package com.evolveum.midpoint.authentication.impl.evaluator;

import com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator;
import com.evolveum.midpoint.authentication.api.evaluator.context.AbstractAuthenticationContext;
import com.evolveum.midpoint.model.api.util.AuthenticationEvaluatorUtil;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;
import org.springframework.stereotype.Component;

@Component("preAuthenticatedEvaluator")
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.10-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/evaluator/PreAuthenticatedEvaluatorImpl.class */
public class PreAuthenticatedEvaluatorImpl<C extends AbstractAuthenticationContext> extends AuthenticationEvaluatorImpl<C, PreAuthenticatedAuthenticationToken> implements AuthenticationEvaluator<C, PreAuthenticatedAuthenticationToken> {
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator
    public PreAuthenticatedAuthenticationToken authenticate(ConnectionEnvironment connectionEnvironment, C c) throws BadCredentialsException, AuthenticationCredentialsNotFoundException, DisabledException, LockedException, CredentialsExpiredException, AuthenticationServiceException, AccessDeniedException, UsernameNotFoundException {
        MidPointPrincipal andCheckPrincipal = getAndCheckPrincipal(connectionEnvironment, c, c.isSupportActivationByChannel());
        if (hasNoAuthorizations(andCheckPrincipal)) {
            recordModuleAuthenticationFailure(andCheckPrincipal.getUsername(), andCheckPrincipal, connectionEnvironment, null, "no authorizations");
            throw new DisabledException("web.security.provider.access.denied");
        }
        if (!AuthenticationEvaluatorUtil.checkRequiredAssignmentTargets(andCheckPrincipal.getFocus(), c.getRequireAssignments())) {
            recordModuleAuthenticationFailure(andCheckPrincipal.getUsername(), andCheckPrincipal, connectionEnvironment, null, "not contains required assignment");
            throw new DisabledException("web.security.flexAuth.invalid.required.assignment");
        }
        PreAuthenticatedAuthenticationToken preAuthenticatedAuthenticationToken = new PreAuthenticatedAuthenticationToken(andCheckPrincipal, null, andCheckPrincipal.getAuthorities());
        recordModuleAuthenticationSuccess(andCheckPrincipal, connectionEnvironment);
        return preAuthenticatedAuthenticationToken;
    }

    /* JADX WARN: Multi-variable type inference failed */
    @Override // com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator
    public /* bridge */ /* synthetic */ PreAuthenticatedAuthenticationToken authenticate(ConnectionEnvironment connectionEnvironment, AbstractAuthenticationContext abstractAuthenticationContext) throws BadCredentialsException, AuthenticationCredentialsNotFoundException, DisabledException, LockedException, CredentialsExpiredException, AuthenticationServiceException, AccessDeniedException, UsernameNotFoundException {
        return authenticate(connectionEnvironment, (ConnectionEnvironment) abstractAuthenticationContext);
    }
}
