package com.evolveum.midpoint.web.security.filter;

import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.web.security.module.authentication.Saml2ModuleAuthentication;
import com.evolveum.midpoint.web.security.util.RequestState;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml.provider.provisioning.SamlProviderProvisioning;
import org.springframework.security.saml.provider.service.ServiceProviderService;
import org.springframework.security.saml.provider.service.authentication.SamlAuthenticationResponseFilter;

/* loaded from: input_file:com/evolveum/midpoint/web/security/filter/MidpointSamlAuthenticationResponseFilter.class */
public class MidpointSamlAuthenticationResponseFilter extends SamlAuthenticationResponseFilter {
    private ModelAuditRecorder auditProvider;

    public MidpointSamlAuthenticationResponseFilter(ModelAuditRecorder modelAuditRecorder, SamlProviderProvisioning<ServiceProviderService> samlProviderProvisioning) {
        super(samlProviderProvisioning);
        this.auditProvider = modelAuditRecorder;
    }

    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = false;
        if (!(authentication instanceof MidpointAuthentication)) {
            throw new AuthenticationServiceException("Unsupported type of Authentication");
        }
        Saml2ModuleAuthentication saml2ModuleAuthentication = (Saml2ModuleAuthentication) authentication.getProcessingModuleAuthentication();
        if (saml2ModuleAuthentication != null && RequestState.SENDED.equals(saml2ModuleAuthentication.getRequestState())) {
            z = true;
        }
        boolean requiresAuthentication = requiresAuthentication((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        if (!requiresAuthentication && z) {
            unsuccessfulAuthentication((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new AuthenticationServiceException("web.security.flexAuth.saml.not.response"));
        } else {
            if (saml2ModuleAuthentication != null && requiresAuthentication && z) {
                saml2ModuleAuthentication.setRequestState(RequestState.RECEIVED);
            }
            super.doFilter(servletRequest, servletResponse, filterChain);
        }
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        this.auditProvider.auditLoginFailure("unknown user", (FocusType) null, ConnectionEnvironment.create((!(authentication instanceof MidpointAuthentication) || authentication.getAuthenticationChannel() == null) ? SchemaConstants.CHANNEL_USER_URI : authentication.getAuthenticationChannel().getChannelId()), "SAML authentication module: " + authenticationException.getMessage());
        getRememberMeServices().loginFail(httpServletRequest, httpServletResponse);
        getFailureHandler().onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }
}
