package com.supwisdom.insititute.token.server.security.domain.authentication;

import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import com.supwisdom.insititute.token.server.thirdparty.kmust.service.ThirdpartyKmustSafeService;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.0.7-SNAPSHOT.jar:com/supwisdom/insititute/token/server/security/domain/authentication/CustomDaoAuthenticationProvider.class */
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {
    private SHA256PasswordEncoder sha256PasswordEncoder = new SHA256PasswordEncoder();
    private SSHAPasswordEncoder sshaPasswordEncoder = new SSHAPasswordEncoder();
    private JW3DESPasswordEncoder jw3desPasswordEncoder = new JW3DESPasswordEncoder();

    @Autowired
    private AccountStatusValidator accountStatusValidator;

    @Autowired(required = false)
    private ThirdpartyKmustSafeService thirdpartyKmustSafeService;

    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        List<Account> accounts;
        if ((userDetails instanceof TokenUser) && (accounts = ((TokenUser) userDetails).getAccounts()) != null && accounts.size() > 0) {
            this.accountStatusValidator.validate(accounts.get(0));
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (this.thirdpartyKmustSafeService != null) {
            if (this.thirdpartyKmustSafeService.checkPwd(userDetails.getUsername(), obj)) {
                return;
            }
            this.logger.error("Authentication failed: KMUST username password does not checked");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (userDetails.getPassword().startsWith("{SHA256}")) {
            this.logger.debug("Authentication: use sha256PasswordEncoder");
            String username = userDetails.getUsername();
            if (TokenUser.class.isInstance(userDetails)) {
                username = String.valueOf(((TokenUser) userDetails).getAttributes().get("userNo"));
            }
            if (this.sha256PasswordEncoder.matches(obj + username, userDetails.getPassword())) {
                return;
            }
            this.logger.error("Authentication failed: SHA256 password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (userDetails.getPassword().startsWith("{SSHA}")) {
            if (this.sshaPasswordEncoder.matches(obj, userDetails.getPassword())) {
                return;
            }
            this.logger.error("Authentication failed: SSHA password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (!userDetails.getPassword().startsWith(JW3DESPasswordEncoder.PREFIX)) {
            if (super.getPasswordEncoder().matches(obj, userDetails.getPassword())) {
                return;
            }
            this.logger.error("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String str = null;
        if (TokenUser.class.isInstance(userDetails)) {
            str = String.valueOf(((TokenUser) userDetails).getAttributes().get("accountId"));
        }
        if (str == null) {
        }
        if (this.jw3desPasswordEncoder.matches(userDetails.getUsername() + "---" + str + "+++" + obj, userDetails.getPassword())) {
            return;
        }
        this.logger.error("Authentication failed: JW 3EDS password does not match stored value");
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }
}
