package org.pac4j.core.authorization.checker;

import java.util.ArrayList;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.pac4j.core.authorization.authorizer.Authorizer;
import org.pac4j.core.authorization.authorizer.CacheControlHeader;
import org.pac4j.core.authorization.authorizer.CorsAuthorizer;
import org.pac4j.core.authorization.authorizer.IsAnonymousAuthorizer;
import org.pac4j.core.authorization.authorizer.IsAuthenticatedAuthorizer;
import org.pac4j.core.authorization.authorizer.IsFullyAuthenticatedAuthorizer;
import org.pac4j.core.authorization.authorizer.IsRememberedAuthorizer;
import org.pac4j.core.authorization.authorizer.StrictTransportSecurityHeader;
import org.pac4j.core.authorization.authorizer.XContentTypeOptionsHeader;
import org.pac4j.core.authorization.authorizer.XFrameOptionsHeader;
import org.pac4j.core.authorization.authorizer.XSSProtectionHeader;
import org.pac4j.core.authorization.authorizer.csrf.CsrfAuthorizer;
import org.pac4j.core.authorization.authorizer.csrf.CsrfTokenGeneratorAuthorizer;
import org.pac4j.core.authorization.authorizer.csrf.DefaultCsrfTokenGenerator;
import org.pac4j.core.context.DefaultAuthorizers;
import org.pac4j.core.context.HttpConstants;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.CommonProfile;
import org.pac4j.core.util.CommonHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:BOOT-INF/lib/pac4j-core-3.3.0.jar:org/pac4j/core/authorization/checker/DefaultAuthorizationChecker.class */
public class DefaultAuthorizationChecker implements AuthorizationChecker {
    private static final Logger logger = LoggerFactory.getLogger((Class<?>) DefaultAuthorizationChecker.class);
    static final StrictTransportSecurityHeader STRICT_TRANSPORT_SECURITY_HEADER = new StrictTransportSecurityHeader();
    static final XContentTypeOptionsHeader X_CONTENT_TYPE_OPTIONS_HEADER = new XContentTypeOptionsHeader();
    static final XFrameOptionsHeader X_FRAME_OPTIONS_HEADER = new XFrameOptionsHeader();
    static final XSSProtectionHeader XSS_PROTECTION_HEADER = new XSSProtectionHeader();
    static final CacheControlHeader CACHE_CONTROL_HEADER = new CacheControlHeader();
    static final CsrfAuthorizer CSRF_AUTHORIZER = new CsrfAuthorizer();
    static final CsrfTokenGeneratorAuthorizer CSRF_TOKEN_GENERATOR_AUTHORIZER = new CsrfTokenGeneratorAuthorizer(new DefaultCsrfTokenGenerator());
    static final CorsAuthorizer CORS_AUTHORIZER = new CorsAuthorizer();
    static final IsAnonymousAuthorizer IS_ANONYMOUS_AUTHORIZER = new IsAnonymousAuthorizer();
    static final IsAuthenticatedAuthorizer IS_AUTHENTICATED_AUTHORIZER = new IsAuthenticatedAuthorizer();
    static final IsFullyAuthenticatedAuthorizer IS_FULLY_AUTHENTICATED_AUTHORIZER = new IsFullyAuthenticatedAuthorizer();
    static final IsRememberedAuthorizer IS_REMEMBERED_AUTHORIZER = new IsRememberedAuthorizer();

    @Override // org.pac4j.core.authorization.checker.AuthorizationChecker
    public boolean isAuthorized(WebContext webContext, List<CommonProfile> list, String str, Map<String, Authorizer> map) {
        ArrayList arrayList = new ArrayList();
        if (CommonHelper.isNotBlank(str)) {
            for (String str2 : str.split(",")) {
                String trim = str2.trim();
                if (DefaultAuthorizers.HSTS.equalsIgnoreCase(trim)) {
                    arrayList.add(STRICT_TRANSPORT_SECURITY_HEADER);
                } else if (DefaultAuthorizers.NOSNIFF.equalsIgnoreCase(trim)) {
                    arrayList.add(X_CONTENT_TYPE_OPTIONS_HEADER);
                } else if (DefaultAuthorizers.NOFRAME.equalsIgnoreCase(trim)) {
                    arrayList.add(X_FRAME_OPTIONS_HEADER);
                } else if (DefaultAuthorizers.XSSPROTECTION.equalsIgnoreCase(trim)) {
                    arrayList.add(XSS_PROTECTION_HEADER);
                } else if (DefaultAuthorizers.NOCACHE.equalsIgnoreCase(trim)) {
                    arrayList.add(CACHE_CONTROL_HEADER);
                } else if (DefaultAuthorizers.SECURITYHEADERS.equalsIgnoreCase(trim)) {
                    arrayList.add(CACHE_CONTROL_HEADER);
                    arrayList.add(X_CONTENT_TYPE_OPTIONS_HEADER);
                    arrayList.add(STRICT_TRANSPORT_SECURITY_HEADER);
                    arrayList.add(X_FRAME_OPTIONS_HEADER);
                    arrayList.add(XSS_PROTECTION_HEADER);
                } else if (DefaultAuthorizers.CSRF_TOKEN.equalsIgnoreCase(trim)) {
                    arrayList.add(CSRF_TOKEN_GENERATOR_AUTHORIZER);
                } else if (DefaultAuthorizers.CSRF_CHECK.equalsIgnoreCase(trim)) {
                    arrayList.add(CSRF_AUTHORIZER);
                } else if (DefaultAuthorizers.CSRF.equalsIgnoreCase(trim)) {
                    arrayList.add(CSRF_TOKEN_GENERATOR_AUTHORIZER);
                    arrayList.add(CSRF_AUTHORIZER);
                } else if (DefaultAuthorizers.ALLOW_AJAX_REQUESTS.equalsIgnoreCase(trim)) {
                    arrayList.add(CORS_AUTHORIZER);
                } else if (DefaultAuthorizers.IS_ANONYMOUS.equalsIgnoreCase(trim)) {
                    arrayList.add(IS_ANONYMOUS_AUTHORIZER);
                } else if (DefaultAuthorizers.IS_AUTHENTICATED.equalsIgnoreCase(trim)) {
                    arrayList.add(IS_AUTHENTICATED_AUTHORIZER);
                } else if (DefaultAuthorizers.IS_FULLY_AUTHENTICATED.equalsIgnoreCase(trim)) {
                    arrayList.add(IS_FULLY_AUTHENTICATED_AUTHORIZER);
                } else if (DefaultAuthorizers.IS_REMEMBERED.equalsIgnoreCase(trim)) {
                    arrayList.add(IS_REMEMBERED_AUTHORIZER);
                } else {
                    CommonHelper.assertNotNull("authorizersMap", map);
                    Authorizer authorizer = null;
                    Iterator<Map.Entry<String, Authorizer>> it = map.entrySet().iterator();
                    while (true) {
                        if (!it.hasNext()) {
                            break;
                        }
                        Map.Entry<String, Authorizer> next = it.next();
                        if (CommonHelper.areEqualsIgnoreCaseAndTrim(next.getKey(), trim)) {
                            authorizer = next.getValue();
                            break;
                        }
                    }
                    CommonHelper.assertNotNull("authorizersMap['" + trim + "']", authorizer);
                    arrayList.add(authorizer);
                }
            }
        }
        return isAuthorized(webContext, list, arrayList);
    }

    protected boolean isAuthorized(WebContext webContext, List<CommonProfile> list, List<Authorizer> list2) {
        CommonHelper.assertTrue(CommonHelper.isNotEmpty(list), "profiles must not be null or empty");
        if (!CommonHelper.isNotEmpty(list2)) {
            return true;
        }
        for (Authorizer authorizer : list2) {
            boolean isAuthorized = authorizer.isAuthorized(webContext, list);
            logger.debug("Checking authorizer: {} -> {}", authorizer, Boolean.valueOf(isAuthorized));
            if (!isAuthorized) {
                return false;
            }
        }
        return true;
    }

    static {
        CORS_AUTHORIZER.setAllowOrigin("*");
        CORS_AUTHORIZER.setAllowCredentials(true);
        HashSet hashSet = new HashSet();
        hashSet.add(HttpConstants.HTTP_METHOD.GET);
        hashSet.add(HttpConstants.HTTP_METHOD.PUT);
        hashSet.add(HttpConstants.HTTP_METHOD.POST);
        hashSet.add(HttpConstants.HTTP_METHOD.DELETE);
        hashSet.add(HttpConstants.HTTP_METHOD.OPTIONS);
        CORS_AUTHORIZER.setAllowMethods(hashSet);
    }
}
