package com.evolveum.midpoint.authentication.impl.handler;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.audit.api.AuditService;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.3.jar:com/evolveum/midpoint/authentication/impl/handler/AuditedAccessDeniedHandler.class */
public class AuditedAccessDeniedHandler extends MidpointAccessDeniedHandler {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AuditedAccessDeniedHandler.class);
    private static final String OP_AUDIT_EVENT = AuditedAccessDeniedHandler.class.getName() + ".auditEvent";

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private AuditService auditService;

    @Autowired
    private PrismContext prismContext;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.handler.MidpointAccessDeniedHandler
    public boolean handleInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AccessDeniedException accessDeniedException) throws IOException, ServletException {
        if (super.handleInternal(httpServletRequest, httpServletResponse, accessDeniedException)) {
            return true;
        }
        auditEvent(httpServletRequest, SecurityContextHolder.getContext().getAuthentication(), accessDeniedException);
        return false;
    }

    private void auditEvent(HttpServletRequest httpServletRequest, Authentication authentication, AccessDeniedException accessDeniedException) {
        OperationResult operationResult = new OperationResult(OP_AUDIT_EVENT);
        GuiProfiledPrincipal principalUser = AuthUtil.getPrincipalUser(authentication);
        PrismObject<? extends FocusType> asPrismObject = principalUser != null ? principalUser.getFocus().asPrismObject() : null;
        String str = SchemaConstants.CHANNEL_USER_URI;
        if (authentication instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
            if (midpointAuthentication.getAuthenticationChannel() != null) {
                str = midpointAuthentication.getAuthenticationChannel().getChannelId();
            }
        }
        Task createTaskInstance = this.taskManager.createTaskInstance();
        createTaskInstance.setOwner(asPrismObject);
        createTaskInstance.setChannel(str);
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
        auditEventRecord.setInitiator(asPrismObject);
        String name = AuthSequenceUtil.getName(asPrismObject);
        if (asPrismObject == null && authentication != null) {
            Object principal = authentication.getPrincipal();
            if (principal instanceof String) {
                name = (String) principal;
            }
        }
        auditEventRecord.setParameter(name);
        auditEventRecord.setChannel(str);
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        auditEventRecord.setOutcome(OperationResultStatus.FATAL_ERROR);
        auditEventRecord.setHostIdentifier(httpServletRequest.getLocalName());
        auditEventRecord.setRemoteHostAddress(httpServletRequest.getLocalAddr());
        auditEventRecord.setNodeIdentifier(this.taskManager.getNodeId());
        auditEventRecord.setSessionIdentifier(httpServletRequest.getRequestedSessionId());
        auditEventRecord.setMessage(accessDeniedException.getMessage());
        try {
            this.auditService.audit(auditEventRecord, createTaskInstance, operationResult);
        } catch (Exception e) {
            LOGGER.error("Couldn't audit audit event because of malformed username: " + name, (Throwable) e);
            String norm = new PolyString(name).recompute().getNorm();
            LOGGER.info("Normalization of username and create audit record with normalized username. Normalized username: " + norm);
            auditEventRecord.setParameter(norm);
            this.auditService.audit(auditEventRecord, createTaskInstance, operationResult);
        }
    }
}
