package com.supwisdom.insititute.token.server.security.domain.web.authentication;

import com.supwisdom.insititute.token.server.config.domain.utils.ConfigUtils;
import com.supwisdom.insititute.token.server.security.domain.authentication.TokenAuthenticationEventPublisher;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.utils.RSAUtils;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.util.Assert;

/* loaded from: input_file:com/supwisdom/insititute/token/server/security/domain/web/authentication/UsernamePasswordLoginAuthenticationFilter.class */
public class UsernamePasswordLoginAuthenticationFilter extends UsernamePasswordAuthenticationFilter {
    public static final String SPRING_SECURITY_FORM_USERNAME_KEY = "username";
    public static final String SPRING_SECURITY_FORM_PASSWORD_KEY = "password";
    private String usernameParameter = SPRING_SECURITY_FORM_USERNAME_KEY;
    private String passwordParameter = SPRING_SECURITY_FORM_PASSWORD_KEY;
    private boolean postOnly = true;
    private TokenAuthenticationEventPublisher eventPublisher;
    private MessageSourceAccessor messageSourceAccessor;

    public UsernamePasswordLoginAuthenticationFilter(String str) {
        setFilterProcessesUrl(str);
    }

    public void afterPropertiesSet() {
        super.afterPropertiesSet();
        Assert.notNull(this.messageSourceAccessor, "An MessageSourceAccessor is required");
    }

    public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException {
        if (this.postOnly && !httpServletRequest.getMethod().equals("POST")) {
            throw new AuthenticationServiceException("Authentication method not supported: " + httpServletRequest.getMethod());
        }
        UsernamePasswordAuthenticationToken buildAuthenticationToken = buildAuthenticationToken(httpServletRequest);
        buildAuthenticationToken.setDetails(this.authenticationDetailsSource.buildDetails(httpServletRequest));
        return getAuthenticationManager().authenticate(buildAuthenticationToken);
    }

    protected void successfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain, Authentication authentication) throws IOException, ServletException {
        this.eventPublisher.publishAuthenticationSuccess(authentication, httpServletRequest);
        SecurityContextHolder.getContext().setAuthentication(authentication);
        filterChain.doFilter(httpServletRequest, httpServletResponse);
    }

    protected void unsuccessfulAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException authenticationException) throws IOException, ServletException {
        Authentication buildAuthenticationToken = buildAuthenticationToken(httpServletRequest);
        if (authenticationException instanceof AccountExpiredException) {
            this.eventPublisher.publishAuthenticationFailure(new AccountExpiredException(AuthnFailReason.ACCOUNT_EXPIRED.name()), buildAuthenticationToken, httpServletRequest);
        } else {
            this.eventPublisher.publishAuthenticationFailure(new BadCredentialsException(AuthnFailReason.LOGIN_FAILED.name()), buildAuthenticationToken, httpServletRequest);
        }
        SecurityContextHolder.clearContext();
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Authentication request failed: " + authenticationException.toString(), authenticationException);
            this.logger.debug("Updated SecurityContextHolder to contain null Authentication");
        }
        super.getRememberMeServices().loginFail(httpServletRequest, httpServletResponse);
        try {
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), this.messageSourceAccessor.getMessage(authenticationException.getMessage()));
        } catch (Exception e) {
            httpServletResponse.sendError(HttpStatus.UNAUTHORIZED.value(), authenticationException.getMessage());
        }
    }

    private UsernamePasswordAuthenticationToken buildAuthenticationToken(HttpServletRequest httpServletRequest) {
        String obtainUsername = obtainUsername(httpServletRequest);
        String obtainPassword = obtainPassword(httpServletRequest);
        if (this.logger.isDebugEnabled()) {
            this.logger.debug(String.format("UsernamePasswordLoginAuthenticationFilter.buildAuthenticationToken(request): username=%s, password=***", obtainUsername));
        }
        if (obtainUsername == null) {
            obtainUsername = "";
        }
        if (obtainPassword == null) {
            obtainPassword = "";
        }
        return new UsernamePasswordAuthenticationToken(obtainUsername.trim(), obtainPassword);
    }

    protected String obtainUsername(HttpServletRequest httpServletRequest) {
        String obtainUsername = super.obtainUsername(httpServletRequest);
        if (!obtainUsername.startsWith("__RSA__")) {
            return obtainUsername;
        }
        try {
            return RSAUtils.privateDecrypt(obtainUsername.substring(7), RSAUtils.instance().getPrivateKey());
        } catch (Exception e) {
            this.logger.error("decrypt username error: " + e.getMessage());
            throw e;
        }
    }

    protected String obtainPassword(HttpServletRequest httpServletRequest) {
        String obtainPassword = super.obtainPassword(httpServletRequest);
        if (!ConfigUtils.instance().getConfigValue("tokenServer.config.encryptEnabled", false).booleanValue() && !obtainPassword.startsWith("__RSA__")) {
            return obtainPassword;
        }
        try {
            return RSAUtils.privateDecrypt(obtainPassword.substring(7), RSAUtils.instance().getPrivateKey());
        } catch (Exception e) {
            this.logger.error("decrypt password error: " + e.getMessage());
            throw e;
        }
    }

    public void setEventPublisher(TokenAuthenticationEventPublisher tokenAuthenticationEventPublisher) {
        this.eventPublisher = tokenAuthenticationEventPublisher;
    }

    public void setMessageSourceAccessor(MessageSourceAccessor messageSourceAccessor) {
        this.messageSourceAccessor = messageSourceAccessor;
    }
}
