package com.github.rexsheng.springboot.faster.system.auth.application.security;

import com.github.rexsheng.springboot.faster.system.auth.application.AuthService;
import com.github.rexsheng.springboot.faster.system.auth.domain.SysUserDetail;
import java.util.ArrayList;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.util.Assert;
import org.springframework.util.ObjectUtils;
import org.springframework.util.StringUtils;

/* loaded from: input_file:com/github/rexsheng/springboot/faster/system/auth/application/security/BasicApiAuthenticationProvider.class */
public class BasicApiAuthenticationProvider implements AuthenticationProvider {
    private static Logger logger = LoggerFactory.getLogger(BasicApiAuthenticationProvider.class);
    private AuthService authService;
    private SecurityProperties securityProperties;
    public static final String AUTH_PREFIX = "API_";
    private MemoryUserCache userCache = new MemoryUserCache();
    private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
    private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();

    /* loaded from: input_file:com/github/rexsheng/springboot/faster/system/auth/application/security/BasicApiAuthenticationProvider$DefaultPostAuthenticationChecks.class */
    private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails.isCredentialsNonExpired()) {
                return;
            }
            BasicApiAuthenticationProvider.logger.warn("Failed to authenticate since user account credentials have expired");
            throw new CredentialsExpiredException("User credentials have expired");
        }
    }

    /* loaded from: input_file:com/github/rexsheng/springboot/faster/system/auth/application/security/BasicApiAuthenticationProvider$DefaultPreAuthenticationChecks.class */
    private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
        private DefaultPreAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (!userDetails.isAccountNonLocked()) {
                BasicApiAuthenticationProvider.logger.debug("Failed to authenticate since user account is locked");
                throw new LockedException("User account is locked");
            }
            if (!userDetails.isEnabled()) {
                BasicApiAuthenticationProvider.logger.debug("Failed to authenticate since user account is disabled");
                throw new DisabledException("User is disabled");
            }
            if (userDetails.isAccountNonExpired()) {
                return;
            }
            BasicApiAuthenticationProvider.logger.debug("Failed to authenticate since user account has expired");
            throw new AccountExpiredException("User account has expired");
        }
    }

    public BasicApiAuthenticationProvider(AuthService authService, SecurityProperties securityProperties) {
        this.authService = authService;
        this.securityProperties = securityProperties;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        BasicApiAuthenticationToken basicApiAuthenticationToken = (BasicApiAuthenticationToken) authentication;
        if (ObjectUtils.isEmpty(authentication.getPrincipal()) || ObjectUtils.isEmpty(authentication.getCredentials())) {
            throw new BadCredentialsException("认证错误！");
        }
        String tokenName = basicApiAuthenticationToken.getTokenName();
        boolean z = true;
        UserDetails userFromCache = this.userCache.getUserFromCache(tokenName);
        if (userFromCache == null) {
            z = false;
            try {
                userFromCache = retrieveUser(basicApiAuthenticationToken);
                Assert.notNull(userFromCache, "retrieveUser returned null - a violation of the interface contract");
            } catch (Exception e) {
                e.printStackTrace();
                logger.debug("Failed to find user '" + tokenName + "'");
                throw new BadCredentialsException("Bad credentials");
            }
        }
        try {
            this.preAuthenticationChecks.check(userFromCache);
        } catch (AuthenticationException e2) {
            e2.printStackTrace();
            if (!z) {
                throw e2;
            }
            z = false;
            userFromCache = retrieveUser(basicApiAuthenticationToken);
            this.preAuthenticationChecks.check(userFromCache);
        }
        this.postAuthenticationChecks.check(userFromCache);
        if (!z) {
            this.userCache.putUserInCache(tokenName, userFromCache);
        }
        ArrayList arrayList = new ArrayList();
        if (StringUtils.hasText(((SysUserDetail) userFromCache).getTokenBusinessKey())) {
            arrayList.add(new SimpleGrantedAuthority("API_" + ((SysUserDetail) userFromCache).getTokenBusinessKey()));
        }
        UsernamePasswordAuthenticationToken authenticated = UsernamePasswordAuthenticationToken.authenticated(userFromCache, userFromCache.getPassword(), arrayList);
        authenticated.setDetails(authentication.getDetails());
        logger.debug("Authenticated user");
        return authenticated;
    }

    protected UserDetails retrieveUser(BasicApiAuthenticationToken basicApiAuthenticationToken) throws AuthenticationException {
        return (ObjectUtils.nullSafeEquals(this.securityProperties.getUser().getName(), basicApiAuthenticationToken.getPrincipal()) && ObjectUtils.nullSafeEquals(this.securityProperties.getUser().getPassword(), basicApiAuthenticationToken.getCredentials())) ? SysUserDetail.ofVirtual(String.valueOf(basicApiAuthenticationToken.getPrincipal()), String.valueOf(basicApiAuthenticationToken.getCredentials())) : this.authService.getUserByApiToken(String.valueOf(basicApiAuthenticationToken.getPrincipal()), String.valueOf(basicApiAuthenticationToken.getCredentials()));
    }

    public boolean supports(Class<?> cls) {
        return BasicApiAuthenticationToken.class.isAssignableFrom(cls);
    }
}
