package com.evolveum.midpoint.authentication.impl.evaluator;

import com.evolveum.midpoint.authentication.api.evaluator.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Component;

@Component("passwordAuthenticationEvaluator")
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.3.jar:com/evolveum/midpoint/authentication/impl/evaluator/PasswordAuthenticationEvaluatorImpl.class */
public class PasswordAuthenticationEvaluatorImpl extends CredentialsAuthenticationEvaluatorImpl<PasswordType, PasswordAuthenticationContext> {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public void checkEnteredCredentials(ConnectionEnvironment connectionEnvironment, PasswordAuthenticationContext passwordAuthenticationContext) {
        if (StringUtils.isBlank(passwordAuthenticationContext.getUsername())) {
            auditAuthenticationFailure(passwordAuthenticationContext.getUsername(), connectionEnvironment, "empty login provided");
            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
        }
        if (StringUtils.isBlank(passwordAuthenticationContext.getPassword())) {
            auditAuthenticationFailure(passwordAuthenticationContext.getUsername(), connectionEnvironment, "empty password provided");
            throw new BadCredentialsException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
        }
    }

    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    protected boolean supportsAuthzCheck() {
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public PasswordType getCredential(CredentialsType credentialsType) {
        return credentialsType.getPassword();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public void validateCredentialNotNull(ConnectionEnvironment connectionEnvironment, @NotNull MidPointPrincipal midPointPrincipal, PasswordType passwordType) {
        if (passwordType.getValue() == null) {
            recordModuleAuthenticationFailure(midPointPrincipal.getUsername(), midPointPrincipal, connectionEnvironment, null, "no stored password value");
            throw new AuthenticationCredentialsNotFoundException("web.security.provider.password.bad");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public boolean passwordMatches(ConnectionEnvironment connectionEnvironment, @NotNull MidPointPrincipal midPointPrincipal, PasswordType passwordType, PasswordAuthenticationContext passwordAuthenticationContext) {
        return decryptAndMatch(connectionEnvironment, midPointPrincipal, passwordType.getValue(), passwordAuthenticationContext.getPassword());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicyType, PasswordAuthenticationContext passwordAuthenticationContext) {
        return SecurityUtil.getEffectivePasswordCredentialsPolicy(securityPolicyType);
    }

    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    protected boolean supportsActivation() {
        return true;
    }
}
