package com.evolveum.midpoint.authentication.impl.provider;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.evaluator.context.FocusIdentificationAuthenticationContext;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.evaluator.PreAuthenticatedEvaluatorImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.FocusIdentificationModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.token.FocusVerificationToken;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ModuleItemConfigurationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Collection;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/provider/FocusIdentificationProvider.class */
public class FocusIdentificationProvider extends MidpointAbstractAuthenticationProvider {
    private static final Trace LOGGER = TraceManager.getTrace(FocusIdentificationProvider.class);

    @Autowired
    private PreAuthenticatedEvaluatorImpl<FocusIdentificationAuthenticationContext> evaluator;

    @Override // com.evolveum.midpoint.authentication.impl.provider.MidpointAbstractAuthenticationProvider
    protected Authentication doAuthenticate(Authentication authentication, String str, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException {
        ConnectionEnvironment createEnvironment = createEnvironment(authenticationChannel);
        if (!(authentication instanceof FocusVerificationToken)) {
            LOGGER.error("Unsupported authentication {}", authentication);
            throw new AuthenticationServiceException("web.security.provider.unavailable");
        }
        Map<ItemPath, String> m61getDetails = ((FocusVerificationToken) authentication).m61getDetails();
        if (m61getDetails == null || m61getDetails.isEmpty()) {
            LOGGER.debug("No details provided: {}", authentication);
            throw new BadCredentialsException("web.security.provider.resetPassword.invalid.credentials");
        }
        ModuleAuthentication processingModule = AuthUtil.getProcessingModule();
        List<ModuleItemConfigurationType> list2 = null;
        if (processingModule instanceof FocusIdentificationModuleAuthenticationImpl) {
            list2 = ((FocusIdentificationModuleAuthenticationImpl) processingModule).getModuleConfiguration();
        }
        if (blankAttributeValueExist(m61getDetails, list2)) {
            LOGGER.debug("No value was provided for mandatory attribute(s): {}", authentication);
            throw new BadCredentialsException("web.security.provider.resetPassword.invalid.credentials");
        }
        PreAuthenticatedAuthenticationToken authenticate = this.evaluator.authenticate(createEnvironment, (ConnectionEnvironment) new FocusIdentificationAuthenticationContext(m61getDetails, cls, list2, authenticationChannel));
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(authenticate.getPrincipal(), authenticate.getCredentials());
        usernamePasswordAuthenticationToken.setAuthenticated(false);
        return usernamePasswordAuthenticationToken;
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractAuthenticationProvider
    protected Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection) {
        return authentication instanceof UsernamePasswordAuthenticationToken ? new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication;
    }

    public boolean supports(Class<?> cls) {
        return FocusVerificationToken.class.equals(cls);
    }

    private boolean blankAttributeValueExist(Map<ItemPath, String> map, List<ModuleItemConfigurationType> list) {
        if (list == null) {
            return true;
        }
        Iterator<ModuleItemConfigurationType> it = list.iterator();
        while (it.hasNext()) {
            if (StringUtils.isBlank(map.get(it.next().getPath().getItemPath()))) {
                return true;
            }
        }
        return false;
    }
}
