package org.cloudfoundry.identity.uaa.util;

import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.cloudfoundry.identity.uaa.constants.OriginKeys;
import org.cloudfoundry.identity.uaa.oauth.client.ClientConstants;
import org.cloudfoundry.identity.uaa.provider.IdentityProvider;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.util.StringUtils;

/* loaded from: input_file:WEB-INF/lib/cloudfoundry-identity-server-4.8.0.jar:org/cloudfoundry/identity/uaa/util/DomainFilter.class */
public class DomainFilter {
    private static Log logger = LogFactory.getLog(DomainFilter.class);

    public static List<IdentityProvider> filter(List<IdentityProvider> list, ClientDetails clientDetails, String str) {
        if (!StringUtils.hasText(str)) {
            return Collections.EMPTY_LIST;
        }
        if (list != null && list.size() > 0) {
            List<String> providersForClient = getProvidersForClient(clientDetails);
            if (providersForClient != null) {
                list = (List) list.stream().filter(identityProvider -> {
                    return providersForClient.contains(identityProvider.getOriginKey());
                }).collect(Collectors.toList());
            }
            if (str != null && str.contains("@")) {
                String substring = str.substring(str.indexOf(64) + 1);
                List<IdentityProvider> list2 = (List) list.stream().filter(identityProvider2 -> {
                    return doesEmailDomainMatchProvider(identityProvider2, substring, true);
                }).collect(Collectors.toList());
                if (list2.size() > 0) {
                    return list2;
                }
                list = (List) list.stream().filter(identityProvider3 -> {
                    return doesEmailDomainMatchProvider(identityProvider3, substring, false);
                }).collect(Collectors.toList());
            }
        }
        return list != null ? list : Collections.EMPTY_LIST;
    }

    public static List<IdentityProvider> getIdpsForEmailDomain(List<IdentityProvider> list, String str) {
        if (!StringUtils.hasText(str) || !str.contains("@")) {
            return Collections.EMPTY_LIST;
        }
        String substring = str.substring(str.indexOf(64) + 1);
        return (List) list.stream().filter(identityProvider -> {
            return doesEmailDomainMatchProvider(identityProvider, substring, true);
        }).collect(Collectors.toList());
    }

    protected static List<String> getProvidersForClient(ClientDetails clientDetails) {
        if (clientDetails == null) {
            return null;
        }
        return (List) clientDetails.getAdditionalInformation().get(ClientConstants.ALLOWED_PROVIDERS);
    }

    protected static List<String> getEmailDomain(IdentityProvider identityProvider) {
        if (identityProvider.getConfig() != null) {
            return identityProvider.getConfig().getEmailDomain();
        }
        return null;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public static boolean doesEmailDomainMatchProvider(IdentityProvider identityProvider, String str, boolean z) {
        List<String> emailDomain = getEmailDomain(identityProvider);
        List<String> list = emailDomain;
        if (!z && OriginKeys.UAA.equals(identityProvider.getOriginKey())) {
            list = emailDomain == null ? Arrays.asList("*.*", "*.*.*", "*.*.*.*") : emailDomain;
        }
        if (list == null) {
            return false;
        }
        return UaaStringUtils.matches(UaaStringUtils.constructWildcards(list), str);
    }
}
