package com.evolveum.midpoint.web.security.util;

import com.evolveum.midpoint.gui.api.GuiConstants;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.model.api.ModelInteractionService;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.model.api.authentication.AuthModule;
import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.model.api.authentication.NameOfModuleType;
import com.evolveum.midpoint.model.api.authentication.StateOfModule;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.application.AuthorizationAction;
import com.evolveum.midpoint.web.application.DescriptorLoader;
import com.evolveum.midpoint.web.application.PageDescriptor;
import com.evolveum.midpoint.web.component.menu.MainMenuItem;
import com.evolveum.midpoint.web.component.menu.MenuItem;
import com.evolveum.midpoint.web.security.factory.channel.AbstractChannelFactory;
import com.evolveum.midpoint.web.security.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.web.security.factory.module.AbstractModuleFactory;
import com.evolveum.midpoint.web.security.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.web.security.factory.module.HttpClusterModuleFactory;
import com.evolveum.midpoint.web.security.module.authentication.HttpModuleAuthentication;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.github.openjson.JSONArray;
import com.github.openjson.JSONObject;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Collections;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.Validate;
import org.apache.wicket.markup.ComponentTag;
import org.apache.wicket.markup.MarkupStream;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.request.Response;
import org.apache.wicket.request.cycle.RequestCycle;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.util.StringUtils;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.web.context.ContextLoader;

/* loaded from: input_file:com/evolveum/midpoint/web/security/util/SecurityUtils.class */
public class SecurityUtils {
    private static final Trace LOGGER = TraceManager.getTrace(SecurityUtils.class);
    private static final String PROXY_USER_OID_HEADER = "Switch-To-Principal";
    public static final String DEFAULT_LOGOUT_PATH = "/logout";
    private static final Map<String, String> LOCAL_PATH_AND_CHANNEL;

    public static GuiProfiledPrincipal getPrincipalUser() {
        return getPrincipalUser(SecurityContextHolder.getContext().getAuthentication());
    }

    public static GuiProfiledPrincipal getPrincipalUser(Authentication authentication) {
        if (authentication == null) {
            LOGGER.trace("Authentication not available in security context.");
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal == null) {
            return null;
        }
        if (principal instanceof GuiProfiledPrincipal) {
            return (GuiProfiledPrincipal) principal;
        }
        if ("anonymousUser".equals(principal)) {
            return null;
        }
        LOGGER.debug("Principal user in security context holder is {} ({}) but not type of {}", new Object[]{principal, principal.getClass(), GuiProfiledPrincipal.class.getName()});
        return null;
    }

    public static boolean isMenuAuthorized(MainMenuItem mainMenuItem) {
        Class<? extends WebPage> pageClass = mainMenuItem.getPageClass();
        return pageClass == null || isPageAuthorized(pageClass);
    }

    public static boolean isMenuAuthorized(MenuItem menuItem) {
        return isPageAuthorized(menuItem.getPageClass());
    }

    public static boolean isPageAuthorized(Class cls) {
        PageDescriptor pageDescriptor;
        if (cls == null || (pageDescriptor = (PageDescriptor) cls.getAnnotation(PageDescriptor.class)) == null) {
            return false;
        }
        AuthorizationAction[] action = pageDescriptor.action();
        ArrayList arrayList = new ArrayList();
        if (action != null) {
            for (AuthorizationAction authorizationAction : action) {
                arrayList.add(authorizationAction.actionUri());
            }
        }
        return WebComponentUtil.isAuthorized((String[]) arrayList.toArray(new String[arrayList.size()]));
    }

    public static WebMarkupContainer createHiddenInputForCsrf(String str) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(str) { // from class: com.evolveum.midpoint.web.security.util.SecurityUtils.1
            public void onComponentTagBody(MarkupStream markupStream, ComponentTag componentTag) {
                super.onComponentTagBody(markupStream, componentTag);
                SecurityUtils.appendHiddenInputForCsrf(getResponse());
            }
        };
        webMarkupContainer.setRenderBodyOnly(true);
        return webMarkupContainer;
    }

    public static void appendHiddenInputForCsrf(Response response) {
        CsrfToken csrfToken = getCsrfToken();
        if (csrfToken == null) {
            return;
        }
        response.write("<input type=\"hidden\" name=\"" + csrfToken.getParameterName() + "\" value=\"" + csrfToken.getToken() + "\"/>");
    }

    public static CsrfToken getCsrfToken() {
        return (CsrfToken) ((HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest()).getAttribute("_csrf");
    }

    public static AuthenticationSequenceType getSequenceByPath(HttpServletRequest httpServletRequest, AuthenticationsPolicyType authenticationsPolicyType) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        if (authenticationsPolicyType == null || authenticationsPolicyType.getSequence() == null || authenticationsPolicyType.getSequence().isEmpty()) {
            return null;
        }
        String[] split = StringUtils.stripStartingSlashes(substring).split(GuiConstants.DEFAULT_PATH_AFTER_LOGOUT);
        AuthenticationSequenceType specificSequence = getSpecificSequence(httpServletRequest);
        if (specificSequence != null) {
            return specificSequence;
        }
        if (split.length < 2 || !split[0].equals("auth")) {
            String searchChannelByPath = searchChannelByPath(substring);
            if (searchChannelByPath == null) {
                searchChannelByPath = SecurityPolicyUtil.DEFAULT_CHANNEL;
            }
            return searchSequence(searchChannelByPath, true, authenticationsPolicyType);
        }
        AuthenticationSequenceType searchSequence = searchSequence(split[1], false, authenticationsPolicyType);
        if (searchSequence == null) {
            LOGGER.debug("Couldn't find sequence by preffix {}, so try default channel", split[1]);
            searchSequence = searchSequence(SecurityPolicyUtil.DEFAULT_CHANNEL, true, authenticationsPolicyType);
        }
        return searchSequence;
    }

    public static String searchChannelByPath(String str) {
        for (String str2 : LOCAL_PATH_AND_CHANNEL.keySet()) {
            if (StringUtils.stripStartingSlashes(str).startsWith(str2)) {
                return LOCAL_PATH_AND_CHANNEL.get(str2);
            }
        }
        return null;
    }

    public static String searchPathByChannel(String str) {
        for (Map.Entry<String, String> entry : LOCAL_PATH_AND_CHANNEL.entrySet()) {
            if (entry.getValue().equals(str)) {
                return entry.getKey();
            }
        }
        return null;
    }

    public static String findChannelByRequest(HttpServletRequest httpServletRequest) {
        return searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
    }

    private static AuthenticationSequenceType getSpecificSequence(HttpServletRequest httpServletRequest) {
        String header;
        if (!LOCAL_PATH_AND_CHANNEL.get("ws/rest").equals(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null) {
            return null;
        }
        if (!NameOfModuleType.CLUSTER.getName().toLowerCase().equals(header.split(" ")[0].toLowerCase())) {
            return null;
        }
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.setName(NameOfModuleType.CLUSTER.getName());
        new AuthenticationSequenceChannelType().setUrlSuffix(NameOfModuleType.CLUSTER.getName().toLowerCase());
        return authenticationSequenceType;
    }

    private static AuthenticationSequenceType searchSequence(String str, boolean z, AuthenticationsPolicyType authenticationsPolicyType) {
        Validate.notBlank(str, "Comparison attribute for searching of sequence is blank", new Object[0]);
        for (AuthenticationSequenceType authenticationSequenceType : authenticationsPolicyType.getSequence()) {
            if (authenticationSequenceType != null && authenticationSequenceType.getChannel() != null) {
                if (z && str.equals(authenticationSequenceType.getChannel().getChannelId()) && Boolean.TRUE.equals(authenticationSequenceType.getChannel().isDefault())) {
                    if (authenticationSequenceType.getModule() == null || authenticationSequenceType.getModule().isEmpty()) {
                        return null;
                    }
                    return authenticationSequenceType;
                }
                if (!z && str.equals(authenticationSequenceType.getChannel().getUrlSuffix())) {
                    if (authenticationSequenceType.getModule() == null || authenticationSequenceType.getModule().isEmpty()) {
                        return null;
                    }
                    return authenticationSequenceType;
                }
            }
        }
        return null;
    }

    public static AuthenticationSequenceType getSequenceByName(String str, AuthenticationsPolicyType authenticationsPolicyType) {
        if (authenticationsPolicyType == null || authenticationsPolicyType.getSequence() == null || authenticationsPolicyType.getSequence().isEmpty()) {
            return null;
        }
        Validate.notBlank(str, "Name for searching of sequence is blank", new Object[0]);
        for (AuthenticationSequenceType authenticationSequenceType : authenticationsPolicyType.getSequence()) {
            if (authenticationSequenceType != null && str.equals(authenticationSequenceType.getName())) {
                if (authenticationSequenceType.getModule() == null || authenticationSequenceType.getModule().isEmpty()) {
                    return null;
                }
                return authenticationSequenceType;
            }
        }
        return null;
    }

    public static List<AuthModule> buildModuleFilters(AuthModuleRegistryImpl authModuleRegistryImpl, AuthenticationSequenceType authenticationSequenceType, HttpServletRequest httpServletRequest, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, Map<Class<? extends Object>, Object> map, AuthenticationChannel authenticationChannel) {
        Validate.notNull(authModuleRegistryImpl, "Registry for module factories is null", new Object[0]);
        Validate.notEmpty(authenticationSequenceType.getModule(), "Sequence " + authenticationSequenceType.getName() + " don't contains authentication modules", new Object[0]);
        List<AuthModule> specificModuleFilter = getSpecificModuleFilter(authenticationSequenceType.getChannel().getUrlSuffix(), httpServletRequest, map, authenticationModulesType, credentialsPolicyType);
        if (specificModuleFilter != null) {
            return specificModuleFilter;
        }
        List sortedModules = SecurityPolicyUtil.getSortedModules(authenticationSequenceType);
        ArrayList arrayList = new ArrayList();
        sortedModules.forEach(authenticationSequenceModuleType -> {
            try {
                AbstractAuthenticationModuleType moduleByName = getModuleByName(authenticationSequenceModuleType.getName(), authenticationModulesType);
                arrayList.add(authModuleRegistryImpl.findModelFactory(moduleByName).createModuleFilter(moduleByName, authenticationSequenceType.getChannel().getUrlSuffix(), httpServletRequest, map, authenticationModulesType, credentialsPolicyType, authenticationChannel));
            } catch (Exception e) {
                LOGGER.error("Couldn't build filter for module moduleFactory", e);
            }
        });
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }

    private static List<AuthModule> getSpecificModuleFilter(String str, HttpServletRequest httpServletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType) {
        String header;
        if (!LOCAL_PATH_AND_CHANNEL.get("ws/rest").equals(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null) {
            return null;
        }
        if (!NameOfModuleType.CLUSTER.getName().toLowerCase().equals(header.split(" ")[0].toLowerCase())) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        HttpClusterModuleFactory httpClusterModuleFactory = (HttpClusterModuleFactory) ContextLoader.getCurrentWebApplicationContext().getBean(HttpClusterModuleFactory.class);
        AbstractAuthenticationModuleType abstractAuthenticationModuleType = new AbstractAuthenticationModuleType() { // from class: com.evolveum.midpoint.web.security.util.SecurityUtils.2
        };
        abstractAuthenticationModuleType.setName(NameOfModuleType.CLUSTER.getName().toLowerCase() + "-module");
        try {
            arrayList.add(httpClusterModuleFactory.createModuleFilter(abstractAuthenticationModuleType, str, httpServletRequest, map, authenticationModulesType, credentialsPolicyType, null));
            return arrayList;
        } catch (Exception e) {
            LOGGER.error("Couldn't create module for cluster authentication");
            return null;
        }
    }

    private static AbstractAuthenticationModuleType getModuleByName(String str, AuthenticationModulesType authenticationModulesType) {
        ArrayList<AbstractAuthenticationModuleType> arrayList = new ArrayList();
        arrayList.addAll(authenticationModulesType.getLoginForm());
        arrayList.addAll(authenticationModulesType.getSaml2());
        arrayList.addAll(authenticationModulesType.getHttpBasic());
        arrayList.addAll(authenticationModulesType.getHttpHeader());
        arrayList.addAll(authenticationModulesType.getHttpSecQ());
        arrayList.addAll(authenticationModulesType.getMailNonce());
        arrayList.addAll(authenticationModulesType.getOidc());
        arrayList.addAll(authenticationModulesType.getSecurityQuestionsForm());
        arrayList.addAll(authenticationModulesType.getSmsNonce());
        arrayList.addAll(authenticationModulesType.getLdap());
        for (AbstractAuthenticationModuleType abstractAuthenticationModuleType : arrayList) {
            if (abstractAuthenticationModuleType.getName().equals(str)) {
                return abstractAuthenticationModuleType;
            }
        }
        return null;
    }

    public static AbstractModuleFactory getFactoryByName(AuthModuleRegistryImpl authModuleRegistryImpl, String str, AuthenticationModulesType authenticationModulesType) {
        AbstractAuthenticationModuleType moduleByName = getModuleByName(str, authenticationModulesType);
        if (moduleByName != null) {
            return authModuleRegistryImpl.findModelFactory(moduleByName);
        }
        return null;
    }

    public static boolean isPermitAll(HttpServletRequest httpServletRequest) {
        Iterator<String> it = DescriptorLoader.getPermitAllUrls().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher(it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        String servletPath = httpServletRequest.getServletPath();
        return "".equals(servletPath) || GuiConstants.DEFAULT_PATH_AFTER_LOGOUT.equals(servletPath);
    }

    public static boolean isLoginPage(HttpServletRequest httpServletRequest) {
        Iterator<String> it = DescriptorLoader.getLoginPages().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher(it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    public static ModuleAuthentication getProcessingModule(boolean z) {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            if (!z) {
                return null;
            }
            LOGGER.error("Type of actual authentication in security context isn't MidpointAuthentication");
            throw new AuthenticationServiceException("web.security.flexAuth.auth.wrong.type");
        }
        MidpointAuthentication midpointAuthentication = authentication;
        ModuleAuthentication processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication();
        if (!z || processingModuleAuthentication != null) {
            return processingModuleAuthentication;
        }
        LOGGER.error("Couldn't find processing module authentication {}", midpointAuthentication);
        throw new AuthenticationServiceException("web.security.flexAuth.module.null");
    }

    public static void saveException(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        httpServletRequest.getSession(false);
        httpServletRequest.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", authenticationException);
    }

    public static AuthenticationChannel buildAuthChannel(AuthChannelRegistryImpl authChannelRegistryImpl, AuthenticationSequenceType authenticationSequenceType) {
        Validate.notNull(authenticationSequenceType, "Couldn't build authentication channel object, because sequence is null", new Object[0]);
        String str = null;
        AuthenticationSequenceChannelType channel = authenticationSequenceType.getChannel();
        if (channel != null) {
            str = channel.getChannelId();
        }
        AbstractChannelFactory findModelFactory = authChannelRegistryImpl.findModelFactory(str);
        if (findModelFactory == null) {
            LOGGER.error("Couldn't find factory for {}", str);
            return null;
        }
        AuthenticationChannel authenticationChannel = null;
        try {
            authenticationChannel = findModelFactory.createAuthChannel(channel);
        } catch (Exception e) {
            LOGGER.error("Couldn't create channel for {}", str);
        }
        return authenticationChannel;
    }

    public static Map<String, String> obtainAnswers(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        JSONArray jSONArray = new JSONArray(str);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            hashMap.put(jSONObject.getString(str2), jSONObject.getString(str3));
        }
        return hashMap;
    }

    public static void resolveProxyUserOidHeader(HttpServletRequest httpServletRequest) {
        ModuleAuthentication processingModuleAuthentication;
        String header = httpServletRequest.getHeader(PROXY_USER_OID_HEADER);
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (header == null || !(authentication instanceof MidpointAuthentication) || (processingModuleAuthentication = authentication.getProcessingModuleAuthentication()) == null || !(processingModuleAuthentication instanceof HttpModuleAuthentication)) {
            return;
        }
        ((HttpModuleAuthentication) processingModuleAuthentication).setProxyUserOid(header);
    }

    private static Task createAnonymousTask(String str, TaskManager taskManager) {
        Task createTaskInstance = taskManager.createTaskInstance(str);
        createTaskInstance.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
        return createTaskInstance;
    }

    public static UserType searchUserPrivileged(final String str, SecurityContextManager securityContextManager, final TaskManager taskManager, final ModelService modelService, final PrismContext prismContext) {
        return (UserType) securityContextManager.runPrivileged(new Producer<UserType>() { // from class: com.evolveum.midpoint.web.security.util.SecurityUtils.3
            ObjectQuery query;

            {
                this.query = prismContext.queryFor(UserType.class).item(UserType.F_NAME).eqPoly(str).matchingNorm().build();
            }

            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public UserType m943run() {
                try {
                    SearchResultList searchObjects = modelService.searchObjects(UserType.class, this.query, (Collection) null, SecurityUtils.createAnonymousTask("load user", taskManager), new OperationResult("search user"));
                    if (searchObjects == null || searchObjects.isEmpty()) {
                        SecurityUtils.LOGGER.trace("Empty user list in ForgetPassword");
                        return null;
                    }
                    if (searchObjects.size() > 1) {
                        SecurityUtils.LOGGER.trace("Problem while seeking for user");
                        return null;
                    }
                    UserType asObjectable = ((PrismObject) searchObjects.iterator().next()).asObjectable();
                    SecurityUtils.LOGGER.trace("User found for ForgetPassword: {}", asObjectable);
                    return asObjectable;
                } catch (SchemaException | ObjectNotFoundException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
                    LoggingUtils.logException(SecurityUtils.LOGGER, "failed to search user", e, new Object[0]);
                    return null;
                }
            }
        });
    }

    public static SecurityPolicyType resolveSecurityPolicy(final PrismObject<UserType> prismObject, SecurityContextManager securityContextManager, final TaskManager taskManager, final ModelInteractionService modelInteractionService) {
        return (SecurityPolicyType) securityContextManager.runPrivileged(new Producer<SecurityPolicyType>() { // from class: com.evolveum.midpoint.web.security.util.SecurityUtils.4
            private static final long serialVersionUID = 1;

            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public SecurityPolicyType m944run() {
                try {
                    return modelInteractionService.getSecurityPolicy(prismObject, SecurityUtils.createAnonymousTask("get security policy", taskManager), new OperationResult("get security policy"));
                } catch (CommonException e) {
                    SecurityUtils.LOGGER.error("Could not retrieve security policy: {}", e.getMessage(), e);
                    return null;
                }
            }
        });
    }

    public static boolean isIgnoredLocalPath(AuthenticationsPolicyType authenticationsPolicyType, HttpServletRequest httpServletRequest) {
        if (authenticationsPolicyType == null || authenticationsPolicyType.getIgnoredLocalPath() == null || authenticationsPolicyType.getIgnoredLocalPath().isEmpty()) {
            return false;
        }
        Iterator it = authenticationsPolicyType.getIgnoredLocalPath().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher((String) it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    public static String getPathForLogoutWithContextPath(String str, @NotNull ModuleAuthentication moduleAuthentication) {
        return "/" + StringUtils.stripSlashes(str) + getPathForLogout(moduleAuthentication);
    }

    public static String getPathForLogout(@NotNull ModuleAuthentication moduleAuthentication) {
        return "/" + StringUtils.stripSlashes(moduleAuthentication.getPrefix()) + "/logout";
    }

    public static ModuleAuthentication getAuthenticatedModule() {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            throw new IllegalArgumentException("Unsupported type " + (authentication == null ? null : authentication.getClass().getName()) + " of authentication for MidpointLogoutRedirectFilter, supported is only MidpointAuthentication");
        }
        for (ModuleAuthentication moduleAuthentication : authentication.getAuthentications()) {
            if (StateOfModule.SUCCESSFULLY.equals(moduleAuthentication.getState())) {
                return moduleAuthentication;
            }
        }
        return null;
    }

    public static boolean isBasePathForSequence(HttpServletRequest httpServletRequest, AuthenticationSequenceType authenticationSequenceType) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        if (substring.startsWith("/auth")) {
            return (authenticationSequenceType == null || authenticationSequenceType.getChannel() == null || authenticationSequenceType.getChannel().getUrlSuffix() == null || !StringUtils.stripSlashes(substring.substring(substring.indexOf("/auth") + "/auth".length())).equals(StringUtils.stripSlashes(authenticationSequenceType.getChannel().getUrlSuffix()))) ? false : true;
        }
        return false;
    }

    static {
        HashMap hashMap = new HashMap();
        hashMap.put("ws/rest", SchemaConstants.CHANNEL_REST_URI);
        hashMap.put("actuator", SchemaConstants.CHANNEL_ACTUATOR_URI);
        hashMap.put("resetPassword", SchemaConstants.CHANNEL_GUI_RESET_PASSWORD_URI);
        hashMap.put("registration", SchemaConstants.CHANNEL_GUI_SELF_REGISTRATION_URI);
        LOCAL_PATH_AND_CHANNEL = Collections.unmodifiableMap(hashMap);
    }
}
