package com.addc.server.commons.security;

import java.text.MessageFormat;
import java.util.Collection;
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
import java.util.concurrent.ConcurrentHashMap;
import org.apache.commons.collections.CollectionUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;

/* loaded from: input_file:com/addc/server/commons/security/ServerAuthenticationProvider.class */
public class ServerAuthenticationProvider implements AuthenticationProvider {
    private static final Logger LOGGER = LoggerFactory.getLogger(ServerAuthenticationProvider.class);
    private final AuthenticationProvider wrappedAuthenticationProvider;
    private final AuthorizationMapper authorizationMapper;
    private final Map<String, Long> failedAuthenticationAttempts;
    private List<String> requiredRoles;

    public ServerAuthenticationProvider(AuthenticationProvider authenticationProvider) {
        this(new DefaultAuthorizationMapper(), authenticationProvider, new LinkedList());
    }

    public ServerAuthenticationProvider(AuthorizationMapper authorizationMapper, AuthenticationProvider authenticationProvider) {
        this(authorizationMapper, authenticationProvider, new LinkedList());
    }

    public ServerAuthenticationProvider(AuthorizationMapper authorizationMapper, AuthenticationProvider authenticationProvider, List<String> list) {
        this.failedAuthenticationAttempts = new ConcurrentHashMap();
        this.wrappedAuthenticationProvider = authenticationProvider;
        this.authorizationMapper = authorizationMapper;
        this.requiredRoles = list;
        LOGGER.info("Using {} for authentication.", authenticationProvider.getClass().getSimpleName());
    }

    public void setRequiredRoles(List<String> list) {
        this.requiredRoles = list;
    }

    /* JADX WARN: Finally extract failed */
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Long valueOf;
        Long valueOf2;
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = null;
        try {
            LOGGER.debug("Authenticate {} with {}", authentication.getPrincipal(), authentication.getCredentials());
            Authentication authenticate = this.wrappedAuthenticationProvider.authenticate(authentication);
            if (authenticate.isAuthenticated()) {
                Collection<GrantedAuthority> map = this.authorizationMapper.map(authenticate.getAuthorities(), authenticate.getName());
                verifyUserRequiredRole(authenticate.getName(), map);
                usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(authenticate.getPrincipal(), authenticate.getCredentials(), map);
            }
            if (usernamePasswordAuthenticationToken == null || !usernamePasswordAuthenticationToken.isAuthenticated()) {
                String name = authentication.getName();
                LOGGER.warn("Authenticate user failure: {}", name);
                Long l = this.failedAuthenticationAttempts.get(name);
                if (l == null) {
                    valueOf2 = 1L;
                } else {
                    valueOf2 = Long.valueOf(l.longValue() + 1);
                    if (valueOf2.longValue() == 10) {
                        LOGGER.warn("User {} has 10 consecutive failed login attempts.", name);
                        valueOf2 = 0L;
                    }
                }
                this.failedAuthenticationAttempts.put(name, valueOf2);
            } else if (usernamePasswordAuthenticationToken.isAuthenticated()) {
                LOGGER.info("Authenticate user success: {} with {}", usernamePasswordAuthenticationToken.getName(), usernamePasswordAuthenticationToken.getAuthorities());
                this.failedAuthenticationAttempts.remove(usernamePasswordAuthenticationToken.getName());
            }
            return usernamePasswordAuthenticationToken;
        } catch (Throwable th) {
            if (usernamePasswordAuthenticationToken == null || !usernamePasswordAuthenticationToken.isAuthenticated()) {
                String name2 = authentication.getName();
                LOGGER.warn("Authenticate user failure: {}", name2);
                Long l2 = this.failedAuthenticationAttempts.get(name2);
                if (l2 == null) {
                    valueOf = 1L;
                } else {
                    valueOf = Long.valueOf(l2.longValue() + 1);
                    if (valueOf.longValue() == 10) {
                        LOGGER.warn("User {} has 10 consecutive failed login attempts.", name2);
                        valueOf = 0L;
                    }
                }
                this.failedAuthenticationAttempts.put(name2, valueOf);
            } else if (usernamePasswordAuthenticationToken.isAuthenticated()) {
                LOGGER.info("Authenticate user success: {} with {}", usernamePasswordAuthenticationToken.getName(), usernamePasswordAuthenticationToken.getAuthorities());
                this.failedAuthenticationAttempts.remove(usernamePasswordAuthenticationToken.getName());
            }
            throw th;
        }
    }

    public boolean supports(Class<?> cls) {
        return this.wrappedAuthenticationProvider.supports(cls);
    }

    private void verifyUserRequiredRole(String str, Collection<GrantedAuthority> collection) throws AuthenticationException {
        LOGGER.debug("Checking received permissions {} against required {}", collection, this.requiredRoles);
        if (!CollectionUtils.isSubCollection(this.requiredRoles, collection)) {
            throw new InternalAuthenticationServiceException(MessageFormat.format("User {0} is missing the required permissions {1}", str, CollectionUtils.removeAll(this.requiredRoles, collection)));
        }
    }
}
