package com.supwisdom.insititute.token.server.security.domain.authentication;

import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.account.domain.entity.PasswordDetectVO;
import com.supwisdom.insititute.token.server.account.domain.service.AccountService;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.passwordencoder.SecurityPasswordEncoder;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import java.util.List;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.6.6-SNAPSHOT.jar:com/supwisdom/insititute/token/server/security/domain/authentication/CustomDaoAuthenticationProvider.class */
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private AccountStatusValidator accountStatusValidator;

    @Autowired
    private AccountService accountService;

    @Autowired
    private SecurityPasswordEncoder securityPasswordEncoder;

    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        Account account = null;
        if (userDetails instanceof TokenUser) {
            List<Account> accounts = ((TokenUser) userDetails).getAccounts();
            if (accounts != null && accounts.size() == 1) {
                this.accountStatusValidator.validate(accounts.get(0));
            }
            account = accounts.get(0);
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (!this.securityPasswordEncoder.matches(obj, account) && !super.getPasswordEncoder().matches(obj, userDetails.getPassword())) {
            this.logger.error("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (account != null) {
            if (account.getPasswordStatus() == null || account.getPasswordStatus().intValue() != 0) {
                try {
                    PasswordDetectVO detectPassword = this.accountService.detectPassword(userDetails.getUsername(), userDetails.getPassword());
                    if (detectPassword != null) {
                        Integer valueOf = Integer.valueOf(detectPassword.getPasswordStatus());
                        String warning = detectPassword.getWarning();
                        if (valueOf.intValue() != 0) {
                            this.logger.warn(warning);
                        }
                        account.setPasswordStatus(Integer.valueOf(detectPassword.getPasswordStatus()));
                    }
                } catch (Exception e) {
                    e.printStackTrace();
                }
            }
        }
    }
}
