package org.opencms.security.twofactor;

import java.util.ArrayList;
import java.util.List;
import java.util.Set;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.apache.commons.logging.Log;
import org.opencms.file.CmsObject;
import org.opencms.file.CmsUser;
import org.opencms.main.CmsException;
import org.opencms.main.CmsLog;
import org.opencms.security.CmsOrganizationalUnit;
import org.opencms.util.CmsStringUtil;

/* loaded from: input_file:org/opencms/security/twofactor/CmsTwoFactorAuthenticationUserPolicy.class */
public class CmsTwoFactorAuthenticationUserPolicy {
    private static final Log LOG = CmsLog.getLog(CmsTwoFactorAuthenticationUserPolicy.class);
    private List<Rule> m_excludes;
    private List<Rule> m_includes;

    /* loaded from: input_file:org/opencms/security/twofactor/CmsTwoFactorAuthenticationUserPolicy$CheckType.class */
    public enum CheckType {
        group,
        pattern,
        orgunit
    }

    /* loaded from: input_file:org/opencms/security/twofactor/CmsTwoFactorAuthenticationUserPolicy$Rule.class */
    public static class Rule {
        private CheckType m_type;
        private String m_value;
        private Pattern m_pattern;

        public Rule(CheckType checkType, String str) {
            this.m_type = checkType;
            this.m_value = str;
            if (checkType == CheckType.pattern) {
                this.m_pattern = Pattern.compile(this.m_value);
            }
        }

        public Pattern getPattern() {
            return this.m_pattern;
        }

        public CheckType getType() {
            return this.m_type;
        }

        public String getValue() {
            return this.m_value;
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* loaded from: input_file:org/opencms/security/twofactor/CmsTwoFactorAuthenticationUserPolicy$UserCheckContext.class */
    public static class UserCheckContext {
        private CmsObject m_cms;
        private Set<String> m_groupNames;
        private CmsUser m_user;

        public UserCheckContext(CmsObject cmsObject, CmsUser cmsUser) {
            this.m_cms = cmsObject;
            this.m_user = cmsUser;
        }

        public Set<String> getGroupNames() throws CmsException {
            if (this.m_groupNames == null) {
                this.m_groupNames = (Set) this.m_cms.getGroupsOfUser(this.m_user.getName(), false).stream().map(cmsGroup -> {
                    return cmsGroup.getName();
                }).collect(Collectors.toSet());
            }
            return this.m_groupNames;
        }

        public CmsUser getUser() {
            return this.m_user;
        }
    }

    public CmsTwoFactorAuthenticationUserPolicy(List<Rule> list, List<Rule> list2) {
        this.m_excludes = new ArrayList();
        this.m_includes = new ArrayList();
        this.m_includes = new ArrayList(list);
        this.m_excludes = new ArrayList(list2);
    }

    public boolean shouldUseTwoFactorAuthentication(CmsObject cmsObject, CmsUser cmsUser) {
        UserCheckContext userCheckContext = new UserCheckContext(cmsObject, cmsUser);
        return checkIncluded(userCheckContext) && !checkExcluded(userCheckContext);
    }

    private boolean check(UserCheckContext userCheckContext, Rule rule) {
        if (rule.getType() != CheckType.orgunit) {
            if (rule.getType() != CheckType.group) {
                if (rule.getType() == CheckType.pattern) {
                    return rule.getPattern().matcher(userCheckContext.getUser().getName()).matches();
                }
                return false;
            }
            try {
                return userCheckContext.getGroupNames().contains(rule.getValue());
            } catch (Exception e) {
                LOG.error(e.getLocalizedMessage(), e);
                return false;
            }
        }
        String normalizeOu = normalizeOu(rule.getValue());
        String ouFqn = userCheckContext.getUser().getOuFqn();
        while (true) {
            String str = ouFqn;
            if (str == null) {
                return false;
            }
            if (normalizeOu.equals(normalizeOu(str))) {
                return true;
            }
            ouFqn = CmsOrganizationalUnit.getParentFqn(str);
        }
    }

    private boolean checkExcluded(UserCheckContext userCheckContext) {
        return this.m_excludes.stream().anyMatch(rule -> {
            return check(userCheckContext, rule);
        });
    }

    private boolean checkIncluded(UserCheckContext userCheckContext) {
        if (this.m_includes.size() == 0) {
            return true;
        }
        return this.m_includes.stream().anyMatch(rule -> {
            return check(userCheckContext, rule);
        });
    }

    private String normalizeOu(String str) {
        return CmsStringUtil.joinPaths("/", str, "/");
    }
}
