package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.impl.FocusAuthenticationResultRecorder;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.VisibleForTesting;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.web.filter.OncePerRequestFilter;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.7.5-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/SequenceAuditFilter.class */
public class SequenceAuditFilter extends OncePerRequestFilter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) SequenceAuditFilter.class);

    @Autowired
    private FocusAuthenticationResultRecorder authenticationRecorder;
    private boolean recordOnEndOfChain = true;

    public SequenceAuditFilter() {
    }

    @VisibleForTesting
    public SequenceAuditFilter(FocusAuthenticationResultRecorder focusAuthenticationResultRecorder) {
        this.authenticationRecorder = focusAuthenticationResultRecorder;
    }

    public void setRecordOnEndOfChain(boolean z) {
        this.recordOnEndOfChain = z;
    }

    @Override // org.springframework.web.filter.OncePerRequestFilter
    protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
        LOGGER.trace("Running SequenceAuditFilter");
        if (this.recordOnEndOfChain) {
            filterChain.doFilter(httpServletRequest, httpServletResponse);
        }
        Authentication authentication = SecurityUtil.getAuthentication();
        if (!(authentication instanceof MidpointAuthentication)) {
            LOGGER.trace("No MidpointAuthentication present, continue with filter chain");
            if (this.recordOnEndOfChain) {
                return;
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
        if (midpointAuthentication.isAlreadyAudited()) {
            LOGGER.trace("Skipping auditing of authentication record, already audited.");
            if (this.recordOnEndOfChain) {
                return;
            }
            filterChain.doFilter(httpServletRequest, httpServletResponse);
            return;
        }
        writeRecord(httpServletRequest, midpointAuthentication);
        if (this.recordOnEndOfChain) {
            return;
        }
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    @VisibleForTesting
    public void writeRecord(HttpServletRequest httpServletRequest, MidpointAuthentication midpointAuthentication) {
        MidPointPrincipal midPointPrincipal = midpointAuthentication.getPrincipal() instanceof MidPointPrincipal ? (MidPointPrincipal) midpointAuthentication.getPrincipal() : null;
        if (midpointAuthentication.isAuthenticated()) {
            this.authenticationRecorder.recordSequenceAuthenticationSuccess(midPointPrincipal, createConnectionEnvironment(httpServletRequest, midpointAuthentication));
            midpointAuthentication.setAlreadyAudited(true);
            LOGGER.trace("Authentication sequence {} evaluated as successful.", midpointAuthentication.getSequenceIdentifier());
        } else if (midpointAuthentication.isFinished() && StringUtils.isNotEmpty(midpointAuthentication.getUsername())) {
            this.authenticationRecorder.recordSequenceAuthenticationFailure(midpointAuthentication.getUsername(), midPointPrincipal, null, midpointAuthentication.getFailedReason(), createConnectionEnvironment(httpServletRequest, midpointAuthentication));
            midpointAuthentication.setAlreadyAudited(true);
            LOGGER.trace("Authentication sequence {} evaluated as failed.", midpointAuthentication.getSequenceIdentifier());
        }
    }

    private ConnectionEnvironment createConnectionEnvironment(HttpServletRequest httpServletRequest, MidpointAuthentication midpointAuthentication) {
        String requestedSessionId = httpServletRequest != null ? httpServletRequest.getRequestedSessionId() : null;
        if (midpointAuthentication.getSessionId() != null) {
            requestedSessionId = midpointAuthentication.getSessionId();
        }
        ConnectionEnvironment create = ConnectionEnvironment.create(midpointAuthentication.getAuthenticationChannel().getChannelId());
        create.setSequenceIdentifier(midpointAuthentication.getSequenceIdentifier());
        create.setSessionIdOverride(requestedSessionId);
        return create;
    }
}
