package com.supwisdom.insititute.token.server.security.domain.authentication;

import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.account.domain.entity.PasswordDetectVO;
import com.supwisdom.insititute.token.server.account.domain.service.AccountService;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.password.PasswordVerifyVO;
import com.supwisdom.insititute.token.server.security.domain.password.remote.SecurityPasswordRemote;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import com.supwisdom.insititute.token.server.thirdparty.kmust.service.ThirdpartyKmustSafeService;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.4.0-SNAPSHOT.jar:com/supwisdom/insititute/token/server/security/domain/authentication/CustomDaoAuthenticationProvider.class */
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {
    private SHA256PasswordEncoder sha256PasswordEncoder = new SHA256PasswordEncoder();
    private SSHAPasswordEncoder sshaPasswordEncoder = new SSHAPasswordEncoder();
    private JW3DESPasswordEncoder jw3desPasswordEncoder = new JW3DESPasswordEncoder();

    @Autowired
    private AccountStatusValidator accountStatusValidator;

    @Autowired
    private AccountService accountService;

    @Autowired(required = false)
    private ThirdpartyKmustSafeService thirdpartyKmustSafeService;

    @Autowired(required = false)
    private SecurityPasswordRemote securityPasswordRemote;

    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        Account account = null;
        if (userDetails instanceof TokenUser) {
            List<Account> accounts = ((TokenUser) userDetails).getAccounts();
            if (accounts != null && accounts.size() == 1) {
                this.accountStatusValidator.validate(accounts.get(0));
            }
            account = accounts.get(0);
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        boolean z = false;
        if (0 == 0 && this.thirdpartyKmustSafeService != null) {
            boolean checkPwd = this.thirdpartyKmustSafeService.checkPwd(userDetails.getUsername(), obj);
            if (!checkPwd) {
                this.logger.error("Authentication failed: KMUST username password does not checked");
                throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
            }
            z = checkPwd;
        }
        if (!z && this.securityPasswordRemote != null && this.securityPasswordRemote.enabled()) {
            this.logger.info(String.format("matches password use securityPasswordRemote [%s]", this.securityPasswordRemote.getSecurityPasswordVerifyUrl()));
            PasswordVerifyVO verifyAccountPassword = this.securityPasswordRemote.verifyAccountPassword(userDetails.getUsername(), obj);
            if (verifyAccountPassword != null) {
                if (!verifyAccountPassword.isResult()) {
                    this.logger.error("Authentication failed: " + verifyAccountPassword.getError());
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                z = verifyAccountPassword.isResult();
            }
        }
        if (!z) {
            if (userDetails.getPassword().startsWith("{SHA256}")) {
                this.logger.debug("Authentication: use sha256PasswordEncoder");
                String username = userDetails.getUsername();
                if (TokenUser.class.isInstance(userDetails)) {
                    username = String.valueOf(((TokenUser) userDetails).getAttributes().get("userNo"));
                }
                boolean matches = this.sha256PasswordEncoder.matches(obj + username, userDetails.getPassword());
                if (!matches) {
                    this.logger.error("Authentication failed: SHA256 password does not match stored value");
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                z = matches;
            } else if (userDetails.getPassword().startsWith("{SSHA}")) {
                boolean matches2 = this.sshaPasswordEncoder.matches(obj, userDetails.getPassword());
                if (!matches2) {
                    this.logger.error("Authentication failed: SSHA password does not match stored value");
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                z = matches2;
            } else if (userDetails.getPassword().startsWith(JW3DESPasswordEncoder.PREFIX)) {
                String str = null;
                if (TokenUser.class.isInstance(userDetails)) {
                    str = String.valueOf(((TokenUser) userDetails).getAttributes().get("accountId"));
                }
                if (str == null) {
                }
                boolean matches3 = this.jw3desPasswordEncoder.matches(userDetails.getUsername() + "---" + str + "+++" + obj, userDetails.getPassword());
                if (!matches3) {
                    this.logger.error("Authentication failed: JW 3EDS password does not match stored value");
                    throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
                }
                z = matches3;
            }
        }
        if (!z && !super.getPasswordEncoder().matches(obj, userDetails.getPassword())) {
            this.logger.error("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (account == null || account.getPasswordStatus() != null) {
            return;
        }
        try {
            PasswordDetectVO detectPassword = this.accountService.detectPassword(userDetails.getUsername(), userDetails.getPassword());
            if (detectPassword != null) {
                Integer valueOf = Integer.valueOf(detectPassword.getPasswordStatus());
                String warning = detectPassword.getWarning();
                if (valueOf.intValue() != 0) {
                    this.logger.warn(warning);
                }
                account.setPasswordStatus(Integer.valueOf(detectPassword.getPasswordStatus()));
            }
        } catch (Exception e) {
            e.printStackTrace();
        }
    }
}
