package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.ModuleFactory;
import com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.impl.filter.FinishAuthenticationFilter;
import com.evolveum.midpoint.authentication.impl.filter.RefuseUnauthenticatedRequestFilter;
import com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import jakarta.annotation.PostConstruct;
import jakarta.servlet.Filter;
import jakarta.servlet.ServletRequest;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.web.DefaultSecurityFilterChain;
import org.springframework.security.web.SecurityFilterChain;
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
import org.springframework.security.web.authentication.switchuser.SwitchUserFilter;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.10-M4.jar:com/evolveum/midpoint/authentication/impl/factory/module/AbstractModuleFactory.class */
public abstract class AbstractModuleFactory<C extends ModuleWebSecurityConfiguration, CA extends ModuleWebSecurityConfigurer<C, MT>, MT extends AbstractAuthenticationModuleType, MA extends ModuleAuthentication> implements ModuleFactory<MT, MA> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AbstractModuleFactory.class);

    @Autowired
    private AuthModuleRegistryImpl registry;

    @Autowired
    private ObjectPostProcessor<Object> objectObjectPostProcessor;

    @PostConstruct
    public void register() {
        this.registry.addToRegistry(this);
    }

    public AuthModuleRegistryImpl getRegistry() {
        return this.registry;
    }

    public ObjectPostProcessor<Object> getObjectObjectPostProcessor() {
        return this.objectObjectPostProcessor;
    }

    @Override // com.evolveum.midpoint.authentication.api.ModuleFactory
    public abstract boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel);

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.authentication.api.ModuleFactory
    public AuthModule<MA> createAuthModule(MT mt, String str, ServletRequest servletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, AuthenticationChannel authenticationChannel, AuthenticationSequenceModuleType authenticationSequenceModuleType) throws Exception {
        if (mt == null) {
            LOGGER.error("This factory support only HttpHeaderAuthenticationModuleType, but modelType is null ");
            throw new IllegalArgumentException("Unsupported factory " + getClass().getSimpleName() + " for null module ");
        }
        isSupportedChannel(authenticationChannel);
        ModuleWebSecurityConfigurer moduleWebSecurityConfigurer = (ModuleWebSecurityConfigurer) getObjectObjectPostProcessor().postProcess(createModuleConfigurer(mt, str, authenticationChannel, getObjectObjectPostProcessor(), servletRequest));
        HttpSecurity newHttpSecurity = moduleWebSecurityConfigurer.getNewHttpSecurity(map);
        newHttpSecurity.addFilterAfter((Filter) new RefuseUnauthenticatedRequestFilter(), SwitchUserFilter.class);
        newHttpSecurity.addFilterBefore((Filter) getObjectObjectPostProcessor().postProcess(new FinishAuthenticationFilter()), FilterSecurityInterceptor.class);
        DefaultSecurityFilterChain build = newHttpSecurity.build();
        postProcessFilter(build, moduleWebSecurityConfigurer);
        ModuleAuthentication createEmptyModuleAuthentication = createEmptyModuleAuthentication(mt, moduleWebSecurityConfigurer.getConfiguration(), authenticationSequenceModuleType, servletRequest);
        createEmptyModuleAuthentication.setFocusType(mt.getFocusType());
        return AuthModuleImpl.build(build, moduleWebSecurityConfigurer.getConfiguration(), createEmptyModuleAuthentication);
    }

    protected void postProcessFilter(SecurityFilterChain securityFilterChain, CA ca) {
    }

    protected abstract CA createModuleConfigurer(MT mt, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest);

    protected abstract MA createEmptyModuleAuthentication(MT mt, C c, AuthenticationSequenceModuleType authenticationSequenceModuleType, ServletRequest servletRequest);

    @Override // com.evolveum.midpoint.authentication.api.ModuleFactory
    public Integer getOrder() {
        return 0;
    }

    protected void isSupportedChannel(AuthenticationChannel authenticationChannel) {
        if (authenticationChannel != null && SchemaConstants.CHANNEL_SELF_REGISTRATION_URI.equals(authenticationChannel.getChannelId())) {
            throw new IllegalArgumentException("Unsupported factory " + getClass().getSimpleName() + " for channel " + authenticationChannel.getChannelId());
        }
    }
}
