package com.evolveum.midpoint.web.security.saml;

import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.model.api.authentication.MidpointAuthentication;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.web.security.module.authentication.Saml2ModuleAuthentication;
import com.evolveum.midpoint.web.security.util.RequestState;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.saml2.provider.service.servlet.filter.Saml2WebSsoAuthenticationFilter;
import org.springframework.security.web.authentication.AuthenticationConverter;

/* loaded from: input_file:WEB-INF/classes/com/evolveum/midpoint/web/security/saml/MidpointSaml2WebSsoAuthenticationFilter.class */
public class MidpointSaml2WebSsoAuthenticationFilter extends Saml2WebSsoAuthenticationFilter {
    private final ModelAuditRecorder auditProvider;

    public MidpointSaml2WebSsoAuthenticationFilter(AuthenticationConverter authenticationConverter, String str, ModelAuditRecorder modelAuditRecorder) {
        super(authenticationConverter, str);
        this.auditProvider = modelAuditRecorder;
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = false;
        if (!(authentication instanceof MidpointAuthentication)) {
            throw new AuthenticationServiceException("Unsupported type of Authentication");
        }
        Saml2ModuleAuthentication saml2ModuleAuthentication = (Saml2ModuleAuthentication) ((MidpointAuthentication) authentication).getProcessingModuleAuthentication();
        if (saml2ModuleAuthentication != null && RequestState.SENDED.equals(saml2ModuleAuthentication.getRequestState())) {
            z = true;
        }
        boolean requiresAuthentication = requiresAuthentication((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        if (!requiresAuthentication && z) {
            unsuccessfulAuthentication((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new NotShowedAuthenticationServiceException("Midpoint saml module doesn't receive response from Identity Provider server."));
        } else {
            if (saml2ModuleAuthentication != null && requiresAuthentication && z) {
                saml2ModuleAuthentication.setRequestState(RequestState.RECEIVED);
            }
            super.doFilter(servletRequest, servletResponse, filterChain);
        }
    }

    @Override // org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        this.auditProvider.auditLoginFailure("unknown user", null, ConnectionEnvironment.create((!(authentication instanceof MidpointAuthentication) || ((MidpointAuthentication) authentication).getAuthenticationChannel() == null) ? SchemaConstants.CHANNEL_USER_URI : ((MidpointAuthentication) authentication).getAuthenticationChannel().getChannelId()), "SAML authentication module: " + authenticationException.getMessage());
        getRememberMeServices().loginFail(httpServletRequest, httpServletResponse);
        getFailureHandler().onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }
}
