package de.resolution.samlsso.authenticator;

import java.util.Arrays;
import java.util.Collection;
import java.util.Collections;
import java.util.List;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:de/resolution/samlsso/authenticator/DenyPasswordSupport.class */
public class DenyPasswordSupport {
    private static final Logger logger = LoggerFactory.getLogger(DenyPasswordSupport.class);
    public static final String PARAM_ALLOW_SYSADMINS = "allowSysadmins";
    public static final String PARAM_GROUP_WHITELIST = "allowedGroups";
    public static final String PARAM_GROUP_BLACKLIST = "deniedGroups";
    public static final String PARAM_USER_WHITELIST = "allowedUsers";
    public static final String PARAM_USER_BLACKLIST = "deniedUsers";
    public static final String PARAM_GROUP_ALLOW_OVER_DENY = "groupAllowOverDeny";
    public static final String PARAM_ALLOW_WITHOUT_APPLICATION_ACCESS = "allowWithoutApplicationAccess";
    private final boolean allowSysAdmins;
    private final boolean groupAllowOverDeny;
    private final boolean allowWithoutApplicationAccess;
    private final List<Pattern> groupWhitelist;
    private final List<Pattern> groupBlacklist;
    private final List<Pattern> userWhitelist;
    private final List<Pattern> userBlacklist;

    public DenyPasswordSupport(Map<String, String> map) {
        logger.warn("=========================================================");
        logger.warn("== DenyPasswordAuthenticator is installed on this system.");
        if (map.containsKey(PARAM_ALLOW_SYSADMINS)) {
            String str = map.get(PARAM_ALLOW_SYSADMINS);
            if (str == null || str.trim().isEmpty()) {
                this.allowSysAdmins = true;
            } else {
                this.allowSysAdmins = !str.equalsIgnoreCase("false");
            }
        } else {
            this.allowSysAdmins = true;
        }
        if (this.allowSysAdmins) {
            logger.warn("== Users with SysAdmin-privileges can login with their password no matter what groups they are in.");
        } else {
            logger.warn("== Users with SysAdmin-privilege CAN NOT login with their password unless being member of an allowed group!");
        }
        if (map.containsKey(PARAM_ALLOW_WITHOUT_APPLICATION_ACCESS)) {
            String str2 = map.get(PARAM_ALLOW_WITHOUT_APPLICATION_ACCESS);
            if (str2 == null || str2.trim().isEmpty()) {
                this.allowWithoutApplicationAccess = false;
            } else {
                this.allowWithoutApplicationAccess = str2.equalsIgnoreCase("true");
            }
        } else {
            this.allowWithoutApplicationAccess = false;
        }
        if (this.allowWithoutApplicationAccess) {
            logger.warn("== Jira-Users without application-access (JSM-customers) can use a password.");
        }
        if (map.containsKey(PARAM_GROUP_ALLOW_OVER_DENY)) {
            String str3 = map.get(PARAM_GROUP_ALLOW_OVER_DENY);
            if (str3 == null || str3.trim().isEmpty()) {
                this.groupAllowOverDeny = false;
            } else {
                this.groupAllowOverDeny = str3.equalsIgnoreCase("true");
            }
        } else {
            this.groupAllowOverDeny = false;
        }
        if (this.groupAllowOverDeny) {
            logger.warn("== Members of an allowed group CAN login even if they are also member of a denied group.");
        } else {
            logger.warn("== Members of an allowed group CAN NOT login if they are also member of a denied group.");
        }
        if (map.containsKey(PARAM_USER_WHITELIST)) {
            String str4 = map.get(PARAM_USER_WHITELIST);
            if (str4 == null || str4.trim().isEmpty()) {
                logger.warn("== User Whitelist is empty");
                this.userWhitelist = Collections.emptyList();
            } else {
                logger.warn("== User Whitelist: {}", str4);
                this.userWhitelist = (List) Arrays.stream(str4.split(",")).map(Pattern::compile).collect(Collectors.toList());
            }
        } else {
            logger.warn("== User Whitelist is not configured");
            this.userWhitelist = Collections.emptyList();
        }
        if (map.containsKey(PARAM_USER_BLACKLIST)) {
            String str5 = map.get(PARAM_USER_BLACKLIST);
            if (str5 == null || str5.trim().isEmpty()) {
                logger.warn("== User Blacklist is empty");
                this.userBlacklist = Collections.emptyList();
            } else {
                logger.warn("== User Blacklist: {}", str5);
                this.userBlacklist = (List) Arrays.stream(str5.split(",")).map(Pattern::compile).collect(Collectors.toList());
            }
        } else {
            logger.warn("== User Blacklist is not configured");
            this.userBlacklist = Collections.emptyList();
        }
        if (map.containsKey(PARAM_GROUP_WHITELIST)) {
            String str6 = map.get(PARAM_GROUP_WHITELIST);
            if (str6 == null || str6.trim().isEmpty()) {
                logger.warn("== Group Whitelist is empty");
                this.groupWhitelist = Collections.emptyList();
            } else {
                logger.warn("== Group Whitelist: {}", str6);
                this.groupWhitelist = (List) Arrays.stream(str6.split(",")).map(Pattern::compile).collect(Collectors.toList());
            }
        } else {
            logger.warn("== Group Whitelist is not configured");
            this.groupWhitelist = Collections.emptyList();
        }
        if (map.containsKey(PARAM_GROUP_BLACKLIST)) {
            String str7 = map.get(PARAM_GROUP_BLACKLIST);
            if (str7 == null || str7.trim().isEmpty()) {
                logger.warn("== Group Blacklist is empty");
                this.groupBlacklist = Collections.emptyList();
            } else {
                logger.warn("== Group Blacklist: {}", str7);
                this.groupBlacklist = (List) Arrays.stream(str7.split(",")).map(Pattern::compile).collect(Collectors.toList());
            }
        } else {
            logger.warn("== Group Blacklist is not configured");
            this.groupBlacklist = Collections.emptyList();
        }
        logger.warn("== All other users must use a different method, e.g. SSO to authenticate.");
        if (logger.isErrorEnabled() && getUserWhitelist().isEmpty() && getGroupBlacklist().isEmpty() && getGroupWhitelist().isEmpty() && !isAllowSysAdmins()) {
            logger.error("== Group lists and user whitelist are empty and password authentication is also disabled for SysAdmins!");
            logger.error("== PASSWORD ACCESS IS DISABLED FOR ALL USERS, THIS CONFIGURATION IS NOT RECOMMENDED!");
        }
        logger.warn("=======================================================");
    }

    public boolean groupAllowsPasswordLogin(Collection<String> collection) {
        if (this.groupBlacklist.isEmpty() && this.groupWhitelist.isEmpty()) {
            return false;
        }
        return this.groupWhitelist.isEmpty() ? collection.stream().noneMatch(str -> {
            return this.groupBlacklist.stream().anyMatch(pattern -> {
                return pattern.matcher(str).matches();
            });
        }) : (this.groupBlacklist.isEmpty() || isGroupAllowOverDeny()) ? collection.stream().anyMatch(str2 -> {
            return this.groupWhitelist.stream().anyMatch(pattern -> {
                return pattern.matcher(str2).matches();
            });
        }) : collection.stream().anyMatch(str3 -> {
            return this.groupWhitelist.stream().anyMatch(pattern -> {
                return pattern.matcher(str3).matches();
            });
        }) && collection.stream().noneMatch(str4 -> {
            return this.groupBlacklist.stream().anyMatch(pattern -> {
                return pattern.matcher(str4).matches();
            });
        });
    }

    public boolean userOnWhitelist(String str) {
        boolean anyMatch = this.userWhitelist.stream().anyMatch(pattern -> {
            return pattern.matcher(str).matches();
        });
        if (anyMatch) {
            logger.debug("User {} is on the whitelist", str);
        }
        return anyMatch;
    }

    public boolean userOnBlacklist(String str) {
        boolean anyMatch = this.userBlacklist.stream().anyMatch(pattern -> {
            return pattern.matcher(str).matches();
        });
        if (anyMatch) {
            logger.debug("User {} is on the blacklist", str);
        }
        return anyMatch;
    }

    public boolean isAllowSysAdmins() {
        return this.allowSysAdmins;
    }

    public boolean isGroupAllowOverDeny() {
        return this.groupAllowOverDeny;
    }

    public boolean isAllowWithoutApplicationAccess() {
        return this.allowWithoutApplicationAccess;
    }

    public List<String> getGroupWhitelist() {
        return (List) this.groupWhitelist.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toList());
    }

    public List<String> getGroupBlacklist() {
        return (List) this.groupBlacklist.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toList());
    }

    public List<String> getUserWhitelist() {
        return (List) this.userWhitelist.stream().map((v0) -> {
            return v0.toString();
        }).collect(Collectors.toList());
    }
}
