package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthConstants;
import com.evolveum.midpoint.authentication.impl.module.authentication.token.SecurityQuestionsAuthenticationToken;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import java.util.HashMap;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/SecurityQuestionsAuthenticationFilter.class */
public class SecurityQuestionsAuthenticationFilter extends MidpointUsernamePasswordAuthenticationFilter {
    private static final String SPRING_SECURITY_FORM_ANSWER_KEY = "answer";
    private static final String SPRING_SECURITY_FORM_USER_KEY = "user";

    private String getIdentifiedUsername() {
        FocusType focus;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            return "";
        }
        Object principal = ((MidpointAuthentication) authentication).getPrincipal();
        return ((principal instanceof MidPointPrincipal) && (focus = ((MidPointPrincipal) principal).getFocus()) != null) ? focus.getName().getNorm() : "";
    }

    @Override // com.evolveum.midpoint.authentication.impl.filter.MidpointUsernamePasswordAuthenticationFilter, org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter, org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter
    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (isPostOnly() && !httpServletRequest.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        setUsernameParameter("user");
        String identifiedUsername = getIdentifiedUsername();
        if (StringUtils.isBlank(identifiedUsername)) {
            identifiedUsername = obtainUsername(httpServletRequest);
        }
        Map<String, String> obtainAnswers = obtainAnswers(httpServletRequest);
        if (identifiedUsername == null) {
            identifiedUsername = "";
        }
        if (obtainAnswers == null) {
            obtainAnswers = new HashMap();
        }
        SecurityQuestionsAuthenticationToken securityQuestionsAuthenticationToken = new SecurityQuestionsAuthenticationToken(identifiedUsername.trim(), obtainAnswers);
        setDetails(httpServletRequest, securityQuestionsAuthenticationToken);
        return getAuthenticationManager().authenticate(securityQuestionsAuthenticationToken);
    }

    protected Map<String, String> obtainAnswers(HttpServletRequest httpServletRequest) {
        return AuthSequenceUtil.obtainAnswers(httpServletRequest.getParameter("answer"), AuthConstants.SEC_QUESTION_J_QID, AuthConstants.SEC_QUESTION_J_QANS);
    }
}
