package com.evolveum.midpoint.web.security.util;

import com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction;
import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.gui.impl.component.menu.LeftMenuAuthzUtil;
import com.evolveum.midpoint.web.component.menu.MainMenuItem;
import com.evolveum.midpoint.web.component.menu.MenuItem;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.apache.wicket.markup.ComponentTag;
import org.apache.wicket.markup.MarkupStream;
import org.apache.wicket.markup.html.WebMarkupContainer;
import org.apache.wicket.markup.html.WebPage;
import org.apache.wicket.request.Response;
import org.apache.wicket.request.cycle.RequestCycle;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.web.csrf.CsrfToken;
import org.springframework.security.web.reactive.result.view.CsrfRequestDataValueProcessor;

/* loaded from: input_file:BOOT-INF/lib/admin-gui-4.6.2-SNAPSHOT.jar:com/evolveum/midpoint/web/security/util/SecurityUtils.class */
public class SecurityUtils {
    public static final String DEFAULT_LOGOUT_PATH = "/logout";

    public static boolean isMenuAuthorized(MainMenuItem mainMenuItem) {
        Class<? extends WebPage> pageClass = mainMenuItem.getPageClass();
        return pageClass == null || isPageAuthorized(pageClass);
    }

    public static boolean isMenuAuthorized(MenuItem menuItem) {
        Class<? extends WebPage> pageClass = menuItem.getPageClass();
        List<String> authorizationsForPage = LeftMenuAuthzUtil.getAuthorizationsForPage(pageClass);
        return CollectionUtils.isNotEmpty(authorizationsForPage) ? WebComponentUtil.isAuthorized(authorizationsForPage) : isPageAuthorized(pageClass);
    }

    public static boolean isCollectionMenuAuthorized(MenuItem menuItem) {
        Class<? extends WebPage> pageClass = menuItem.getPageClass();
        List<String> authorizationsForView = LeftMenuAuthzUtil.getAuthorizationsForView(pageClass);
        return CollectionUtils.isNotEmpty(authorizationsForView) ? WebComponentUtil.isAuthorized(authorizationsForView) : isPageAuthorized(pageClass);
    }

    public static boolean isPageAuthorized(Class<?> cls) {
        PageDescriptor pageDescriptor;
        if (cls == null || (pageDescriptor = (PageDescriptor) cls.getAnnotation(PageDescriptor.class)) == null) {
            return false;
        }
        AuthorizationAction[] action = pageDescriptor.action();
        ArrayList arrayList = new ArrayList();
        for (AuthorizationAction authorizationAction : action) {
            arrayList.add(authorizationAction.actionUri());
        }
        return WebComponentUtil.isAuthorized((String[]) arrayList.toArray(new String[0]));
    }

    public static List<String> getPageAuthorizations(Class<?> cls) {
        PageDescriptor pageDescriptor;
        ArrayList arrayList = new ArrayList();
        if (cls != null && (pageDescriptor = (PageDescriptor) cls.getAnnotation(PageDescriptor.class)) != null) {
            for (AuthorizationAction authorizationAction : pageDescriptor.action()) {
                arrayList.add(authorizationAction.actionUri());
            }
            return arrayList;
        }
        return arrayList;
    }

    public static WebMarkupContainer createHiddenInputForCsrf(String str) {
        WebMarkupContainer webMarkupContainer = new WebMarkupContainer(str) { // from class: com.evolveum.midpoint.web.security.util.SecurityUtils.1
            @Override // org.apache.wicket.MarkupContainer, org.apache.wicket.Component
            public void onComponentTagBody(MarkupStream markupStream, ComponentTag componentTag) {
                super.onComponentTagBody(markupStream, componentTag);
                SecurityUtils.appendHiddenInputForCsrf(getResponse());
            }
        };
        webMarkupContainer.setRenderBodyOnly(true);
        return webMarkupContainer;
    }

    public static void appendHiddenInputForCsrf(Response response) {
        CsrfToken csrfToken = getCsrfToken();
        if (csrfToken == null) {
            return;
        }
        response.write("<input type=\"hidden\" name=\"" + csrfToken.getParameterName() + "\" value=\"" + csrfToken.getToken() + "\"/>");
    }

    public static CsrfToken getCsrfToken() {
        return (CsrfToken) ((HttpServletRequest) RequestCycle.get().getRequest().getContainerRequest()).getAttribute(CsrfRequestDataValueProcessor.DEFAULT_CSRF_ATTR_NAME);
    }

    public static AuthenticationSequenceType getSequenceByName(String str, AuthenticationsPolicyType authenticationsPolicyType) {
        if (authenticationsPolicyType == null || authenticationsPolicyType.getSequence() == null || authenticationsPolicyType.getSequence().isEmpty()) {
            return null;
        }
        Validate.notBlank(str, "Name for searching of sequence is blank", new Object[0]);
        for (AuthenticationSequenceType authenticationSequenceType : authenticationsPolicyType.getSequence()) {
            if (authenticationSequenceType != null && str.equals(authenticationSequenceType.getName())) {
                if (authenticationSequenceType.getModule() == null || authenticationSequenceType.getModule().isEmpty()) {
                    return null;
                }
                return authenticationSequenceType;
            }
        }
        return null;
    }

    public static String getPathForLogoutWithContextPath(String str, @NotNull String str2) {
        return StringUtils.isNotEmpty(str) ? "/" + AuthUtil.stripSlashes(str) + getPathForLogout(str2) : getPathForLogout(str2);
    }

    private static String getPathForLogout(@NotNull String str) {
        return "/" + AuthUtil.stripSlashes(str) + "/logout";
    }
}
