package com.addc.server.commons.security;

import java.util.Collection;
import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/addc/server/commons/security/ServerAuthenticationProvider.class */
public class ServerAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(ServerAuthenticationProvider.class);
    private final AuthenticationProvider wrappedAuthenticationProvider;
    private final AuthorizationMapper authorizationMapper;
    private final Map<String, Long> failedAuthenticationAttempts;
    private List<String> requiredRoles;

    public ServerAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this(new DefaultAuthorizationMapper(), authenticationProvider, new LinkedList());
    }

    public ServerAuthenticationProvider(AuthorizationMapper authorizationMapper, AuthenticationProvider authenticationProvider) {
        this(authorizationMapper, authenticationProvider, new LinkedList());
    }

    public ServerAuthenticationProvider(AuthorizationMapper authorizationMapper, AuthenticationProvider authenticationProvider, List<String> list) {
        this.failedAuthenticationAttempts = new ConcurrentHashMap();
        this.wrappedAuthenticationProvider = authenticationProvider;
        this.authorizationMapper = authorizationMapper;
        this.requiredRoles = list;
        LOGGER.info("Using {} for authentication.", authenticationProvider.getClass().getSimpleName());
    }

    public void setRequiredRoles(List<String> list) {
        this.requiredRoles = list;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        return authenticate(authentication, true);
    }

    public Authentication authenticate(Authentication authentication, boolean z) throws AuthenticationException {
        Long valueOf;
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken;
        boolean isAuthenticated;
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken2 = null;
        try {
            LOGGER.debug("Authenticate {} with {}", authentication.getPrincipal(), authentication.getCredentials());
            Authentication authenticate = this.wrappedAuthenticationProvider.authenticate(authentication);
            if (authenticate.isAuthenticated()) {
                Collection<GrantedAuthority> map = this.authorizationMapper.map(authenticate.getAuthorities(), authenticate.getName());
                if (!z || verifyUserRequiredRole(map)) {
                    usernamePasswordAuthenticationToken2 = new UsernamePasswordAuthenticationToken(authenticate.getPrincipal(), authenticate.getCredentials(), map);
                }
            }
            if (usernamePasswordAuthenticationToken != null) {
                if (isAuthenticated) {
                    return usernamePasswordAuthenticationToken2;
                }
            }
            return usernamePasswordAuthenticationToken2;
        } finally {
            if (usernamePasswordAuthenticationToken2 == null || !usernamePasswordAuthenticationToken2.isAuthenticated()) {
                String name = authentication.getName();
                LOGGER.warn("Authenticate user failure: {}", name);
                Long l = this.failedAuthenticationAttempts.get(name);
                if (l == null) {
                    valueOf = Long.valueOf(1L);
                } else {
                    valueOf = Long.valueOf(l.longValue() + 1);
                    if (valueOf.longValue() == 10) {
                        LOGGER.warn("User {} has 10 consecutive failed login attempts.", name);
                        valueOf = Long.valueOf(0L);
                    }
                }
                this.failedAuthenticationAttempts.put(name, valueOf);
            } else if (usernamePasswordAuthenticationToken2.isAuthenticated()) {
                LOGGER.info("Authenticate user success: {}", authentication.getName());
                this.failedAuthenticationAttempts.remove(authentication.getName());
            }
        }
    }

    public boolean supports(Class<?> cls) {
        return this.wrappedAuthenticationProvider.supports(cls);
    }

    private boolean verifyUserRequiredRole(Collection<GrantedAuthority> collection) {
        if (this.requiredRoles.isEmpty()) {
            return true;
        }
        Iterator<GrantedAuthority> it = collection.iterator();
        while (it.hasNext()) {
            if (this.requiredRoles.contains(it.next().getAuthority())) {
                return true;
            }
        }
        return false;
    }
}
