package com.evolveum.midpoint.authentication.impl.authorization;

import com.evolveum.midpoint.authentication.api.authorization.AuthorizationAction;
import com.evolveum.midpoint.authentication.api.authorization.DescriptorLoader;
import com.evolveum.midpoint.authentication.api.authorization.PageDescriptor;
import com.evolveum.midpoint.authentication.api.authorization.Url;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.util.ClassPathUtil;
import com.evolveum.midpoint.util.DebugUtil;
import com.evolveum.midpoint.util.exception.SystemException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.lang.annotation.Annotation;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.function.Consumer;
import org.apache.commons.lang3.StringUtils;
import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;

@Component("descriptorLoader")
/* loaded from: input_file:WEB-INF/lib/authentication-impl-4.6-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/authorization/DescriptorLoaderImpl.class */
public final class DescriptorLoaderImpl implements DescriptorLoader {

    @Value("${midpoint.additionalPackagesToScan:}")
    private String additionalPackagesToScan;
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) DescriptorLoaderImpl.class);
    private static Map<String, AuthorizationActionValue[]> actions = new HashMap();
    private static List<String> permitAllUrls = new ArrayList();
    private static List<String> loginPages = new ArrayList();
    private static Map<String, List<String>> mapForAuthPages = new HashMap();

    public static Map<String, AuthorizationActionValue[]> getActions() {
        return actions;
    }

    public static Collection<String> getPermitAllUrls() {
        return permitAllUrls;
    }

    public static List<String> getLoginPages() {
        return loginPages;
    }

    public static Map<String, List<String>> getMapForAuthPages() {
        return mapForAuthPages;
    }

    public static List<String> getPageUrlsByAuthName(String str) {
        return mapForAuthPages.get(str);
    }

    public static boolean existPageUrlByAuthName(String str) {
        return mapForAuthPages.containsKey(str);
    }

    @Override // com.evolveum.midpoint.authentication.api.authorization.DescriptorLoader
    public void loadData() {
        LOGGER.debug("Loading data from descriptor files.");
        try {
            scanPackagesForPages();
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("loaded:\n{}", debugDump(1));
            }
        } catch (IllegalAccessException | InstantiationException e) {
            LOGGER.error("Error scanning packages for PageDescriptor classes: {}", e.getMessage(), e);
            throw new SystemException("Error scanning packages for PageDescriptor classes: " + e.getMessage(), e);
        }
    }

    private void scanPackagesForPages() throws InstantiationException, IllegalAccessException {
        Iterator<Class<?>> it = ClassPathUtil.scanClasses((Class<? extends Annotation>) PageDescriptor.class, StringUtils.joinWith(",", ClassPathUtil.DEFAULT_PACKAGE_TO_SCAN, this.additionalPackagesToScan)).iterator();
        while (it.hasNext()) {
            PageDescriptor pageDescriptor = (PageDescriptor) it.next().getAnnotation(PageDescriptor.class);
            if (pageDescriptor != null) {
                loadActions(pageDescriptor);
            }
        }
    }

    private void loadActions(PageDescriptor pageDescriptor) {
        if (pageDescriptor.loginPage()) {
            List<String> list = loginPages;
            Objects.requireNonNull(list);
            foreachUrl(pageDescriptor, (v1) -> {
                r2.add(v1);
            });
        }
        if (StringUtils.isNotEmpty(pageDescriptor.authModule())) {
            ArrayList arrayList = new ArrayList();
            Objects.requireNonNull(arrayList);
            foreachUrl(pageDescriptor, (v1) -> {
                r2.add(v1);
            });
            addAuthPage(pageDescriptor, arrayList);
        }
        if (pageDescriptor.permitAll()) {
            List<String> list2 = permitAllUrls;
            Objects.requireNonNull(list2);
            foreachUrl(pageDescriptor, (v1) -> {
                r2.add(v1);
            });
            return;
        }
        ArrayList arrayList2 = new ArrayList();
        if (pageDescriptor.action() == null || pageDescriptor.action().length == 0) {
            return;
        }
        boolean z = true;
        AuthorizationAction[] action = pageDescriptor.action();
        int length = action.length;
        int i = 0;
        while (true) {
            if (i >= length) {
                break;
            }
            AuthorizationAction authorizationAction = action[i];
            arrayList2.add(new AuthorizationActionValue(authorizationAction.actionUri(), authorizationAction.label(), authorizationAction.description()));
            if (AuthorizationConstants.AUTZ_NO_ACCESS_URL.equals(authorizationAction.actionUri())) {
                z = false;
                break;
            }
            i++;
        }
        if (z) {
            arrayList2.add(new AuthorizationActionValue(AuthorizationConstants.AUTZ_GUI_ALL_URL, AuthorizationConstants.AUTZ_GUI_ALL_LABEL, AuthorizationConstants.AUTZ_GUI_ALL_DESCRIPTION));
        }
        foreachUrl(pageDescriptor, str -> {
            actions.put(str, (AuthorizationActionValue[]) arrayList2.toArray(new AuthorizationActionValue[0]));
        });
    }

    private void addAuthPage(PageDescriptor pageDescriptor, List<String> list) {
        if (existPageUrlByAuthName(pageDescriptor.authModule())) {
            mapForAuthPages.get(pageDescriptor.authModule()).addAll(list);
        } else {
            mapForAuthPages.put(pageDescriptor.authModule(), list);
        }
    }

    private void foreachUrl(PageDescriptor pageDescriptor, Consumer<String> consumer) {
        for (Url url : pageDescriptor.urls()) {
            String matchUrlForSecurity = url.matchUrlForSecurity();
            if (StringUtils.isEmpty(matchUrlForSecurity)) {
                matchUrlForSecurity = buildPrefixUrl(url.mountUrl());
            }
            consumer.accept(matchUrlForSecurity);
        }
    }

    public String buildPrefixUrl(String str) {
        StringBuilder sb = new StringBuilder();
        sb.append(str);
        if (!str.endsWith("/")) {
            sb.append("/");
        }
        sb.append(SecurityConstraint.ROLE_ALL_AUTHENTICATED_USERS);
        return sb.toString();
    }

    @Override // com.evolveum.midpoint.util.DebugDumpable
    public String debugDump() {
        return debugDump(0);
    }

    @Override // com.evolveum.midpoint.util.DebugDumpable
    public String debugDump(int i) {
        StringBuilder sb = new StringBuilder();
        DebugUtil.indentDebugDump(sb, i);
        sb.append("DescriptorLoader\n");
        DebugUtil.debugDumpWithLabelLn(sb, "actions", actions, i + 1);
        DebugUtil.debugDumpWithLabelLn(sb, "permitAllUrls", permitAllUrls, i + 1);
        DebugUtil.debugDumpWithLabelLn(sb, "loginPages", loginPages, i + 1);
        DebugUtil.debugDumpWithLabel(sb, "mapForAuthPages", mapForAuthPages, i + 1);
        return sb.toString();
    }
}
