package com.evolveum.midpoint.authentication.impl.provider;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator;
import com.evolveum.midpoint.authentication.api.evaluator.context.AttributeVerificationAuthenticationContext;
import com.evolveum.midpoint.authentication.impl.evaluator.AttributeVerificationEvaluatorImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.token.AttributeVerificationToken;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AttributeVerificationCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/provider/AttributeVerificationProvider.class */
public class AttributeVerificationProvider extends AbstractCredentialProvider<AttributeVerificationAuthenticationContext> {
    private static final Trace LOGGER = TraceManager.getTrace(AttributeVerificationProvider.class);

    @Autowired
    public AttributeVerificationEvaluatorImpl authenticationEvaluator;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractCredentialProvider
    /* renamed from: getEvaluator, reason: merged with bridge method [inline-methods] */
    public AuthenticationEvaluator<AttributeVerificationAuthenticationContext, UsernamePasswordAuthenticationToken> getEvaluator2() {
        return this.authenticationEvaluator;
    }

    /* JADX WARN: Type inference failed for: r0v14, types: [com.evolveum.midpoint.authentication.impl.evaluator.AttributeVerificationEvaluatorImpl] */
    @Override // com.evolveum.midpoint.authentication.impl.provider.MidpointAbstractAuthenticationProvider
    protected Authentication doAuthenticate(Authentication authentication, String str, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) {
        LOGGER.trace("Authenticating username '{}'", str);
        if (str == null) {
            LOGGER.error("No username provided in the authentication token");
            return authentication;
        }
        ConnectionEnvironment createEnvironment = createEnvironment(authenticationChannel);
        if (!(authentication instanceof AttributeVerificationToken)) {
            LOGGER.error("Unsupported authentication {}", authentication);
            throw new AuthenticationServiceException("web.security.provider.unavailable");
        }
        UsernamePasswordAuthenticationToken authenticate = getEvaluator2().authenticate(createEnvironment, new AttributeVerificationAuthenticationContext(str, cls, ((AttributeVerificationToken) authentication).m58getCredentials(), list, authenticationChannel));
        LOGGER.debug("User '{}' authenticated ({}), authorities: {}", new Object[]{authentication.getPrincipal(), authentication.getClass().getSimpleName(), ((MidPointPrincipal) authenticate.getPrincipal()).getAuthorities()});
        return authenticate;
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractAuthenticationProvider
    protected Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection) {
        return authentication instanceof UsernamePasswordAuthenticationToken ? new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication;
    }

    public boolean supports(Class<?> cls) {
        return AttributeVerificationToken.class.equals(cls);
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractCredentialProvider
    public Class<? extends CredentialPolicyType> getTypeOfCredential() {
        return AttributeVerificationCredentialsPolicyType.class;
    }
}
