package com.evolveum.midpoint.web.security;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.audit.api.AuditService;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.session.SessionStorage;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Iterator;
import java.util.Locale;
import org.apache.commons.lang.StringUtils;
import org.apache.wicket.Session;
import org.apache.wicket.ThreadContext;
import org.apache.wicket.authroles.authentication.AuthenticatedWebSession;
import org.apache.wicket.authroles.authorization.strategies.role.Roles;
import org.apache.wicket.injection.Injector;
import org.apache.wicket.request.Request;
import org.apache.wicket.request.cycle.RequestCycle;
import org.apache.wicket.spring.injection.annot.SpringBean;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/MidPointAuthWebSession.class */
public class MidPointAuthWebSession extends AuthenticatedWebSession {
    private static final Trace LOGGER = TraceManager.getTrace(MidPointAuthWebSession.class);

    @SpringBean(name = "midPointAuthenticationProvider")
    private AuthenticationProvider authenticationProvider;

    @SpringBean(name = "taskManager")
    private TaskManager taskManager;

    @SpringBean(name = "auditService")
    private AuditService auditService;
    private SessionStorage sessionStorage;

    public MidPointAuthWebSession(Request request) {
        super(request);
        Injector.get().inject(this);
        Locale locale = getLocale();
        LOGGER.debug("Found locale {}", locale);
        if (locale == null || !MidPointApplication.containsLocale(locale)) {
            setLocale(MidPointApplication.getDefaultLocale());
        }
        LOGGER.debug("Using {} as locale", getLocale());
    }

    @Override // org.apache.wicket.authroles.authentication.AbstractAuthenticatedWebSession
    public Roles getRoles() {
        Roles roles = new Roles();
        MidPointPrincipal principalUser = SecurityUtils.getPrincipalUser();
        if (principalUser == null) {
            return roles;
        }
        Iterator<Authorization> it = principalUser.getAuthorities().iterator();
        while (it.hasNext()) {
            roles.addAll(it.next().getAction());
        }
        return roles;
    }

    public static MidPointAuthWebSession getSession() {
        return (MidPointAuthWebSession) Session.get();
    }

    @Override // org.apache.wicket.authroles.authentication.AuthenticatedWebSession
    public boolean authenticate(String str, String str2) {
        boolean z;
        Trace trace = LOGGER;
        Object[] objArr = new Object[2];
        objArr[0] = str;
        objArr[1] = StringUtils.isEmpty(str2) ? "without" : "with";
        trace.debug("Authenticating '{}' {} password in web session.", objArr);
        try {
            Authentication authenticate = this.authenticationProvider.authenticate(new UsernamePasswordAuthenticationToken(str, str2));
            SecurityContextHolder.getContext().setAuthentication(authenticate);
            z = authenticate.isAuthenticated();
            auditEvent(authenticate, str, OperationResultStatus.SUCCESS);
        } catch (AuthenticationException e) {
            error(((MidPointApplication) getSession().getApplication()).getString(e.getMessage() != null ? e.getMessage() : "web.security.provider.unavailable"));
            LOGGER.debug("Couldn't authenticate user.", (Throwable) e);
            z = false;
            auditEvent(null, str, OperationResultStatus.FATAL_ERROR);
        }
        return z;
    }

    public SessionStorage getSessionStorage() {
        if (this.sessionStorage == null) {
            this.sessionStorage = new SessionStorage();
        }
        return this.sessionStorage;
    }

    private void auditEvent(Authentication authentication, String str, OperationResultStatus operationResultStatus) {
        MidPointPrincipal principalUser = SecurityUtils.getPrincipalUser(authentication);
        PrismObject<UserType> asPrismObject = principalUser != null ? principalUser.getUser().asPrismObject() : null;
        Task createTaskInstance = this.taskManager.createTaskInstance();
        createTaskInstance.setOwner(asPrismObject);
        createTaskInstance.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
        auditEventRecord.setInitiator(asPrismObject);
        auditEventRecord.setParameter(str);
        auditEventRecord.setChannel(SchemaConstants.CHANNEL_GUI_USER_URI);
        auditEventRecord.setHostIdentifier(RequestCycle.get().getRequest().getUrl().getHost());
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        Session session = ThreadContext.getSession();
        if (session != null) {
            auditEventRecord.setSessionIdentifier(session.getId());
        }
        auditEventRecord.setOutcome(operationResultStatus);
        this.auditService.audit(auditEventRecord, createTaskInstance);
    }
}
