package com.evolveum.midpoint.authentication.impl.provider;

import com.evolveum.midpoint.authentication.api.AuthenticationChannel;
import com.evolveum.midpoint.authentication.api.evaluator.AuthenticationEvaluator;
import com.evolveum.midpoint.authentication.api.evaluator.context.NonceAuthenticationContext;
import com.evolveum.midpoint.authentication.api.util.AuthUtil;
import com.evolveum.midpoint.authentication.impl.module.authentication.token.MailNonceAuthenticationToken;
import com.evolveum.midpoint.prism.PrismContext;
import com.evolveum.midpoint.prism.path.ItemPath;
import com.evolveum.midpoint.repo.api.RepositoryService;
import com.evolveum.midpoint.schema.result.OperationResult;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.util.exception.ObjectAlreadyExistsException;
import com.evolveum.midpoint.util.exception.ObjectNotFoundException;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.ObjectReferenceType;
import java.util.Collection;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.1-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/provider/MailNonceProvider.class */
public class MailNonceProvider extends AbstractCredentialProvider<NonceAuthenticationContext> {
    private static final Trace LOGGER = TraceManager.getTrace((Class<?>) MailNonceProvider.class);

    @Autowired
    private AuthenticationEvaluator<NonceAuthenticationContext, UsernamePasswordAuthenticationToken> nonceAuthenticationEvaluator;

    @Autowired
    private RepositoryService repositoryService;

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractCredentialProvider
    /* renamed from: getEvaluator */
    protected AuthenticationEvaluator<NonceAuthenticationContext, UsernamePasswordAuthenticationToken> getEvaluator2() {
        return this.nonceAuthenticationEvaluator;
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.MidpointAbstractAuthenticationProvider
    protected Authentication doAuthenticate(Authentication authentication, String str, List<ObjectReferenceType> list, AuthenticationChannel authenticationChannel, Class<? extends FocusType> cls) throws AuthenticationException {
        LOGGER.trace("Authenticating username '{}'", str);
        UsernamePasswordAuthenticationToken authenticate = getEvaluator2().authenticate(createEnvironment(authenticationChannel), new NonceAuthenticationContext(str, cls, (String) authentication.getCredentials(), list, authenticationChannel));
        LOGGER.debug("User '{}' authenticated ({}), authorities: {}", authentication.getPrincipal(), authentication.getClass().getSimpleName(), ((MidPointPrincipal) authenticate.getPrincipal()).getAuthorities());
        return authenticate;
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractAuthenticationProvider
    void postAuthenticationProcess() {
        MidPointPrincipal midpointPrincipal = AuthUtil.getMidpointPrincipal();
        if (midpointPrincipal != null) {
            removeNonceAfterSuccessfulAuthentication(midpointPrincipal.getFocus());
        }
    }

    private void removeNonceAfterSuccessfulAuthentication(FocusType focusType) {
        try {
            this.repositoryService.modifyObject(focusType.getClass(), focusType.getOid(), PrismContext.get().deltaFactory().object().createModificationDeleteContainer(FocusType.class, focusType.getOid(), ItemPath.create(FocusType.F_CREDENTIALS, CredentialsType.F_NONCE), focusType.getCredentials().getNonce().mo1616clone()).getModifications(), new OperationResult("Remove nonce from focus"));
        } catch (ObjectAlreadyExistsException | ObjectNotFoundException | SchemaException e) {
            LOGGER.error("Couldn't remove nonce from focus {}", focusType, e);
        }
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractAuthenticationProvider
    protected Authentication createNewAuthenticationToken(Authentication authentication, Collection<? extends GrantedAuthority> collection) {
        return authentication instanceof UsernamePasswordAuthenticationToken ? new MailNonceAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), collection) : authentication;
    }

    @Override // org.springframework.security.authentication.AuthenticationProvider
    public boolean supports(Class<?> cls) {
        return MailNonceAuthenticationToken.class.equals(cls);
    }

    @Override // com.evolveum.midpoint.authentication.impl.provider.AbstractCredentialProvider
    public Class getTypeOfCredential() {
        return NonceCredentialsPolicyType.class;
    }
}
