package org.pac4j.core.authorization.checker;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.authorizer.CsrfAuthorizer;
import org.pac4j.core.authorization.authorizer.DefaultAuthorizers;
import org.pac4j.core.authorization.authorizer.IsAnonymousAuthorizer;
import org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer;
import org.pac4j.core.authorization.authorizer.IsFullyAuthenticatedAuthorizer;
import org.pac4j.core.authorization.authorizer.IsRememberedAuthorizer;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.client.direct.AnonymousClient;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.context.session.SessionStore;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/pac4j-core-5.7.1.jar:org/pac4j/core/authorization/checker/DefaultAuthorizationChecker.class */
public class DefaultAuthorizationChecker implements AuthorizationChecker {
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultAuthorizationChecker.class);
    protected static final CsrfAuthorizer CSRF_AUTHORIZER = new CsrfAuthorizer();
    protected static final IsAnonymousAuthorizer IS_ANONYMOUS_AUTHORIZER = new IsAnonymousAuthorizer();
    protected static final IsAuthenticatedAuthorizer IS_AUTHENTICATED_AUTHORIZER = new IsAuthenticatedAuthorizer();
    protected static final IsFullyAuthenticatedAuthorizer IS_FULLY_AUTHENTICATED_AUTHORIZER = new IsFullyAuthenticatedAuthorizer();
    protected static final IsRememberedAuthorizer IS_REMEMBERED_AUTHORIZER = new IsRememberedAuthorizer();

    @Override // org.pac4j.core.authorization.checker.AuthorizationChecker
    public boolean isAuthorized(WebContext webContext, SessionStore sessionStore, List<UserProfile> list, String str, Map<String, Authorizer> map, List<Client> list2) {
        return isAuthorized(webContext, sessionStore, list, computeAuthorizers(webContext, list, str, map, list2));
    }

    protected List<Authorizer> computeAuthorizers(WebContext webContext, List<UserProfile> list, String str, Map<String, Authorizer> map, List<Client> list2) {
        List<Authorizer> computeAuthorizersFromNames;
        if (CommonHelper.isBlank(str)) {
            computeAuthorizersFromNames = computeDefaultAuthorizers(webContext, list, list2, map);
        } else if (str.trim().startsWith("+")) {
            String substringAfter = CommonHelper.substringAfter(str, "+");
            computeAuthorizersFromNames = computeDefaultAuthorizers(webContext, list, list2, map);
            computeAuthorizersFromNames.addAll(computeAuthorizersFromNames(substringAfter, map));
        } else {
            computeAuthorizersFromNames = computeAuthorizersFromNames(str, map);
        }
        return computeAuthorizersFromNames;
    }

    protected List<Authorizer> computeDefaultAuthorizers(WebContext webContext, List<UserProfile> list, List<Client> list2, Map<String, Authorizer> map) {
        ArrayList arrayList = new ArrayList();
        if (containsClientType(list2, IndirectClient.class)) {
            arrayList.add(retrieveAuthorizer(DefaultAuthorizers.CSRF_CHECK, map));
        }
        if (!containsClientType(list2, AnonymousClient.class)) {
            arrayList.add(retrieveAuthorizer(DefaultAuthorizers.IS_AUTHENTICATED, map));
        }
        return arrayList;
    }

    protected List<Authorizer> computeAuthorizersFromNames(String str, Map<String, Authorizer> map) {
        CommonHelper.assertNotNull("authorizersMap", map);
        ArrayList arrayList = new ArrayList();
        for (String str2 : str.split(",")) {
            String trim = str2.trim();
            if (!"none".equalsIgnoreCase(trim)) {
                Authorizer retrieveAuthorizer = retrieveAuthorizer(trim, map);
                CommonHelper.assertTrue(retrieveAuthorizer != null, "The authorizer '" + trim + "' must be defined in the security configuration");
                arrayList.add(retrieveAuthorizer);
            }
        }
        return arrayList;
    }

    protected Authorizer retrieveAuthorizer(String str, Map<String, Authorizer> map) {
        Authorizer authorizer = null;
        Iterator<Map.Entry<String, Authorizer>> it = map.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, Authorizer> next = it.next();
            if (CommonHelper.areEqualsIgnoreCaseAndTrim(next.getKey(), str)) {
                authorizer = next.getValue();
                break;
            }
        }
        if (authorizer == null) {
            if (DefaultAuthorizers.CSRF_CHECK.equalsIgnoreCase(str)) {
                return CSRF_AUTHORIZER;
            }
            if (DefaultAuthorizers.IS_ANONYMOUS.equalsIgnoreCase(str)) {
                return IS_ANONYMOUS_AUTHORIZER;
            }
            if (DefaultAuthorizers.IS_AUTHENTICATED.equalsIgnoreCase(str)) {
                return IS_AUTHENTICATED_AUTHORIZER;
            }
            if (DefaultAuthorizers.IS_FULLY_AUTHENTICATED.equalsIgnoreCase(str)) {
                return IS_FULLY_AUTHENTICATED_AUTHORIZER;
            }
            if (DefaultAuthorizers.IS_REMEMBERED.equalsIgnoreCase(str)) {
                return IS_REMEMBERED_AUTHORIZER;
            }
        }
        return authorizer;
    }

    protected boolean containsClientType(List<Client> list, Class<? extends Client> cls) {
        Iterator<Client> it = list.iterator();
        while (it.hasNext()) {
            if (cls.isAssignableFrom(it.next().getClass())) {
                return true;
            }
        }
        return false;
    }

    protected boolean isAuthorized(WebContext webContext, SessionStore sessionStore, List<UserProfile> list, List<Authorizer> list2) {
        CommonHelper.assertTrue(CommonHelper.isNotEmpty(list), "profiles must not be null or empty");
        if (!CommonHelper.isNotEmpty(list2)) {
            return true;
        }
        for (Authorizer authorizer : list2) {
            boolean isAuthorized = authorizer.isAuthorized(webContext, sessionStore, list);
            LOGGER.debug("Checking authorizer: {} -> {}", authorizer, Boolean.valueOf(isAuthorized));
            if (!isAuthorized) {
                return false;
            }
        }
        return true;
    }
}
