package com.evolveum.midpoint.authentication.impl.filter;

import com.evolveum.midpoint.authentication.api.AuthModule;
import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.config.MidpointAuthentication;
import com.evolveum.midpoint.authentication.impl.factory.channel.AuthChannelRegistryImpl;
import com.evolveum.midpoint.authentication.impl.factory.module.AuthModuleRegistryImpl;
import com.evolveum.midpoint.authentication.impl.module.authentication.ModuleAuthenticationImpl;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.authentication.impl.util.AuthenticationSequenceModuleCreator;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.schema.util.SecurityPolicyUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationSequenceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationsPolicyType;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.ServletRequest;
import jakarta.servlet.ServletResponse;
import jakarta.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationDetailsSource;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.AnonymousAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.util.Assert;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.10-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/filter/MidpointAnonymousAuthenticationFilter.class */
public class MidpointAnonymousAuthenticationFilter extends AnonymousAuthenticationFilter {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) MidpointAnonymousAuthenticationFilter.class);
    private final AuthModuleRegistryImpl authRegistry;
    private final AuthChannelRegistryImpl authChannelRegistry;
    private final PrismContext prismContext;
    private final String key;
    private final Map<Class<?>, Object> sharedObjects;
    private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource;

    public MidpointAnonymousAuthenticationFilter(AuthModuleRegistryImpl authModuleRegistryImpl, AuthChannelRegistryImpl authChannelRegistryImpl, PrismContext prismContext, String str, Object obj, List<GrantedAuthority> list, Map<Class<?>, Object> map) {
        super(str, obj, list);
        this.sharedObjects = new HashMap();
        this.authenticationDetailsSource = new WebAuthenticationDetailsSource();
        this.key = str;
        this.authRegistry = authModuleRegistryImpl;
        this.authChannelRegistry = authChannelRegistryImpl;
        this.prismContext = prismContext;
        this.sharedObjects.putAll(map);
    }

    @Override // org.springframework.security.web.authentication.AnonymousAuthenticationFilter, jakarta.servlet.Filter
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
        if (SecurityContextHolder.getContext().getAuthentication() == null) {
            SecurityContextHolder.getContext().setAuthentication(createAuthentication((HttpServletRequest) servletRequest));
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("Populated SecurityContextHolder with anonymous token: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
            }
        } else {
            processAuthentication(servletRequest);
            if (LOGGER.isDebugEnabled()) {
                LOGGER.debug("SecurityContextHolder not populated with anonymous token, as it already contained: '" + SecurityContextHolder.getContext().getAuthentication() + "'");
            }
        }
        filterChain.doFilter(servletRequest, servletResponse);
    }

    protected void processAuthentication(ServletRequest servletRequest) {
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication instanceof MidpointAuthentication) {
            MidpointAuthentication midpointAuthentication = (MidpointAuthentication) authentication;
            ModuleAuthenticationImpl moduleAuthenticationImpl = (ModuleAuthenticationImpl) midpointAuthentication.getProcessingModuleAuthentication();
            if (moduleAuthenticationImpl == null || moduleAuthenticationImpl.getAuthentication() != null) {
                return;
            }
            Authentication createBasicAuthentication = createBasicAuthentication((HttpServletRequest) servletRequest);
            moduleAuthenticationImpl.setAuthentication(createBasicAuthentication);
            if (midpointAuthentication.hasSucceededAuthentication()) {
                return;
            }
            midpointAuthentication.setPrincipal(createBasicAuthentication.getPrincipal());
        }
    }

    @Override // org.springframework.security.web.authentication.AnonymousAuthenticationFilter
    protected Authentication createAuthentication(HttpServletRequest httpServletRequest) {
        Authentication createBasicAuthentication = createBasicAuthentication(httpServletRequest);
        MidpointAuthentication midpointAuthentication = new MidpointAuthentication(SecurityPolicyUtil.createDefaultSequence());
        try {
            AuthenticationsPolicyType createDefaultAuthenticationPolicy = SecurityPolicyUtil.createDefaultAuthenticationPolicy(SecurityPolicyUtil.NO_CUSTOM_IGNORED_LOCAL_PATH, this.prismContext.getSchemaRegistry());
            AuthenticationSequenceType createDefaultSequence = SecurityPolicyUtil.createDefaultSequence();
            AuthenticationChannel buildAuthChannel = AuthSequenceUtil.buildAuthChannel(this.authChannelRegistry, createDefaultSequence);
            this.sharedObjects.remove(AuthenticationManagerBuilder.class);
            List<AuthModule<?>> create = new AuthenticationSequenceModuleCreator(this.authRegistry, createDefaultSequence, httpServletRequest, createDefaultAuthenticationPolicy.getModules(), buildAuthChannel).sharedObjects(this.sharedObjects).create();
            midpointAuthentication.setAuthModules(create);
            if (create != null && !create.isEmpty()) {
                ModuleAuthenticationImpl moduleAuthenticationImpl = (ModuleAuthenticationImpl) create.get(0).getBaseModuleAuthentication();
                moduleAuthenticationImpl.setAuthentication(createBasicAuthentication);
                midpointAuthentication.addAuthentication(moduleAuthenticationImpl);
            }
            midpointAuthentication.setPrincipal(createBasicAuthentication.getPrincipal());
            return midpointAuthentication;
        } catch (SchemaException e) {
            LOGGER.error("Couldn't get default authentication policy");
            throw new IllegalArgumentException("Couldn't get default authentication policy", e);
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authentication createBasicAuthentication(HttpServletRequest httpServletRequest) {
        AnonymousAuthenticationToken anonymousAuthenticationToken = new AnonymousAuthenticationToken(this.key, getPrincipal(), getAuthorities());
        anonymousAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return anonymousAuthenticationToken;
    }

    @Override // org.springframework.security.web.authentication.AnonymousAuthenticationFilter
    public void setAuthenticationDetailsSource(AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource) {
        Assert.notNull(authenticationDetailsSource, "AuthenticationDetailsSource required");
        this.authenticationDetailsSource = authenticationDetailsSource;
    }
}
