package com.evolveum.midpoint.web.security.provider;

import com.evolveum.midpoint.gui.api.util.WebComponentUtil;
import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.model.api.authentication.ModuleAuthentication;
import com.evolveum.midpoint.model.api.context.AbstractAuthenticationContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.equivalence.ParameterizedEquivalenceStrategy;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Collection;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/evolveum/midpoint/web/security/provider/MidPointAbstractAuthenticationProvider.class */
public abstract class MidPointAbstractAuthenticationProvider<T extends AbstractAuthenticationContext> implements AuthenticationProvider {
    private static final Trace LOGGER;

    @Autowired
    private PrismContext prismContext;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract AuthenticationEvaluator<T> getEvaluator();

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication createNewAuthenticationToken;
        List<ObjectReferenceType> list = null;
        AuthenticationChannel authenticationChannel = null;
        Class<? extends FocusType> cls = UserType.class;
        try {
            MidpointAuthentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
            Authentication authentication3 = authentication;
            if (authentication instanceof MidpointAuthentication) {
                MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
                ModuleAuthentication processingModule = getProcessingModule(midpointAuthentication);
                if (processingModule.getAuthentication() instanceof AnonymousAuthenticationToken) {
                    return midpointAuthentication;
                }
                authentication3 = processingModule.getAuthentication();
                if (processingModule != null && processingModule.getFocusType() != null) {
                    cls = WebComponentUtil.qnameToClass(this.prismContext, processingModule.getFocusType(), FocusType.class);
                }
                list = midpointAuthentication.getSequence().getRequireAssignmentTarget();
                authenticationChannel = midpointAuthentication.getAuthenticationChannel();
            } else if (authentication2 instanceof MidpointAuthentication) {
                MidpointAuthentication midpointAuthentication2 = authentication2;
                ModuleAuthentication processingModule2 = getProcessingModule(midpointAuthentication2);
                if (processingModule2 != null && processingModule2.getFocusType() != null) {
                    cls = WebComponentUtil.qnameToClass(this.prismContext, processingModule2.getFocusType(), FocusType.class);
                }
                list = midpointAuthentication2.getSequence().getRequireAssignmentTarget();
                authenticationChannel = midpointAuthentication2.getAuthenticationChannel();
            }
            Authentication internalAuthentication = internalAuthentication(authentication3, list, authenticationChannel, cls);
            if (!(authentication2 instanceof MidpointAuthentication)) {
                return internalAuthentication;
            }
            MidpointAuthentication midpointAuthentication3 = authentication2;
            ModuleAuthentication processingModule3 = getProcessingModule(midpointAuthentication3);
            if (internalAuthentication.getPrincipal() instanceof MidPointPrincipal) {
                createNewAuthenticationToken = createNewAuthenticationToken(internalAuthentication, midpointAuthentication3.getAuthenticationChannel().resolveAuthorities(((MidPointPrincipal) internalAuthentication.getPrincipal()).getAuthorities()));
            } else {
                createNewAuthenticationToken = createNewAuthenticationToken(internalAuthentication, internalAuthentication.getAuthorities());
            }
            writeAutentication(authentication3, midpointAuthentication3, processingModule3, createNewAuthenticationToken);
            return midpointAuthentication3;
        } catch (Error | RuntimeException e) {
            LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
            throw e;
        }
    }

    protected void writeAutentication(Authentication authentication, MidpointAuthentication midpointAuthentication, ModuleAuthentication moduleAuthentication, Authentication authentication2) {
        Object principal = authentication2.getPrincipal();
        if (principal != null && (principal instanceof MidPointPrincipal)) {
            midpointAuthentication.setPrincipal(principal);
        }
        moduleAuthentication.setAuthentication(authentication2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ModuleAuthentication getProcessingModule(MidpointAuthentication midpointAuthentication) {
        ModuleAuthentication processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication();
        if (processingModuleAuthentication != null) {
            return processingModuleAuthentication;
        }
        LOGGER.error("Couldn't find processing module authentication {}", midpointAuthentication);
        throw new AuthenticationServiceException("web.security.auth.module.null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectionEnvironment createEnvironment(AuthenticationChannel authenticationChannel) {
        if (authenticationChannel == null) {
            return ConnectionEnvironment.create(SchemaConstants.CHANNEL_USER_URI);
        }
        ConnectionEnvironment create = ConnectionEnvironment.create(authenticationChannel.getChannelId());
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            create.setSessionIdOverride(authentication.getSessionId());
        }
        return create;
    }

    protected abstract Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException;

    protected abstract Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection);

    public boolean supports(Class<?> cls, Authentication authentication) {
        if (!(authentication instanceof MidpointAuthentication)) {
            return supports(cls);
        }
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
        ModuleAuthentication processingModule = getProcessingModule(midpointAuthentication);
        if (midpointAuthentication == null || processingModule == null || processingModule.getAuthentication() == null) {
            return false;
        }
        if (processingModule.getAuthentication() instanceof AnonymousAuthenticationToken) {
            return true;
        }
        return supports(processingModule.getAuthentication().getClass());
    }

    public int hashCode() {
        return (31 * 1) + (getEvaluator() == null ? 0 : getEvaluator().hashCode());
    }

    public boolean equals(Object obj) {
        return obj != null && getClass() == obj.getClass() && hashCode() == obj.hashCode();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<? extends ItemDelta<?, ?>> computeModifications(@NotNull FocusType focusType, @NotNull FocusType focusType2) {
        ObjectDelta diff = focusType.asPrismObject().diff(focusType2.asPrismObject(), ParameterizedEquivalenceStrategy.LITERAL);
        if ($assertionsDisabled || diff.isModify()) {
            return diff.getModifications();
        }
        throw new AssertionError();
    }

    static {
        $assertionsDisabled = !MidPointAbstractAuthenticationProvider.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace(MidPointAbstractAuthenticationProvider.class);
    }
}
