package com.evolveum.midpoint.authentication.impl.module.configurer;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.entry.point.WicketLoginUrlAuthenticationEntryPoint;
import com.evolveum.midpoint.authentication.impl.filter.MailNonceAuthenticationFilter;
import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointExceptionHandlingConfigurer;
import com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointFormLoginConfigurer;
import com.evolveum.midpoint.authentication.impl.handler.MidPointAuthenticationSuccessHandler;
import com.evolveum.midpoint.authentication.impl.handler.MidpointAuthenticationFailureHandler;
import com.evolveum.midpoint.authentication.impl.module.configuration.ModuleWebSecurityConfigurationImpl;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceChannelType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.MailNonceAuthenticationModuleType;
import jakarta.servlet.ServletRequest;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.config.annotation.ObjectPostProcessor;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;

/* loaded from: input_file:com/evolveum/midpoint/authentication/impl/module/configurer/MailNonceFormModuleWebSecurityConfigurer.class */
public class MailNonceFormModuleWebSecurityConfigurer extends ModuleWebSecurityConfigurer<ModuleWebSecurityConfigurationImpl, MailNonceAuthenticationModuleType> {
    public MailNonceFormModuleWebSecurityConfigurer(MailNonceAuthenticationModuleType mailNonceAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ObjectPostProcessor<Object> objectPostProcessor, ServletRequest servletRequest, AuthenticationProvider authenticationProvider) {
        super(mailNonceAuthenticationModuleType, str, authenticationChannel, objectPostProcessor, servletRequest, authenticationProvider);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public ModuleWebSecurityConfigurationImpl buildConfiguration(MailNonceAuthenticationModuleType mailNonceAuthenticationModuleType, String str, AuthenticationChannel authenticationChannel, ServletRequest servletRequest) {
        ModuleWebSecurityConfigurationImpl moduleWebSecurityConfigurationImpl = (ModuleWebSecurityConfigurationImpl) ModuleWebSecurityConfigurationImpl.build(mailNonceAuthenticationModuleType, str);
        moduleWebSecurityConfigurationImpl.setSequenceSuffix(str);
        moduleWebSecurityConfigurationImpl.setSpecificLoginUrl(authenticationChannel.getSpecificLoginUrl());
        return moduleWebSecurityConfigurationImpl;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.module.configurer.ModuleWebSecurityConfigurer
    public void configure(HttpSecurity httpSecurity) throws Exception {
        super.configure(httpSecurity);
        httpSecurity.securityMatcher(new String[]{AuthUtil.stripEndingSlashes(getPrefix()) + "/**"});
        ((MidpointFormLoginConfigurer) ((MidpointFormLoginConfigurer) getOrApply(httpSecurity, new MidpointFormLoginConfigurer(new MailNonceAuthenticationFilter())).m42loginPage(getConfiguration().getSpecificLoginUrl() == null ? "/emailNonce" : getConfiguration().getSpecificLoginUrl()).failureHandler(new MidpointAuthenticationFailureHandler())).successHandler((AuthenticationSuccessHandler) getObjectPostProcessor().postProcess(new MidPointAuthenticationSuccessHandler()))).permitAll();
        getOrApply(httpSecurity, new MidpointExceptionHandlingConfigurer() { // from class: com.evolveum.midpoint.authentication.impl.module.configurer.MailNonceFormModuleWebSecurityConfigurer.1
            @Override // com.evolveum.midpoint.authentication.impl.filter.configurers.MidpointExceptionHandlingConfigurer
            protected Authentication createNewAuthentication(AnonymousAuthenticationToken anonymousAuthenticationToken, AuthenticationSequenceChannelType authenticationSequenceChannelType) {
                if (authenticationSequenceChannelType == null || !SchemaConstants.CHANNEL_INVITATION_URI.equals(authenticationSequenceChannelType.getChannelId())) {
                    return null;
                }
                anonymousAuthenticationToken.setAuthenticated(false);
                return anonymousAuthenticationToken;
            }
        }).authenticationEntryPoint(new WicketLoginUrlAuthenticationEntryPoint(getConfiguration().getSpecificLoginUrl() == null ? "/emailNonce" : getConfiguration().getSpecificLoginUrl()));
        httpSecurity.logout().clearAuthentication(true).logoutRequestMatcher(getLogoutMatcher(httpSecurity, getPrefix() + "/logout")).invalidateHttpSession(true).deleteCookies(new String[]{"JSESSIONID"}).logoutSuccessHandler(createLogoutHandler());
    }
}
