package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.ModelInteractionService;
import com.evolveum.midpoint.model.api.context.SecurityQuestionsAuthenticationContext;
import com.evolveum.midpoint.model.impl.util.RestServiceUtil;
import com.evolveum.midpoint.prism.Item;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.schema.SearchResultList;
import com.evolveum.midpoint.schema.constants.SchemaConstants;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.util.ObjectQueryUtil;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.Producer;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.web.security.filter.SecurityQuestionsAuthenticationFilter;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionAnswerType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityQuestionDefinitionType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import com.fasterxml.jackson.core.JsonFactory;
import com.fasterxml.jackson.databind.JsonNode;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.node.ArrayNode;
import com.fasterxml.jackson.databind.node.MissingNode;
import java.io.IOException;
import java.util.HashMap;
import java.util.Iterator;
import java.util.List;
import javax.ws.rs.container.ContainerRequestContext;
import org.apache.cxf.configuration.security.AuthorizationPolicy;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:WEB-INF/lib/model-impl-4.2-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/MidpointRestSecurityQuestionsAuthenticator.class */
public class MidpointRestSecurityQuestionsAuthenticator extends MidpointRestAuthenticator<SecurityQuestionsAuthenticationContext> {
    protected static final String USER_CHALLENGE = "\"user\" : \"username\"";
    protected static final String USER_QUESTION_ANSWER_CHALLENGE = ", \"answer\" :";
    protected static final String QUESTION = "{\"qid\" : \"$QID\", \"qtxt\" : \"$QTXT\"}";
    private static final String Q_ID = "$QID";
    private static final String Q_TXT = "$QTXT";

    @Autowired
    private PrismContext prismContext;

    @Autowired
    private ModelInteractionService modelInteractionService;

    @Autowired(required = true)
    private AuthenticationEvaluator<SecurityQuestionsAuthenticationContext> securityQuestionsAuthenticationEvaluator;

    @Override // com.evolveum.midpoint.model.impl.security.MidpointRestAuthenticator
    protected AuthenticationEvaluator<SecurityQuestionsAuthenticationContext> getAuthenticationEvaluator() {
        return this.securityQuestionsAuthenticationEvaluator;
    }

    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.evolveum.midpoint.model.impl.security.MidpointRestAuthenticator
    protected SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy authorizationPolicy, ContainerRequestContext containerRequestContext, Class<? extends FocusType> cls) {
        try {
            JsonNode readTree = new ObjectMapper(new JsonFactory()).readTree(authorizationPolicy.getAuthorization());
            JsonNode findPath = readTree.findPath("user");
            if (findPath instanceof MissingNode) {
                RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
                return null;
            }
            String asText = findPath.asText();
            authorizationPolicy.setUserName(asText);
            JsonNode findPath2 = readTree.findPath("answer");
            if (!(findPath2 instanceof MissingNode)) {
                Iterator<JsonNode> elements = ((ArrayNode) findPath2).elements();
                HashMap hashMap = new HashMap();
                while (elements.hasNext()) {
                    JsonNode next = elements.next();
                    hashMap.put(next.findPath(SecurityQuestionsAuthenticationFilter.J_QID).asText(), next.findPath(SecurityQuestionsAuthenticationFilter.J_QANS).asText());
                }
                return new SecurityQuestionsAuthenticationContext(asText, cls, hashMap);
            }
            SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
            try {
                SearchResultList<PrismObject<UserType>> searchUser = searchUser(asText);
                SecurityContextHolder.getContext().setAuthentication(null);
                if (searchUser.size() != 1) {
                    RestServiceUtil.createAbortMessage(containerRequestContext);
                    return null;
                }
                PrismObject<UserType> prismObject = searchUser.get(0);
                Item findContainer = prismObject.findContainer(SchemaConstants.PATH_SECURITY_QUESTIONS_QUESTION_ANSWER);
                if (findContainer == null || findContainer.isEmpty()) {
                    RestServiceUtil.createAbortMessage(containerRequestContext);
                    return null;
                }
                String str = "";
                try {
                    SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("restapi", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
                    List<SecurityQuestionDefinitionType> questions = getQuestions(prismObject);
                    SecurityContextHolder.getContext().setAuthentication(null);
                    Iterator it = findContainer.getRealValues().iterator();
                    while (it.hasNext()) {
                        SecurityQuestionAnswerType securityQuestionAnswerType = (SecurityQuestionAnswerType) it.next();
                        SecurityQuestionDefinitionType securityQuestionDefinitionType = questions.stream().filter(securityQuestionDefinitionType2 -> {
                            return securityQuestionDefinitionType2.getIdentifier().equals(securityQuestionAnswerType.getQuestionIdentifier());
                        }).findFirst().get();
                        str = str + QUESTION.replace(Q_ID, securityQuestionDefinitionType.getIdentifier()).replace(Q_TXT, securityQuestionDefinitionType.getQuestionText());
                        if (it.hasNext()) {
                            str = str + ",";
                        }
                    }
                    RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{" + USER_CHALLENGE.replace("username", asText) + ", \"answer\" : [" + str + "]}");
                    return null;
                } finally {
                }
            } finally {
            }
        } catch (IOException e) {
            RestServiceUtil.createSecurityQuestionAbortMessage(containerRequestContext, "{\"user\" : \"username\"}");
            return null;
        }
    }

    private SearchResultList<PrismObject<UserType>> searchUser(final String str) {
        return (SearchResultList) getSecurityContextManager().runPrivileged(new Producer<SearchResultList<PrismObject<UserType>>>() { // from class: com.evolveum.midpoint.model.impl.security.MidpointRestSecurityQuestionsAuthenticator.1
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public SearchResultList<PrismObject<UserType>> run() {
                Task createTaskInstance = MidpointRestSecurityQuestionsAuthenticator.this.getTaskManager().createTaskInstance("Search user by name");
                try {
                    try {
                        SearchResultList<PrismObject<UserType>> searchObjects = MidpointRestSecurityQuestionsAuthenticator.this.getModel().searchObjects(UserType.class, ObjectQueryUtil.createNameQuery(str, MidpointRestSecurityQuestionsAuthenticator.this.prismContext), null, createTaskInstance, createTaskInstance.getResult());
                        SecurityContextHolder.getContext().setAuthentication(null);
                        return searchObjects;
                    } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                        SecurityContextHolder.getContext().setAuthentication(null);
                        return null;
                    }
                } catch (Throwable th) {
                    SecurityContextHolder.getContext().setAuthentication(null);
                    throw th;
                }
            }
        });
    }

    private List<SecurityQuestionDefinitionType> getQuestions(final PrismObject<UserType> prismObject) {
        return (List) getSecurityContextManager().runPrivileged(new Producer<List<SecurityQuestionDefinitionType>>() { // from class: com.evolveum.midpoint.model.impl.security.MidpointRestSecurityQuestionsAuthenticator.2
            /* JADX WARN: Can't rename method to resolve collision */
            @Override // com.evolveum.midpoint.util.Producer
            public List<SecurityQuestionDefinitionType> run() {
                Task createTaskInstance = MidpointRestSecurityQuestionsAuthenticator.this.getTaskManager().createTaskInstance("Search user by name");
                OperationResult result = createTaskInstance.getResult();
                try {
                    try {
                        SecurityContextHolder.getContext().setAuthentication(new AnonymousAuthenticationToken("rest_sec_q_auth", "REST", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS")));
                        SecurityPolicyType securityPolicy = MidpointRestSecurityQuestionsAuthenticator.this.modelInteractionService.getSecurityPolicy(prismObject, createTaskInstance, result);
                        SecurityContextHolder.getContext().setAuthentication(null);
                        if (securityPolicy.getCredentials() == null || securityPolicy.getCredentials().getSecurityQuestions() == null) {
                            return null;
                        }
                        return securityPolicy.getCredentials().getSecurityQuestions().getQuestion();
                    } catch (CommunicationException | ConfigurationException | ExpressionEvaluationException | ObjectNotFoundException | SchemaException | SecurityViolationException e) {
                        SecurityContextHolder.getContext().setAuthentication(null);
                        return null;
                    }
                } catch (Throwable th) {
                    SecurityContextHolder.getContext().setAuthentication(null);
                    throw th;
                }
            }
        });
    }

    @Override // com.evolveum.midpoint.model.impl.security.MidpointRestAuthenticator
    protected /* bridge */ /* synthetic */ SecurityQuestionsAuthenticationContext createAuthenticationContext(AuthorizationPolicy authorizationPolicy, ContainerRequestContext containerRequestContext, Class cls) {
        return createAuthenticationContext(authorizationPolicy, containerRequestContext, (Class<? extends FocusType>) cls);
    }
}
