package com.evolveum.midpoint.schema.util;

import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModuleHttpBasicType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModuleLoginFormType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleNecessityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MailAuthenticationPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SmsAuthenticationPolicyType;
import java.util.ArrayList;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.Validate;

/* loaded from: input_file:BOOT-INF/lib/schema-4.1.1-SNAPSHOT.jar:com/evolveum/midpoint/schema/util/SecurityPolicyUtil.class */
public class SecurityPolicyUtil {
    public static final String DEFAULT_CHANNEL = SchemaConstants.CHANNEL_USER_URI;
    public static final String DEFAULT_MODULE_NAME = "loginForm";
    public static final String HTTP_BASIC_MODULE_NAME = "httpBasic";
    public static final String DEFAULT_SEQUENCE_NAME = "admin-gui-default";
    public static final String REST_SEQUENCE_NAME = "rest-default";
    public static final String ACTUATOR_SEQUENCE_NAME = "actuator-default";
    public static final String PASSWORD_RESET_SEQUENCE_NAME = "password-reset-default";
    private static final List<String> IGNORED_LOCAL_PATH;

    public static AbstractAuthenticationPolicyType getAuthenticationPolicy(String str, SecurityPolicyType securityPolicyType) throws SchemaException {
        return checkAndGetAuthPolicyConsistence(getMailAuthenticationPolicy(str, securityPolicyType), getSmsAuthenticationPolicy(str, securityPolicyType));
    }

    public static NonceCredentialsPolicyType getCredentialPolicy(String str, SecurityPolicyType securityPolicyType) throws SchemaException {
        CredentialsPolicyType credentials = securityPolicyType.getCredentials();
        if (credentials == null) {
            return null;
        }
        List<NonceCredentialsPolicyType> nonce = credentials.getNonce();
        ArrayList arrayList = new ArrayList();
        for (NonceCredentialsPolicyType nonceCredentialsPolicyType : nonce) {
            if (nonceCredentialsPolicyType.getName() == null && str == null) {
                arrayList.add(nonceCredentialsPolicyType);
            }
            if (nonceCredentialsPolicyType.getName() != null || str == null) {
                if (nonceCredentialsPolicyType.getName() == null || str != null) {
                    if (nonceCredentialsPolicyType.getName().equals(str)) {
                        arrayList.add(nonceCredentialsPolicyType);
                    }
                }
            }
        }
        if (arrayList.size() > 1) {
            throw new SchemaException("Found more than one nonce credentials policy. Please review your configuration");
        }
        if (arrayList.size() == 0) {
            return null;
        }
        return (NonceCredentialsPolicyType) arrayList.iterator().next();
    }

    private static MailAuthenticationPolicyType getMailAuthenticationPolicy(String str, SecurityPolicyType securityPolicyType) throws SchemaException {
        AuthenticationsPolicyType authentication = securityPolicyType.getAuthentication();
        if (authentication == null) {
            return null;
        }
        return (MailAuthenticationPolicyType) getAuthenticationPolicy(str, authentication.getMailAuthentication());
    }

    private static SmsAuthenticationPolicyType getSmsAuthenticationPolicy(String str, SecurityPolicyType securityPolicyType) throws SchemaException {
        AuthenticationsPolicyType authentication = securityPolicyType.getAuthentication();
        if (authentication == null) {
            return null;
        }
        return (SmsAuthenticationPolicyType) getAuthenticationPolicy(str, authentication.getSmsAuthentication());
    }

    private static AbstractAuthenticationPolicyType checkAndGetAuthPolicyConsistence(MailAuthenticationPolicyType mailAuthenticationPolicyType, SmsAuthenticationPolicyType smsAuthenticationPolicyType) throws SchemaException {
        if (mailAuthenticationPolicyType == null || smsAuthenticationPolicyType == null) {
            return mailAuthenticationPolicyType != null ? mailAuthenticationPolicyType : smsAuthenticationPolicyType;
        }
        throw new SchemaException("Found both, mail and sms authentication method for registration. Only one of them can be present at the moment");
    }

    private static <T extends AbstractAuthenticationPolicyType> T getAuthenticationPolicy(String str, List<T> list) throws SchemaException {
        ArrayList arrayList = new ArrayList();
        for (T t : list) {
            if (t.getName() != null || str == null) {
                if (t.getName() == null || str != null) {
                    if (t.getName() == null && str == null) {
                        arrayList.add(t);
                    }
                    if (t.getName().equals(str)) {
                        arrayList.add(t);
                    }
                }
            }
        }
        if (arrayList.size() > 1) {
            throw new SchemaException("Found more than one mail authentication policy. Please review your configuration");
        }
        if (arrayList.size() == 0) {
            return null;
        }
        return (T) arrayList.iterator().next();
    }

    public static List<AuthenticationSequenceModuleType> getSortedModules(AuthenticationSequenceType authenticationSequenceType) {
        Validate.notNull(authenticationSequenceType);
        ArrayList arrayList = new ArrayList();
        arrayList.addAll(authenticationSequenceType.getModule());
        Validate.notNull(arrayList);
        Validate.notEmpty(arrayList);
        arrayList.sort((authenticationSequenceModuleType, authenticationSequenceModuleType2) -> {
            Integer order = authenticationSequenceModuleType.getOrder();
            Integer order2 = authenticationSequenceModuleType2.getOrder();
            if (order == null) {
                return order2 != null ? 1 : 0;
            }
            if (order2 != null || order == null) {
                return Integer.compare(order.intValue(), order2.intValue());
            }
            return -1;
        });
        return Collections.unmodifiableList(arrayList);
    }

    public static AuthenticationsPolicyType createDefaultAuthenticationPolicy() {
        AuthenticationsPolicyType authenticationsPolicyType = new AuthenticationsPolicyType();
        AuthenticationModulesType authenticationModulesType = new AuthenticationModulesType();
        AuthenticationModuleLoginFormType authenticationModuleLoginFormType = new AuthenticationModuleLoginFormType();
        authenticationModuleLoginFormType.name(DEFAULT_MODULE_NAME);
        authenticationModulesType.loginForm(authenticationModuleLoginFormType);
        AuthenticationModuleHttpBasicType authenticationModuleHttpBasicType = new AuthenticationModuleHttpBasicType();
        authenticationModuleHttpBasicType.name(HTTP_BASIC_MODULE_NAME);
        authenticationModulesType.httpBasic(authenticationModuleHttpBasicType);
        authenticationsPolicyType.setModules(authenticationModulesType);
        authenticationsPolicyType.sequence(createDefaultSequence());
        authenticationsPolicyType.sequence(createRestSequence());
        authenticationsPolicyType.sequence(createActuatorSequence());
        authenticationsPolicyType.sequence(createPaswordResetSequence());
        Iterator<String> it = IGNORED_LOCAL_PATH.iterator();
        while (it.hasNext()) {
            authenticationsPolicyType.ignoredLocalPath(it.next());
        }
        return authenticationsPolicyType;
    }

    public static AuthenticationSequenceType createDefaultSequence() {
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.name(DEFAULT_SEQUENCE_NAME);
        AuthenticationSequenceChannelType authenticationSequenceChannelType = new AuthenticationSequenceChannelType();
        authenticationSequenceChannelType.setDefault(true);
        authenticationSequenceChannelType.channelId(DEFAULT_CHANNEL);
        authenticationSequenceChannelType.setUrlSuffix("gui-default");
        authenticationSequenceType.channel(authenticationSequenceChannelType);
        AuthenticationSequenceModuleType authenticationSequenceModuleType = new AuthenticationSequenceModuleType();
        authenticationSequenceModuleType.name(DEFAULT_MODULE_NAME);
        authenticationSequenceModuleType.order(1);
        authenticationSequenceModuleType.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
        authenticationSequenceType.module(authenticationSequenceModuleType);
        return authenticationSequenceType;
    }

    public static AuthenticationSequenceType createRestSequence() {
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.name(REST_SEQUENCE_NAME);
        AuthenticationSequenceChannelType authenticationSequenceChannelType = new AuthenticationSequenceChannelType();
        authenticationSequenceChannelType.setDefault(true);
        authenticationSequenceChannelType.channelId(SchemaConstants.CHANNEL_REST_URI);
        authenticationSequenceChannelType.setUrlSuffix(REST_SEQUENCE_NAME);
        authenticationSequenceType.channel(authenticationSequenceChannelType);
        AuthenticationSequenceModuleType authenticationSequenceModuleType = new AuthenticationSequenceModuleType();
        authenticationSequenceModuleType.name(HTTP_BASIC_MODULE_NAME);
        authenticationSequenceModuleType.order(1);
        authenticationSequenceModuleType.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
        authenticationSequenceType.module(authenticationSequenceModuleType);
        return authenticationSequenceType;
    }

    public static AuthenticationSequenceType createActuatorSequence() {
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.name(ACTUATOR_SEQUENCE_NAME);
        AuthenticationSequenceChannelType authenticationSequenceChannelType = new AuthenticationSequenceChannelType();
        authenticationSequenceChannelType.setDefault(true);
        authenticationSequenceChannelType.channelId(SchemaConstants.CHANNEL_ACTUATOR_URI);
        authenticationSequenceChannelType.setUrlSuffix(ACTUATOR_SEQUENCE_NAME);
        authenticationSequenceType.channel(authenticationSequenceChannelType);
        AuthenticationSequenceModuleType authenticationSequenceModuleType = new AuthenticationSequenceModuleType();
        authenticationSequenceModuleType.name(HTTP_BASIC_MODULE_NAME);
        authenticationSequenceModuleType.order(1);
        authenticationSequenceModuleType.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
        authenticationSequenceType.module(authenticationSequenceModuleType);
        return authenticationSequenceType;
    }

    public static AuthenticationSequenceType createPaswordResetSequence() {
        AuthenticationSequenceType authenticationSequenceType = new AuthenticationSequenceType();
        authenticationSequenceType.name(PASSWORD_RESET_SEQUENCE_NAME);
        AuthenticationSequenceChannelType authenticationSequenceChannelType = new AuthenticationSequenceChannelType();
        authenticationSequenceChannelType.setDefault(true);
        authenticationSequenceChannelType.channelId(SchemaConstants.CHANNEL_GUI_RESET_PASSWORD_URI);
        authenticationSequenceChannelType.setUrlSuffix("resetPassword");
        authenticationSequenceType.channel(authenticationSequenceChannelType);
        AuthenticationSequenceModuleType authenticationSequenceModuleType = new AuthenticationSequenceModuleType();
        authenticationSequenceModuleType.name(DEFAULT_MODULE_NAME);
        authenticationSequenceModuleType.order(1);
        authenticationSequenceModuleType.necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT);
        authenticationSequenceType.module(authenticationSequenceModuleType);
        return authenticationSequenceType;
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/actuator");
        arrayList.add("/actuator/health");
        IGNORED_LOCAL_PATH = Collections.unmodifiableList(arrayList);
    }
}
