package cn.herodotus.engine.oauth2.authentication.provider;

import cn.herodotus.engine.oauth2.authentication.properties.OAuth2AuthenticationProperties;
import cn.herodotus.engine.oauth2.authentication.utils.OAuth2AuthenticationProviderUtils;
import cn.herodotus.engine.oauth2.authentication.utils.OAuth2EndpointUtils;
import cn.herodotus.engine.oauth2.core.definition.service.EnhanceUserDetailsService;
import cn.herodotus.engine.oauth2.core.exception.AccountEndpointLimitedException;
import cn.herodotus.engine.oauth2.data.jpa.storage.JpaOAuth2AuthorizationService;
import java.util.List;
import java.util.Map;
import org.apache.commons.collections4.CollectionUtils;
import org.apache.commons.lang3.ObjectUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AccountStatusException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.core.OAuth2RefreshToken;
import org.springframework.security.oauth2.server.authorization.OAuth2Authorization;
import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
import org.springframework.util.Assert;

/* loaded from: input_file:cn/herodotus/engine/oauth2/authentication/provider/AbstractUserDetailsAuthenticationProvider.class */
public abstract class AbstractUserDetailsAuthenticationProvider extends AbstractAuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(AbstractUserDetailsAuthenticationProvider.class);
    private final MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private final UserDetailsService userDetailsService;
    private final OAuth2AuthorizationService authorizationService;
    private final OAuth2AuthenticationProperties authenticationProperties;
    private PasswordEncoder passwordEncoder;

    public AbstractUserDetailsAuthenticationProvider(OAuth2AuthorizationService oAuth2AuthorizationService, UserDetailsService userDetailsService, OAuth2AuthenticationProperties oAuth2AuthenticationProperties) {
        this.userDetailsService = userDetailsService;
        this.authorizationService = oAuth2AuthorizationService;
        this.authenticationProperties = oAuth2AuthenticationProperties;
        setPasswordEncoder(PasswordEncoderFactories.createDelegatingPasswordEncoder());
    }

    public EnhanceUserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
        this.passwordEncoder = passwordEncoder;
    }

    protected abstract void additionalAuthenticationChecks(UserDetails userDetails, Map<String, Object> map) throws AuthenticationException;

    protected abstract UserDetails retrieveUser(Map<String, Object> map) throws AuthenticationException;

    private Authentication authenticateUserDetails(Map<String, Object> map, String str) throws AuthenticationException {
        UserDetails retrieveUser = retrieveUser(map);
        if (!retrieveUser.isAccountNonLocked()) {
            log.debug("[Herodotus] |- Failed to authenticate since user account is locked");
            throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
        }
        if (!retrieveUser.isEnabled()) {
            log.debug("[Herodotus] |- Failed to authenticate since user account is disabled");
            throw new DisabledException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
        }
        if (!retrieveUser.isAccountNonExpired()) {
            log.debug("[Herodotus] |- Failed to authenticate since user account has expired");
            throw new AccountExpiredException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
        }
        additionalAuthenticationChecks(retrieveUser, map);
        if (!retrieveUser.isCredentialsNonExpired()) {
            log.debug("[Herodotus] |- Failed to authenticate since user account credentials have expired");
            throw new CredentialsExpiredException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
        }
        if (this.authenticationProperties.getSignInEndpointLimited().getEnabled().booleanValue() && !this.authenticationProperties.getSignInKickOutLimited().getEnabled().booleanValue()) {
            JpaOAuth2AuthorizationService jpaOAuth2AuthorizationService = this.authorizationService;
            if ((jpaOAuth2AuthorizationService instanceof JpaOAuth2AuthorizationService) && jpaOAuth2AuthorizationService.findAuthorizationCount(str, retrieveUser.getUsername()) >= this.authenticationProperties.getSignInEndpointLimited().getMaximum().intValue()) {
                throw new AccountEndpointLimitedException("Use same endpoint signIn exceed limit");
            }
        }
        if (!this.authenticationProperties.getSignInEndpointLimited().getEnabled().booleanValue() && this.authenticationProperties.getSignInKickOutLimited().getEnabled().booleanValue()) {
            JpaOAuth2AuthorizationService jpaOAuth2AuthorizationService2 = this.authorizationService;
            if (jpaOAuth2AuthorizationService2 instanceof JpaOAuth2AuthorizationService) {
                JpaOAuth2AuthorizationService jpaOAuth2AuthorizationService3 = jpaOAuth2AuthorizationService2;
                List findAvailableAuthorizations = jpaOAuth2AuthorizationService3.findAvailableAuthorizations(str, retrieveUser.getUsername());
                if (CollectionUtils.isNotEmpty(findAvailableAuthorizations)) {
                    findAvailableAuthorizations.forEach(oAuth2Authorization -> {
                        OAuth2Authorization.Token token = oAuth2Authorization.getToken(OAuth2RefreshToken.class);
                        if (ObjectUtils.isNotEmpty(token)) {
                            oAuth2Authorization = OAuth2AuthenticationProviderUtils.invalidate(oAuth2Authorization, token.getToken());
                        }
                        log.debug("[Herodotus] |- Sign in user [{}] with token id [{}] will be kicked out.", retrieveUser.getUsername(), oAuth2Authorization.getId());
                        jpaOAuth2AuthorizationService3.save(oAuth2Authorization);
                    });
                }
            }
        }
        return new UsernamePasswordAuthenticationToken(retrieveUser, retrieveUser.getPassword(), retrieveUser.getAuthorities());
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public Authentication getUsernamePasswordAuthentication(Map<String, Object> map, String str) throws AuthenticationException {
        Authentication authentication = null;
        try {
            authentication = authenticateUserDetails(map, str);
        } catch (BadCredentialsException e) {
            OAuth2EndpointUtils.throwError("BadCredentialsException", e.getMessage(), OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
        } catch (UsernameNotFoundException e2) {
            OAuth2EndpointUtils.throwError("UsernameNotFoundException", e2.getMessage(), OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
        } catch (AccountStatusException e3) {
            OAuth2EndpointUtils.throwError(e3.getClass().getSimpleName(), e3.getMessage(), OAuth2EndpointUtils.ACCESS_TOKEN_REQUEST_ERROR_URI);
        }
        return authentication;
    }
}
