package com.evolveum.midpoint.web.security.provider;

import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.authentication.AuthenticationChannel;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.web.security.module.authentication.SecurityQuestionsAuthenticationToken;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionsCredentialsPolicyType;
import java.util.Collection;
import java.util.List;
import java.util.Map;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/evolveum/midpoint/web/security/provider/SecurityQuestionProvider.class */
public class SecurityQuestionProvider extends AbstractCredentialProvider<SecurityQuestionsAuthenticationContext> {
    private static final Trace LOGGER = TraceManager.getTrace(SecurityQuestionProvider.class);

    @Autowired
    private AuthenticationEvaluator<SecurityQuestionsAuthenticationContext> questionAuthenticationEvaluator;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider
    public AuthenticationEvaluator<SecurityQuestionsAuthenticationContext> getEvaluator() {
        return this.questionAuthenticationEvaluator;
    }

    @Override // com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider
    protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException {
        if (authentication.isAuthenticated() && (authentication.getPrincipal() instanceof GuiProfiledPrincipal)) {
            return authentication;
        }
        String str = (String) authentication.getPrincipal();
        LOGGER.trace("Authenticating username '{}'", str);
        ConnectionEnvironment createEnvironment = createEnvironment(authenticationChannel);
        try {
            if (!(authentication instanceof SecurityQuestionsAuthenticationToken)) {
                LOGGER.error("Unsupported authentication {}", authentication);
                throw new AuthenticationServiceException("web.security.provider.unavailable");
            }
            SecurityQuestionsAuthenticationContext securityQuestionsAuthenticationContext = new SecurityQuestionsAuthenticationContext(str, cls, (Map) authentication.getCredentials(), list);
            if (authenticationChannel != null) {
                securityQuestionsAuthenticationContext.setSupportActivationByChannel(authenticationChannel.isSupportActivationByChannel());
            }
            UsernamePasswordAuthenticationToken authenticate = getEvaluator().authenticate(createEnvironment, securityQuestionsAuthenticationContext);
            LOGGER.debug("User '{}' authenticated ({}), authorities: {}", new Object[]{authentication.getPrincipal(), authentication.getClass().getSimpleName(), ((MidPointPrincipal) authenticate.getPrincipal()).getAuthorities()});
            return authenticate;
        } catch (AuthenticationException e) {
            LOGGER.info("Authentication failed for {}: {}", str, e.getMessage());
            throw e;
        }
    }

    @Override // com.evolveum.midpoint.web.security.provider.MidPointAbstractAuthenticationProvider
    protected Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection) {
        return authentication instanceof UsernamePasswordAuthenticationToken ? new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication;
    }

    public boolean supports(Class<?> cls) {
        return SecurityQuestionsAuthenticationToken.class.equals(cls);
    }

    @Override // com.evolveum.midpoint.web.security.provider.AbstractCredentialProvider
    public Class getTypeOfCredential() {
        return SecurityQuestionsCredentialsPolicyType.class;
    }
}
