package com.evolveum.midpoint.model.api.authentication;

import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import javax.naming.AuthenticationException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.dao.IncorrectResultSizeDataAccessException;
import org.springframework.ldap.core.DirContextOperations;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.ldap.authentication.LdapAuthenticationProvider;
import org.springframework.security.ldap.authentication.LdapAuthenticator;

/* loaded from: input_file:WEB-INF/lib/model-api-3.9.2-SNAPSHOT.jar:com/evolveum/midpoint/model/api/authentication/MidPointLdapAuthenticationProvider.class */
public class MidPointLdapAuthenticationProvider extends LdapAuthenticationProvider {
    private static final Trace LOGGER = TraceManager.getTrace(MidPointLdapAuthenticationProvider.class);

    @Autowired
    private ModelAuditRecorder auditProvider;

    public MidPointLdapAuthenticationProvider(LdapAuthenticator ldapAuthenticator) {
        super(ldapAuthenticator);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.ldap.authentication.LdapAuthenticationProvider, org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    public DirContextOperations doAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        try {
            return super.doAuthentication(usernamePasswordAuthenticationToken);
        } catch (IncorrectResultSizeDataAccessException e) {
            LOGGER.error("Failed to authenticate user {}. Error: {}", usernamePasswordAuthenticationToken.getName(), e.getMessage(), e);
            throw new BadCredentialsException("LdapAuthentication.bad.user", e);
        } catch (InternalAuthenticationServiceException e2) {
            throw processInternalAuthenticationException(e2, e2);
        } catch (RuntimeException e3) {
            LOGGER.error("Failed to authenticate user {}. Error: {}", usernamePasswordAuthenticationToken.getName(), e3.getMessage(), e3);
            this.auditProvider.auditLoginFailure(usernamePasswordAuthenticationToken.getName(), null, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI), "bad credentials");
            throw e3;
        }
    }

    private RuntimeException processInternalAuthenticationException(InternalAuthenticationServiceException internalAuthenticationServiceException, Throwable th) {
        if ((th instanceof AuthenticationException) && ((AuthenticationException) th).getMessage().contains("error code 49")) {
            return new BadCredentialsException("Invalid username and/or password.", internalAuthenticationServiceException);
        }
        Throwable cause = th.getCause();
        return cause == null ? internalAuthenticationServiceException : processInternalAuthenticationException(internalAuthenticationServiceException, cause);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.springframework.security.ldap.authentication.AbstractLdapAuthenticationProvider
    public Authentication createSuccessfulAuthentication(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken, UserDetails userDetails) {
        Authentication createSuccessfulAuthentication = super.createSuccessfulAuthentication(usernamePasswordAuthenticationToken, userDetails);
        Object principal = createSuccessfulAuthentication.getPrincipal();
        if (!(principal instanceof MidPointPrincipal)) {
            throw new BadCredentialsException("LdapAuthentication.incorrect.value");
        }
        UserType user = ((MidPointPrincipal) principal).getUser();
        if (user == null) {
            throw new BadCredentialsException("LdapAuthentication.bad.user");
        }
        this.auditProvider.auditLoginSuccess(user, ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI));
        return createSuccessfulAuthentication;
    }
}
