package com.evolveum.midpoint.authentication.impl.evaluator;

import com.evolveum.midpoint.authentication.api.AutheticationFailedData;
import com.evolveum.midpoint.authentication.api.config.ModuleAuthentication;
import com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator;
import com.evolveum.midpoint.authentication.api.evaluator.context.AbstractAuthenticationContext;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.FocusAuthenticationResultRecorder;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipal;
import com.evolveum.midpoint.model.api.authentication.GuiProfiledPrincipalManager;
import com.evolveum.midpoint.prism.query.ObjectQuery;
import com.evolveum.midpoint.security.api.Authorization;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.ProfileCompilerOptions;
import com.evolveum.midpoint.util.exception.CommunicationException;
import com.evolveum.midpoint.util.exception.ConfigurationException;
import com.evolveum.midpoint.util.exception.ExpressionEvaluationException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.exception.SecurityViolationException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import java.util.Iterator;
import org.jetbrains.annotations.NotNull;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UsernameNotFoundException;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/evaluator/AuthenticationEvaluatorImpl.class */
public abstract class AuthenticationEvaluatorImpl<T extends AbstractAuthenticationContext, A extends Authentication> implements AuthenticationEvaluator<T, A> {

    @Autowired
    private FocusAuthenticationResultRecorder authenticationRecorder;

    @Autowired
    private ModelAuditRecorder auditRecorder;
    private GuiProfiledPrincipalManager focusProfileService;

    @Autowired
    public void setPrincipalManager(GuiProfiledPrincipalManager guiProfiledPrincipalManager) {
        this.focusProfileService = guiProfiledPrincipalManager;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @NotNull
    public <C extends AbstractAuthenticationContext> MidPointPrincipal getAndCheckPrincipal(ConnectionEnvironment connectionEnvironment, C c, boolean z) {
        ObjectQuery createFocusQuery = c.createFocusQuery();
        String username = c.getUsername();
        if (createFocusQuery == null) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "no username");
            throw new UsernameNotFoundException("web.security.provider.invalid.credentials");
        }
        try {
            GuiProfiledPrincipal principal = this.focusProfileService.getPrincipal(createFocusQuery, c.getPrincipalType(), createOptionForGettingPrincipal());
            if (principal == null) {
                recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "no focus");
                throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
            }
            if (!z || principal.isEnabled()) {
                return principal;
            }
            recordModuleAuthenticationFailure(principal.getUsername(), principal, connectionEnvironment, null, "focus disabled");
            throw new DisabledException("web.security.provider.disabled");
        } catch (CommunicationException e) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "communication error");
            throw new InternalAuthenticationServiceException("web.security.provider.invalid");
        } catch (ConfigurationException e2) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "configuration error");
            throw new InternalAuthenticationServiceException("web.security.provider.invalid");
        } catch (ExpressionEvaluationException e3) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "expression error");
            throw new InternalAuthenticationServiceException("web.security.provider.invalid");
        } catch (ObjectNotFoundException e4) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "no focus");
            throw new UsernameNotFoundException(AuthUtil.generateBadCredentialsMessageKey(SecurityContextHolder.getContext().getAuthentication()));
        } catch (SchemaException e5) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "schema error");
            throw new InternalAuthenticationServiceException("web.security.provider.invalid");
        } catch (SecurityViolationException e6) {
            recordModuleAuthenticationFailure(username, null, connectionEnvironment, null, "security violation");
            throw new InternalAuthenticationServiceException("web.security.provider.invalid");
        }
    }

    private ProfileCompilerOptions createOptionForGettingPrincipal() {
        return ProfileCompilerOptions.createNotCompileGuiAdminConfiguration().collectAuthorization(true).locateSecurityPolicy(true).tryReusingSecurityPolicy(true);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public boolean hasNoAuthorizations(MidPointPrincipal midPointPrincipal) {
        Iterator<Authorization> it = midPointPrincipal.getAuthorities().iterator();
        while (it.hasNext()) {
            if (!it.next().getAction().isEmpty()) {
                return false;
            }
        }
        return true;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void recordModuleAuthenticationSuccess(@NotNull MidPointPrincipal midPointPrincipal, @NotNull ConnectionEnvironment connectionEnvironment) {
        this.authenticationRecorder.recordModuleAuthenticationAttemptSuccess(midPointPrincipal, connectionEnvironment);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void recordModuleAuthenticationFailure(String str, MidPointPrincipal midPointPrincipal, @NotNull ConnectionEnvironment connectionEnvironment, CredentialPolicyType credentialPolicyType, String str2) {
        if (midPointPrincipal != null) {
            this.authenticationRecorder.recordModuleAuthenticationAttemptFailure(midPointPrincipal, credentialPolicyType, connectionEnvironment);
        }
        ModuleAuthentication processingModuleAuthentication = AuthUtil.getMidpointAuthentication().getProcessingModuleAuthentication();
        if (processingModuleAuthentication != null) {
            processingModuleAuthentication.setFailureData(new AutheticationFailedData(str2, str));
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void auditAuthenticationFailure(String str, ConnectionEnvironment connectionEnvironment, String str2) {
        this.auditRecorder.auditLoginFailure(str, null, connectionEnvironment, str2);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void auditAuthenticationSuccess(ObjectType objectType, ConnectionEnvironment connectionEnvironment) {
        this.auditRecorder.auditLoginSuccess(objectType, connectionEnvironment);
    }
}
