Exception {
        LinkedList linkedList = new LinkedList();
        Iterator<SecurityScheme> it = list.iterator();
        while (it.hasNext()) {
            for (APISecurityScheme aPISecurityScheme : createSecuritySchemes(it.next(), jsonSchemaPool)) {
                if (linkedList.stream().noneMatch(aPISecurityScheme2 -> {
                    return aPISecurityScheme2.equals(aPISecurityScheme);
                })) {
                    linkedList.add(aPISecurityScheme);
                }
            }
        }
        if (list.isEmpty() || !linkedList.isEmpty()) {
            return linkedList;
        }
        throw new UnsupportedSecuritySchemeException("None of the specified security schemes ( " + listSchemes(list) + ") are supported.");
    }

    private static List<APISecurityScheme> getMethodSecuritySchemes(Method method, List<SecurityScheme> list, List<SecurityScheme> list2, JsonSchemaPool jsonSchemaPool) throws Exception {
        List securitySchemesForOperation = SecuritySchemeFactory.getSecuritySchemesForOperation((List) method.securedBy().stream().map(securitySchemeRef -> {
            if (securitySchemeRef != null) {
                return securitySchemeRef.securityScheme();
            }
            return null;
        }).collect(Collectors.toList()), list, list2);
        if (!securitySchemesForOperation.isEmpty()) {
            return getAPISecuritySchemes(securitySchemesForOperation, jsonSchemaPool);
        }
        LinkedList linkedList = new LinkedList();
        linkedList.add(new UnsecuredScheme());
        return linkedList;
    }

    private static List<APISecurityScheme> createSecuritySchemes(SecurityScheme securityScheme, JsonSchemaPool jsonSchemaPool) throws Exception {
        LinkedList linkedList = new LinkedList();
        if (securityScheme == null) {
            linkedList.add(new UnsecuredScheme());
            return linkedList;
        }
        String type = securityScheme.type();
        if (RamlParserSecuritySchemesNaming.isBasicAuth(type)) {
            linkedList.add(new BasicAuthScheme());
        } else if (RamlParserSecuritySchemesNaming.isPassThrough(type)) {
            linkedList.add(buildPassThroughSecurityScheme(securityScheme, jsonSchemaPool));
        } else if (RamlParserSecuritySchemesNaming.isOauth2(type)) {
            for (String str : securityScheme.settings().authorizationGrants()) {
                if (RamlParserOauth2FlowsNaming.isAuthorizationCode(str)) {
                    linkedList.add(buildOAuth2AuthorizationCodeSecurityScheme(securityScheme));
                } else if (RamlParserOauth2FlowsNaming.isClientCredentials(str)) {
                    linkedList.add(buildOAuth2ClientCredentialsSecurityScheme(securityScheme));
                }
            }
        } else if (RamlParserSecuritySchemesNaming.isDigestAuth(type)) {
            linkedList.add(new DigestAuthenticationScheme());
        } else if (RamlParserSecuritySchemesNaming.isJwtAuth(type)) {
            linkedList.add(buildJwtAuthenticationScheme(securityScheme, jsonSchemaPool));
        } else if (RamlParserSecuritySchemesNaming.isCustom(type)) {
            linkedList.add(buildCustomAuthenticationSecurityScheme(securityScheme, jsonSchemaPool));
        }
        return linkedList;
    }

    private static PassThroughScheme buildPassThroughSecurityScheme(SecurityScheme securityScheme, JsonSchemaPool jsonSchemaPool) throws Exception {
        SecuritySchemePart describedBy = securityScheme.describedBy();
        return new PassThroughScheme(RamlParserUtils.getParameterList(describedBy.queryParameters(), ParameterType.QUERY, jsonSchemaPool), RamlParserUtils.getParameterList(describedBy.headers(), ParameterType.HEADER, jsonSchemaPool));
    }

    private static JwtAuthenticationScheme buildJwtAuthenticationScheme(SecurityScheme securityScheme, JsonSchemaPool jsonSchemaPool) throws Exception {
        TypeInstance typeInstance = (TypeInstance) securityScheme.describedBy().annotations().stream().map((v0) -> {
            return v0.structuredValue();
        }).findFirst().get();
        ArrayList arrayList = new ArrayList();
        Optional map = Optional.ofNullable(get(typeInstance, "body.jwt.headers.alg")).map(typeInstance2 -> {
            return parse(typeInstance2, "alg", "Encryption Algorithm", "Algorithm used to sign and encrypt the JWT tokens.");
        });
        arrayList.getClass();
        map.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map2 = Optional.ofNullable(get(typeInstance, "body.jwt.headers.typ")).map(typeInstance3 -> {
            return parse(typeInstance3, "typ", "Token Media Type", "Header Parameter defined by JWT applications to declare the media type of this complete JWT.");
        });
        arrayList.getClass();
        map2.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map3 = Optional.ofNullable(get(typeInstance, "body.jwt.headers.cty")).map(typeInstance4 -> {
            return parse(typeInstance4, "cty", "Token Content Type", "Header Parameter defined by JWT applications to convey structural information about the token.");
        });
        arrayList.getClass();
        map3.ifPresent((v1) -> {
            r1.add(v1);
        });
        getProperty(get(typeInstance, "body.jwt.headers"), "custom").map((v0) -> {
            return v0.values();
        }).ifPresent(list -> {
            Stream map4 = list.stream().map(RamlParserSecuritySchemeFactory::getCustomParameter);
            arrayList.getClass();
            map4.forEach((v1) -> {
                r1.add(v1);
            });
        });
        ArrayList arrayList2 = new ArrayList();
        ArrayList arrayList3 = new ArrayList();
        Optional map4 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.iss")).map(typeInstance5 -> {
            return parse(typeInstance5, "iss", "Issuer", "The \"iss\" (issuer) claim identifies the principal that issued the JWT.  The processing of this claim is generally application specific. The \"iss\" value is a case-sensitive string containing a StringOrURI value.");
        });
        arrayList2.getClass();
        map4.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map5 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.sub")).map(typeInstance6 -> {
            return parse(typeInstance6, "sub", "Subject", "The \"sub\" (subject) claim identifies the principal that is the subject of the JWT.");
        });
        arrayList2.getClass();
        map5.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map6 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.aud")).map(typeInstance7 -> {
            return parse(typeInstance7, "aud", "Audience", "The \"aud\" (audience) claim identifies the recipients that the JWT is intended for.  Each principal intended to process the JWT MUST identify itself with a value in the audience claim.  If the principal processing the claim does not identify itself with a value in the \"aud\" claim when this claim is present, then the JWT MUST be rejected.");
        });
        arrayList2.getClass();
        map6.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map7 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.jti")).map(typeInstance8 -> {
            return parse(typeInstance8, "jti", "JWT ID", "The \"jti\" (JWT ID) claim provides a unique identifier for the JWT. The identifier value MUST be assigned in a manner that ensures that there is a negligible probability that the same value will be accidentally assigned to a different data object.");
        });
        arrayList2.getClass();
        map7.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map8 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.exp")).map(typeInstance9 -> {
            return parse(typeInstance9, "exp", "Expiration Time", "The \"exp\" (expiration time) claim identifies the expiration time on or after which the JWT MUST NOT be accepted for processing.");
        });
        arrayList2.getClass();
        map8.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map9 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.iat")).map(typeInstance10 -> {
            return parse(typeInstance10, "iat", "Issued At", "The \"iat\" (issued at) claim identifies the time at which the JWT was issued.  This claim can be used to determine the age of the JWT.  Its value MUST be a number containing a NumericDate value.");
        });
        arrayList2.getClass();
        map9.ifPresent((v1) -> {
            r1.add(v1);
        });
        Optional map10 = Optional.ofNullable(get(typeInstance, "body.jwt.claims.nbf")).map(typeInstance11 -> {
            return parse(typeInstance11, "nbf", "Not Before", "The \"nbf\" (not before) claim identifies the time before which the JWT MUST NOT be accepted for processing.  The processing of the \"nbf\" claim requires that the current date/time MUST be after or equal to the not-before date/time listed in the \"nbf\" claim.");
        });
        arrayList2.getClass();
        map10.ifPresent((v1) -> {
            r1.add(v1);
        });
        getProperty(get(typeInstance, "body.jwt.claims"), "custom").map((v0) -> {
            return v0.values();
        }).ifPresent(list2 -> {
            Stream map11 = list2.stream().map(RamlParserSecuritySchemeFactory::getCustomParameter);
            arrayList2.getClass();
            map11.forEach((v1) -> {
                r1.add(v1);
            });
        });
        getProperty(get(typeInstance, "body"), "parameters").map((v0) -> {
            return v0.values();
        }).ifPresent(list3 -> {
            Stream map11 = list3.stream().map(RamlParserSecuritySchemeFactory::getCustomParameter);
            arrayList3.getClass();
            map11.forEach((v1) -> {
                r1.add(v1);
            });
        });
        Optional map11 = Optional.ofNullable(get(typeInstance, "url")).map(typeInstance12 -> {
            return APISecurityScheme.getSecuritySchemeParameter("url", "URL", PrimitiveTypeSource.PrimitiveType.STRING, "Access Token retrieval URL.", null, null, false, false, false, typeInstance12.value().toString());
        });
        arrayList3.getClass();
        map11.ifPresent((v1) -> {
            r1.add(v1);
        });
        return new JwtAuthenticationScheme(arrayList, arrayList2, arrayList3);
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static Parameter parse(TypeInstance typeInstance, String str, String str2, String str3) {
        return APISecurityScheme.getSecuritySchemeParameter(str, str2, PrimitiveTypeSource.PrimitiveType.STRING, str3, getStringValue(typeInstance, "defaultValue", null), null, getBooleanValue(typeInstance, "required", Boolean.FALSE).booleanValue(), false, getBooleanValue(typeInstance, "generated", Boolean.FALSE).booleanValue(), (String[]) getProperty(typeInstance, "restrictedValues").map((v0) -> {
            return v0.values();
        }).map(list -> {
            Stream map = list.stream().map((v0) -> {
                return v0.value();
            });
            Class<String> cls = String.class;
            String.class.getClass();
            return (String[]) ((List) map.map(cls::cast).collect(Collectors.toList())).toArray(new String[0]);
        }).orElse(new String[0]));
    }

    private static Parameter getCustomParameter(TypeInstance typeInstance) {
        String stringValue = getStringValue(typeInstance, "name", null);
        return APISecurityScheme.getSecuritySchemeParameter(stringValue, getStringValue(typeInstance, "displayName", stringValue), PrimitiveTypeSource.PrimitiveType.STRING, getStringValue(typeInstance, "description", null), getStringValue(typeInstance, "defaultValue", null), null, getBooleanValue(typeInstance, "required", Boolean.FALSE).booleanValue(), false, (String[]) getProperty(typeInstance, "restrictedValues").map((v0) -> {
            return v0.values();
        }).map(list -> {
            Stream map = list.stream().map((v0) -> {
                return v0.value();
            });
            Class<String> cls = String.class;
            String.class.getClass();
            return (String[]) ((List) map.map(cls::cast).collect(Collectors.toList())).toArray(new String[0]);
        }).orElse(new String[0]));
    }

    private static String getStringValue(TypeInstance typeInstance, String str, String str2) {
        return (String) getValue(typeInstance, String.class, str, str2);
    }

    private static Boolean getBooleanValue(TypeInstance typeInstance, String str, Boolean bool) {
        return (Boolean) getValue(typeInstance, Boolean.class, str, bool);
    }

    private static <T> T getValue(TypeInstance typeInstance, Class<T> cls, String str, T t) {
        Optional map = getProperty(typeInstance, str).map((v0) -> {
            return v0.value();
        }).map((v0) -> {
            return v0.value();
        });
        cls.getClass();
        return (T) map.map(cls::cast).orElse(t);
    }

    private static TypeInstance get(TypeInstance typeInstance, String str) {
        return get(typeInstance, (List<String>) Stream.of((Object[]) str.split("\\.")).collect(Collectors.toList()));
    }

    /* JADX INFO: Access modifiers changed from: private */
    public static TypeInstance get(TypeInstance typeInstance, List<String> list) {
        return list.isEmpty() ? typeInstance : (TypeInstance) getProperty(typeInstance, list.remove(0)).map((v0) -> {
            return v0.value();
        }).map(typeInstance2 -> {
            return get(typeInstance2, (List<String>) list);
        }).orElse(null);
    }

    private static Optional<TypeInstanceProperty> getProperty(TypeInstance typeInstance, String str) {
        return typeInstance.properties().stream().filter(typeInstanceProperty -> {
            return typeInstanceProperty.name().equals(str);
        }).findFirst();
    }

    private static APISecurityScheme buildCustomAuthenticationSecurityScheme(SecurityScheme securityScheme, JsonSchemaPool jsonSchemaPool) throws Exception {
        SecuritySchemePart describedBy = securityScheme.describedBy();
        return new CustomAuthenticationScheme(RamlParserUtils.getParameterList(describedBy.queryParameters(), ParameterType.QUERY, jsonSchemaPool), RamlParserUtils.getParameterList(describedBy.headers(), ParameterType.HEADER, jsonSchemaPool));
    }

    private static OAuth2AuthorizationCodeScheme buildOAuth2AuthorizationCodeSecurityScheme(SecurityScheme securityScheme) {
        return new OAuth2AuthorizationCodeScheme(RamlParserUtils.getValueFromAnnotableString(securityScheme.settings().authorizationUri()), RamlParserUtils.getValueFromAnnotableString(securityScheme.settings().accessTokenUri()), Arrays.asList(new String[]{"authorization_code"}), securityScheme.settings().scopes(), RamlParserUtils.getAnnotatedRenewTokenExpression(securityScheme));
    }

    private static OAuth2ClientCredentialsScheme buildOAuth2ClientCredentialsSecurityScheme(SecurityScheme securityScheme) {
        return new OAuth2ClientCredentialsScheme(RamlParserUtils.getValueFromAnnotableString(securityScheme.settings().authorizationUri()), RamlParserUtils.getValueFromAnnotableString(securityScheme.settings().accessTokenUri()), Arrays.asList(new String[]{"client_credentials"}), securityScheme.settings().scopes(), RamlParserUtils.getAnnotatedRenewTokenExpression(securityScheme));
    }

    private static String listSchemes(List<SecurityScheme> list) {
        StringBuilder sb = new StringBuilder();
        for (SecurityScheme securityScheme : list) {
            sb.append(securityScheme.type());
            sb.append("<");
            sb.append(securityScheme.name());
            sb.append(">");
            if (securityScheme.type().equals("OAuth 2.0")) {
                sb.append(" :");
                for (String str : securityScheme.settings().authorizationGrants()) {
                    sb.append(" ");
                    sb.append(str);
                }
            }
            sb.append(". ");
        }
        return sb.toString();
    }
}
