package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.prism.crypto.EncryptionException;
import com.evolveum.midpoint.prism.crypto.Protector;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.UserProfileService;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import java.io.IOException;
import javax.security.auth.callback.Callback;
import javax.security.auth.callback.CallbackHandler;
import javax.security.auth.callback.UnsupportedCallbackException;
import org.apache.commons.lang.StringUtils;
import org.apache.wss4j.common.ext.WSPasswordCallback;

/* loaded from: input_file:com/evolveum/midpoint/model/impl/security/PasswordCallback.class */
public class PasswordCallback implements CallbackHandler {
    private static final Trace LOGGER = TraceManager.getTrace(PasswordCallback.class);
    private UserProfileService userDetailsService;
    private Protector protector;
    private SecurityHelper securityHelper;

    public PasswordCallback(UserProfileService userProfileService, Protector protector, SecurityHelper securityHelper) {
        this.userDetailsService = userProfileService;
        this.protector = protector;
        this.securityHelper = securityHelper;
    }

    @Override // javax.security.auth.callback.CallbackHandler
    public void handle(Callback[] callbackArr) throws IOException, UnsupportedCallbackException {
        LOGGER.trace("Invoked PasswordCallback with {} callbacks: {}", Integer.valueOf(callbackArr.length), callbackArr);
        WSPasswordCallback wSPasswordCallback = (WSPasswordCallback) callbackArr[0];
        String identifier = wSPasswordCallback.getIdentifier();
        LOGGER.trace("Username: '{}', Password type: {}", identifier, wSPasswordCallback.getType());
        if (StringUtils.isBlank(identifier)) {
            this.securityHelper.auditLoginFailure(identifier, "No username", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
            throw new PasswordCallbackException("Authentication failed");
        }
        try {
            MidPointPrincipal principal = this.userDetailsService.getPrincipal(identifier);
            if (principal == null) {
                this.securityHelper.auditLoginFailure(identifier, "No user", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
                throw new PasswordCallbackException("Authentication failed");
            }
            CredentialsType credentials = principal.getUser().getCredentials();
            if (credentials == null) {
                this.securityHelper.auditLoginFailure(identifier, "No user credentials", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
                throw new PasswordCallbackException("Authentication failed");
            }
            if (credentials.getPassword() == null) {
                this.securityHelper.auditLoginFailure(identifier, "No user credentials password", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
                throw new PasswordCallbackException("Authentication failed");
            }
            if (credentials.getPassword().getValue() == null) {
                this.securityHelper.auditLoginFailure(identifier, "No user credentials password value", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
                throw new PasswordCallbackException("Authentication failed");
            }
            try {
                wSPasswordCallback.setPassword(this.protector.decryptString(credentials.getPassword().getValue()));
            } catch (EncryptionException e) {
                LOGGER.error("Password decryption error: {}", e.getMessage(), e);
                this.securityHelper.auditLoginFailure(identifier, "Password decryption error: " + e.getMessage(), SchemaConstants.CHANNEL_WEB_SERVICE_URI);
                throw new PasswordCallbackException("Authentication failed");
            }
        } catch (ObjectNotFoundException e2) {
            LOGGER.trace("User not found: {}", e2.getMessage(), e2);
            this.securityHelper.auditLoginFailure(identifier, "No user", SchemaConstants.CHANNEL_WEB_SERVICE_URI);
            throw new PasswordCallbackException("Authentication failed");
        }
    }
}
