package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.LoggingUtils;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NodeType;
import java.util.ArrayList;
import java.util.List;
import org.apache.commons.collections4.CollectionUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-3.8.1-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/NodeAuthenticationEvaluatorImpl.class */
public class NodeAuthenticationEvaluatorImpl implements NodeAuthenticationEvaluator {

    @Autowired
    @Qualifier("cacheRepositoryService")
    private RepositoryService repositoryService;

    @Autowired
    private PrismContext prismContext;

    @Autowired
    SecurityHelper securityHelper;
    private static final Trace LOGGER = TraceManager.getTrace(NodeAuthenticationEvaluatorImpl.class);
    private static final String OPERATION_SEARCH_NODE = NodeAuthenticationEvaluatorImpl.class.getName() + ".searchNode";

    @Override // com.evolveum.midpoint.model.api.authentication.NodeAuthenticationEvaluator
    public boolean authenticate(String str, String str2, String str3) {
        LOGGER.debug("Checking if {} is a known node", str);
        OperationResult operationResult = new OperationResult(OPERATION_SEARCH_NODE);
        ConnectionEnvironment create = ConnectionEnvironment.create(SchemaConstants.CHANNEL_REST_URI);
        try {
            SearchResultList searchObjects = this.repositoryService.searchObjects(NodeType.class, null, null, operationResult);
            if (getMatchingNodes(searchObjects, str, str2, str3).size() == 1) {
                PrismObject<NodeType> next = searchObjects.iterator().next();
                LOGGER.trace("The node {} was recognized as a known node (remote host name {} matched). Attempting to execute the requested operation: {} ", next.asObjectable().getName(), next.asObjectable().getHostname(), str3);
                SecurityContextHolder.getContext().setAuthentication(new NodeAuthenticationToken(next, str2, CollectionUtils.EMPTY_COLLECTION));
                this.securityHelper.auditLoginSuccess(next.asObjectable(), create);
                return true;
            }
        } catch (SchemaException | RuntimeException e) {
            LOGGER.error("Unhandled exception when listing nodes");
            LoggingUtils.logUnexpectedException(LOGGER, "Unhandled exception when listing nodes", e, new Object[0]);
        }
        this.securityHelper.auditLoginFailure(str != null ? str : str2, null, create, "Failed to authneticate node.");
        return false;
    }

    private List<PrismObject<NodeType>> getMatchingNodes(List<PrismObject<NodeType>> list, String str, String str2, String str3) {
        ArrayList arrayList = new ArrayList();
        for (PrismObject<NodeType> prismObject : list) {
            NodeType asObjectable = prismObject.asObjectable();
            if (str != null && str.equalsIgnoreCase(asObjectable.getHostname())) {
                LOGGER.trace("The node {} was recognized as a known node (remote host name {} matched). Attempting to execute the requested operation: {} ", asObjectable.getName(), asObjectable.getHostname(), str3);
                arrayList.add(prismObject);
            } else if (asObjectable.getIpAddress().contains(str2)) {
                LOGGER.trace("The node {} was recognized as a known node (remote host address {} matched). Attempting to execute the requested operation: {} ", asObjectable.getName(), str2, str3);
                arrayList.add(prismObject);
            }
        }
        return arrayList;
    }
}
