package com.evolveum.midpoint.authentication.impl;

import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.util.AuthSequenceUtil;
import com.evolveum.midpoint.common.Clock;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.prism.delta.ItemDelta;
import com.evolveum.midpoint.prism.delta.ObjectDelta;
import com.evolveum.midpoint.prism.equivalence.ParameterizedEquivalenceStrategy;
import com.evolveum.midpoint.prism.xml.XmlTypeConverter;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.ProfileCompilerOptions;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.exception.CommonException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ActivationType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationAttemptDataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.AuthenticationBehavioralDataType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LockoutStatusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.LoginEventType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.TriggerType;
import java.util.Collection;
import javax.xml.datatype.Duration;
import javax.xml.datatype.XMLGregorianCalendar;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/FocusAuthenticationResultRecorder.class */
public class FocusAuthenticationResultRecorder {

    @Autowired
    private ModelAuditRecorder auditProvider;

    @Autowired
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired
    private Clock clock;

    @Autowired
    private ModelAuditRecorder securityHelper;
    static final /* synthetic */ boolean $assertionsDisabled;

    public void recordModuleAuthenticationAttemptSuccess(MidPointPrincipal midPointPrincipal, ConnectionEnvironment connectionEnvironment) {
        FocusType clone = midPointPrincipal.getFocus().clone();
        AuthenticationAttemptDataType findOrCreateAuthenticationAttemptDataFoModule = AuthUtil.findOrCreateAuthenticationAttemptDataFoModule(connectionEnvironment, midPointPrincipal);
        Integer failedAttempts = findOrCreateAuthenticationAttemptDataFoModule.getFailedAttempts();
        boolean z = false;
        if (failedAttempts != null && failedAttempts.intValue() > 0) {
            findOrCreateAuthenticationAttemptDataFoModule.setFailedAttempts(0);
            z = true;
        }
        LoginEventType loginEventType = new LoginEventType();
        loginEventType.setTimestamp(this.clock.currentTimeXMLGregorianCalendar());
        loginEventType.setFrom(connectionEnvironment.getRemoteHostAddress());
        findOrCreateAuthenticationAttemptDataFoModule.setLastSuccessfulAuthentication(loginEventType);
        findOrCreateAuthenticationAttemptDataFoModule.setLockoutTimestamp(null);
        findOrCreateAuthenticationAttemptDataFoModule.setLockoutExpirationTimestamp(null);
        ActivationType activation = midPointPrincipal.getFocus().getActivation();
        if (activation != null) {
            if (LockoutStatusType.LOCKED.equals(activation.getLockoutStatus())) {
                z = true;
            }
            activation.setLockoutStatus(LockoutStatusType.NORMAL);
            activation.setLockoutExpirationTimestamp(null);
        }
        if (AuthSequenceUtil.isAllowUpdatingAuthBehavior(z)) {
            this.focusProfileService.updateFocus(midPointPrincipal, computeModifications(clone, midPointPrincipal.getFocus()));
        }
    }

    public void recordModuleAuthenticationAttemptFailure(MidPointPrincipal midPointPrincipal, CredentialPolicyType credentialPolicyType, ConnectionEnvironment connectionEnvironment) {
        Duration lockoutFailedAttemptsDuration;
        FocusType focus = midPointPrincipal.getFocus();
        FocusType clone = focus.clone();
        AuthenticationAttemptDataType findOrCreateAuthenticationAttemptDataFoModule = AuthUtil.findOrCreateAuthenticationAttemptDataFoModule(connectionEnvironment, midPointPrincipal);
        Integer failedAttempts = findOrCreateAuthenticationAttemptDataFoModule.getFailedAttempts();
        LoginEventType lastFailedAuthentication = findOrCreateAuthenticationAttemptDataFoModule.getLastFailedAuthentication();
        XMLGregorianCalendar xMLGregorianCalendar = null;
        if (lastFailedAuthentication != null) {
            xMLGregorianCalendar = lastFailedAuthentication.getTimestamp();
        }
        if (credentialPolicyType != null && (lockoutFailedAttemptsDuration = credentialPolicyType.getLockoutFailedAttemptsDuration()) != null && xMLGregorianCalendar != null) {
            if (this.clock.isPast(XmlTypeConverter.addDuration(xMLGregorianCalendar, lockoutFailedAttemptsDuration))) {
                failedAttempts = 0;
            }
        }
        Integer valueOf = failedAttempts == null ? 1 : Integer.valueOf(failedAttempts.intValue() + 1);
        findOrCreateAuthenticationAttemptDataFoModule.setFailedAttempts(valueOf);
        LoginEventType loginEventType = new LoginEventType();
        loginEventType.setTimestamp(this.clock.currentTimeXMLGregorianCalendar());
        loginEventType.setFrom(connectionEnvironment.getRemoteHostAddress());
        findOrCreateAuthenticationAttemptDataFoModule.setLastFailedAuthentication(loginEventType);
        if (SecurityUtil.isOverFailedLockoutAttempts(valueOf.intValue(), credentialPolicyType)) {
            ActivationType activation = focus.getActivation();
            if (activation == null) {
                activation = new ActivationType();
                focus.setActivation(activation);
            }
            activation.setLockoutStatus(LockoutStatusType.LOCKED);
            XMLGregorianCalendar xMLGregorianCalendar2 = null;
            Duration lockoutDuration = credentialPolicyType.getLockoutDuration();
            if (lockoutDuration != null) {
                xMLGregorianCalendar2 = XmlTypeConverter.addDuration(loginEventType.getTimestamp(), lockoutDuration);
            }
            activation.setLockoutExpirationTimestamp(xMLGregorianCalendar2);
            findOrCreateAuthenticationAttemptDataFoModule.setLockoutExpirationTimestamp(xMLGregorianCalendar2);
            findOrCreateAuthenticationAttemptDataFoModule.setLockoutTimestamp(loginEventType.getTimestamp());
            focus.getTrigger().add(new TriggerType().handlerUri("http://midpoint.evolveum.com/xml/ns/public/model/trigger/unlock/handler-3").timestamp(xMLGregorianCalendar2));
        }
        if (AuthSequenceUtil.isAllowUpdatingAuthBehavior(true)) {
            this.focusProfileService.updateFocus(midPointPrincipal, computeModifications(clone, focus));
        }
    }

    public void recordSequenceAuthenticationSuccess(MidPointPrincipal midPointPrincipal, ConnectionEnvironment connectionEnvironment) {
        if (midPointPrincipal == null) {
            return;
        }
        FocusType clone = midPointPrincipal.getFocus().clone();
        AuthenticationBehavioralDataType orCreateBehavioralDataForSequence = AuthUtil.getOrCreateBehavioralDataForSequence(midPointPrincipal, connectionEnvironment.getSequenceIdentifier());
        Integer failedLogins = orCreateBehavioralDataForSequence.getFailedLogins();
        boolean z = false;
        if (failedLogins != null && failedLogins.intValue() > 0) {
            orCreateBehavioralDataForSequence.setFailedLogins(0);
            z = true;
        }
        LoginEventType loginEventType = new LoginEventType();
        loginEventType.setTimestamp(this.clock.currentTimeXMLGregorianCalendar());
        loginEventType.setFrom(connectionEnvironment.getRemoteHostAddress());
        orCreateBehavioralDataForSequence.setPreviousSuccessfulLogin(orCreateBehavioralDataForSequence.getLastSuccessfulLogin());
        orCreateBehavioralDataForSequence.setLastSuccessfulLogin(loginEventType);
        if (AuthSequenceUtil.isAllowUpdatingAuthBehavior(z)) {
            this.focusProfileService.updateFocus(midPointPrincipal, computeModifications(clone, midPointPrincipal.getFocus()));
        }
        this.securityHelper.auditLoginSuccess(midPointPrincipal.getFocus(), connectionEnvironment);
    }

    public void recordSequenceAuthenticationFailure(String str, MidPointPrincipal midPointPrincipal, CredentialPolicyType credentialPolicyType, String str2, ConnectionEnvironment connectionEnvironment) {
        FocusType focusType = null;
        if (midPointPrincipal == null && StringUtils.isNotEmpty(str)) {
            try {
                midPointPrincipal = this.focusProfileService.getPrincipal(str, FocusType.class, ProfileCompilerOptions.createOnlyPrincipalOption());
            } catch (CommonException e) {
            }
        }
        if (midPointPrincipal != null) {
            focusType = midPointPrincipal.getFocus();
            if (AuthSequenceUtil.isAllowUpdatingAuthBehavior(true)) {
                processFocusChange(midPointPrincipal, credentialPolicyType, connectionEnvironment);
            }
        }
        this.securityHelper.auditLoginFailure(str, focusType, connectionEnvironment, str2);
    }

    private void processFocusChange(MidPointPrincipal midPointPrincipal, CredentialPolicyType credentialPolicyType, ConnectionEnvironment connectionEnvironment) {
        Duration lockoutFailedAttemptsDuration;
        FocusType focus = midPointPrincipal.getFocus();
        FocusType clone = focus.clone();
        AuthenticationBehavioralDataType orCreateBehavioralDataForSequence = AuthUtil.getOrCreateBehavioralDataForSequence(midPointPrincipal, connectionEnvironment.getSequenceIdentifier());
        Integer failedLogins = orCreateBehavioralDataForSequence.getFailedLogins();
        LoginEventType lastFailedLogin = orCreateBehavioralDataForSequence.getLastFailedLogin();
        XMLGregorianCalendar xMLGregorianCalendar = null;
        if (lastFailedLogin != null) {
            xMLGregorianCalendar = lastFailedLogin.getTimestamp();
        }
        if (credentialPolicyType != null && (lockoutFailedAttemptsDuration = credentialPolicyType.getLockoutFailedAttemptsDuration()) != null && xMLGregorianCalendar != null) {
            if (this.clock.isPast(XmlTypeConverter.addDuration(xMLGregorianCalendar, lockoutFailedAttemptsDuration))) {
                failedLogins = 0;
            }
        }
        Integer valueOf = failedLogins == null ? 1 : Integer.valueOf(failedLogins.intValue() + 1);
        orCreateBehavioralDataForSequence.setFailedLogins(valueOf);
        LoginEventType loginEventType = new LoginEventType();
        loginEventType.setTimestamp(this.clock.currentTimeXMLGregorianCalendar());
        loginEventType.setFrom(connectionEnvironment.getRemoteHostAddress());
        orCreateBehavioralDataForSequence.setLastFailedLogin(loginEventType);
        if (SecurityUtil.isOverFailedLockoutAttempts(valueOf.intValue(), credentialPolicyType)) {
            ActivationType activation = focus.getActivation();
            if (activation == null) {
                activation = new ActivationType();
                focus.setActivation(activation);
            }
            activation.setLockoutStatus(LockoutStatusType.LOCKED);
            XMLGregorianCalendar xMLGregorianCalendar2 = null;
            Duration lockoutDuration = credentialPolicyType.getLockoutDuration();
            if (lockoutDuration != null) {
                xMLGregorianCalendar2 = XmlTypeConverter.addDuration(loginEventType.getTimestamp(), lockoutDuration);
            }
            activation.setLockoutExpirationTimestamp(xMLGregorianCalendar2);
            focus.getTrigger().add(new TriggerType().handlerUri("http://midpoint.evolveum.com/xml/ns/public/model/trigger/unlock/handler-3").timestamp(xMLGregorianCalendar2));
        }
        this.focusProfileService.updateFocus(midPointPrincipal, computeModifications(clone, focus));
    }

    private Collection<? extends ItemDelta<?, ?>> computeModifications(@NotNull FocusType focusType, @NotNull FocusType focusType2) {
        ObjectDelta<? extends FocusType> diff = focusType.asPrismObject().diff(focusType2.asPrismObject(), ParameterizedEquivalenceStrategy.DATA);
        if ($assertionsDisabled || diff.isModify()) {
            return diff.getModifications();
        }
        throw new AssertionError();
    }

    static {
        $assertionsDisabled = !FocusAuthenticationResultRecorder.class.desiredAssertionStatus();
    }
}
