package org.pac4j.core.authorization;

import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.pac4j.core.authorization.authorizer.CacheControlHeader;
import org.pac4j.core.authorization.authorizer.StrictTransportSecurityHeader;
import org.pac4j.core.authorization.authorizer.XContentTypeOptionsHeader;
import org.pac4j.core.authorization.authorizer.XFrameOptionsHeader;
import org.pac4j.core.authorization.authorizer.XSSProtectionHeader;
import org.pac4j.core.authorization.authorizer.csrf.CsrfAuthorizer;
import org.pac4j.core.authorization.authorizer.csrf.CsrfTokenGeneratorAuthorizer;
import org.pac4j.core.authorization.authorizer.csrf.DefaultCsrfTokenGenerator;
import org.pac4j.core.context.WebContext;
import org.pac4j.core.profile.UserProfile;
import org.pac4j.core.util.CommonHelper;
import org.springframework.beans.factory.xml.DefaultBeanDefinitionDocumentReader;

/* loaded from: input_file:WEB-INF/lib/pac4j-core-1.8.8.jar:org/pac4j/core/authorization/DefaultAuthorizationChecker.class */
public class DefaultAuthorizationChecker implements AuthorizationChecker {
    static final StrictTransportSecurityHeader STRICT_TRANSPORT_SECURITY_HEADER = new StrictTransportSecurityHeader();
    static final XContentTypeOptionsHeader X_CONTENT_TYPE_OPTIONS_HEADER = new XContentTypeOptionsHeader();
    static final XFrameOptionsHeader X_FRAME_OPTIONS_HEADER = new XFrameOptionsHeader();
    static final XSSProtectionHeader XSS_PROTECTION_HEADER = new XSSProtectionHeader();
    static final CacheControlHeader CACHE_CONTROL_HEADER = new CacheControlHeader();
    static final CsrfAuthorizer CSRF_AUTHORIZER = new CsrfAuthorizer();
    static final CsrfTokenGeneratorAuthorizer CSRF_TOKEN_GENERATOR_AUTHORIZER = new CsrfTokenGeneratorAuthorizer(new DefaultCsrfTokenGenerator());

    @Override // org.pac4j.core.authorization.AuthorizationChecker
    public boolean isAuthorized(WebContext webContext, UserProfile userProfile, String str, Map<String, Authorizer> map) {
        ArrayList arrayList = new ArrayList();
        if (CommonHelper.isNotBlank(str)) {
            for (String str2 : str.split(",")) {
                if ("hsts".equalsIgnoreCase(str2)) {
                    arrayList.add(STRICT_TRANSPORT_SECURITY_HEADER);
                } else if ("nosniff".equalsIgnoreCase(str2)) {
                    arrayList.add(X_CONTENT_TYPE_OPTIONS_HEADER);
                } else if ("noframe".equalsIgnoreCase(str2)) {
                    arrayList.add(X_FRAME_OPTIONS_HEADER);
                } else if ("xssprotection".equalsIgnoreCase(str2)) {
                    arrayList.add(XSS_PROTECTION_HEADER);
                } else if ("nocache".equalsIgnoreCase(str2)) {
                    arrayList.add(CACHE_CONTROL_HEADER);
                } else if ("securityheaders".equalsIgnoreCase(str2)) {
                    arrayList.add(CACHE_CONTROL_HEADER);
                    arrayList.add(X_CONTENT_TYPE_OPTIONS_HEADER);
                    arrayList.add(STRICT_TRANSPORT_SECURITY_HEADER);
                    arrayList.add(X_FRAME_OPTIONS_HEADER);
                    arrayList.add(XSS_PROTECTION_HEADER);
                } else if ("csrfToken".equalsIgnoreCase(str2)) {
                    arrayList.add(CSRF_TOKEN_GENERATOR_AUTHORIZER);
                } else if ("csrfCheck".equalsIgnoreCase(str2)) {
                    arrayList.add(CSRF_AUTHORIZER);
                } else if ("csrf".equalsIgnoreCase(str2)) {
                    arrayList.add(CSRF_TOKEN_GENERATOR_AUTHORIZER);
                    arrayList.add(CSRF_AUTHORIZER);
                } else {
                    CommonHelper.assertNotNull("authorizersMap", map);
                    Authorizer authorizer = map.get(str2);
                    CommonHelper.assertNotNull("authorizersMap['" + str2 + "']", authorizer);
                    arrayList.add(authorizer);
                }
            }
        }
        return isAuthorized(webContext, userProfile, arrayList);
    }

    @Override // org.pac4j.core.authorization.AuthorizationChecker
    public boolean isAuthorized(WebContext webContext, UserProfile userProfile, List<Authorizer> list) {
        CommonHelper.assertNotNull(DefaultBeanDefinitionDocumentReader.PROFILE_ATTRIBUTE, userProfile);
        if (list == null || list.isEmpty()) {
            return true;
        }
        Iterator<Authorizer> it = list.iterator();
        while (it.hasNext()) {
            if (!it.next().isAuthorized(webContext, userProfile)) {
                return false;
            }
        }
        return true;
    }
}
