package net.yadaframework.security.components;

import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import java.util.Date;
import java.util.HashSet;
import java.util.Iterator;
import net.yadaframework.core.YadaConfiguration;
import net.yadaframework.security.TooManyFailedAttemptsException;
import net.yadaframework.security.exceptions.InternalAuthenticationException;
import net.yadaframework.security.persistence.entity.YadaUserCredentials;
import net.yadaframework.security.persistence.repository.YadaUserCredentialsDao;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.DependsOn;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextRepository;
import org.springframework.stereotype.Component;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

@DependsOn({"passwordEncoder"})
@Component
/* loaded from: input_file:net/yadaframework/security/components/YadaUserDetailsService.class */
public class YadaUserDetailsService implements UserDetailsService {

    @Autowired
    PasswordEncoder encoder;

    @Autowired
    YadaUserCredentialsDao yadaUserCredentialsDao;

    @Autowired
    YadaConfiguration yadaConfiguration;
    private final transient Logger log = LoggerFactory.getLogger(getClass());
    private final transient Logger logSec = LoggerFactory.getLogger("security");
    private final SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
    private final SecurityContextRepository securityContextRepository = new HttpSessionSecurityContextRepository();

    public void changeCurrentRoles(Authentication authentication, int[] iArr) {
        HashSet hashSet = new HashSet();
        for (int i : iArr) {
            hashSet.add(new SimpleGrantedAuthority(this.yadaConfiguration.getRoleSpringName(Integer.valueOf(i))));
        }
        SecurityContextHolder.getContext().setAuthentication(new UsernamePasswordAuthenticationToken(authentication.getPrincipal(), authentication.getCredentials(), hashSet));
    }

    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException, InternalAuthenticationException, TooManyFailedAttemptsException {
        String lowerCase = str.trim().toLowerCase();
        UserDetails userDetails = null;
        boolean z = false;
        try {
            YadaUserCredentials findFirstByUsername = this.yadaUserCredentialsDao.findFirstByUsername(lowerCase);
            if (findFirstByUsername != null) {
                int maxPasswordFailedAttempts = this.yadaConfiguration.getMaxPasswordFailedAttempts();
                int passwordFailedAttemptsLockoutMinutes = this.yadaConfiguration.getPasswordFailedAttemptsLockoutMinutes() * 60000;
                Date lastFailedAttempt = findFirstByUsername.getLastFailedAttempt();
                if (findFirstByUsername.getFailedAttempts() >= maxPasswordFailedAttempts && lastFailedAttempt != null) {
                    if (System.currentTimeMillis() - lastFailedAttempt.getTime() < passwordFailedAttemptsLockoutMinutes) {
                        z = true;
                    } else {
                        this.yadaUserCredentialsDao.resetFailedAttempts(lowerCase);
                    }
                }
                if (!z) {
                    userDetails = createUserDetails(findFirstByUsername);
                }
            }
            if (findFirstByUsername == null) {
                this.log.debug("Username '{}' not found", lowerCase);
                throw new UsernameNotFoundException("Username " + lowerCase + " not found");
            }
            if (!z) {
                return userDetails;
            }
            this.logSec.debug("Username '{}' too many failed attempts: locked out", lowerCase);
            throw new TooManyFailedAttemptsException();
        } catch (Exception e) {
            this.log.error("Internal error while authenticating user", e);
            throw new InternalAuthenticationException("Internal Error", e);
        }
    }

    private UserDetails createUserDetails(YadaUserCredentials yadaUserCredentials) {
        HashSet hashSet = new HashSet();
        Iterator<Integer> it = yadaUserCredentials.getRoles().iterator();
        while (it.hasNext()) {
            hashSet.add(new SimpleGrantedAuthority(this.yadaConfiguration.getRoleSpringName(it.next())));
        }
        return new User(yadaUserCredentials.getUsername().toLowerCase(), yadaUserCredentials.getPassword(), yadaUserCredentials.isEnabled(), true, !yadaUserCredentials.isChangePassword(), true, hashSet);
    }

    public Authentication authenticateAs(YadaUserCredentials yadaUserCredentials, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest != null && httpServletResponse != null) {
            return authenticateAs(yadaUserCredentials, false, httpServletRequest, httpServletResponse);
        }
        this.log.warn("Using deprecated authentication method");
        return authenticateAs(yadaUserCredentials, false);
    }

    public Authentication authenticateAs(YadaUserCredentials yadaUserCredentials, boolean z, HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
        if (httpServletRequest == null || httpServletResponse == null) {
            this.log.warn("Using deprecated authentication method");
            return authenticateAs(yadaUserCredentials, z);
        }
        UserDetails createUserDetails = createUserDetails(yadaUserCredentials);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(createUserDetails, (Object) null, createUserDetails.getAuthorities());
        SecurityContext createEmptyContext = this.securityContextHolderStrategy.createEmptyContext();
        createEmptyContext.setAuthentication(usernamePasswordAuthenticationToken);
        this.securityContextHolderStrategy.setContext(createEmptyContext);
        this.securityContextRepository.saveContext(createEmptyContext, httpServletRequest, httpServletResponse);
        if (z) {
            this.yadaUserCredentialsDao.updateLoginTimestamp(yadaUserCredentials.getUsername());
            this.yadaUserCredentialsDao.resetFailedAttempts(yadaUserCredentials.getUsername());
        }
        return usernamePasswordAuthenticationToken;
    }

    @Deprecated
    public Authentication authenticateAs(YadaUserCredentials yadaUserCredentials) {
        return authenticateAs(yadaUserCredentials, true);
    }

    @Deprecated
    public Authentication authenticateAs(YadaUserCredentials yadaUserCredentials, boolean z) {
        UserDetails createUserDetails = createUserDetails(yadaUserCredentials);
        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken(createUserDetails, (Object) null, createUserDetails.getAuthorities());
        SecurityContext context = SecurityContextHolder.getContext();
        context.setAuthentication(usernamePasswordAuthenticationToken);
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (requestAttributes instanceof ServletRequestAttributes) {
            requestAttributes.getRequest().getSession(true).setAttribute("SPRING_SECURITY_CONTEXT", context);
        }
        if (z) {
            this.yadaUserCredentialsDao.updateLoginTimestamp(yadaUserCredentials.getUsername());
            this.yadaUserCredentialsDao.resetFailedAttempts(yadaUserCredentials.getUsername());
        }
        return usernamePasswordAuthenticationToken;
    }

    public void changePasswordIfAuthenticated(String str, String str2, String str3) throws UsernameNotFoundException, InternalAuthenticationException, BadCredentialsException {
        try {
            String lowerCase = str.toLowerCase();
            YadaUserCredentials findFirstByUsername = this.yadaUserCredentialsDao.findFirstByUsername(lowerCase);
            if (findFirstByUsername == null) {
                throw new UsernameNotFoundException("Username " + lowerCase + " not found");
            }
            if (passwordMatch(str2, findFirstByUsername)) {
                this.yadaUserCredentialsDao.changePassword(findFirstByUsername, str3);
            } else {
                this.log.debug("Invalid password: {}", str2);
                throw new BadCredentialsException("Password invalid");
            }
        } catch (Exception e) {
            throw new InternalAuthenticationException("Internal Error", e);
        } catch (BadCredentialsException e2) {
            throw e2;
        } catch (UsernameNotFoundException e3) {
            throw e3;
        }
    }

    public boolean passwordMatch(String str, YadaUserCredentials yadaUserCredentials) {
        boolean z = false;
        if (this.encoder != null && yadaUserCredentials != null) {
            z = this.encoder.matches(str, yadaUserCredentials.getPassword());
        } else if (yadaUserCredentials != null) {
            z = yadaUserCredentials.getPassword().equals(str);
        }
        return z;
    }

    public boolean validatePasswordSyntax(String str, int i, int i2) {
        return !StringUtils.isEmpty(str) && str.length() >= i && str.length() <= i2;
    }

    public boolean validatePasswordSyntax(String str) {
        return validatePasswordSyntax(str, this.yadaConfiguration.getMinPasswordLength(), this.yadaConfiguration.getMaxPasswordLength());
    }
}
