package com.evolveum.midpoint.authentication.impl.provider;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.model.api.context.PreAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.PasswordCredentialsPolicyType;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/provider/PasswordProvider.class */
public class PasswordProvider extends AbstractCredentialProvider<PasswordAuthenticationContext> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) PasswordProvider.class);

    @Autowired
    private AuthenticationEvaluator<PasswordAuthenticationContext> passwordAuthenticationEvaluator;

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.provider.MidPointAbstractAuthenticationProvider
    public AuthenticationEvaluator<PasswordAuthenticationContext> getEvaluator() {
        return this.passwordAuthenticationEvaluator;
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.MidPointAbstractAuthenticationProvider
    protected Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException {
        AbstractAuthenticationToken authenticateUserPreAuthenticated;
        if (authentication.isAuthenticated() && (authentication.getPrincipal() instanceof GuiProfiledPrincipal)) {
            return authentication;
        }
        String str = (String) authentication.getPrincipal();
        LOGGER.trace("Authenticating username '{}'", str);
        ConnectionEnvironment createEnvironment = createEnvironment(authenticationChannel);
        try {
            if (authentication instanceof UsernamePasswordAuthenticationToken) {
                PasswordAuthenticationContext passwordAuthenticationContext = new PasswordAuthenticationContext(str, (String) authentication.getCredentials(), cls, list);
                if (authenticationChannel != null) {
                    passwordAuthenticationContext.setSupportActivationByChannel(authenticationChannel.isSupportActivationByChannel());
                }
                authenticateUserPreAuthenticated = getEvaluator().authenticate(createEnvironment, passwordAuthenticationContext);
            } else {
                if (!(authentication instanceof PreAuthenticatedAuthenticationToken)) {
                    LOGGER.error("Unsupported authentication {}", authentication);
                    throw new AuthenticationServiceException("web.security.provider.unavailable");
                }
                authenticateUserPreAuthenticated = getEvaluator().authenticateUserPreAuthenticated(createEnvironment, new PreAuthenticationContext(str, cls, list));
            }
            LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), ((MidPointPrincipal) authenticateUserPreAuthenticated.getPrincipal()).getAuthorities());
            return authenticateUserPreAuthenticated;
        } catch (AuthenticationException e) {
            LOGGER.info("Authentication failed for {}: {}", str, e.getMessage());
            throw e;
        }
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.MidPointAbstractAuthenticationProvider
    protected Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection) {
        return authentication instanceof UsernamePasswordAuthenticationToken ? new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication instanceof PreAuthenticatedAuthenticationToken ? new PreAuthenticatedAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        if (UsernamePasswordAuthenticationToken.class.equals(cls)) {
            return true;
        }
        return PreAuthenticatedAuthenticationToken.class.equals(cls);
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractCredentialProvider
    public Class<? extends CredentialPolicyType> getTypeOfCredential() {
        return PasswordCredentialsPolicyType.class;
    }
}
