package com.evolveum.midpoint.schema.util;

import com.evolveum.midpoint.prism.PrismContainer;
import com.evolveum.midpoint.prism.PrismContainerValue;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.schema.SchemaRegistry;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleNecessityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.RegistrationsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SelfRegistrationPolicyType;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;
import org.jetbrains.annotations.NotNull;

/* loaded from: input_file:BOOT-INF/lib/schema-4.9.2-SNAPSHOT.jar:com/evolveum/midpoint/schema/util/SecurityPolicyUtil.class */
public class SecurityPolicyUtil {
    public static final String DEFAULT_MODULE_IDENTIFIER = "loginForm";
    public static final String DEFAULT_SEQUENCE_IDENTIFIER = "admin-gui-default";
    public static final String DEFAULT_SEQUENCE_DISPLAY_IDENTIFIER = "Default gui sequence";
    private static final List<String> DEFAULT_IGNORED_LOCAL_PATH;
    public static final String DEFAULT_CHANNEL = SchemaConstants.CHANNEL_USER_URI;
    public static final List<String> NO_CUSTOM_IGNORED_LOCAL_PATH = null;

    public static NonceCredentialsPolicyType getCredentialPolicy(String str, SecurityPolicyType securityPolicyType) throws SchemaException {
        CredentialsPolicyType credentials = securityPolicyType.getCredentials();
        if (credentials == null) {
            return null;
        }
        List<NonceCredentialsPolicyType> nonce = credentials.getNonce();
        ArrayList arrayList = new ArrayList();
        for (NonceCredentialsPolicyType nonceCredentialsPolicyType : nonce) {
            if (Objects.equals(nonceCredentialsPolicyType.getName(), str)) {
                arrayList.add(nonceCredentialsPolicyType);
            }
        }
        if (arrayList.size() > 1) {
            throw new SchemaException("Found more than one nonce credentials policy. Please review your configuration");
        }
        if (arrayList.size() == 0) {
            return null;
        }
        return (NonceCredentialsPolicyType) arrayList.iterator().next();
    }

    public static List<AuthenticationSequenceModuleType> getSortedModules(AuthenticationSequenceType authenticationSequenceType) {
        Validate.notNull(authenticationSequenceType);
        ArrayList arrayList = new ArrayList(authenticationSequenceType.getModule());
        Validate.notNull(arrayList);
        arrayList.sort(SecurityPolicyUtil::compareOrders);
        return Collections.unmodifiableList(arrayList);
    }

    public static int compareOrders(AuthenticationSequenceModuleType authenticationSequenceModuleType, AuthenticationSequenceModuleType authenticationSequenceModuleType2) {
        Integer order = authenticationSequenceModuleType.getOrder();
        Integer order2 = authenticationSequenceModuleType2.getOrder();
        if (order == null) {
            return order2 != null ? 1 : 0;
        }
        if (order2 == null) {
            return -1;
        }
        return Integer.compare(order.intValue(), order2.intValue());
    }

    public static AuthenticationsPolicyType createDefaultAuthenticationPolicy(List<String> list, SchemaRegistry schemaRegistry) throws SchemaException {
        PrismObject instantiate = schemaRegistry.findObjectDefinitionByCompileTimeClass(SecurityPolicyType.class).instantiate();
        AuthenticationsPolicyType sequence = ((AuthenticationsPolicyType) ((AuthenticationModulesType) new AuthenticationsPolicyType().beginModules().beginLoginForm().name(DEFAULT_MODULE_IDENTIFIER).end()).end()).sequence(createDefaultSequence());
        if (list == null || list.isEmpty()) {
            List<String> list2 = DEFAULT_IGNORED_LOCAL_PATH;
            Objects.requireNonNull(sequence);
            list2.forEach(sequence::ignoredLocalPath);
        } else {
            Objects.requireNonNull(sequence);
            list.forEach(sequence::ignoredLocalPath);
        }
        ((SecurityPolicyType) instantiate.asObjectable()).authentication(sequence);
        return ((SecurityPolicyType) instantiate.asObjectable()).getAuthentication();
    }

    public static AuthenticationSequenceType createDefaultSequence() {
        return (AuthenticationSequenceType) ((AuthenticationSequenceType) new AuthenticationSequenceType().name(DEFAULT_SEQUENCE_IDENTIFIER).displayName(DEFAULT_SEQUENCE_DISPLAY_IDENTIFIER).beginChannel()._default(true).channelId(DEFAULT_CHANNEL).urlSuffix("gui-default").end()).beginModule().name(DEFAULT_MODULE_IDENTIFIER).order(1).necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT).end();
    }

    public static SelfRegistrationPolicyType getSelfRegistrationPolicy(SecurityPolicyType securityPolicyType) {
        RegistrationsPolicyType flow = securityPolicyType.getFlow();
        SelfRegistrationPolicyType selfRegistrationPolicyType = null;
        if (flow != null) {
            selfRegistrationPolicyType = flow.getSelfRegistration();
        }
        return selfRegistrationPolicyType;
    }

    public static AuthenticationSequenceType findSequenceByIdentifier(@NotNull SecurityPolicyType securityPolicyType, String str) {
        if (StringUtils.isEmpty(str) || securityPolicyType.getAuthentication() == null || CollectionUtils.isEmpty(securityPolicyType.getAuthentication().getSequence())) {
            return null;
        }
        return securityPolicyType.getAuthentication().getSequence().stream().filter(authenticationSequenceType -> {
            return str.equals(authenticationSequenceType.getIdentifier()) || str.equals(authenticationSequenceType.getName());
        }).findFirst().orElse(null);
    }

    public static AbstractAuthenticationModuleType getModuleByIdentifier(String str, AuthenticationModulesType authenticationModulesType) {
        PrismContainerValue asPrismContainerValue = authenticationModulesType.asPrismContainerValue();
        ArrayList<AbstractAuthenticationModuleType> arrayList = new ArrayList();
        asPrismContainerValue.accept(visitable -> {
            if (visitable instanceof PrismContainer) {
                PrismContainer prismContainer = (PrismContainer) visitable;
                if (AbstractAuthenticationModuleType.class.isAssignableFrom((Class) Objects.requireNonNull(prismContainer.getCompileTimeClass()))) {
                    prismContainer.getValues().forEach(prismContainerValue -> {
                        arrayList.add((AbstractAuthenticationModuleType) prismContainerValue.asContainerable());
                    });
                }
            }
        });
        for (AbstractAuthenticationModuleType abstractAuthenticationModuleType : arrayList) {
            String identifier = StringUtils.isNotEmpty(abstractAuthenticationModuleType.getIdentifier()) ? abstractAuthenticationModuleType.getIdentifier() : abstractAuthenticationModuleType.getName();
            if (identifier != null && StringUtils.equals(identifier, str)) {
                return abstractAuthenticationModuleType;
            }
        }
        return null;
    }

    static {
        ArrayList arrayList = new ArrayList();
        arrayList.add("/actuator");
        arrayList.add("/actuator/health");
        DEFAULT_IGNORED_LOCAL_PATH = Collections.unmodifiableList(arrayList);
    }
}
