package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.ProfileCompilerOptions;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/FinishAuthenticationFilter.class */
public class FinishAuthenticationFilter extends OncePerRequestFilter {
    private static final Trace LOGGER = TraceManager.getTrace(FinishAuthenticationFilter.class);
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired(required = false)
    private SessionRegistry sessionRegistry;

    @Autowired
    public void setPrincipalManager(GuiProfiledPrincipalManager guiProfiledPrincipalManager) {
        this.focusProfileService = guiProfiledPrincipalManager;
    }

    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        LOGGER.trace("Running FinishAuthenticationFilter");
        Authentication authentication = SecurityUtil.getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            LOGGER.trace("No MidpointAuthentication present, continue with filter chain");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
        if (!midpointAuthentication.isAuthenticated()) {
            LOGGER.trace("Skipping compile principal profile, failed authentication.");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        if (!midpointAuthentication.isFinished()) {
            LOGGER.trace("Skipping compile principal profile, unfinished authentication.");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (midpointAuthentication.isAlreadyCompiledGui()) {
            LOGGER.trace("Skipping compile principal profile, already was compiled.");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else if (midpointAuthentication.getPrincipal() instanceof GuiProfiledPrincipal) {
            compileGuiProfile(midpointAuthentication);
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        } else {
            LOGGER.trace("Skipping compile principal profile, because couldn't find GuiProfiledPrincipal.");
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
    }

    private void compileGuiProfile(MidpointAuthentication midpointAuthentication) {
        AuthenticationChannel authenticationChannel = midpointAuthentication.getAuthenticationChannel();
        boolean z = authenticationChannel == null || authenticationChannel.isSupportGuiConfigByChannel();
        GuiProfiledPrincipal guiProfiledPrincipal = (MidPointPrincipal) midpointAuthentication.getPrincipal();
        if (z) {
            this.focusProfileService.refreshCompiledProfile(guiProfiledPrincipal, ProfileCompilerOptions.create().collectAuthorization(true).compileGuiAdminConfiguration(z).locateSecurityPolicy(z).tryReusingSecurityPolicy(true).terminateDisabledUserSession(false));
            midpointAuthentication.setAlreadyCompiledGui(true);
        }
    }
}
