package com.supwisdom.insititute.token.server.security.domain.authentication;

import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.account.domain.entity.PasswordDetectVO;
import com.supwisdom.insititute.token.server.account.domain.service.AccountService;
import com.supwisdom.insititute.token.server.config.domain.utils.ConfigUtils;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.core.userdetails.TokenUser;
import com.supwisdom.insititute.token.server.security.domain.passwordencoder.SecurityPasswordEncoder;
import com.supwisdom.insititute.token.server.security.domain.validator.AccountStatusValidator;
import java.util.Arrays;
import java.util.HashSet;
import java.util.Iterator;
import java.util.List;
import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.PropertyAccessor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.7.4-RELEASE.jar:com/supwisdom/insititute/token/server/security/domain/authentication/CustomDaoAuthenticationProvider.class */
public class CustomDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private AccountStatusValidator accountStatusValidator;

    @Autowired
    private AccountService accountService;

    @Autowired
    private SecurityPasswordEncoder securityPasswordEncoder;

    @Override // org.springframework.security.authentication.dao.DaoAuthenticationProvider, org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        List<Account> list = null;
        Account account = null;
        if (userDetails instanceof TokenUser) {
            list = ((TokenUser) userDetails).getAccounts();
            if (list != null && list.size() == 1) {
                this.accountStatusValidator.validate(list.get(0));
            }
            account = list.get(0);
        }
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Authentication failed: no credentials provided");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Credentials from authentication[" + usernamePasswordAuthenticationToken.getCredentials() + "]");
        }
        String obj = usernamePasswordAuthenticationToken.getCredentials().toString();
        if (this.logger.isTraceEnabled()) {
            this.logger.trace("Credentials from authentication[" + obj + "] toString");
        }
        if (!this.securityPasswordEncoder.matches(obj, account) && !super.getPasswordEncoder().matches(obj, userDetails.getPassword())) {
            if (this.logger.isTraceEnabled()) {
                this.logger.trace(PropertyAccessor.PROPERTY_KEY_PREFIX + obj + "] not matches [" + userDetails.getPassword() + "]");
            }
            this.logger.error("Authentication failed: password does not match stored value");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (ConfigUtils.instance().getConfigValue("casServer.userCompleted.check.enabled", (Boolean) false).booleanValue()) {
            String username = userDetails.getUsername();
            String configValue = ConfigUtils.instance().getConfigValue("casServer.userCompleted.whitelist", "");
            if (StringUtils.isNotBlank(configValue) && ("," + configValue + ",").indexOf("," + username + ",") >= 0) {
                resetAccountsCompleted(list, false);
            }
            String configValue2 = ConfigUtils.instance().getConfigValue("casServer.userCompleted.blacklist", "");
            if (StringUtils.isNotBlank(configValue2) && ("," + configValue2 + ",").indexOf("," + username + ",") < 0) {
                resetAccountsCompleted(list, false);
            }
        }
        boolean booleanValue = ConfigUtils.instance().getConfigValue("casServer.userPasswordDetect.enabled", (Boolean) false).booleanValue();
        HashSet hashSet = new HashSet(Arrays.asList(ConfigUtils.instance().getConfigValue("casServer.userPasswordDetect.warning.code", new String[0])));
        if (booleanValue) {
            Integer num = null;
            if (account != null) {
                num = account.getPasswordStatus();
                Boolean bool = false;
                if (num == null) {
                    bool = true;
                } else if (num.intValue() > 0) {
                    bool = Boolean.valueOf(!hashSet.contains(String.valueOf(num.intValue())));
                }
                String username2 = userDetails.getUsername();
                if (bool.booleanValue()) {
                    String configValue3 = ConfigUtils.instance().getConfigValue("casServer.userPasswordDetect.whitelist", "");
                    if (StringUtils.isNotBlank(configValue3) && ("," + configValue3 + ",").indexOf("," + username2 + ",") >= 0) {
                        num = null;
                        bool = false;
                    }
                }
                if (bool.booleanValue()) {
                    String configValue4 = ConfigUtils.instance().getConfigValue("casServer.userPasswordDetect.blacklist", "");
                    if (StringUtils.isNotBlank(configValue4) && ("," + configValue4 + ",").indexOf("," + username2 + ",") < 0) {
                        num = null;
                        bool = false;
                    }
                }
                if (bool.booleanValue()) {
                    try {
                        PasswordDetectVO detectPassword = this.accountService.detectPassword(userDetails.getUsername(), obj);
                        if (detectPassword != null) {
                            num = Integer.valueOf(detectPassword.getPasswordStatus());
                            String warning = detectPassword.getWarning();
                            if (num.intValue() != 0) {
                                this.logger.warn(warning);
                            }
                            resetAccountsPasswordStatus(list, detectPassword.getPasswordStatus());
                        }
                    } catch (Exception e) {
                        e.printStackTrace();
                    }
                }
            }
            Boolean bool2 = false;
            if (num == null) {
                bool2 = false;
            } else if (num.intValue() > 0) {
                bool2 = Boolean.valueOf(hashSet.contains(String.valueOf(num.intValue())));
            }
            if (bool2.booleanValue()) {
                resetAccountsPasswordStatus(list, num.intValue());
            } else {
                resetAccountsPasswordStatus(list, 0);
            }
        }
    }

    private void resetAccountsCompleted(List<Account> list, boolean z) {
        if (list != null) {
            Iterator<Account> it = list.iterator();
            while (it.hasNext()) {
                it.next().setUserNonCompleted(Boolean.valueOf(z));
            }
        }
    }

    private void resetAccountsPasswordStatus(List<Account> list, int i) {
        if (list != null) {
            Iterator<Account> it = list.iterator();
            while (it.hasNext()) {
                it.next().setPasswordStatus(Integer.valueOf(i));
            }
        }
    }
}
