package com.evolveum.midpoint.model.impl.security;

import com.evolveum.midpoint.audit.api.AuditEventRecord;
import com.evolveum.midpoint.audit.api.AuditEventStage;
import com.evolveum.midpoint.audit.api.AuditEventType;
import com.evolveum.midpoint.model.api.ModelAuditRecorder;
import com.evolveum.midpoint.prism.polystring.PolyString;
import com.evolveum.midpoint.repo.common.AuditHelper;
import com.evolveum.midpoint.repo.common.SystemObjectCache;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.schema.result.OperationResultStatus;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.HttpConnectionInformation;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.security.enforcer.api.SecurityEnforcer;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.task.api.TaskManager;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SystemConfigurationType;
import org.jetbrains.annotations.NotNull;
import org.jetbrains.annotations.Nullable;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:BOOT-INF/lib/model-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/model/impl/security/SecurityHelper.class */
public class SecurityHelper implements ModelAuditRecorder {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) SecurityHelper.class);

    @Autowired
    private TaskManager taskManager;

    @Autowired
    private AuditHelper auditHelper;

    @Autowired
    private SecurityEnforcer securityEnforcer;

    @Autowired
    private SystemObjectCache systemObjectCache;

    @Override // com.evolveum.midpoint.model.api.ModelAuditRecorder
    public void auditLoginSuccess(@NotNull ObjectType objectType, @NotNull ConnectionEnvironment connectionEnvironment) {
        auditLogin(objectType.getName().getOrig(), objectType instanceof FocusType ? (FocusType) objectType : null, connectionEnvironment, OperationResultStatus.SUCCESS, null);
    }

    @Override // com.evolveum.midpoint.model.api.ModelAuditRecorder
    public void auditLoginFailure(@Nullable String str, @Nullable FocusType focusType, @NotNull ConnectionEnvironment connectionEnvironment, String str2) {
        auditLogin(str, focusType, connectionEnvironment, OperationResultStatus.FATAL_ERROR, str2);
    }

    private void auditLogin(@Nullable String str, @Nullable FocusType focusType, @NotNull ConnectionEnvironment connectionEnvironment, @NotNull OperationResultStatus operationResultStatus, @Nullable String str2) {
        String channel = connectionEnvironment.getChannel();
        if (SecurityUtil.isAuditedLoginAndLogout(getSystemConfig(), channel)) {
            Task createTaskInstance = this.taskManager.createTaskInstance();
            createTaskInstance.setChannel(channel);
            Trace trace = LOGGER;
            Object[] objArr = new Object[4];
            objArr[0] = operationResultStatus == OperationResultStatus.SUCCESS ? "success" : "failure";
            objArr[1] = str;
            objArr[2] = connectionEnvironment.getChannel();
            objArr[3] = str2;
            trace.debug("Login {} username={}, channel={}: {}", objArr);
            AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.CREATE_SESSION, AuditEventStage.REQUEST);
            auditEventRecord.setParameter(str);
            if (focusType != null) {
                auditEventRecord.setInitiator(focusType.asPrismObject());
            }
            auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
            auditEventRecord.setOutcome(operationResultStatus);
            auditEventRecord.setMessage(str2);
            storeConnectionEnvironment(auditEventRecord, connectionEnvironment);
            try {
                this.auditHelper.audit(auditEventRecord, null, createTaskInstance, new OperationResult(SecurityHelper.class.getName() + ".auditLogin"));
            } catch (Exception e) {
                LOGGER.error("Couldn't audit audit event because of malformed username: " + str, (Throwable) e);
                String norm = new PolyString(str).recompute().getNorm();
                LOGGER.info("Normalization of username and create audit record with normalized username. Normalized username: " + norm);
                auditEventRecord.setParameter(norm);
                this.auditHelper.audit(auditEventRecord, null, createTaskInstance, new OperationResult(SecurityHelper.class.getName() + ".auditLogin"));
            }
        }
    }

    @Override // com.evolveum.midpoint.model.api.ModelAuditRecorder
    public void auditLogout(ConnectionEnvironment connectionEnvironment, Task task, OperationResult operationResult) {
        if (SecurityUtil.isAuditedLoginAndLogout(getSystemConfig(), connectionEnvironment.getChannel())) {
            AuditEventRecord auditEventRecord = new AuditEventRecord(AuditEventType.TERMINATE_SESSION, AuditEventStage.REQUEST);
            auditEventRecord.setInitiatorAndLoginParameter(task.getOwner(operationResult));
            auditEventRecord.setTimestamp(Long.valueOf(System.currentTimeMillis()));
            auditEventRecord.setOutcome(OperationResultStatus.SUCCESS);
            storeConnectionEnvironment(auditEventRecord, connectionEnvironment);
            try {
                this.auditHelper.audit(auditEventRecord, null, task, operationResult);
            } catch (Exception e) {
                LOGGER.error("Couldn't audit audit event", (Throwable) e);
            }
        }
    }

    private SystemConfigurationType getSystemConfig() {
        SystemConfigurationType systemConfigurationType = null;
        try {
            systemConfigurationType = this.systemObjectCache.getSystemConfiguration(new OperationResult("LOAD SYSTEM CONFIGURATION")).asObjectable();
        } catch (SchemaException e) {
            LOGGER.error("Couldn't get system configuration from cache", (Throwable) e);
        }
        return systemConfigurationType;
    }

    private void storeConnectionEnvironment(AuditEventRecord auditEventRecord, ConnectionEnvironment connectionEnvironment) {
        auditEventRecord.setChannel(connectionEnvironment.getChannel());
        auditEventRecord.setSessionIdentifier(connectionEnvironment.getSessionId());
        HttpConnectionInformation connectionInformation = connectionEnvironment.getConnectionInformation();
        if (connectionInformation != null) {
            auditEventRecord.setRemoteHostAddress(connectionInformation.getRemoteHostAddress());
            auditEventRecord.setHostIdentifier(connectionInformation.getLocalHostName());
        }
    }

    public SecurityEnforcer getSecurityEnforcer() {
        return this.securityEnforcer;
    }
}
