package com.evolveum.midpoint.authentication.api.config;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.AuthenticationModuleState;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.security.api.AuthenticationAnonymousChecker;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceModuleNecessityType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import java.util.ArrayList;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.Validate;
import org.springframework.security.authentication.AbstractAuthenticationToken;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;

/* loaded from: input_file:com/evolveum/midpoint/authentication/api/config/MidpointAuthentication.class */
public class MidpointAuthentication extends AbstractAuthenticationToken implements AuthenticationAnonymousChecker {
    private final AuthenticationSequenceType sequence;
    private final List<ModuleAuthentication> authentications;
    private AuthenticationChannel authenticationChannel;
    private List<AuthModule> authModules;
    private Object principal;
    private Object credential;
    private String sessionId;
    private Collection<? extends GrantedAuthority> authorities;

    public MidpointAuthentication(AuthenticationSequenceType authenticationSequenceType) {
        super(null);
        this.authentications = new ArrayList();
        this.authModules = new ArrayList();
        this.authorities = AuthorityUtils.NO_AUTHORITIES;
        this.sequence = authenticationSequenceType;
    }

    public List<AuthModule> getAuthModules() {
        return this.authModules;
    }

    public void setAuthModules(List<AuthModule> list) {
        this.authModules = list;
    }

    public AuthenticationSequenceType getSequence() {
        return this.sequence;
    }

    public AuthenticationChannel getAuthenticationChannel() {
        return this.authenticationChannel;
    }

    public void setAuthenticationChannel(AuthenticationChannel authenticationChannel) {
        this.authenticationChannel = authenticationChannel;
    }

    public List<ModuleAuthentication> getAuthentications() {
        return this.authentications;
    }

    public void addAuthentications(ModuleAuthentication moduleAuthentication) {
        getAuthentications().add(moduleAuthentication);
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, org.springframework.security.core.Authentication
    public Collection<GrantedAuthority> getAuthorities() {
        return this.authorities;
    }

    public void setAuthorities(Collection<? extends GrantedAuthority> collection) {
        this.authorities = collection;
    }

    @Override // org.springframework.security.core.Authentication
    public Object getCredentials() {
        return this.credential;
    }

    public void setCredential(Object obj) {
        this.credential = obj;
    }

    @Override // org.springframework.security.core.Authentication
    public Object getPrincipal() {
        return this.principal;
    }

    public void setPrincipal(Object obj) {
        this.principal = obj;
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, org.springframework.security.core.Authentication
    public void setAuthenticated(boolean z) {
        throw new IllegalArgumentException("This method is not supported");
    }

    public void setSessionId(String str) {
        this.sessionId = str;
    }

    public String getSessionId() {
        return this.sessionId;
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, org.springframework.security.core.Authentication
    public boolean isAuthenticated() {
        List<AuthModule> authModules = getAuthModules();
        if (authModules.isEmpty()) {
            return false;
        }
        Iterator<AuthModule> it = authModules.iterator();
        while (it.hasNext()) {
            ModuleAuthentication authenticationByName = getAuthenticationByName(it.next().getNameOfModule());
            if (authenticationByName != null && AuthenticationSequenceModuleNecessityType.SUFFICIENT.equals(authenticationByName.getNecessity()) && AuthenticationModuleState.SUCCESSFULLY.equals(authenticationByName.getState())) {
                return true;
            }
        }
        return false;
    }

    public ModuleAuthentication getAuthenticationByName(String str) {
        for (ModuleAuthentication moduleAuthentication : getAuthentications()) {
            if (moduleAuthentication.getNameOfModule().equals(str)) {
                return moduleAuthentication;
            }
        }
        return null;
    }

    public boolean isProcessing() {
        if (getAuthentications().isEmpty()) {
            return false;
        }
        Iterator<ModuleAuthentication> it = getAuthentications().iterator();
        while (it.hasNext()) {
            if (AuthenticationModuleState.LOGIN_PROCESSING.equals(it.next().getState())) {
                return true;
            }
        }
        return false;
    }

    public int getIndexOfProcessingModule(boolean z) {
        if (getAuthentications().isEmpty()) {
            if (!z) {
                return 0;
            }
            addAuthentications(getAuthModules().get(0).getBaseModuleAuthentication());
            return 0;
        }
        ModuleAuthentication processingModuleAuthentication = getProcessingModuleAuthentication();
        if (processingModuleAuthentication != null) {
            return getIndexOfModule(processingModuleAuthentication);
        }
        if (isAuthenticated()) {
            return -2;
        }
        int size = getAuthentications().size();
        if (size >= getAuthModules().size()) {
            return -1;
        }
        if (z) {
            addAuthentications(getAuthModules().get(size).getBaseModuleAuthentication());
        }
        return size;
    }

    public int getIndexOfModule(ModuleAuthentication moduleAuthentication) {
        Validate.notNull(moduleAuthentication);
        for (int i = 0; i < getAuthModules().size(); i++) {
            if (getAuthModules().get(i).getNameOfModule().equals(moduleAuthentication.getNameOfModule())) {
                return i;
            }
        }
        return -1;
    }

    public ModuleAuthentication getProcessingModuleAuthentication() {
        for (ModuleAuthentication moduleAuthentication : getAuthentications()) {
            if (moduleAuthentication.getState().equals(AuthenticationModuleState.LOGIN_PROCESSING) || moduleAuthentication.getState().equals(AuthenticationModuleState.LOGOUT_PROCESSING)) {
                return moduleAuthentication;
            }
        }
        return null;
    }

    public boolean isAuthenticationFailed() {
        return !isAuthenticated() && getProcessingModuleAuthentication() == null && getAuthentications().size() == getAuthModules().size();
    }

    @Override // org.springframework.security.authentication.AbstractAuthenticationToken, java.security.Principal
    public String getName() {
        return getPrincipal() instanceof MidPointPrincipal ? ((MidPointPrincipal) getPrincipal()).getUsername() : "";
    }

    public List<ModuleAuthentication> getParallelProcessingModules() {
        int indexOfProcessingModule = getIndexOfProcessingModule(false);
        return indexOfProcessingModule == -2 ? new ArrayList() : getParallelProcessingModules(indexOfProcessingModule);
    }

    private List<ModuleAuthentication> getParallelProcessingModules(int i) {
        ArrayList arrayList = new ArrayList();
        ModuleAuthentication moduleAuthentication = getAuthentications().get(i);
        getAuthModules().get(i);
        if (moduleAuthentication == null) {
            return arrayList;
        }
        if (i > 0) {
            for (int i2 = i - 1; i2 >= 0 && getAuthModules().get(i2) != null && moduleAuthentication.getOrder().equals(getAuthModules().get(i2).getOrder()); i2--) {
                arrayList.add(getAuthModules().get(i2).getBaseModuleAuthentication());
            }
        }
        arrayList.add(moduleAuthentication);
        for (int i3 = i + 1; i3 < getAuthModules().size(); i3++) {
            if (getAuthModules().get(i3) != null && moduleAuthentication.getOrder().equals(getAuthModules().get(i3).getOrder())) {
                arrayList.add(getAuthModules().get(i3).getBaseModuleAuthentication());
            }
        }
        return arrayList;
    }

    public int resolveParallelModules(HttpServletRequest httpServletRequest, int i) {
        String header = httpServletRequest.getHeader("Authorization");
        if (header == null) {
            return i;
        }
        String str = header.split(" ")[0];
        int i2 = -1;
        for (ModuleAuthentication moduleAuthentication : getParallelProcessingModules(i)) {
            int indexOf = getAuthentications().indexOf(moduleAuthentication);
            if (AuthUtil.resolveTokenTypeByModuleType(moduleAuthentication.getNameOfModuleType()).equalsIgnoreCase(str) && i2 == -1) {
                moduleAuthentication.setState(AuthenticationModuleState.LOGIN_PROCESSING);
                i2 = indexOf != -1 ? indexOf : getAuthentications().size();
            } else {
                moduleAuthentication.setState(AuthenticationModuleState.FAILURE);
            }
            if (indexOf == -1) {
                getAuthentications().add(moduleAuthentication);
            } else {
                getAuthentications().set(indexOf, moduleAuthentication);
            }
        }
        if (i2 == -1) {
            throw new IllegalArgumentException("Couldn't find module with type '" + str + "' in sequence '" + getSequence().getName() + "'");
        }
        return i2;
    }

    public boolean isLast(ModuleAuthentication moduleAuthentication) {
        int indexOfModule;
        if (getAuthentications().isEmpty() || (indexOfModule = getIndexOfModule(moduleAuthentication)) == -1) {
            return false;
        }
        if (indexOfModule == getAuthModules().size() - 1) {
            return true;
        }
        return moduleAuthentication.getOrder().equals(getAuthModules().get(getAuthModules().size() - 1).getOrder());
    }

    @Override // com.evolveum.midpoint.security.api.AuthenticationAnonymousChecker
    public boolean isAnonymous() {
        List<ModuleAuthentication> authentications = getAuthentications();
        return authentications != null && authentications.size() == 1 && (authentications.get(0).getAuthentication() instanceof AnonymousAuthenticationToken);
    }
}
