package org.pac4j.core.matching.checker;

import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.Collection;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import lombok.Generated;
import org.apache.commons.lang3.StringUtils;
import org.pac4j.core.client.Client;
import org.pac4j.core.client.IndirectClient;
import org.pac4j.core.context.CallContext;
import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.matching.matcher.CacheControlMatcher;
import org.pac4j.core.matching.matcher.CorsMatcher;
import org.pac4j.core.matching.matcher.DefaultMatchers;
import org.pac4j.core.matching.matcher.HttpMethodMatcher;
import org.pac4j.core.matching.matcher.Matcher;
import org.pac4j.core.matching.matcher.StrictTransportSecurityMatcher;
import org.pac4j.core.matching.matcher.XContentTypeOptionsMatcher;
import org.pac4j.core.matching.matcher.XFrameOptionsMatcher;
import org.pac4j.core.matching.matcher.XSSProtectionMatcher;
import org.pac4j.core.matching.matcher.csrf.CsrfTokenGeneratorMatcher;
import org.pac4j.core.matching.matcher.csrf.DefaultCsrfTokenGenerator;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-6.1.3.jar:org/pac4j/core/matching/checker/DefaultMatchingChecker.class */
public class DefaultMatchingChecker implements MatchingChecker {

    @SuppressFBWarnings(justification = "generated code")
    @Generated
    private static final Logger LOGGER = LoggerFactory.getLogger((Class<?>) DefaultMatchingChecker.class);
    protected static final Matcher GET_MATCHER = new HttpMethodMatcher(HttpConstants.HTTP_METHOD.GET);
    protected static final Matcher POST_MATCHER = new HttpMethodMatcher(HttpConstants.HTTP_METHOD.POST);
    protected static final Matcher PUT_MATCHER = new HttpMethodMatcher(HttpConstants.HTTP_METHOD.PUT);
    protected static final Matcher DELETE_MATCHER = new HttpMethodMatcher(HttpConstants.HTTP_METHOD.DELETE);
    protected static final StrictTransportSecurityMatcher STRICT_TRANSPORT_MATCHER = new StrictTransportSecurityMatcher();
    protected static final XContentTypeOptionsMatcher X_CONTENT_TYPE_OPTIONS_MATCHER = new XContentTypeOptionsMatcher();
    protected static final XFrameOptionsMatcher X_FRAME_OPTIONS_MATCHER = new XFrameOptionsMatcher();
    protected static final XSSProtectionMatcher XSS_PROTECTION_MATCHER = new XSSProtectionMatcher();
    protected static final CacheControlMatcher CACHE_CONTROL_MATCHER = new CacheControlMatcher();
    protected static final CsrfTokenGeneratorMatcher CSRF_TOKEN_MATCHER = new CsrfTokenGeneratorMatcher(new DefaultCsrfTokenGenerator());
    protected static final CorsMatcher CORS_MATCHER = new CorsMatcher();

    @Override // org.pac4j.core.matching.checker.MatchingChecker
    public boolean matches(CallContext callContext, String str, Map<String, Matcher> map, List<Client> list) {
        return matches(callContext, computeMatchers(callContext, str, map, list));
    }

    protected List<Matcher> computeMatchers(CallContext callContext, String str, Map<String, Matcher> map, List<Client> list) {
        return computeMatchersFromNames(StringUtils.isBlank(str) ? computeDefaultMatcherNames(callContext, list, map) : str.trim().startsWith("+") ? computeDefaultMatcherNames(callContext, list, map) + "," + StringUtils.substringAfter(str, "+") : str, map);
    }

    protected String computeDefaultMatcherNames(CallContext callContext, Iterable<Client> iterable, Map<String, Matcher> map) {
        if (callContext.sessionStore().getSessionId(callContext.webContext(), false).isPresent()) {
            return DefaultMatchers.SECURITYHEADERS + ",csrfToken";
        }
        Iterator<Client> it = iterable.iterator();
        while (it.hasNext()) {
            if (it.next() instanceof IndirectClient) {
                return DefaultMatchers.SECURITYHEADERS + ",csrfToken";
            }
        }
        return DefaultMatchers.SECURITYHEADERS;
    }

    protected List<Matcher> computeMatchersFromNames(String str, Map<String, Matcher> map) {
        CommonHelper.assertNotNull("matchersMap", map);
        ArrayList arrayList = new ArrayList();
        ArrayList arrayList2 = new ArrayList(Arrays.asList(str.split(",")));
        int i = 0;
        while (i < arrayList2.size()) {
            int i2 = i;
            i++;
            String trim = ((String) arrayList2.get(i2)).trim();
            if (DefaultMatchers.SECURITYHEADERS.equalsIgnoreCase(trim)) {
                List<Matcher> retrieveMatchers = retrieveMatchers(trim, map);
                if (retrieveMatchers.isEmpty()) {
                    arrayList2.add(i, DefaultMatchers.XSSPROTECTION);
                    arrayList2.add(i, DefaultMatchers.NOFRAME);
                    arrayList2.add(i, DefaultMatchers.HSTS);
                    arrayList2.add(i, "nosniff");
                    arrayList2.add(i, DefaultMatchers.NOCACHE);
                } else {
                    arrayList.addAll(retrieveMatchers);
                }
            } else if (!"none".equalsIgnoreCase(trim)) {
                List<Matcher> retrieveMatchers2 = retrieveMatchers(trim, map);
                CommonHelper.assertTrue(!retrieveMatchers2.isEmpty(), "The matcher '" + trim + "' must be defined in the security configuration");
                arrayList.addAll(retrieveMatchers2);
            }
        }
        return arrayList;
    }

    protected List<Matcher> retrieveMatchers(String str, Map<String, Matcher> map) {
        ArrayList arrayList = new ArrayList();
        Iterator<Map.Entry<String, Matcher>> it = map.entrySet().iterator();
        while (true) {
            if (!it.hasNext()) {
                break;
            }
            Map.Entry<String, Matcher> next = it.next();
            if (CommonHelper.areEqualsIgnoreCaseAndTrim(next.getKey(), str)) {
                arrayList.add(next.getValue());
                break;
            }
        }
        if (arrayList.size() == 0) {
            if (DefaultMatchers.HSTS.equalsIgnoreCase(str)) {
                return List.of(STRICT_TRANSPORT_MATCHER);
            }
            if ("nosniff".equalsIgnoreCase(str)) {
                return List.of(X_CONTENT_TYPE_OPTIONS_MATCHER);
            }
            if (DefaultMatchers.NOFRAME.equalsIgnoreCase(str)) {
                return List.of(X_FRAME_OPTIONS_MATCHER);
            }
            if (DefaultMatchers.XSSPROTECTION.equalsIgnoreCase(str)) {
                return List.of(XSS_PROTECTION_MATCHER);
            }
            if (DefaultMatchers.NOCACHE.equalsIgnoreCase(str)) {
                return List.of(CACHE_CONTROL_MATCHER);
            }
            if (DefaultMatchers.CSRF_TOKEN.equalsIgnoreCase(str)) {
                return List.of(CSRF_TOKEN_MATCHER);
            }
            if (DefaultMatchers.ALLOW_AJAX_REQUESTS.equalsIgnoreCase(str)) {
                return List.of(CORS_MATCHER);
            }
            if (DefaultMatchers.GET.equalsIgnoreCase(str)) {
                return List.of(GET_MATCHER);
            }
            if ("post".equalsIgnoreCase(str)) {
                return List.of(POST_MATCHER);
            }
            if (DefaultMatchers.PUT.equalsIgnoreCase(str)) {
                return List.of(PUT_MATCHER);
            }
            if ("delete".equalsIgnoreCase(str)) {
                return List.of(DELETE_MATCHER);
            }
        }
        return arrayList;
    }

    protected boolean matches(CallContext callContext, Collection<Matcher> collection) {
        if (collection.isEmpty()) {
            return true;
        }
        for (Matcher matcher : collection) {
            boolean matches = matcher.matches(callContext);
            LOGGER.debug("Checking matcher: {} -> {}", matcher, Boolean.valueOf(matches));
            if (!matches) {
                return false;
            }
        }
        return true;
    }

    static {
        CORS_MATCHER.setAllowOrigin("*");
        CORS_MATCHER.setAllowCredentials(true);
        HashSet hashSet = new HashSet();
        hashSet.add(HttpConstants.HTTP_METHOD.GET);
        hashSet.add(HttpConstants.HTTP_METHOD.PUT);
        hashSet.add(HttpConstants.HTTP_METHOD.POST);
        hashSet.add(HttpConstants.HTTP_METHOD.DELETE);
        hashSet.add(HttpConstants.HTTP_METHOD.OPTIONS);
        CORS_MATCHER.setAllowMethods(hashSet);
    }
}
