package org.wso2.carbon.identity.application.mgt.validator;

import java.util.ArrayList;
import java.util.Arrays;
import java.util.List;
import java.util.Map;
import java.util.concurrent.atomic.AtomicBoolean;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import org.apache.commons.lang.ArrayUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.wso2.carbon.context.CarbonContext;
import org.wso2.carbon.identity.application.common.ApplicationAuthenticatorService;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementClientException;
import org.wso2.carbon.identity.application.common.IdentityApplicationManagementException;
import org.wso2.carbon.identity.application.common.model.AuthenticationStep;
import org.wso2.carbon.identity.application.common.model.ClaimConfig;
import org.wso2.carbon.identity.application.common.model.ClaimMapping;
import org.wso2.carbon.identity.application.common.model.FederatedAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.IdentityProvider;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.InboundAuthenticationRequestConfig;
import org.wso2.carbon.identity.application.common.model.LocalAndOutboundAuthenticationConfig;
import org.wso2.carbon.identity.application.common.model.LocalAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.OutboundProvisioningConfig;
import org.wso2.carbon.identity.application.common.model.PermissionsAndRoleConfig;
import org.wso2.carbon.identity.application.common.model.Property;
import org.wso2.carbon.identity.application.common.model.RequestPathAuthenticatorConfig;
import org.wso2.carbon.identity.application.common.model.RoleMapping;
import org.wso2.carbon.identity.application.common.model.ServiceProvider;
import org.wso2.carbon.identity.application.common.model.script.AuthenticationScriptConfig;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationConstants;
import org.wso2.carbon.identity.application.common.util.IdentityApplicationManagementUtil;
import org.wso2.carbon.identity.application.mgt.ApplicationConstants;
import org.wso2.carbon.identity.application.mgt.ApplicationManagementService;
import org.wso2.carbon.identity.application.mgt.dao.impl.ApplicationDAOImpl;
import org.wso2.carbon.identity.claim.metadata.mgt.ClaimMetadataManagementServiceImpl;
import org.wso2.carbon.identity.claim.metadata.mgt.exception.ClaimMetadataException;
import org.wso2.carbon.identity.core.util.IdentityUtil;
import org.wso2.carbon.idp.mgt.IdentityProviderManagementException;
import org.wso2.carbon.idp.mgt.IdentityProviderManager;
import org.wso2.carbon.user.api.UserStoreException;
import org.wso2.carbon.user.api.UserStoreManager;
import org.wso2.carbon.user.core.UserCoreConstants;

/* loaded from: input_file:org/wso2/carbon/identity/application/mgt/validator/DefaultApplicationValidator.class */
public class DefaultApplicationValidator implements ApplicationValidator {
    private static Log log = LogFactory.getLog(DefaultApplicationValidator.class);
    private static final String AUTHENTICATOR_NOT_AVAILABLE = "Authenticator %s is not available in the server.";
    private static final String AUTHENTICATOR_NOT_CONFIGURED = "Authenticator %s is not configured for %s identity Provider.";
    private static final String PROVISIONING_CONNECTOR_NOT_CONFIGURED = "No Provisioning connector configured for %s.";
    private static final String FEDERATED_IDP_NOT_AVAILABLE = "Federated Identity Provider %s is not available in the server.";
    private static final String PROXY_MODE_ENABLED = "Configuring MFA is not allowed as proxy mode is enabled for the federated IDP";
    private static final String CLAIM_DIALECT_NOT_AVAILABLE = "Claim Dialect %s is not available in the server for tenantDomain:%s.";
    private static final String CLAIM_NOT_AVAILABLE = "Local claim %s is not available in the server for tenantDomain:%s.";
    private static final String SP_CLAIM_NOT_AVAILABLE = "Application Claim URI '%s' is not defined for application:%s.";
    private static final String ROLE_NOT_AVAILABLE = "Local Role %s is not available in the server.";
    private static final String GROUPS_ARE_PROHIBITED_FOR_ROLE_MAPPING = "Groups including: %s, are prohibited for role mapping. Use roles instead.";
    public static final String IS_HANDLER = "IS_HANDLER";
    private static Pattern loopPattern;
    private static final int MODE_DEFAULT = 1;
    private static final int MODE_ESCAPE = 2;
    private static final int MODE_STRING = 3;
    private static final int MODE_SINGLE_LINE = 4;
    private static final int MODE_MULTI_LINE = 5;

    public DefaultApplicationValidator() {
        loopPattern = Pattern.compile("\\b(for|while|forEach)\\b");
    }

    @Override // org.wso2.carbon.identity.application.mgt.validator.ApplicationValidator
    public int getOrderId() {
        return 0;
    }

    @Override // org.wso2.carbon.identity.application.mgt.validator.ApplicationValidator
    public List<String> validateApplication(ServiceProvider serviceProvider, String str, String str2) throws IdentityApplicationManagementException {
        ArrayList arrayList = new ArrayList();
        validateDiscoverabilityConfigs(arrayList, serviceProvider);
        validateInboundAuthenticationConfig(serviceProvider.getInboundAuthenticationConfig(), str, serviceProvider.getApplicationID());
        validateLocalAndOutBoundAuthenticationConfig(arrayList, serviceProvider.getLocalAndOutBoundAuthenticationConfig(), str);
        validateRequestPathAuthenticationConfig(arrayList, serviceProvider.getRequestPathAuthenticatorConfigs(), str);
        validateOutBoundProvisioning(arrayList, serviceProvider.getOutboundProvisioningConfig(), str);
        validateClaimsConfigs(arrayList, serviceProvider.getClaimConfig(), serviceProvider.getLocalAndOutBoundAuthenticationConfig() != null ? serviceProvider.getLocalAndOutBoundAuthenticationConfig().getSubjectClaimUri() : null, str, serviceProvider.getApplicationName());
        validateRoleConfigs(arrayList, serviceProvider.getPermissionAndRoleConfig(), str);
        if (isAuthenticationScriptAvailableConfig(serviceProvider)) {
            validateAdaptiveAuthScript(arrayList, serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationScriptConfig());
        }
        return arrayList;
    }

    private void validateDiscoverabilityConfigs(List<String> list, ServiceProvider serviceProvider) {
        if (serviceProvider.isDiscoverable() && StringUtils.isBlank(serviceProvider.getAccessUrl())) {
            list.add(String.format("A valid %s needs to be defined if an application is marked as discoverable.", "accessURL"));
        }
    }

    private void validateInboundAuthenticationConfig(InboundAuthenticationConfig inboundAuthenticationConfig, String str, int i) throws IdentityApplicationManagementException {
        if (inboundAuthenticationConfig == null) {
            return;
        }
        InboundAuthenticationRequestConfig[] inboundAuthenticationRequestConfigs = inboundAuthenticationConfig.getInboundAuthenticationRequestConfigs();
        if (ArrayUtils.isNotEmpty(inboundAuthenticationRequestConfigs)) {
            for (InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig : inboundAuthenticationRequestConfigs) {
                validateInboundAuthKey(inboundAuthenticationRequestConfig, i, str);
            }
        }
    }

    private void validateInboundAuthKey(InboundAuthenticationRequestConfig inboundAuthenticationRequestConfig, int i, String str) throws IdentityApplicationManagementException {
        if (inboundAuthenticationRequestConfig == null) {
            return;
        }
        ApplicationDAOImpl applicationDAOImpl = new ApplicationDAOImpl();
        String serviceProviderNameByClientId = applicationDAOImpl.getServiceProviderNameByClientId(inboundAuthenticationRequestConfig.getInboundAuthKey(), inboundAuthenticationRequestConfig.getInboundAuthType(), CarbonContext.getThreadLocalCarbonContext().getTenantDomain());
        if (StringUtils.isBlank(serviceProviderNameByClientId)) {
            if (log.isDebugEnabled()) {
                log.debug("Cannot find application name for the inbound auth key: " + inboundAuthenticationRequestConfig.getInboundAuthKey() + " of inbound auth type: " + inboundAuthenticationRequestConfig.getInboundAuthType());
            }
        } else {
            ServiceProvider application = applicationDAOImpl.getApplication(serviceProviderNameByClientId, str);
            if (application == null || application.getApplicationID() == i) {
                return;
            }
            throw buildClientException(IdentityApplicationConstants.Error.INBOUND_KEY_ALREADY_EXISTS, "Inbound key: '" + inboundAuthenticationRequestConfig.getInboundAuthKey() + "' of inbound auth type: '" + inboundAuthenticationRequestConfig.getInboundAuthType() + "' is already configured for the application :'" + application.getApplicationName() + "'");
        }
    }

    private IdentityApplicationManagementClientException buildClientException(IdentityApplicationConstants.Error error, String str) {
        return new IdentityApplicationManagementClientException(error.getCode(), str);
    }

    private void validateLocalAndOutBoundAuthenticationConfig(List<String> list, LocalAndOutboundAuthenticationConfig localAndOutboundAuthenticationConfig, String str) throws IdentityApplicationManagementException {
        AuthenticationStep[] authenticationSteps;
        if (localAndOutboundAuthenticationConfig == null || (authenticationSteps = localAndOutboundAuthenticationConfig.getAuthenticationSteps()) == null || authenticationSteps.length == 0) {
            return;
        }
        Map map = (Map) Arrays.stream(ApplicationManagementService.getInstance().getAllLocalAuthenticators(str)).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getProperties();
        }));
        AtomicBoolean atomicBoolean = new AtomicBoolean(false);
        validateConfiguring2FAWithProxyModeEnabledFIDP(list, str, authenticationSteps);
        for (AuthenticationStep authenticationStep : authenticationSteps) {
            for (IdentityProvider identityProvider : authenticationStep.getFederatedIdentityProviders()) {
                validateFederatedIdp(identityProvider, atomicBoolean, list, str);
            }
            for (LocalAuthenticatorConfig localAuthenticatorConfig : authenticationStep.getLocalAuthenticatorConfigs()) {
                if (!map.containsKey(localAuthenticatorConfig.getName())) {
                    list.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, localAuthenticatorConfig.getName()));
                } else if (!atomicBoolean.get()) {
                    Property[] propertyArr = (Property[]) map.get(localAuthenticatorConfig.getName());
                    if (propertyArr.length == 0) {
                        atomicBoolean.set(true);
                    } else {
                        for (Property property : propertyArr) {
                            if (!"IS_HANDLER".equals(property.getName()) || !Boolean.parseBoolean(property.getValue())) {
                                atomicBoolean.set(true);
                            }
                        }
                    }
                }
            }
        }
        if (atomicBoolean.get()) {
            return;
        }
        list.add("No authenticator have been registered in the authentication flow.");
    }

    private void validateRequestPathAuthenticationConfig(List<String> list, RequestPathAuthenticatorConfig[] requestPathAuthenticatorConfigArr, String str) throws IdentityApplicationManagementException {
        Map map = (Map) Arrays.stream(ApplicationManagementService.getInstance().getAllRequestPathAuthenticators(str)).collect(Collectors.toMap((v0) -> {
            return v0.getName();
        }, (v0) -> {
            return v0.getProperties();
        }));
        if (requestPathAuthenticatorConfigArr != null) {
            for (RequestPathAuthenticatorConfig requestPathAuthenticatorConfig : requestPathAuthenticatorConfigArr) {
                if (!map.containsKey(requestPathAuthenticatorConfig.getName())) {
                    list.add(String.format(AUTHENTICATOR_NOT_AVAILABLE, requestPathAuthenticatorConfig.getName()));
                }
            }
        }
    }

    private void validateConfiguring2FAWithProxyModeEnabledFIDP(List<String> list, String str, AuthenticationStep[] authenticationStepArr) throws IdentityApplicationManagementClientException {
        int i = 0;
        StringBuilder sb = new StringBuilder();
        if (ArrayUtils.isNotEmpty(authenticationStepArr) && authenticationStepArr.length < MODE_ESCAPE) {
            if (log.isDebugEnabled()) {
                log.debug("Since multi-steps were not configured, validating second factor authenticators will not be required.");
                return;
            }
            return;
        }
        for (AuthenticationStep authenticationStep : authenticationStepArr) {
            i = getProxyModeEnabledFIDPStepOrder(authenticationStep, sb, str, list, i);
            validMFAWithLocalAuthenticators(authenticationStep, i);
        }
    }

    private boolean isProxyModeEnabledFIdpStepConfigured(FederatedAuthenticatorConfig federatedAuthenticatorConfig, IdentityProvider identityProvider, String str, List<String> list) {
        boolean z = false;
        boolean isJitProvisioningEnabled = isJitProvisioningEnabled(identityProvider, str, list);
        List asList = Arrays.asList(ApplicationAuthenticatorService.getInstance().getFederatedAuthenticatorByName(federatedAuthenticatorConfig.getName()).getTags());
        if (!isJitProvisioningEnabled && (asList.contains("Social-Login") || asList.contains("SAML") || asList.contains("OIDC"))) {
            z = true;
        }
        return z;
    }

    private int getProxyModeEnabledFIDPStepOrder(AuthenticationStep authenticationStep, StringBuilder sb, String str, List<String> list, int i) throws IdentityApplicationManagementClientException {
        for (IdentityProvider identityProvider : authenticationStep.getFederatedIdentityProviders()) {
            for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : identityProvider.getFederatedAuthenticatorConfigs()) {
                if (isProxyModeEnabledFIdpStepConfigured(federatedAuthenticatorConfig, identityProvider, str, list)) {
                    sb.append(identityProvider.getIdentityProviderName());
                    return authenticationStep.getStepOrder();
                }
                FederatedAuthenticatorConfig federatedAuthenticatorByName = ApplicationAuthenticatorService.getInstance().getFederatedAuthenticatorByName(federatedAuthenticatorConfig.getName());
                if (federatedAuthenticatorByName != null && federatedAuthenticatorByName.getTags() != null) {
                    List asList = Arrays.asList(federatedAuthenticatorByName.getTags());
                    if (i != 0 && authenticationStep.getStepOrder() > i && asList.contains("MFA")) {
                        throw new IdentityApplicationManagementClientException(IdentityApplicationConstants.Error.INVALID_REQUEST.getCode(), PROXY_MODE_ENABLED);
                    }
                }
            }
        }
        return i;
    }

    private void validMFAWithLocalAuthenticators(AuthenticationStep authenticationStep, int i) throws IdentityApplicationManagementClientException {
        for (LocalAuthenticatorConfig localAuthenticatorConfig : authenticationStep.getLocalAuthenticatorConfigs()) {
            LocalAuthenticatorConfig localAuthenticatorByName = ApplicationAuthenticatorService.getInstance().getLocalAuthenticatorByName(localAuthenticatorConfig.getName());
            if (localAuthenticatorByName != null && localAuthenticatorByName.getTags() != null) {
                List asList = Arrays.asList(localAuthenticatorByName.getTags());
                if (i != 0 && authenticationStep.getStepOrder() > i && asList.contains("MFA")) {
                    throw new IdentityApplicationManagementClientException(IdentityApplicationConstants.Error.INVALID_REQUEST.getCode(), PROXY_MODE_ENABLED);
                }
            }
        }
    }

    private boolean isJitProvisioningEnabled(IdentityProvider identityProvider, String str, List<String> list) {
        boolean z = false;
        try {
            z = IdentityProviderManager.getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, false).getJustInTimeProvisioningConfig().isProvisioningEnabled();
        } catch (IdentityProviderManagementException e) {
            list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
        }
        return z;
    }

    private void validateFederatedIdp(IdentityProvider identityProvider, AtomicBoolean atomicBoolean, List<String> list, String str) {
        try {
            IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, false);
            if (idPByName.getId() == null) {
                list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
            } else if (idPByName.getFederatedAuthenticatorConfigs() != null) {
                atomicBoolean.set(true);
                List list2 = (List) Arrays.stream(idPByName.getFederatedAuthenticatorConfigs()).map((v0) -> {
                    return v0.getName();
                }).collect(Collectors.toList());
                for (FederatedAuthenticatorConfig federatedAuthenticatorConfig : identityProvider.getFederatedAuthenticatorConfigs()) {
                    if (!list2.contains(federatedAuthenticatorConfig.getName())) {
                        list.add(String.format(AUTHENTICATOR_NOT_CONFIGURED, federatedAuthenticatorConfig.getName(), identityProvider.getIdentityProviderName()));
                    }
                }
            } else {
                for (FederatedAuthenticatorConfig federatedAuthenticatorConfig2 : identityProvider.getFederatedAuthenticatorConfigs()) {
                    list.add(String.format(AUTHENTICATOR_NOT_CONFIGURED, federatedAuthenticatorConfig2.getName(), identityProvider.getIdentityProviderName()));
                }
            }
        } catch (IdentityProviderManagementException e) {
            String format = String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName());
            log.error(format, e);
            list.add(format);
        }
    }

    private void validateOutBoundProvisioning(List<String> list, OutboundProvisioningConfig outboundProvisioningConfig, String str) {
        if (outboundProvisioningConfig == null || outboundProvisioningConfig.getProvisioningIdentityProviders() == null) {
            return;
        }
        for (IdentityProvider identityProvider : outboundProvisioningConfig.getProvisioningIdentityProviders()) {
            try {
                IdentityProvider idPByName = IdentityProviderManager.getInstance().getIdPByName(identityProvider.getIdentityProviderName(), str, false);
                if (idPByName == null) {
                    list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
                } else if (idPByName.getDefaultProvisioningConnectorConfig() == null && idPByName.getProvisioningConnectorConfigs() == null) {
                    list.add(String.format(PROVISIONING_CONNECTOR_NOT_CONFIGURED, identityProvider.getIdentityProviderName()));
                }
            } catch (IdentityProviderManagementException e) {
                list.add(String.format(FEDERATED_IDP_NOT_AVAILABLE, identityProvider.getIdentityProviderName()));
            }
        }
    }

    private void validateClaimsConfigs(List<String> list, ClaimConfig claimConfig, String str, String str2, String str3) throws IdentityApplicationManagementException {
        if (claimConfig == null) {
            return;
        }
        String[] allLocalClaimUris = ApplicationManagementService.getInstance().getAllLocalClaimUris(str2);
        ArrayList arrayList = new ArrayList();
        ClaimMapping[] claimMappings = claimConfig.getClaimMappings();
        if (claimMappings != null) {
            for (ClaimMapping claimMapping : claimMappings) {
                String claimUri = claimMapping.getLocalClaim().getClaimUri();
                arrayList.add(claimMapping.getRemoteClaim().getClaimUri());
                if (!Arrays.asList(allLocalClaimUris).contains(claimUri)) {
                    list.add(String.format(CLAIM_NOT_AVAILABLE, claimUri, str2));
                }
            }
        }
        String roleClaimURI = claimConfig.getRoleClaimURI();
        String userClaimURI = claimConfig.getUserClaimURI();
        if (claimConfig.isLocalClaimDialect()) {
            if (StringUtils.isNotBlank(roleClaimURI) && !Arrays.asList(allLocalClaimUris).contains(roleClaimURI)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, roleClaimURI, str2));
            }
            if (StringUtils.isNotBlank(userClaimURI) && !Arrays.asList(allLocalClaimUris).contains(userClaimURI)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, userClaimURI, str2));
            }
            if (StringUtils.isNotBlank(str) && !Arrays.asList(allLocalClaimUris).contains(str)) {
                list.add(String.format(CLAIM_NOT_AVAILABLE, str, str2));
            }
        } else {
            if (StringUtils.isNotBlank(roleClaimURI) && !arrayList.contains(roleClaimURI)) {
                list.add(String.format(SP_CLAIM_NOT_AVAILABLE, roleClaimURI, str3));
            }
            if (StringUtils.isNotBlank(userClaimURI) && !arrayList.contains(userClaimURI)) {
                list.add(String.format(SP_CLAIM_NOT_AVAILABLE, userClaimURI, str3));
            }
            if (StringUtils.isNotBlank(str) && !arrayList.contains(str)) {
                list.add(String.format(SP_CLAIM_NOT_AVAILABLE, str, str3));
            }
        }
        String[] spClaimDialects = claimConfig.getSpClaimDialects();
        if (spClaimDialects != null) {
            try {
                List claimDialects = new ClaimMetadataManagementServiceImpl().getClaimDialects(str2);
                if (claimDialects != null) {
                    List list2 = (List) claimDialects.stream().map((v0) -> {
                        return v0.getClaimDialectURI();
                    }).collect(Collectors.toList());
                    for (String str4 : spClaimDialects) {
                        if (!list2.contains(str4)) {
                            list.add(String.format(CLAIM_DIALECT_NOT_AVAILABLE, str4, str2));
                        }
                    }
                }
            } catch (ClaimMetadataException e) {
                list.add(String.format("Error in getting claim dialect for %s. ", str2));
            }
        }
    }

    private void validateRoleConfigs(List<String> list, PermissionsAndRoleConfig permissionsAndRoleConfig, String str) {
        if (permissionsAndRoleConfig == null || permissionsAndRoleConfig.getRoleMappings() == null) {
            return;
        }
        try {
            UserStoreManager userStoreManager = CarbonContext.getThreadLocalCarbonContext().getUserRealm().getUserStoreManager();
            RoleMapping[] roleMappings = permissionsAndRoleConfig.getRoleMappings();
            int length = roleMappings.length;
            int i = 0;
            while (true) {
                if (i >= length) {
                    break;
                }
                RoleMapping roleMapping = roleMappings[i];
                if (IdentityUtil.isGroupsVsRolesSeparationImprovementsEnabled() && isGroup(roleMapping.getLocalRole().getLocalRoleName())) {
                    list.add(String.format(GROUPS_ARE_PROHIBITED_FOR_ROLE_MAPPING, roleMapping.getLocalRole().getLocalRoleName()));
                    break;
                } else {
                    if (!userStoreManager.isExistingRole(roleMapping.getLocalRole().getLocalRoleName())) {
                        list.add(String.format(ROLE_NOT_AVAILABLE, roleMapping.getLocalRole().getLocalRoleName()));
                        break;
                    }
                    i++;
                }
            }
        } catch (UserStoreException e) {
            list.add(String.format("Error when checking the existence of local roles in %s.", str));
        }
    }

    private boolean isGroup(String str) {
        return !Stream.of((Object[]) new String[]{"Internal", ApplicationConstants.APPLICATION_DOMAIN, "Workflow"}).anyMatch(str2 -> {
            return str.toUpperCase().startsWith((str2 + UserCoreConstants.DOMAIN_SEPARATOR).toUpperCase());
        });
    }

    private void validateAdaptiveAuthScript(List<String> list, AuthenticationScriptConfig authenticationScriptConfig) {
        String adaptiveAuthScript = getAdaptiveAuthScript(authenticationScriptConfig);
        if (StringUtils.isBlank(adaptiveAuthScript)) {
            if (log.isDebugEnabled()) {
                log.debug("Provided authentication script is empty.");
            }
        } else {
            if (IdentityApplicationManagementUtil.isLoopsInAdaptiveAuthScriptAllowed()) {
                return;
            }
            if (log.isDebugEnabled()) {
                log.debug("Loops are not allowed in the authentication script. Therefore checking whether loops are present in the provided script.");
            }
            if (IdentityApplicationManagementUtil.isLoopsPresentInAdaptiveAuthScript(adaptiveAuthScript)) {
                list.add("Loops are not allowed in the adaptive authentication script, but loops are available in the provided script.");
            }
        }
    }

    private String getAdaptiveAuthScript(AuthenticationScriptConfig authenticationScriptConfig) {
        if (authenticationScriptConfig != null) {
            return authenticationScriptConfig.getContent();
        }
        return null;
    }

    private boolean isAuthenticationScriptAvailableConfig(ServiceProvider serviceProvider) {
        return (serviceProvider.getLocalAndOutBoundAuthenticationConfig() == null || serviceProvider.getLocalAndOutBoundAuthenticationConfig().getAuthenticationScriptConfig() == null) ? false : true;
    }
}
