package com.evolveum.midpoint.authentication.impl.evaluator;

import com.evolveum.midpoint.authentication.api.evaluator.context.NonceAuthenticationContext;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.security.api.SecurityUtil;
import com.evolveum.midpoint.util.exception.SchemaException;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.CredentialsType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceCredentialsPolicyType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.NonceType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.SecurityPolicyType;
import org.apache.commons.lang3.StringUtils;
import org.jetbrains.annotations.NotNull;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.stereotype.Component;

@Component("nonceAuthenticationEvaluator")
/* loaded from: input_file:BOOT-INF/lib/authentication-impl-4.9.4-SNAPSHOT.jar:com/evolveum/midpoint/authentication/impl/evaluator/NonceAuthenticationEvaluatorImpl.class */
public class NonceAuthenticationEvaluatorImpl extends CredentialsAuthenticationEvaluatorImpl<NonceType, NonceAuthenticationContext> {
    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public void checkEnteredCredentials(ConnectionEnvironment connectionEnvironment, NonceAuthenticationContext nonceAuthenticationContext) {
        if (StringUtils.isBlank(nonceAuthenticationContext.getNonce())) {
            auditAuthenticationFailure(nonceAuthenticationContext.getUsername(), connectionEnvironment, "empty nonce provided");
            throw new BadCredentialsException("web.security.provider.nonce.bad");
        }
    }

    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    protected boolean supportsAuthzCheck() {
        return false;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public NonceType getCredential(CredentialsType credentialsType) {
        return credentialsType.getNonce();
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public void validateCredentialNotNull(ConnectionEnvironment connectionEnvironment, @NotNull MidPointPrincipal midPointPrincipal, NonceType nonceType) {
        if (nonceType.getValue() == null) {
            recordModuleAuthenticationFailure(midPointPrincipal.getUsername(), midPointPrincipal, connectionEnvironment, null, "no stored nonce value");
            throw new AuthenticationCredentialsNotFoundException("web.security.provider.nonce.bad");
        }
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public boolean passwordMatches(ConnectionEnvironment connectionEnvironment, @NotNull MidPointPrincipal midPointPrincipal, NonceType nonceType, NonceAuthenticationContext nonceAuthenticationContext) {
        return decryptAndMatch(connectionEnvironment, midPointPrincipal, nonceType.getValue(), nonceAuthenticationContext.getNonce());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    public CredentialPolicyType getEffectiveCredentialPolicy(SecurityPolicyType securityPolicyType, NonceAuthenticationContext nonceAuthenticationContext) throws SchemaException {
        NonceCredentialsPolicyType policy = nonceAuthenticationContext.getPolicy();
        if (policy == null) {
            policy = SecurityUtil.getEffectiveNonceCredentialsPolicy(securityPolicyType);
        }
        nonceAuthenticationContext.setPolicy(policy);
        return policy;
    }

    @Override // com.evolveum.midpoint.authentication.impl.evaluator.CredentialsAuthenticationEvaluatorImpl
    protected boolean supportsActivation() {
        return false;
    }
}
