package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.audit.api.AuditService;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.evolveum.prism.xml.ns._public.types_3.PolyStringType;
import javax.xml.soap.SOAPMessage;
import org.apache.cxf.binding.soap.SoapMessage;
import org.apache.cxf.binding.soap.saaj.SAAJInInterceptor;
import org.apache.wss4j.common.ext.WSSecurityException;
import org.apache.wss4j.dom.util.WSSecurityUtil;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-3.4.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/SecurityHelper.class */
public class SecurityHelper {
    private static final Trace LOGGER = TraceManager.getTrace(SecurityHelper.class);
    public static final String CONTEXTUAL_PROPERTY_AUDITED_NAME = SecurityHelper.class.getName() + ".audited";

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private AuditService auditService;

    public void auditLoginSuccess(@NotNull UserType userType, @NotNull ConnectionEnvironment connectionEnvironment) {
        auditLogin(userType.getName().getOrig(), userType, connectionEnvironment, OperationResultStatus.SUCCESS, null);
    }

    public void auditLoginFailure(@Nullable String str, @Nullable UserType userType, @NotNull ConnectionEnvironment connectionEnvironment, String str2) {
        auditLogin(str, userType, connectionEnvironment, OperationResultStatus.FATAL_ERROR, str2);
    }

    private void auditLogin(@Nullable String str, @Nullable UserType userType, @NotNull ConnectionEnvironment connectionEnvironment, @NotNull OperationResultStatus operationResultStatus, @Nullable String str2) {
        Task createTaskInstance = this.taskManager.createTaskInstance();
        createTaskInstance.setChannel(connectionEnvironment.getChannel());
        Trace trace = LOGGER;
        Object[] objArr = new Object[4];
        objArr[0] = operationResultStatus == OperationResultStatus.SUCCESS ? "success" : "failure";
        objArr[1] = str;
        objArr[2] = connectionEnvironment.getChannel();
        objArr[3] = str2;
        trace.debug("Login {} username={}, channel={}: {}", objArr);
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
        auditEventRecord.setParameter(str);
        if (userType != null) {
            auditEventRecord.setInitiator(userType.asPrismObject());
        }
        auditEventRecord.setChannel(connectionEnvironment.getChannel());
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        auditEventRecord.setOutcome(operationResultStatus);
        auditEventRecord.setMessage(str2);
        auditEventRecord.setSessionIdentifier(connectionEnvironment.getSessionId());
        this.auditService.audit(auditEventRecord, createTaskInstance);
    }

    public void auditLogout(ConnectionEnvironment connectionEnvironment, Task task) {
        AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
        PrismObject<UserType> owner = task.getOwner();
        if (owner != null) {
            auditEventRecord.setInitiator(owner);
            PolyStringType name = owner.asObjectable().getName();
            if (name != null) {
                auditEventRecord.setParameter(name.getOrig());
            }
        }
        auditEventRecord.setChannel(connectionEnvironment.getChannel());
        auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
        auditEventRecord.setSessionIdentifier(connectionEnvironment.getSessionId());
        auditEventRecord.setOutcome(OperationResultStatus.SUCCESS);
        this.auditService.audit(auditEventRecord, task);
    }

    public String getUsernameFromMessage(SOAPMessage sOAPMessage) throws WSSecurityException {
        if (sOAPMessage == null) {
            return null;
        }
        return getUsernameFromSecurityHeader(WSSecurityUtil.getSecurityHeader(sOAPMessage.getSOAPPart(), ""));
    }

    private String getUsernameFromSecurityHeader(Element element) {
        if (element == null) {
            return null;
        }
        String str = "";
        NodeList childNodes = element.getChildNodes();
        int length = childNodes.getLength();
        for (int i = 0; i < length; i++) {
            Node item = childNodes.item(i);
            if (item.getNodeType() == 1 && "UsernameToken".equals(item.getLocalName())) {
                NodeList childNodes2 = item.getChildNodes();
                int length2 = childNodes2.getLength();
                for (int i2 = 0; i2 < length2; i2++) {
                    Node item2 = childNodes2.item(i2);
                    if ("Username".equals(item2.getLocalName())) {
                        str = item2.getTextContent();
                    }
                }
            }
        }
        return str;
    }

    public SOAPMessage getSOAPMessage(SoapMessage soapMessage) {
        SAAJInInterceptor.INSTANCE.handleMessage(soapMessage);
        return (SOAPMessage) soapMessage.getContent(SOAPMessage.class);
    }
}
