package com.evolveum.midpoint.authentication.api.util;

import com.evolveum.midpoint.authentication.api.AuthenticationModuleState;
import com.evolveum.midpoint.authentication.api.RemoveUnusedSecurityFilterPublisher;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.model.api.ModelInteractionService;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RegistrationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SelfRegistrationPolicyType;
import java.util.Objects;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/evolveum/midpoint/authentication/api/util/AuthUtil.class */
public class AuthUtil {
    private static final Trace LOGGER = TraceManager.getTrace(AuthUtil.class);
    private static final String DOT_CLASS = AuthUtil.class.getName() + ".";
    private static final String OPERATION_LOAD_FLOW_POLICY = DOT_CLASS + "loadFlowPolicy";

    public static GuiProfiledPrincipal getPrincipalUser() {
        return getPrincipalUser(SecurityContextHolder.getContext().getAuthentication());
    }

    public static GuiProfiledPrincipal getPrincipalUser(Authentication authentication) {
        if (authentication == null) {
            LOGGER.trace("Authentication not available in security context.");
            return null;
        }
        Object principal = authentication.getPrincipal();
        if (principal == null) {
            return null;
        }
        if (principal instanceof GuiProfiledPrincipal) {
            return (GuiProfiledPrincipal) principal;
        }
        if ("anonymousUser".equals(principal)) {
            return null;
        }
        LOGGER.debug("Principal user in security context holder is {} ({}) but not type of {}", new Object[]{principal, principal.getClass(), GuiProfiledPrincipal.class.getName()});
        return null;
    }

    public static boolean isPostAuthenticationEnabled(TaskManager taskManager, ModelInteractionService modelInteractionService) {
        SelfRegistrationPolicyType postAuthentication;
        GuiProfiledPrincipal principalUser = getPrincipalUser();
        if (principalUser == null) {
            return false;
        }
        FocusType focus = principalUser.getFocus();
        try {
            RegistrationsPolicyType flowPolicy = modelInteractionService.getFlowPolicy(focus.asPrismObject(), taskManager.createTaskInstance(OPERATION_LOAD_FLOW_POLICY), new OperationResult(OPERATION_LOAD_FLOW_POLICY));
            if (flowPolicy == null || (postAuthentication = flowPolicy.getPostAuthentication()) == null) {
                return false;
            }
            String requiredLifecycleState = postAuthentication.getRequiredLifecycleState();
            if (StringUtils.isNotBlank(requiredLifecycleState)) {
                return requiredLifecycleState.equals(focus.getLifecycleState());
            }
            return false;
        } catch (CommonException e) {
            LoggingUtils.logException(LOGGER, "Cannot determine post authentication policies", e, new Object[0]);
            return false;
        }
    }

    public static MidpointAuthentication getMidpointAuthentication() {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            return authentication;
        }
        throw new AuthenticationServiceException("web.security.flexAuth.auth.wrong.type");
    }

    public static ModuleAuthentication getAuthenticatedModule() {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            throw new IllegalArgumentException("Unsupported type " + (authentication == null ? null : authentication.getClass().getName()) + " of authentication for MidpointLogoutRedirectFilter, supported is only MidpointAuthentication");
        }
        for (ModuleAuthentication moduleAuthentication : authentication.getAuthentications()) {
            if (AuthenticationModuleState.SUCCESSFULLY.equals(moduleAuthentication.getState())) {
                return moduleAuthentication;
            }
        }
        return null;
    }

    @Nullable
    public static ModuleAuthentication getProcessingModuleIfExist() {
        return getProcessingModule(false);
    }

    @NotNull
    public static ModuleAuthentication getProcessingModule() {
        return (ModuleAuthentication) Objects.requireNonNull(getProcessingModule(true));
    }

    private static ModuleAuthentication getProcessingModule(boolean z) {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            if (!z) {
                return null;
            }
            LOGGER.error("Type of actual authentication in security context isn't MidpointAuthentication");
            throw new AuthenticationServiceException("web.security.flexAuth.auth.wrong.type");
        }
        MidpointAuthentication midpointAuthentication = authentication;
        ModuleAuthentication processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication();
        if (!z || processingModuleAuthentication != null) {
            return processingModuleAuthentication;
        }
        LOGGER.error("Couldn't find processing module authentication {}", midpointAuthentication);
        throw new AuthenticationServiceException("web.security.flexAuth.module.null");
    }

    public static String stripEndingSlashes(String str) {
        if (StringUtils.isNotEmpty(str) && str.endsWith(AuthConstants.DEFAULT_PATH_AFTER_LOGOUT)) {
            if (str.equals(AuthConstants.DEFAULT_PATH_AFTER_LOGOUT)) {
                return "";
            }
            str = str.substring(0, str.length() - 1);
        }
        return str;
    }

    public static String stripStartingSlashes(String str) {
        if (StringUtils.isNotEmpty(str) && str.startsWith(AuthConstants.DEFAULT_PATH_AFTER_LOGOUT)) {
            if (str.equals(AuthConstants.DEFAULT_PATH_AFTER_LOGOUT)) {
                return "";
            }
            str = str.substring(1);
        }
        return str;
    }

    public static String stripSlashes(String str) {
        return stripEndingSlashes(stripStartingSlashes(str));
    }

    public static String resolveTokenTypeByModuleType(String str) {
        return AuthenticationModuleNameConstants.OIDC.equals(str) ? "Bearer" : str;
    }

    public static void clearMidpointAuthentication() {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((authentication instanceof MidpointAuthentication) && authentication.getAuthenticationChannel() != null && SecurityPolicyUtil.DEFAULT_CHANNEL.equals(authentication.getAuthenticationChannel().getChannelId())) {
            RemoveUnusedSecurityFilterPublisher.get().publishCustomEvent(authentication);
        }
        SecurityContextHolder.getContext().setAuthentication((Authentication) null);
    }
}
