package com.evolveum.midpoint.authentication.impl.util;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthenticationModuleNameConstants;
import com.evolveum.midpoint.authentication.impl.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.authentication.impl.factory.module.HttpClusterModuleFactory;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleNecessityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import jakarta.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.lang3.Validate;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/util/AuthenticationSequenceModuleCreator.class */
public class AuthenticationSequenceModuleCreator<MA extends ModuleAuthentication> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AuthenticationSequenceModuleCreator.class);
    private final AuthModuleRegistryImpl authRegistry;
    private final AuthenticationSequenceType sequence;
    private final HttpServletRequest request;
    private final AuthenticationModulesType authenticationModulesType;
    private final AuthenticationChannel authenticationChannel;
    private CredentialsPolicyType credentialPolicy;
    private Map<Class<?>, Object> sharedObjects;

    public AuthenticationSequenceModuleCreator(AuthModuleRegistryImpl authModuleRegistryImpl, AuthenticationSequenceType authenticationSequenceType, HttpServletRequest httpServletRequest, AuthenticationModulesType authenticationModulesType, AuthenticationChannel authenticationChannel) {
        this.authRegistry = authModuleRegistryImpl;
        this.sequence = authenticationSequenceType;
        this.request = httpServletRequest;
        this.authenticationModulesType = authenticationModulesType;
        this.authenticationChannel = authenticationChannel;
    }

    public AuthenticationSequenceModuleCreator credentialsPolicy(CredentialsPolicyType credentialsPolicyType) {
        this.credentialPolicy = credentialsPolicyType;
        return this;
    }

    public AuthenticationSequenceModuleCreator sharedObjects(Map<Class<?>, Object> map) {
        this.sharedObjects = map;
        return this;
    }

    public List<AuthModule<MA>> create() {
        Validate.notNull(this.authRegistry, "Registry for module factories is null", new Object[0]);
        if (AuthSequenceUtil.isClusterSequence(this.request)) {
            return getSpecificModuleFilter(this.authRegistry, this.sequence.getChannel().getUrlSuffix(), this.request, this.sharedObjects, this.authenticationModulesType, this.credentialPolicy);
        }
        Validate.notEmpty(this.sequence.getModule(), "Sequence " + AuthSequenceUtil.getAuthSequenceIdentifier(this.sequence) + " don't contains authentication modules", new Object[0]);
        return (List) SecurityPolicyUtil.getSortedModules(this.sequence).stream().map(this::createAuthModule).collect(Collectors.toList());
    }

    private AuthModule<MA> createAuthModule(AuthenticationSequenceModuleType authenticationSequenceModuleType) {
        try {
            AbstractAuthenticationModuleType moduleByIdentifier = SecurityPolicyUtil.getModuleByIdentifier(StringUtils.isNotEmpty(authenticationSequenceModuleType.getIdentifier()) ? authenticationSequenceModuleType.getIdentifier() : authenticationSequenceModuleType.getName(), this.authenticationModulesType);
            return this.authRegistry.findModuleFactory(moduleByIdentifier, this.authenticationChannel).createAuthModule(moduleByIdentifier, this.sequence.getChannel().getUrlSuffix(), this.request, this.sharedObjects, this.authenticationModulesType, this.credentialPolicy, this.authenticationChannel, authenticationSequenceModuleType);
        } catch (Exception e) {
            LOGGER.error("Couldn't build filter for module moduleFactory", (Throwable) e);
            return AuthModuleImpl.buildFailedConfigurationModule(authenticationSequenceModuleType);
        }
    }

    private List<AuthModule<MA>> getSpecificModuleFilter(AuthModuleRegistryImpl authModuleRegistryImpl, String str, HttpServletRequest httpServletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType) {
        String header;
        if (!AuthSequenceUtil.isPathForChannel("ws", AuthSequenceUtil.searchChannelByPath(httpServletRequest.getRequestURI().substring(httpServletRequest.getContextPath().length()))) || (header = httpServletRequest.getHeader("Authorization")) == null || !AuthenticationModuleNameConstants.CLUSTER.equalsIgnoreCase(header.split(" ")[0])) {
            return null;
        }
        ArrayList arrayList = new ArrayList();
        HttpClusterModuleFactory httpClusterModuleFactory = (HttpClusterModuleFactory) authModuleRegistryImpl.findModuleFactoryByClass(HttpClusterModuleFactory.class);
        AbstractAuthenticationModuleType abstractAuthenticationModuleType = new AbstractAuthenticationModuleType() { // from class: com.evolveum.midpoint.authentication.impl.util.AuthenticationSequenceModuleCreator.1
        };
        abstractAuthenticationModuleType.setIdentifier(AuthenticationModuleNameConstants.CLUSTER.toLowerCase() + "-module");
        try {
            arrayList.add(httpClusterModuleFactory.createAuthModule(abstractAuthenticationModuleType, str, httpServletRequest, map, authenticationModulesType, credentialsPolicyType, null, new AuthenticationSequenceModuleType().necessity(AuthenticationSequenceModuleNecessityType.SUFFICIENT).order(10)));
            return arrayList;
        } catch (Exception e) {
            LOGGER.error("Couldn't create module for cluster authentication");
            return null;
        }
    }
}
