package com.evolveum.midpoint.authentication.impl.provider;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.AuthenticationEvaluator;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.model.api.context.AbstractAuthenticationContext;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.equivalence.ParameterizedEquivalenceStrategy;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import java.util.Collection;
import java.util.List;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider.class */
public abstract class MidPointAbstractAuthenticationProvider<T extends AbstractAuthenticationContext> implements AuthenticationProvider {
    private static final Trace LOGGER;
    static final /* synthetic */ boolean $assertionsDisabled;

    /* JADX INFO: Access modifiers changed from: package-private */
    /* loaded from: input_file:com/evolveum/midpoint/authentication/impl/provider/MidPointAbstractAuthenticationProvider$AuthenticationRequirements.class */
    public static class AuthenticationRequirements {
        List<ObjectReferenceType> requireAssignment = null;
        AuthenticationChannel channel = null;
        Class<? extends FocusType> focusType = UserType.class;

        AuthenticationRequirements() {
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public abstract AuthenticationEvaluator<T> getEvaluator();

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Authentication createNewAuthenticationToken;
        AuthenticationRequirements authenticationRequirements = new AuthenticationRequirements();
        try {
            Authentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
            if (isAnonymous(authentication)) {
                return authentication;
            }
            Authentication initAuthRequirements = initAuthRequirements(authentication, authentication, authentication2, authenticationRequirements);
            Authentication internalAuthentication = internalAuthentication(initAuthRequirements, authenticationRequirements.requireAssignment, authenticationRequirements.channel, authenticationRequirements.focusType);
            if (!(authentication2 instanceof MidpointAuthentication)) {
                return internalAuthentication;
            }
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication2;
            ModuleAuthenticationImpl moduleAuthenticationImpl = (ModuleAuthenticationImpl) getProcessingModule(midpointAuthentication);
            if (internalAuthentication.getPrincipal() instanceof MidPointPrincipal) {
                createNewAuthenticationToken = createNewAuthenticationToken(internalAuthentication, midpointAuthentication.getAuthenticationChannel().resolveAuthorities(((MidPointPrincipal) internalAuthentication.getPrincipal()).getAuthorities()));
            } else {
                createNewAuthenticationToken = createNewAuthenticationToken(internalAuthentication, internalAuthentication.getAuthorities());
            }
            writeAuthentication(initAuthRequirements, midpointAuthentication, moduleAuthenticationImpl, createNewAuthenticationToken);
            return midpointAuthentication;
        } catch (Error | RuntimeException e) {
            LOGGER.error("Authentication (runtime) error: {}", e.getMessage(), e);
            throw e;
        }
    }

    private boolean isAnonymous(Authentication authentication) {
        if (authentication instanceof MidpointAuthentication) {
            return getProcessingModule((MidpointAuthentication) authentication).getAuthentication() instanceof AnonymousAuthenticationToken;
        }
        return false;
    }

    private Authentication initAuthRequirements(Authentication authentication, Authentication authentication2, Authentication authentication3, AuthenticationRequirements authenticationRequirements) {
        if (authentication2 instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication2;
            ModuleAuthentication processingModule = getProcessingModule(midpointAuthentication);
            if (processingModule.getFocusType() != null) {
                authenticationRequirements.focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(processingModule.getFocusType());
            }
            authenticationRequirements.requireAssignment = midpointAuthentication.getSequence().getRequireAssignmentTarget();
            authenticationRequirements.channel = midpointAuthentication.getAuthenticationChannel();
            return processingModule.getAuthentication();
        }
        if (authentication3 instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication2 = (MidpointAuthentication) authentication3;
            ModuleAuthentication processingModule2 = getProcessingModule(midpointAuthentication2);
            if (processingModule2 != null && processingModule2.getFocusType() != null) {
                authenticationRequirements.focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(processingModule2.getFocusType());
            }
            authenticationRequirements.requireAssignment = midpointAuthentication2.getSequence().getRequireAssignmentTarget();
            authenticationRequirements.channel = midpointAuthentication2.getAuthenticationChannel();
        }
        return authentication;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public AuthenticationRequirements initAuthRequirements(Authentication authentication) {
        AuthenticationRequirements authenticationRequirements = new AuthenticationRequirements();
        if (authentication instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
            ModuleAuthentication processingModule = getProcessingModule(midpointAuthentication);
            if (processingModule != null && processingModule.getFocusType() != null) {
                authenticationRequirements.focusType = PrismContext.get().getSchemaRegistry().determineCompileTimeClass(processingModule.getFocusType());
            }
            authenticationRequirements.requireAssignment = midpointAuthentication.getSequence().getRequireAssignmentTarget();
            authenticationRequirements.channel = midpointAuthentication.getAuthenticationChannel();
        }
        return authenticationRequirements;
    }

    protected void writeAuthentication(Authentication authentication, MidpointAuthentication midpointAuthentication, ModuleAuthenticationImpl moduleAuthenticationImpl, Authentication authentication2) {
        Object principal = authentication2.getPrincipal();
        if (principal instanceof MidPointPrincipal) {
            midpointAuthentication.setPrincipal(principal);
        }
        moduleAuthenticationImpl.setAuthentication(authentication2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ModuleAuthentication getProcessingModule(MidpointAuthentication midpointAuthentication) {
        ModuleAuthentication processingModuleAuthentication = midpointAuthentication.getProcessingModuleAuthentication();
        if (processingModuleAuthentication != null) {
            return processingModuleAuthentication;
        }
        LOGGER.error("Couldn't find processing module authentication {}", midpointAuthentication);
        throw new AuthenticationServiceException("web.security.auth.module.null");
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectionEnvironment createEnvironment(AuthenticationChannel authenticationChannel) {
        if (authenticationChannel == null) {
            return ConnectionEnvironment.create(SchemaConstants.CHANNEL_USER_URI);
        }
        ConnectionEnvironment create = ConnectionEnvironment.create(authenticationChannel.getChannelId());
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            create.setSessionIdOverride(((MidpointAuthentication) authentication).getSessionId());
        }
        return create;
    }

    protected abstract Authentication internalAuthentication(Authentication authentication, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException;

    protected abstract Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection);

    public boolean supports(Class<?> cls, Authentication authentication) {
        if (!(authentication instanceof MidpointAuthentication)) {
            return supports(cls);
        }
        ModuleAuthentication processingModule = getProcessingModule((MidpointAuthentication) authentication);
        if (processingModule == null || processingModule.getAuthentication() == null) {
            return false;
        }
        if (processingModule.getAuthentication() instanceof AnonymousAuthenticationToken) {
            return true;
        }
        return supports(processingModule.getAuthentication().getClass());
    }

    public int hashCode() {
        return (31 * 1) + (getEvaluator() == null ? 0 : getEvaluator().hashCode());
    }

    public boolean equals(Object obj) {
        return obj != null && getClass() == obj.getClass() && hashCode() == obj.hashCode();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Collection<? extends ItemDelta<?, ?>> computeModifications(@NotNull FocusType focusType, @NotNull FocusType focusType2) {
        ObjectDelta<? extends FocusType> diff = focusType.asPrismObject().diff(focusType2.asPrismObject(), ParameterizedEquivalenceStrategy.LITERAL);
        if ($assertionsDisabled || diff.isModify()) {
            return diff.getModifications();
        }
        throw new AssertionError();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public String getChannel() {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        return (!(authentication instanceof MidpointAuthentication) || ((MidpointAuthentication) authentication).getAuthenticationChannel() == null) ? SchemaConstants.CHANNEL_USER_URI : ((MidpointAuthentication) authentication).getAuthenticationChannel().getChannelId();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public ConnectionEnvironment createConnectEnvironment(String str) {
        ConnectionEnvironment create = ConnectionEnvironment.create(str);
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if ((authentication instanceof MidpointAuthentication) && ((MidpointAuthentication) authentication).getSessionId() != null) {
            create.setSessionIdOverride(((MidpointAuthentication) authentication).getSessionId());
        }
        return create;
    }

    static {
        $assertionsDisabled = !MidPointAbstractAuthenticationProvider.class.desiredAssertionStatus();
        LOGGER = TraceManager.getTrace((Class<?>) MidPointAbstractAuthenticationProvider.class);
    }
}
