package com.evolveum.midpoint.security.api;

import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import org.springframework.security.access.ConfigAttribute;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/evolveum/midpoint/security/api/SecurityUtil.class */
public class SecurityUtil {
    private static final Trace LOGGER = TraceManager.getTrace(SecurityUtil.class);

    public static MidPointPrincipal getPrincipal() throws SecurityViolationException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null) {
            SecurityViolationException securityViolationException = new SecurityViolationException("No authentication");
            LOGGER.error("No authentication", securityViolationException);
            throw securityViolationException;
        }
        Object principal = authentication.getPrincipal();
        if (principal instanceof MidPointPrincipal) {
            return (MidPointPrincipal) principal;
        }
        if ((authentication.getPrincipal() instanceof String) && "anonymousUser".equals(principal)) {
            throw new SecurityViolationException("Not logged in.");
        }
        throw new IllegalArgumentException("Expected that spring security principal will be of type " + MidPointPrincipal.class.getName() + " but it was " + principal.getClass());
    }

    public static boolean isAuthenticated() {
        return SecurityContextHolder.getContext().getAuthentication() != null;
    }

    public static Collection<String> getActions(Collection<ConfigAttribute> collection) {
        ArrayList arrayList = new ArrayList(collection.size());
        Iterator<ConfigAttribute> it = collection.iterator();
        while (it.hasNext()) {
            arrayList.add(it.next().getAttribute());
        }
        return arrayList;
    }

    public static void logSecurityDeny(Object obj, String str) {
        if (LOGGER.isDebugEnabled()) {
            LOGGER.debug("Denied access to {} by {} {}", new Object[]{obj, getSubjectDescription(), str});
        }
    }

    public static void logSecurityDeny(Object obj, String str, Throwable th, Collection<String> collection) {
        if (LOGGER.isDebugEnabled()) {
            String subjectDescription = getSubjectDescription();
            LOGGER.debug("Denied access to {} by {} {}", new Object[]{obj, subjectDescription, str});
            if (LOGGER.isTraceEnabled()) {
                LOGGER.trace("Denied access to {} by {} {}; one of the following authorization actions is required: " + collection, new Object[]{obj, subjectDescription, str, th});
            }
        }
    }

    public static String getSubjectDescription() {
        Object principal;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication == null || (principal = authentication.getPrincipal()) == null) {
            return null;
        }
        return !(principal instanceof MidPointPrincipal) ? principal.toString() : ((MidPointPrincipal) principal).getUsername();
    }
}
