package top.dcenter.ums.security.core.auth.provider;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
import org.springframework.lang.Nullable;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsPasswordService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
import top.dcenter.ums.security.core.api.service.UmsUserDetailsService;
import top.dcenter.ums.security.core.api.tenant.handler.TenantContextHolder;

/* loaded from: input_file:top/dcenter/ums/security/core/auth/provider/UsernamePasswordAuthenticationProvider.class */
public class UsernamePasswordAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider {
    private static final String USER_NOT_FOUND_PASSWORD = "userNotFoundPassword";
    private PasswordEncoder passwordEncoder;
    private volatile String userNotFoundEncodedPassword;
    private UmsUserDetailsService userDetailsService;

    @Autowired(required = false)
    private UserDetailsPasswordService userDetailsPasswordService;
    private final TenantContextHolder tenantContextHolder;
    private boolean forcePrincipalAsString = false;

    protected void doAfterPropertiesSet() throws IllegalAccessException {
        Assert.notNull(this.userDetailsService, "A UserDetailsService must be set");
    }

    public UsernamePasswordAuthenticationProvider(@NonNull PasswordEncoder passwordEncoder, @NonNull UmsUserDetailsService umsUserDetailsService, @Nullable TenantContextHolder tenantContextHolder) {
        this.tenantContextHolder = tenantContextHolder;
        setPasswordEncoder(passwordEncoder);
        this.userDetailsService = umsUserDetailsService;
    }

    private String determineUsername(Authentication authentication) {
        return authentication.getPrincipal() == null ? "NONE_PROVIDED" : authentication.getName();
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isInstanceOf(UsernamePasswordAuthenticationToken.class, authentication, () -> {
            return this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.onlySupports", "Only UsernamePasswordAuthenticationToken is supported");
        });
        ServletRequestAttributes currentRequestAttributes = RequestContextHolder.currentRequestAttributes();
        if (this.tenantContextHolder != null) {
            this.tenantContextHolder.tenantIdHandle(currentRequestAttributes.getRequest(), null);
        }
        String determineUsername = determineUsername(authentication);
        boolean z = true;
        UserDetails userFromCache = getUserCache().getUserFromCache(determineUsername);
        if (userFromCache == null) {
            z = false;
            try {
                userFromCache = retrieveUser(determineUsername, (UsernamePasswordAuthenticationToken) authentication);
                Assert.notNull(userFromCache, "retrieveUser returned null - a violation of the interface contract");
            } catch (UsernameNotFoundException e) {
                this.logger.debug("Failed to find user '" + determineUsername + "'");
                if (this.hideUserNotFoundExceptions) {
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                throw e;
            }
        }
        try {
            getPreAuthenticationChecks().check(userFromCache);
            additionalAuthenticationChecks(userFromCache, (UsernamePasswordAuthenticationToken) authentication);
        } catch (AuthenticationException e2) {
            if (!z) {
                throw e2;
            }
            z = false;
            userFromCache = retrieveUser(determineUsername, (UsernamePasswordAuthenticationToken) authentication);
            getPreAuthenticationChecks().check(userFromCache);
            additionalAuthenticationChecks(userFromCache, (UsernamePasswordAuthenticationToken) authentication);
        }
        getPostAuthenticationChecks().check(userFromCache);
        if (!z) {
            getUserCache().putUserInCache(userFromCache);
        }
        UserDetails userDetails = userFromCache;
        if (this.forcePrincipalAsString) {
            userDetails = userFromCache.getUsername();
        }
        return createSuccessAuthentication(userDetails, authentication, userFromCache);
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (this.passwordEncoder.matches(usernamePasswordAuthenticationToken.getCredentials().toString(), userDetails.getPassword())) {
            return;
        }
        this.logger.debug("Authentication failed: password does not match stored value");
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }

    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        prepareTimingAttackProtection();
        try {
            UserDetails loadUserByUsername = getUmsUserDetailsService().loadUserByUsername(str);
            if (loadUserByUsername == null) {
                throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
            }
            return loadUserByUsername;
        } catch (InternalAuthenticationServiceException e) {
            throw e;
        } catch (Exception e2) {
            throw new InternalAuthenticationServiceException(e2.getMessage(), e2);
        } catch (UsernameNotFoundException e3) {
            mitigateAgainstTimingAttack(usernamePasswordAuthenticationToken);
            throw e3;
        }
    }

    protected Authentication createSuccessAuthentication(Object obj, Authentication authentication, UserDetails userDetails) {
        if (this.userDetailsPasswordService != null && this.passwordEncoder.upgradeEncoding(userDetails.getPassword())) {
            userDetails = this.userDetailsPasswordService.updatePassword(userDetails, this.passwordEncoder.encode(authentication.getCredentials().toString()));
        }
        return super.createSuccessAuthentication(obj, authentication, userDetails);
    }

    public void setForcePrincipalAsString(boolean z) {
        super.setForcePrincipalAsString(z);
        this.forcePrincipalAsString = z;
    }

    private void prepareTimingAttackProtection() {
        if (this.userNotFoundEncodedPassword == null) {
            this.userNotFoundEncodedPassword = this.passwordEncoder.encode(USER_NOT_FOUND_PASSWORD);
        }
    }

    private void mitigateAgainstTimingAttack(UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        if (usernamePasswordAuthenticationToken.getCredentials() != null) {
            this.passwordEncoder.matches(usernamePasswordAuthenticationToken.getCredentials().toString(), this.userNotFoundEncodedPassword);
        }
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        Assert.notNull(passwordEncoder, "passwordEncoder cannot be null");
        this.passwordEncoder = passwordEncoder;
        this.userNotFoundEncodedPassword = null;
    }

    public boolean supports(Class<?> cls) {
        return UsernamePasswordAuthenticationToken.class.isAssignableFrom(cls);
    }

    protected PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }

    public void setUmsUserDetailsService(UmsUserDetailsService umsUserDetailsService) {
        this.userDetailsService = umsUserDetailsService;
    }

    protected UmsUserDetailsService getUmsUserDetailsService() {
        return this.userDetailsService;
    }

    public void setUserDetailsPasswordService(UserDetailsPasswordService userDetailsPasswordService) {
        this.userDetailsPasswordService = userDetailsPasswordService;
    }
}
