package jp.openstandia.midpoint.grpc;

import com.evolveum.midpoint.model.api.AuthenticationEvaluator;
import com.evolveum.midpoint.model.api.context.PasswordAuthenticationContext;
import com.evolveum.midpoint.prism.PrismObject;
import com.evolveum.midpoint.security.api.AuthorizationConstants;
import com.evolveum.midpoint.security.api.ConnectionEnvironment;
import com.evolveum.midpoint.security.api.MidPointPrincipal;
import com.evolveum.midpoint.task.api.Task;
import com.evolveum.midpoint.util.logging.Trace;
import com.evolveum.midpoint.util.logging.TraceManager;
import com.evolveum.midpoint.xml.ns._public.common.common_3.FocusType;
import com.evolveum.midpoint.xml.ns._public.common.common_3.UserType;
import io.grpc.Metadata;
import io.grpc.Status;
import org.apache.commons.lang.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

@ConditionalOnMissingBean({JWTAuthenticationInterceptor.class})
@Component
/* loaded from: input_file:jp/openstandia/midpoint/grpc/BasicAuthenticationInterceptor.class */
public class BasicAuthenticationInterceptor extends AbstractGrpcAuthenticationInterceptor {
    private static final Trace LOGGER = TraceManager.getTrace(BasicAuthenticationInterceptor.class);
    private static final String TYPE = "Basic";

    @Autowired
    transient AuthenticationEvaluator<PasswordAuthenticationContext> passwordAuthenticationEvaluator;

    @Override // jp.openstandia.midpoint.grpc.AbstractGrpcAuthenticationInterceptor
    public String getType() {
        return TYPE;
    }

    @Override // jp.openstandia.midpoint.grpc.AbstractGrpcAuthenticationInterceptor
    public Authentication authenticate(ConnectionEnvironment connectionEnvironment, Task task, String str) {
        String[] extractAndDecodeBasicAuthzHeader = extractAndDecodeBasicAuthzHeader(str);
        return authenticateUser(connectionEnvironment, extractAndDecodeBasicAuthzHeader[0], extractAndDecodeBasicAuthzHeader[1]);
    }

    @Override // jp.openstandia.midpoint.grpc.AbstractGrpcAuthenticationInterceptor
    protected void authorizeClient(Authentication authentication, ConnectionEnvironment connectionEnvironment, Task task) {
        authorizeUser(authentication, AuthorizationConstants.AUTZ_REST_ALL_URL, ((MidPointPrincipal) authentication.getPrincipal()).getFocus(), null, connectionEnvironment);
    }

    @Override // jp.openstandia.midpoint.grpc.AbstractGrpcAuthenticationInterceptor
    protected Authentication switchToUser(Authentication authentication, Metadata metadata, boolean z, ConnectionEnvironment connectionEnvironment, Task task) {
        PrismObject<? extends FocusType> findByUsername;
        String str = (String) metadata.get(Constant.SwitchToPrincipalMetadataKey);
        String str2 = (String) metadata.get(Constant.SwitchToPrincipalByNameMetadataKey);
        if (StringUtils.isNotBlank(str)) {
            findByUsername = findByOid(authentication, str, task);
        } else {
            if (!StringUtils.isNotBlank(str2)) {
                return authentication;
            }
            findByUsername = findByUsername(authentication, str2, task);
        }
        authorizeUser(authentication, AuthorizationConstants.AUTZ_REST_PROXY_URL, ((MidPointPrincipal) authentication.getPrincipal()).getFocus(), findByUsername, connectionEnvironment);
        return authenticateSwitchUser(findByUsername, z, connectionEnvironment, task);
    }

    protected String[] extractAndDecodeBasicAuthzHeader(String str) {
        String extractAndDecodeHeader = extractAndDecodeHeader(str, "basic");
        int indexOf = extractAndDecodeHeader.indexOf(":");
        if (indexOf == -1) {
            throw Status.UNAUTHENTICATED.withDescription("Invalid basic authentication token").asRuntimeException();
        }
        return new String[]{extractAndDecodeHeader.substring(0, indexOf), extractAndDecodeHeader.substring(indexOf + 1)};
    }

    private UsernamePasswordAuthenticationToken authenticateUser(ConnectionEnvironment connectionEnvironment, String str, String str2) {
        LOGGER.debug("Start authenticateUser: {}", str);
        try {
            try {
                UsernamePasswordAuthenticationToken authenticate = this.passwordAuthenticationEvaluator.authenticate(connectionEnvironment, new PasswordAuthenticationContext(str, str2, UserType.class));
                LOGGER.debug("End authenticateUser: {}", str);
                return authenticate;
            } catch (AuthenticationException e) {
                LOGGER.info("Not authenticated. user: {}, reason: {}", str, e.getMessage());
                throw Status.UNAUTHENTICATED.withDescription("invalid_token").withCause(e).asRuntimeException();
            }
        } catch (Throwable th) {
            LOGGER.debug("End authenticateUser: {}", str);
            throw th;
        }
    }
}
