package com.evolveum.midpoint.web.security;

import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/MidPointAuthenticationProvider.class */
public class MidPointAuthenticationProvider implements AuthenticationProvider, MessageSourceAware {
    private static final Trace LOGGER = TraceManager.getTrace(MidPointAuthenticationProvider.class);
    private MessageSourceAccessor messages;

    @Autowired
    private transient AuthenticationEvaluator<PasswordAuthenticationContext> passwordAuthenticationEvaluator;

    @Override // org.springframework.context.MessageSourceAware
    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AbstractAuthenticationToken authenticateUserPreAuthenticated;
        try {
            String str = (String) authentication.getPrincipal();
            LOGGER.trace("Authenticating username '{}'", str);
            ConnectionEnvironment create = ConnectionEnvironment.create(SchemaConstants.CHANNEL_GUI_USER_URI);
            try {
                if (authentication instanceof UsernamePasswordAuthenticationToken) {
                    authenticateUserPreAuthenticated = this.passwordAuthenticationEvaluator.authenticate(create, new PasswordAuthenticationContext(str, (String) authentication.getCredentials()));
                } else {
                    if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
                        LOGGER.error("Unsupported authentication {}", authentication);
                        throw new AuthenticationServiceException("web.security.provider.unavailable");
                    }
                    authenticateUserPreAuthenticated = this.passwordAuthenticationEvaluator.authenticateUserPreAuthenticated(create, str);
                }
                LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), ((MidPointPrincipal) authenticateUserPreAuthenticated.getPrincipal()).getAuthorities());
                return authenticateUserPreAuthenticated;
            } catch (AuthenticationException e) {
                LOGGER.info("Authentication failed for {}: {}", str, e.getMessage());
                throw e;
            }
        } catch (Error | RuntimeException e2) {
            LOGGER.error("Authentication (runtime) error: {}", e2.getMessage(), e2);
            throw e2;
        }
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.equals(cls) || PreAuthenticatedAuthenticationToken.class.equals(cls);
    }
}
