package com.evolveum.midpoint.authentication.impl.handler;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.AuthenticationModuleState;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.util.AuthConstants;
import java.io.IOException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
import org.springframework.security.web.savedrequest.DefaultSavedRequest;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
import org.springframework.security.web.savedrequest.RequestCache;
import org.springframework.security.web.savedrequest.SavedRequest;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/handler/MidpointAuthenticationFailureHandler.class */
public class MidpointAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
    private RequestCache requestCache = new HttpSessionRequestCache();

    public void setRequestCache(RequestCache requestCache) {
        this.requestCache = requestCache;
    }

    public RequestCache getRequestCache() {
        return this.requestCache;
    }

    @Override // org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        String str = AuthConstants.DEFAULT_PATH_AFTER_LOGIN;
        if (authentication instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
            if (midpointAuthentication.isAuthenticated()) {
                getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, str);
                return;
            }
            ModuleAuthentication processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication();
            if (midpointAuthentication.getAuthenticationChannel() != null) {
                str = (midpointAuthentication.isLast(processingModuleAuthentication) && midpointAuthentication.getAuthenticationChannel().isDefault()) ? getPathAfterUnsuccessfulAuthentication(midpointAuthentication.getAuthenticationChannel()) : midpointAuthentication.getAuthenticationChannel().getPathDuringProccessing();
            }
            processingModuleAuthentication.setState(AuthenticationModuleState.FAILURE);
        }
        saveException(httpServletRequest, authenticationException);
        SavedRequest request = getRequestCache().getRequest(httpServletRequest, httpServletResponse);
        if (request == null || StringUtils.isBlank(request.getRedirectUrl()) || ((DefaultSavedRequest) request).getServletPath().startsWith("/auth")) {
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, str);
        } else {
            getRedirectStrategy().sendRedirect(httpServletRequest, httpServletResponse, request.getRedirectUrl());
        }
    }

    protected String getPathAfterUnsuccessfulAuthentication(AuthenticationChannel authenticationChannel) {
        return authenticationChannel.getPathAfterUnsuccessfulAuthentication();
    }
}
