package com.evolveum.midpoint.web.security;

import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.AuthorizationAction;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.component.menu.MainMenuItem;
import com.evolveum.midpoint.web.component.menu.MenuItem;
import java.util.ArrayList;
import org.apache.wicket.markup.html.WebPage;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/evolveum/midpoint/web/security/SecurityUtils.class */
public class SecurityUtils {
    private static final Trace LOGGER = TraceManager.getTrace(SecurityUtils.class);

    public static MidPointPrincipal getPrincipalUser() {
        return getPrincipalUser(SecurityContextHolder.getContext().getAuthentication());
    }

    public static MidPointPrincipal getPrincipalUser(Authentication authentication) {
        if (authentication == null) {
            LOGGER.trace("Authentication not available in security context.");
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof MidPointPrincipal) {
            return (MidPointPrincipal) principal;
        }
        if ("anonymousUser".equals(principal)) {
            return null;
        }
        LOGGER.debug("Principal user in security context holder is {} ({}) but not type of {}", new Object[]{principal, principal.getClass(), MidPointPrincipal.class.getName()});
        return null;
    }

    public static boolean isMenuAuthorized(MainMenuItem mainMenuItem) {
        Class<? extends WebPage> pageClass = mainMenuItem.getPageClass();
        return pageClass == null || isPageAuthorized(pageClass);
    }

    public static boolean isMenuAuthorized(MenuItem menuItem) {
        return isPageAuthorized(menuItem.getPageClass());
    }

    public static boolean isPageAuthorized(Class cls) {
        PageDescriptor pageDescriptor;
        if (cls == null || (pageDescriptor = (PageDescriptor) cls.getAnnotation(PageDescriptor.class)) == null) {
            return false;
        }
        AuthorizationAction[] action = pageDescriptor.action();
        ArrayList arrayList = new ArrayList();
        if (action != null) {
            for (AuthorizationAction authorizationAction : action) {
                arrayList.add(authorizationAction.actionUri());
            }
        }
        return WebComponentUtil.isAuthorized((String[]) arrayList.toArray(new String[arrayList.size()]));
    }
}
