package com.kcloud.ms.authentication.security;

import com.goldgov.kduck.utils.SpringBeanUtils;
import com.kcloud.ms.authentication.GlobalConstant;
import com.kcloud.ms.authentication.baseaccount.service.Account;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredential;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredentialService;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.baseaccount.service.config.AccountConfig;
import com.kcloud.ms.authentication.baseaccount.service.impl.AccountConfigServiceImpl;
import com.kcloud.ms.authentication.baseaccount.service.impl.AccountCredentialServiceImpl;
import com.kcloud.ms.authentication.baseaccount.service.impl.AccountServiceImpl;
import com.kcloud.ms.authentication.basecore.service.CaptchaService;
import com.kcloud.ms.authentication.basecore.utils.CachesEnum;
import com.kcloud.ms.authentication.cache.CacheHolder;
import com.kcloud.ms.authentication.config.CustomWebAuthenticationDetails;
import com.kcloud.ms.authentication.execption.VerificationCodeException;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import org.apache.commons.lang3.StringUtils;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:com/kcloud/ms/authentication/security/CustomAuthenticationProvider.class */
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private UserDetailsService userService;
    private PasswordEncoder passwordEncoder;
    private CaptchaService captchaService;
    private boolean authorizationCodeCaptcha;
    private boolean passwordCaptcha;

    public CustomAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, CaptchaService captchaService, boolean z, boolean z2) {
        this.userService = userDetailsService;
        this.passwordEncoder = passwordEncoder;
        this.captchaService = captchaService;
        this.authorizationCodeCaptcha = z;
        this.passwordCaptcha = z2;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (this.passwordEncoder.matches(obj, userDetails.getPassword())) {
            ((CustomUserDatails) userDetails).setOrgPassword(obj);
        } else {
            this.logger.debug("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
    }

    private AccountCredential updateStatus(String str, Integer num) {
        AccountService accountService = (AccountService) SpringBeanUtils.getBean(AccountService.class);
        AccountCredential credentialByName = ((AccountCredentialService) SpringBeanUtils.getBean(AccountCredentialService.class)).getCredentialByName(str);
        if (credentialByName == null) {
            throw new UsernameNotFoundException("用户名不存在");
        }
        Account account = new Account();
        account.setAccountId(credentialByName.getAccountId());
        account.setAccountState(num);
        accountService.update(account);
        return credentialByName;
    }

    private void checkAccountAndAccountCredential(String str) {
        AccountCredentialServiceImpl accountCredentialServiceImpl = (AccountCredentialServiceImpl) SpringBeanUtils.getBean(AccountCredentialServiceImpl.class);
        AccountServiceImpl accountServiceImpl = (AccountServiceImpl) SpringBeanUtils.getBean(AccountServiceImpl.class);
        AccountCredential credentialByName = accountCredentialServiceImpl.getCredentialByName(str);
        if (credentialByName == null) {
            throw new UsernameNotFoundException("该账号不存在：" + str);
        }
        if (credentialByName.getState().equals(AccountCredential.STATE_DISABLE)) {
            throw new DisabledException("该账号已被禁用：" + str);
        }
        Account account = accountServiceImpl.getAccount(credentialByName.getAccountId());
        if (account == null) {
            throw new UsernameNotFoundException("该账号不存在账户：" + str);
        }
        if (account.getAccountState().equals(Account.ACCOUNT_STATE_DISABLED)) {
            throw new DisabledException("该账户已被禁用：" + str);
        }
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        checkAccountAndAccountCredential(str);
        AccountConfig loadConfig = ((AccountConfigServiceImpl) SpringBeanUtils.getBean(AccountConfigServiceImpl.class)).loadConfig();
        Object obj = CacheHolder.get(str + "_login_fail");
        if (CacheHolder.get(str + "_lock_time") != null) {
            CacheHolder.remove(str + "_login_fail");
            throw new LockedException("账户已锁定");
        }
        updateStatus(str, Account.ACCOUNT_STATE_ENABLED);
        if (obj != null) {
            List list = (List) obj;
            if (list.size() >= loadConfig.getSecurity().getLockedTryNum().intValue() - 1) {
                AccountCredential updateStatus = updateStatus(str, Account.ACCOUNT_STATE_LOCKING);
                CacheHolder.remove(str + "_login_fail");
                CacheHolder.put(str + "_lock_time", updateStatus, loadConfig.getSecurity().getLockedTimeMinutes().intValue() * 60);
                throw new LockedException("账户已锁定");
            }
            if (list.size() >= loadConfig.getSecurity().getValidCodeTryNum().intValue() - 1) {
                Object details = usernamePasswordAuthenticationToken.getDetails();
                if (details instanceof CustomWebAuthenticationDetails) {
                    if (this.authorizationCodeCaptcha) {
                        CustomWebAuthenticationDetails customWebAuthenticationDetails = (CustomWebAuthenticationDetails) details;
                        if (!StringUtils.equalsIgnoreCase(customWebAuthenticationDetails.getInputVerificationCode(), this.captchaService.getCaptcha(CachesEnum.GraphCaptchaCache, customWebAuthenticationDetails.getGraphId()))) {
                            throw new VerificationCodeException("验证码错误！");
                        }
                    }
                } else if ((details instanceof LinkedHashMap) && this.passwordCaptcha) {
                    Map map = (Map) details;
                    if (map.containsKey("grant_type") && StringUtils.equals("password", (CharSequence) map.get("grant_type"))) {
                        if (!map.containsKey(GlobalConstant.GRAPH_ID) || !map.containsKey(GlobalConstant.VERIFICATION_CODE)) {
                            throw new VerificationCodeException("验证码错误！");
                        }
                        if (!StringUtils.equalsIgnoreCase((CharSequence) map.get(GlobalConstant.VERIFICATION_CODE), this.captchaService.getCaptcha(CachesEnum.GraphCaptchaCache, (String) map.get(GlobalConstant.GRAPH_ID)))) {
                            throw new VerificationCodeException("验证码错误！");
                        }
                    }
                }
            }
        }
        try {
            UserDetails loadUserByUsername = this.userService.loadUserByUsername(str);
            if (loadUserByUsername == null) {
                throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
            }
            return loadUserByUsername;
        } catch (Exception e) {
            throw new InternalAuthenticationServiceException(e.getMessage(), e);
        } catch (UsernameNotFoundException | InternalAuthenticationServiceException e2) {
            throw e2;
        }
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
