package com.supwisdom.insititute.token.server.security.domain.authentication;

import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.thirdparty.kmust.service.ThirdpartyKmustSafeService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:com/supwisdom/insititute/token/server/security/domain/authentication/CustomDaoAuthenticationProvider.class */
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {
    private SHA256PasswordEncoder sha256PasswordEncoder = new SHA256PasswordEncoder();

    @Autowired(required = false)
    private ThirdpartyKmustSafeService thirdpartyKmustSafeService;

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (this.thirdpartyKmustSafeService != null) {
            if (this.thirdpartyKmustSafeService.checkPwd(userDetails.getUsername(), obj)) {
                return;
            }
            this.logger.debug("Authentication failed: KMUST username password does not checked");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (!userDetails.getPassword().startsWith("{SHA256}")) {
            if (super.getPasswordEncoder().matches(obj, userDetails.getPassword())) {
                return;
            }
            this.logger.debug("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        this.logger.debug("Authentication: use sha256PasswordEncoder");
        String username = userDetails.getUsername();
        if (TokenUser.class.isInstance(userDetails)) {
            username = String.valueOf(((TokenUser) userDetails).getAttributes().get("userNo"));
        }
        if (this.sha256PasswordEncoder.matches(obj + username, userDetails.getPassword())) {
            return;
        }
        this.logger.debug("Authentication failed: SHA256 password does not match stored value");
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }
}
