package com.supwisdom.insititute.token.server.security.domain.passwordencoder;

import com.supwisdom.insititute.token.server.account.domain.entity.Account;
import com.supwisdom.insititute.token.server.security.domain.authx.log.enums.AuthnFailReason;
import com.supwisdom.insititute.token.server.security.domain.password.PasswordVerifyVO;
import com.supwisdom.insititute.token.server.security.domain.password.remote.SecurityPasswordRemote;
import com.supwisdom.insititute.token.server.thirdparty.kmust.service.ThirdpartyKmustSafeService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;

/* loaded from: input_file:BOOT-INF/lib/token-server-security-domain-1.7.4-RELEASE.jar:com/supwisdom/insititute/token/server/security/domain/passwordencoder/SecurityPasswordEncoder.class */
public class SecurityPasswordEncoder {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SecurityPasswordEncoder.class);

    @Autowired(required = false)
    private ThirdpartyKmustSafeService thirdpartyKmustSafeService;

    @Autowired(required = false)
    private SecurityPasswordRemote securityPasswordRemote;
    private SHA256PasswordEncoder sha256PasswordEncoder = new SHA256PasswordEncoder();
    private SSHAPasswordEncoder sshaPasswordEncoder = new SSHAPasswordEncoder();
    private JW3DESPasswordEncoder jw3desPasswordEncoder = new JW3DESPasswordEncoder();

    public boolean matches(String str, Account account) throws BadCredentialsException {
        if (this.thirdpartyKmustSafeService != null) {
            boolean checkPwd = this.thirdpartyKmustSafeService.checkPwd(account.getUsername(), str);
            if (checkPwd) {
                return checkPwd;
            }
            log.error("Authentication failed: KMUST username password does not checked");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (this.securityPasswordRemote != null && this.securityPasswordRemote.enabled()) {
            log.info("matches password use securityPasswordRemote [{}]", this.securityPasswordRemote.getSecurityPasswordVerifyUrl());
            PasswordVerifyVO verifyAccountPassword = this.securityPasswordRemote.verifyAccountPassword(account.getUsername(), str);
            if (verifyAccountPassword != null) {
                if (verifyAccountPassword.isResult()) {
                    return verifyAccountPassword.isResult();
                }
                log.error("Authentication failed: " + verifyAccountPassword.getError());
                throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
            }
        }
        if (account.getPassword().startsWith("{SHA256}")) {
            log.debug("Authentication: use sha256PasswordEncoder");
            boolean matches = this.sha256PasswordEncoder.matches(str + account.getUserNo(), account.getPassword());
            if (matches) {
                return matches;
            }
            log.error("Authentication failed: SHA256 password does not match stored value");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (account.getPassword().startsWith("{SSHA}")) {
            log.debug("Authentication: use sshaPasswordEncoder");
            boolean matches2 = this.sshaPasswordEncoder.matches(str, account.getPassword());
            if (matches2) {
                return matches2;
            }
            log.error("Authentication failed: SSHA password does not match stored value");
            throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
        }
        if (!account.getPassword().startsWith(JW3DESPasswordEncoder.PREFIX)) {
            return false;
        }
        log.debug("Authentication: use jw3desPasswordEncoder");
        boolean matches3 = this.jw3desPasswordEncoder.matches(account.getUsername() + "---" + account.getId() + "+++" + str, account.getPassword());
        if (matches3) {
            return matches3;
        }
        log.error("Authentication failed: JW 3EDS password does not match stored value");
        throw new BadCredentialsException(AuthnFailReason.ACCOUNT_PASSWORD_NOT_MATCH.name());
    }
}
