package com.evolveum.midpoint.authentication.impl.util;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.authorization.DescriptorLoaderImpl;
import com.evolveum.midpoint.authentication.impl.factory.channel.AbstractChannelFactory;
import com.evolveum.midpoint.authentication.impl.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.authentication.impl.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.authentication.impl.factory.module.HttpClusterModuleFactory;
import com.evolveum.midpoint.authentication.impl.module.authentication.HttpModuleAuthentication;
import com.evolveum.midpoint.model.api.ModelInteractionService;
import com.evolveum.midpoint.model.api.ModelService;
import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.security.api.SecurityContextManager;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusBehaviorUpdateType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.github.openjson.JSONArray;
import com.github.openjson.JSONObject;
import com.google.common.collect.ImmutableMap;
import java.util.ArrayList;
import java.util.Collection;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import java.util.Set;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.Validate;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/util/AuthSequenceUtil.class */
public class AuthSequenceUtil {
    private static final String PROXY_USER_OID_HEADER = "Switch-To-Principal";
    private static final Trace LOGGER = TraceManager.getTrace(AuthSequenceUtil.class);
    private static final Map<String, String> LOCAL_PATH_AND_CHANNEL = ImmutableMap.builder().put("ws", SchemaConstants.CHANNEL_REST_URI).put("rest", SchemaConstants.CHANNEL_REST_URI).put("api", SchemaConstants.CHANNEL_REST_URI).put("actuator", SchemaConstants.CHANNEL_ACTUATOR_URI).put("resetPassword", SchemaConstants.CHANNEL_RESET_PASSWORD_URI).put("registration", SchemaConstants.CHANNEL_SELF_REGISTRATION_URI).build();

    public static AuthenticationSequenceType getSequenceByPath(HttpServletRequest httpServletRequest, AuthenticationsPolicyType authenticationsPolicyType, Collection<ObjectReferenceType> collection) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        if (authenticationsPolicyType == null || authenticationsPolicyType.getSequence() == null || authenticationsPolicyType.getSequence().isEmpty()) {
            return null;
        }
        String[] split = AuthUtil.stripStartingSlashes(substring).split("/");
        if (isSpecificSequence(httpServletRequest)) {
            return getSpecificSequence(httpServletRequest);
        }
        List<AuthenticationSequenceType> sequencesForNodeGroups = getSequencesForNodeGroups(collection, authenticationsPolicyType);
        if (sequencesForNodeGroups.isEmpty()) {
            LOGGER.error("Not found any sequence for node group " + collection + ". Please see your configuration and define authentication sequence for this node group by defining attribute 'nodeGroup'. When will be attribute 'nodeGroup' empty, then sequence will be used for all nodes.");
            return null;
        }
        if (split.length < 2 || !split[0].equals("auth")) {
            return searchSequenceComparingChannelId(searchChannelByPath(substring), sequencesForNodeGroups);
        }
        AuthenticationSequenceType searchSequenceComparingUrlSuffix = searchSequenceComparingUrlSuffix(split[1], sequencesForNodeGroups);
        if (searchSequenceComparingUrlSuffix == null) {
            LOGGER.debug("Couldn't find sequence by prefix {}, so try default channel", split[1]);
            searchSequenceComparingUrlSuffix = searchSequenceComparingChannelId(SecurityPolicyUtil.DEFAULT_CHANNEL, sequencesForNodeGroups);
        }
        return searchSequenceComparingUrlSuffix;
    }

    public static List<AuthenticationSequenceType> getSequencesForNodeGroups(Collection<ObjectReferenceType> collection, AuthenticationsPolicyType authenticationsPolicyType) {
        Set set = (Set) collection.stream().map((v0) -> {
            return v0.getOid();
        }).collect(Collectors.toSet());
        ArrayList arrayList = new ArrayList();
        authenticationsPolicyType.getSequence().forEach(authenticationSequenceType -> {
            if (authenticationSequenceType != null) {
                if (authenticationSequenceType.getNodeGroup().isEmpty()) {
                    addSequenceToPoll(arrayList, authenticationSequenceType, false);
                    return;
                }
                for (ObjectReferenceType objectReferenceType : authenticationSequenceType.getNodeGroup()) {
                    if (objectReferenceType != null && objectReferenceType.getOid() != null && !objectReferenceType.getOid().isEmpty() && set.contains(objectReferenceType.getOid())) {
                        addSequenceToPoll(arrayList, authenticationSequenceType, true);
                        return;
                    }
                }
            }
        });
        return arrayList;
    }

    private static void addSequenceToPoll(List<AuthenticationSequenceType> list, AuthenticationSequenceType authenticationSequenceType, boolean z) {
        if (list.isEmpty()) {
            list.add(authenticationSequenceType);
            return;
        }
        if (authenticationSequenceType == null) {
            throw new IllegalArgumentException("Comparing sequence is null");
        }
        boolean equals = Boolean.TRUE.equals(authenticationSequenceType.getChannel().isDefault());
        String urlSuffix = authenticationSequenceType.getChannel().getUrlSuffix();
        String channelId = authenticationSequenceType.getChannel().getChannelId();
        for (AuthenticationSequenceType authenticationSequenceType2 : list) {
            boolean equals2 = Boolean.TRUE.equals(authenticationSequenceType2.getChannel().isDefault());
            String urlSuffix2 = authenticationSequenceType2.getChannel().getUrlSuffix();
            if (channelId.equals(authenticationSequenceType2.getChannel().getChannelId())) {
                if (urlSuffix.equalsIgnoreCase(urlSuffix2)) {
                    if (z) {
                        list.remove(authenticationSequenceType2);
                        list.add(authenticationSequenceType);
                        return;
                    }
                    return;
                }
                if (equals && equals2) {
                    if (z) {
                        list.remove(authenticationSequenceType2);
                        list.add(authenticationSequenceType);
                        return;
                    }
                    return;
                }
            }
        }
        list.add(authenticationSequenceType);
    }

    public static String searchChannelByPath(String str) {
        for (String str2 : LOCAL_PATH_AND_CHANNEL.keySet()) {
            if (AuthUtil.stripStartingSlashes(str).startsWith(str2)) {
                return LOCAL_PATH_AND_CHANNEL.get(str2);
            }
        }
        return SecurityPolicyUtil.DEFAULT_CHANNEL;
    }

    public static String searchPathByChannel(String str) {
        for (Map.Entry<String, String> entry : LOCAL_PATH_AND_CHANNEL.entrySet()) {
            if (entry.getValue().equals(str)) {
                return entry.getKey();
            }
        }
        return null;
    }

    public static String findChannelByRequest(HttpServletRequest httpServletRequest) {
        return searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()));
    }

    private static AuthenticationSequenceType getSpecificSequence(HttpServletRequest httpServletRequest) {
        String header;
        if (!SchemaConstants.CHANNEL_REST_URI.equals(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null || !"Cluster".equalsIgnoreCase(header.split(" ")[0])) {
            return null;
        }
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.setName("Cluster");
        AuthenticationSequenceChannelType authenticationSequenceChannelType = new AuthenticationSequenceChannelType();
        authenticationSequenceChannelType.setUrlSuffix("Cluster".toLowerCase());
        authenticationSequenceChannelType.setChannelId(SchemaConstants.CHANNEL_REST_URI);
        authenticationSequenceType.setChannel(authenticationSequenceChannelType);
        return authenticationSequenceType;
    }

    public static boolean isSpecificSequence(HttpServletRequest httpServletRequest) {
        String header;
        if (!SchemaConstants.CHANNEL_REST_URI.equals(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null) {
            return false;
        }
        return "Cluster".equalsIgnoreCase(header.split(" ")[0]);
    }

    private static AuthenticationSequenceType searchSequenceComparingChannelId(String str, List<AuthenticationSequenceType> list) {
        Validate.notBlank(str, "ChannelId for searching of sequence is blank", new Object[0]);
        ArrayList arrayList = new ArrayList();
        for (AuthenticationSequenceType authenticationSequenceType : list) {
            if (authenticationSequenceType != null && authenticationSequenceType.getChannel() != null && str.equals(authenticationSequenceType.getChannel().getChannelId())) {
                arrayList.add(authenticationSequenceType);
                if (Boolean.TRUE.equals(authenticationSequenceType.getChannel().isDefault())) {
                    if (authenticationSequenceType.getModule() != null && !authenticationSequenceType.getModule().isEmpty()) {
                        return authenticationSequenceType;
                    }
                    LOGGER.error("Found sequence " + authenticationSequenceType.getName() + "not contains configuration for module");
                    return null;
                }
            }
        }
        if (arrayList.size() == 1) {
            AuthenticationSequenceType clone = ((AuthenticationSequenceType) arrayList.iterator().next()).clone();
            clone.getChannel().setDefault(Boolean.TRUE);
            return clone;
        }
        if (arrayList.size() > 0) {
            LOGGER.error("Couldn't define sequence for channel " + str + " probably you define more authentication sequence for this channel, but missing one default sequence. For non-default sequence use url 'midpoint_address'/'context_path'/auth/'urlSuffix_defined_in_channel_of_sequence'");
            return null;
        }
        LOGGER.error("Couldn't define sequence for channel " + str + " probably you forgot define authentication sequence for it.");
        return null;
    }

    private static AuthenticationSequenceType searchSequenceComparingUrlSuffix(String str, List<AuthenticationSequenceType> list) {
        Validate.notBlank(str, "UrlSuffix for searching of sequence is blank", new Object[0]);
        for (AuthenticationSequenceType authenticationSequenceType : list) {
            if (authenticationSequenceType != null && authenticationSequenceType.getChannel() != null && str.equals(authenticationSequenceType.getChannel().getUrlSuffix())) {
                if (authenticationSequenceType.getModule() != null && !authenticationSequenceType.getModule().isEmpty()) {
                    return authenticationSequenceType;
                }
                LOGGER.error("Found sequence " + authenticationSequenceType.getName() + "not contains configuration for module");
                return null;
            }
        }
        return null;
    }

    public static List<AuthModule> buildModuleFilters(AuthModuleRegistryImpl authModuleRegistryImpl, AuthenticationSequenceType authenticationSequenceType, HttpServletRequest httpServletRequest, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, Map<Class<?>, Object> map, AuthenticationChannel authenticationChannel) {
        Validate.notNull(authModuleRegistryImpl, "Registry for module factories is null", new Object[0]);
        if (isSpecificSequence(httpServletRequest)) {
            return getSpecificModuleFilter(authModuleRegistryImpl, authenticationSequenceType.getChannel().getUrlSuffix(), httpServletRequest, map, authenticationModulesType, credentialsPolicyType);
        }
        Validate.notEmpty(authenticationSequenceType.getModule(), "Sequence " + authenticationSequenceType.getName() + " don't contains authentication modules", new Object[0]);
        List sortedModules = SecurityPolicyUtil.getSortedModules(authenticationSequenceType);
        ArrayList arrayList = new ArrayList();
        sortedModules.forEach(authenticationSequenceModuleType -> {
            try {
                AbstractAuthenticationModuleType moduleByName = getModuleByName(authenticationSequenceModuleType.getName(), authenticationModulesType);
                arrayList.add(authModuleRegistryImpl.findModelFactory(moduleByName, authenticationChannel).createModuleFilter(moduleByName, authenticationSequenceType.getChannel().getUrlSuffix(), httpServletRequest, map, authenticationModulesType, credentialsPolicyType, authenticationChannel));
            } catch (Exception e) {
                LOGGER.error("Couldn't build filter for module moduleFactory", e);
            }
        });
        if (arrayList.isEmpty()) {
            return null;
        }
        return arrayList;
    }

    private static List<AuthModule> getSpecificModuleFilter(AuthModuleRegistryImpl authModuleRegistryImpl, String str, HttpServletRequest httpServletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType) {
        String header;
        if (!LOCAL_PATH_AND_CHANNEL.get("ws").equals(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null || !"Cluster".equalsIgnoreCase(header.split(" ")[0])) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        HttpClusterModuleFactory httpClusterModuleFactory = (HttpClusterModuleFactory) authModuleRegistryImpl.findModelFactoryByClass(HttpClusterModuleFactory.class);
        AbstractAuthenticationModuleType abstractAuthenticationModuleType = new AbstractAuthenticationModuleType() { // from class: com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil.1
        };
        abstractAuthenticationModuleType.setName("Cluster".toLowerCase() + "-module");
        try {
            arrayList.add(httpClusterModuleFactory.createModuleFilter(abstractAuthenticationModuleType, str, httpServletRequest, map, authenticationModulesType, credentialsPolicyType, null));
            return arrayList;
        } catch (Exception e) {
            LOGGER.error("Couldn't create module for cluster authentication");
            return null;
        }
    }

    private static AbstractAuthenticationModuleType getModuleByName(String str, AuthenticationModulesType authenticationModulesType) {
        PrismContainerValue asPrismContainerValue = authenticationModulesType.asPrismContainerValue();
        ArrayList<AbstractAuthenticationModuleType> arrayList = new ArrayList();
        asPrismContainerValue.accept(visitable -> {
            if (visitable instanceof PrismContainer) {
                PrismContainer prismContainer = (PrismContainer) visitable;
                if (AbstractAuthenticationModuleType.class.isAssignableFrom((Class) Objects.requireNonNull(prismContainer.getCompileTimeClass()))) {
                    prismContainer.getValues().forEach(prismContainerValue -> {
                        arrayList.add(prismContainerValue.asContainerable());
                    });
                }
            }
        });
        for (AbstractAuthenticationModuleType abstractAuthenticationModuleType : arrayList) {
            if (abstractAuthenticationModuleType.getName().equals(str)) {
                return abstractAuthenticationModuleType;
            }
        }
        return null;
    }

    public static boolean isPermitAll(HttpServletRequest httpServletRequest) {
        Iterator<String> it = DescriptorLoaderImpl.getPermitAllUrls().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher(it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        String servletPath = httpServletRequest.getServletPath();
        return "".equals(servletPath) || "/".equals(servletPath);
    }

    public static boolean isLoginPage(HttpServletRequest httpServletRequest) {
        Iterator<String> it = DescriptorLoaderImpl.getLoginPages().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher(it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    public static void saveException(HttpServletRequest httpServletRequest, AuthenticationException authenticationException) {
        httpServletRequest.getSession().setAttribute("SPRING_SECURITY_LAST_EXCEPTION", authenticationException);
    }

    public static AuthenticationChannel buildAuthChannel(AuthChannelRegistryImpl authChannelRegistryImpl, AuthenticationSequenceType authenticationSequenceType) {
        Validate.notNull(authenticationSequenceType, "Couldn't build authentication channel object, because sequence is null", new Object[0]);
        String str = null;
        AuthenticationSequenceChannelType channel = authenticationSequenceType.getChannel();
        if (channel != null) {
            str = channel.getChannelId();
        }
        AbstractChannelFactory findModelFactory = authChannelRegistryImpl.findModelFactory(str);
        if (findModelFactory == null) {
            LOGGER.error("Couldn't find factory for {}", str);
            return null;
        }
        AuthenticationChannel authenticationChannel = null;
        try {
            authenticationChannel = findModelFactory.createAuthChannel(channel);
        } catch (Exception e) {
            LOGGER.error("Couldn't create channel for {}", str);
        }
        return authenticationChannel;
    }

    public static Map<String, String> obtainAnswers(String str, String str2, String str3) {
        if (str == null) {
            return null;
        }
        JSONArray jSONArray = new JSONArray(str);
        HashMap hashMap = new HashMap();
        for (int i = 0; i < jSONArray.length(); i++) {
            JSONObject jSONObject = jSONArray.getJSONObject(i);
            hashMap.put(jSONObject.getString(str2), jSONObject.getString(str3));
        }
        return hashMap;
    }

    public static void resolveProxyUserOidHeader(HttpServletRequest httpServletRequest) {
        String header = httpServletRequest.getHeader(PROXY_USER_OID_HEADER);
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (header == null || !(authentication instanceof MidpointAuthentication)) {
            return;
        }
        ModuleAuthentication processingModuleAuthentication = authentication.getProcessingModuleAuthentication();
        if (processingModuleAuthentication instanceof HttpModuleAuthentication) {
            ((HttpModuleAuthentication) processingModuleAuthentication).setProxyUserOid(header);
        }
    }

    private static Task createAnonymousTask(String str, TaskManager taskManager) {
        Task createTaskInstance = taskManager.createTaskInstance(str);
        createTaskInstance.setChannel(SchemaConstants.CHANNEL_USER_URI);
        return createTaskInstance;
    }

    public static UserType searchUserPrivileged(final String str, SecurityContextManager securityContextManager, final TaskManager taskManager, final ModelService modelService, final PrismContext prismContext) {
        return (UserType) securityContextManager.runPrivileged(new Producer<UserType>() { // from class: com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil.2
            final ObjectQuery query;

            {
                this.query = prismContext.queryFor(UserType.class).item(UserType.F_NAME).eqPoly(str).matchingNorm().build();
            }

            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public UserType m55run() {
                try {
                    SearchResultList searchObjects = modelService.searchObjects(UserType.class, this.query, (Collection) null, AuthSequenceUtil.createAnonymousTask("load user", taskManager), new OperationResult("search user"));
                    if (searchObjects == null || searchObjects.isEmpty()) {
                        AuthSequenceUtil.LOGGER.trace("Empty user list in ForgetPassword");
                        return null;
                    }
                    if (searchObjects.size() > 1) {
                        AuthSequenceUtil.LOGGER.trace("Problem while seeking for user");
                        return null;
                    }
                    UserType asObjectable = ((PrismObject) searchObjects.iterator().next()).asObjectable();
                    AuthSequenceUtil.LOGGER.trace("User found for ForgetPassword: {}", asObjectable);
                    return asObjectable;
                } catch (SchemaException | ObjectNotFoundException | SecurityViolationException | CommunicationException | ConfigurationException | ExpressionEvaluationException e) {
                    LoggingUtils.logException(AuthSequenceUtil.LOGGER, "failed to search user", e, new Object[0]);
                    return null;
                }
            }
        });
    }

    public static SecurityPolicyType resolveSecurityPolicy(final PrismObject<UserType> prismObject, SecurityContextManager securityContextManager, final TaskManager taskManager, final ModelInteractionService modelInteractionService) {
        return (SecurityPolicyType) securityContextManager.runPrivileged(new Producer<SecurityPolicyType>() { // from class: com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil.3
            private static final long serialVersionUID = 1;

            /* renamed from: run, reason: merged with bridge method [inline-methods] */
            public SecurityPolicyType m56run() {
                try {
                    return modelInteractionService.getSecurityPolicy(prismObject, AuthSequenceUtil.createAnonymousTask("get security policy", taskManager), new OperationResult("get security policy"));
                } catch (CommonException e) {
                    AuthSequenceUtil.LOGGER.error("Could not retrieve security policy: {}", e.getMessage(), e);
                    return null;
                }
            }
        });
    }

    public static boolean isIgnoredLocalPath(AuthenticationsPolicyType authenticationsPolicyType, HttpServletRequest httpServletRequest) {
        if (authenticationsPolicyType == null || authenticationsPolicyType.getIgnoredLocalPath() == null || authenticationsPolicyType.getIgnoredLocalPath().isEmpty()) {
            return false;
        }
        Iterator it = authenticationsPolicyType.getIgnoredLocalPath().iterator();
        while (it.hasNext()) {
            if (new AntPathRequestMatcher((String) it.next()).matches(httpServletRequest)) {
                return true;
            }
        }
        return false;
    }

    public static boolean isBasePathForSequence(HttpServletRequest httpServletRequest, AuthenticationSequenceType authenticationSequenceType) {
        String substring = httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length());
        if (substring.startsWith("/auth")) {
            return (authenticationSequenceType == null || authenticationSequenceType.getChannel() == null || authenticationSequenceType.getChannel().getUrlSuffix() == null || !AuthUtil.stripSlashes(substring.substring(substring.indexOf("/auth") + "/auth".length())).equals(AuthUtil.stripSlashes(authenticationSequenceType.getChannel().getUrlSuffix()))) ? false : true;
        }
        return false;
    }

    public static boolean isRecordSessionLessAccessChannel(HttpServletRequest httpServletRequest) {
        if (httpServletRequest == null) {
            return false;
        }
        if (isSpecificSequence(httpServletRequest)) {
            return true;
        }
        return SecurityUtil.isRecordSessionLessAccessChannel(searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length())));
    }

    public static boolean existLoginPageForActualAuthModule() {
        ModuleAuthentication processingModuleIfExist = AuthUtil.getProcessingModuleIfExist();
        if (processingModuleIfExist == null) {
            return false;
        }
        return DescriptorLoaderImpl.existPageUrlByAuthName(processingModuleIfExist.getNameOfModuleType());
    }

    public static boolean isLoginPageForActualAuthModule(String str) {
        return DescriptorLoaderImpl.getPageUrlsByAuthName(AuthUtil.getProcessingModule().getNameOfModuleType()).contains(str);
    }

    public static String getName(PrismObject<? extends FocusType> prismObject) {
        if (prismObject == null || prismObject.asObjectable().getName() == null) {
            return null;
        }
        return prismObject.asObjectable().getName().getOrig();
    }

    public static String getBasePath(HttpServletRequest httpServletRequest) {
        boolean z = true;
        if (443 == httpServletRequest.getServerPort() && "https".equals(httpServletRequest.getScheme())) {
            z = false;
        } else if (80 == httpServletRequest.getServerPort() && "http".equals(httpServletRequest.getScheme())) {
            z = false;
        }
        return httpServletRequest.getScheme() + "://" + httpServletRequest.getServerName() + (z ? ":" + httpServletRequest.getServerPort() : "") + httpServletRequest.getContextPath();
    }

    public static boolean isAllowUpdatingAuthBehavior(boolean z) {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication) || authentication.getSequence() == null) {
            return true;
        }
        FocusBehaviorUpdateType focusBehaviorUpdate = authentication.getSequence().getFocusBehaviorUpdate();
        if (focusBehaviorUpdate == null && FocusBehaviorUpdateType.ENABLED.equals(focusBehaviorUpdate)) {
            return true;
        }
        if (FocusBehaviorUpdateType.DISABLED.equals(focusBehaviorUpdate)) {
            return false;
        }
        if (FocusBehaviorUpdateType.FAILURE_ONLY.equals(focusBehaviorUpdate)) {
            return z;
        }
        return true;
    }
}
