package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.impl.NotShowedAuthenticationServiceException;
import com.evolveum.midpoint.authentication.impl.module.authentication.RemoteModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.util.RequestState;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.util.LocalizationUtil;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import jakarta.servlet.Filter;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Map;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.RememberMeServices;
import org.springframework.util.LinkedMultiValueMap;
import org.springframework.util.MultiValueMap;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/filter/RemoteAuthenticationFilter.class */
public interface RemoteAuthenticationFilter extends Filter {
    public static final Trace LOGGER = TraceManager.getTrace(RemoteAuthenticationFilter.class);

    boolean requiresAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse);

    void unsuccessfulAuth(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException;

    String getErrorMessageKeyNotResponse();

    void doAuth(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws ServletException, IOException;

    default void doRemoteFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        boolean z = false;
        if (!(authentication instanceof MidpointAuthentication)) {
            throw new AuthenticationServiceException("Unsupported type of Authentication");
        }
        RemoteModuleAuthenticationImpl remoteModuleAuthenticationImpl = (RemoteModuleAuthenticationImpl) authentication.getProcessingModuleAuthentication();
        if (remoteModuleAuthenticationImpl != null && RequestState.SENT.equals(remoteModuleAuthenticationImpl.getRequestState())) {
            z = true;
        }
        boolean requiresAuth = requiresAuth((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse);
        if (!requiresAuth && z) {
            unsuccessfulAuth((HttpServletRequest) servletRequest, (HttpServletResponse) servletResponse, new NotShowedAuthenticationServiceException(LocalizationUtil.toLocalizableMessage(LocalizationUtil.createForKey(getErrorMessageKeyNotResponse())).getFallbackMessage()));
            return;
        }
        if (remoteModuleAuthenticationImpl != null && requiresAuth && z) {
            remoteModuleAuthenticationImpl.setRequestState(RequestState.RECEIVED);
        }
        doAuth(servletRequest, servletResponse, filterChain);
    }

    default void remoteUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException, ModelAuditRecorder modelAuditRecorder, RememberMeServices rememberMeServices, AuthenticationFailureHandler authenticationFailureHandler, String str) throws IOException, ServletException {
        MidpointAuthentication authentication = SecurityContextHolder.getContext().getAuthentication();
        modelAuditRecorder.auditLoginFailure("unknown user", (FocusType) null, ConnectionEnvironment.create((!(authentication instanceof MidpointAuthentication) || authentication.getAuthenticationChannel() == null) ? SchemaConstants.CHANNEL_USER_URI : authentication.getAuthenticationChannel().getChannelId()), str + " authentication module: " + authenticationException.getMessage());
        rememberMeServices.loginFail(httpServletRequest, httpServletResponse);
        authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    default void remoteUnsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException, RememberMeServices rememberMeServices, AuthenticationFailureHandler authenticationFailureHandler) throws ServletException, IOException {
        LOGGER.trace("Failed to process authentication request", authenticationException);
        LOGGER.trace("Cleared SecurityContextHolder");
        LOGGER.trace("Handling authentication failure");
        rememberMeServices.loginFail(httpServletRequest, httpServletResponse);
        authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, authenticationException);
    }

    default MultiValueMap<String, String> toMultiMap(Map<String, String[]> map) {
        LinkedMultiValueMap linkedMultiValueMap = new LinkedMultiValueMap(map.size());
        map.forEach((str, strArr) -> {
            if (strArr.length > 0) {
                for (String str : strArr) {
                    linkedMultiValueMap.add(str, str);
                }
            }
        });
        return linkedMultiValueMap;
    }
}
