package com.kcloud.ms.authentication.security;

import com.goldgov.kduck.cache.CacheHelper;
import com.goldgov.kduck.utils.SpringBeanUtils;
import com.kcloud.ms.authentication.GlobalConstant;
import com.kcloud.ms.authentication.baseaccount.service.Account;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredential;
import com.kcloud.ms.authentication.baseaccount.service.AccountCredentialService;
import com.kcloud.ms.authentication.baseaccount.service.AccountService;
import com.kcloud.ms.authentication.baseaccount.service.impl.AccountCredentialServiceImpl;
import com.kcloud.ms.authentication.baseaccount.service.impl.AccountServiceImpl;
import com.kcloud.ms.authentication.execption.AuthenticationFailureException;
import javax.servlet.http.HttpServletRequest;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.DigestUtils;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:com/kcloud/ms/authentication/security/CustomAuthenticationProvider.class */
public class CustomAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private UserDetailsService userService;
    private PasswordEncoder passwordEncoder;

    public CustomAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder) {
        this.userService = userDetailsService;
        this.passwordEncoder = passwordEncoder;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (this.passwordEncoder.matches(obj, userDetails.getPassword())) {
            ((CustomUserDatails) userDetails).setOrgPassword(obj);
        } else {
            this.logger.debug("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
    }

    private AccountCredential updateStatus(String str, Integer num) {
        AccountService accountService = (AccountService) SpringBeanUtils.getBean(AccountService.class);
        AccountCredential credentialByName = ((AccountCredentialService) SpringBeanUtils.getBean(AccountCredentialService.class)).getCredentialByName(str);
        if (credentialByName == null) {
            throw new UsernameNotFoundException("用户名不存在");
        }
        Account account = new Account();
        account.setAccountId(credentialByName.getAccountId());
        account.setAccountState(num);
        accountService.update(account);
        return credentialByName;
    }

    private void checkAccountAndAccountCredential(String str) {
        AccountCredentialServiceImpl accountCredentialServiceImpl = (AccountCredentialServiceImpl) SpringBeanUtils.getBean(AccountCredentialServiceImpl.class);
        AccountServiceImpl accountServiceImpl = (AccountServiceImpl) SpringBeanUtils.getBean(AccountServiceImpl.class);
        AccountCredential credentialByName = accountCredentialServiceImpl.getCredentialByName(str);
        if (credentialByName == null) {
            throw new UsernameNotFoundException("该账号不存在：" + str);
        }
        if (credentialByName.getState().equals(AccountCredential.STATE_DISABLE)) {
            throw new DisabledException("该账号已被禁用：" + str);
        }
        Account account = accountServiceImpl.getAccount(credentialByName.getAccountId());
        if (account == null) {
            throw new UsernameNotFoundException("该账号不存在账户：" + str);
        }
        if (account.getAccountState().equals(Account.ACCOUNT_STATE_DISABLED)) {
            throw new DisabledException("该账户已被禁用：" + str);
        }
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        checkAccountAndAccountCredential(str);
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        if ("SmsLogin".equals(request.getParameter("loginMode"))) {
            String parameter = request.getParameter("password");
            String str2 = (String) CacheHelper.getByCacheName(GlobalConstant.LOGIN_CAPTCHA_CACHE_NAME, usernamePasswordAuthenticationToken.getName() + GlobalConstant.LOGIN_CAPTCHA_SMS_SUFFIX, String.class);
            if (str2 == null) {
                throw new AuthenticationFailureException(-3, "smsCodeRequired", "验证短信验证码不正确");
            }
            if (!parameter.equals(DigestUtils.md5DigestAsHex(str2.getBytes()))) {
                throw new AuthenticationFailureException(-3, "smsCodeRequired", "验证短信验证码不正确");
            }
        }
        try {
            UserDetails loadUserByUsername = this.userService.loadUserByUsername(str);
            if (loadUserByUsername == null) {
                throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
            }
            return loadUserByUsername;
        } catch (UsernameNotFoundException | InternalAuthenticationServiceException e) {
            throw e;
        } catch (Exception e2) {
            throw new InternalAuthenticationServiceException(e2.getMessage(), e2);
        }
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
