package com.evolveum.midpoint.authentication.impl.factory.module;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.ModuleWebSecurityConfiguration;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer;
import com.evolveum.midpoint.authentication.impl.util.AuthModuleImpl;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AbstractCredentialAuthenticationModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationModulesType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import java.util.ArrayList;
import java.util.Map;
import javax.servlet.ServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/factory/module/AbstractCredentialModuleFactory.class */
public abstract class AbstractCredentialModuleFactory<C extends ModuleWebSecurityConfiguration, CA extends ModuleWebSecurityConfigurer<C>> extends AbstractModuleFactory {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) AbstractCredentialModuleFactory.class);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public abstract boolean match(AbstractAuthenticationModuleType abstractAuthenticationModuleType, AuthenticationChannel authenticationChannel);

    @Override // com.evolveum.midpoint.authentication.impl.factory.module.AbstractModuleFactory
    public AuthModule createModuleFilter(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, ServletRequest servletRequest, Map<Class<?>, Object> map, AuthenticationModulesType authenticationModulesType, CredentialsPolicyType credentialsPolicyType, AuthenticationChannel authenticationChannel, AuthenticationSequenceModuleType authenticationSequenceModuleType) throws Exception {
        if (!(abstractAuthenticationModuleType instanceof AbstractCredentialAuthenticationModuleType)) {
            LOGGER.error("This factory supports only AbstractPasswordAuthenticationModuleType, but modelType is " + abstractAuthenticationModuleType);
            return null;
        }
        isSupportedChannel(authenticationChannel);
        C createConfiguration = createConfiguration(abstractAuthenticationModuleType, str, authenticationChannel);
        createConfiguration.addAuthenticationProvider(getProvider((AbstractCredentialAuthenticationModuleType) abstractAuthenticationModuleType, credentialsPolicyType));
        HttpSecurity newHttpSecurity = getNewHttpSecurity(createModule(createConfiguration));
        setSharedObjects(newHttpSecurity, map);
        ModuleAuthenticationImpl createEmptyModuleAuthentication = createEmptyModuleAuthentication(abstractAuthenticationModuleType, createConfiguration, authenticationSequenceModuleType);
        createEmptyModuleAuthentication.setFocusType(abstractAuthenticationModuleType.getFocusType());
        return AuthModuleImpl.build(newHttpSecurity.build(), createConfiguration, createEmptyModuleAuthentication);
    }

    protected AuthenticationProvider getProvider(AbstractCredentialAuthenticationModuleType abstractCredentialAuthenticationModuleType, CredentialsPolicyType credentialsPolicyType) {
        CredentialPolicyType credentialPolicyType = null;
        String credentialName = abstractCredentialAuthenticationModuleType.getCredentialName();
        ArrayList<CredentialPolicyType> arrayList = new ArrayList();
        if (credentialsPolicyType != null) {
            arrayList.add(credentialsPolicyType.getPassword());
            arrayList.add(credentialsPolicyType.getSecurityQuestions());
            arrayList.addAll(credentialsPolicyType.getNonce());
        }
        for (CredentialPolicyType credentialPolicyType2 : arrayList) {
            if (credentialPolicyType2 != null) {
                if (StringUtils.isNotBlank(credentialName)) {
                    if (credentialName.equals(credentialPolicyType2.getName())) {
                        credentialPolicyType = credentialPolicyType2;
                    }
                } else if (credentialPolicyType2.getClass().isAssignableFrom(supportedClass())) {
                    credentialPolicyType = credentialPolicyType2;
                }
            }
        }
        if (credentialPolicyType == null && PasswordCredentialsPolicyType.class.equals(supportedClass())) {
            return (AuthenticationProvider) getObjectObjectPostProcessor().postProcess(createProvider(null));
        }
        if (credentialPolicyType == null) {
            String str = StringUtils.isBlank(credentialName) ? "Couldn't find credential for module " + abstractCredentialAuthenticationModuleType : "Couldn't find credential with name " + credentialName;
            IllegalArgumentException illegalArgumentException = new IllegalArgumentException(str);
            LOGGER.error(str);
            throw illegalArgumentException;
        }
        if (credentialPolicyType.getClass().equals(supportedClass())) {
            return (AuthenticationProvider) getObjectObjectPostProcessor().postProcess(createProvider(credentialPolicyType));
        }
        String str2 = "Module " + abstractCredentialAuthenticationModuleType.getName() + "support only " + supportedClass() + " type of credential";
        IllegalArgumentException illegalArgumentException2 = new IllegalArgumentException(str2);
        LOGGER.error(str2);
        throw illegalArgumentException2;
    }

    protected abstract ModuleAuthenticationImpl createEmptyModuleAuthentication(AbstractAuthenticationModuleType abstractAuthenticationModuleType, C c, AuthenticationSequenceModuleType authenticationSequenceModuleType);

    protected abstract C createConfiguration(AbstractAuthenticationModuleType abstractAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel);

    protected abstract CA createModule(C c);

    protected abstract AuthenticationProvider createProvider(CredentialPolicyType credentialPolicyType);

    protected abstract Class<? extends CredentialPolicyType> supportedClass();
}
