package com.elitescloud.cloudt.authorization.api.provider.security.grant;

import com.elitescloud.cloudt.authorization.api.client.common.AuthorizationException;
import com.elitescloud.cloudt.authorization.api.client.common.LoginType;
import com.elitescloud.cloudt.authorization.api.client.config.security.handler.DelegateAuthenticationCallable;
import com.elitescloud.cloudt.authorization.api.client.token.AbstractCustomAuthenticationToken;
import com.elitescloud.cloudt.authorization.api.provider.provider.user.UserDetailManager;
import com.elitescloud.cloudt.authorization.api.provider.security.AuthenticationCheckService;
import com.elitescloud.cloudt.authorization.api.provider.security.generator.token.TokenGenerator;
import com.elitescloud.cloudt.authorization.sdk.model.OAuthToken;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/security/grant/InternalAuthenticationGranter.class */
public class InternalAuthenticationGranter {
    private static final Logger a = LogManager.getLogger(InternalAuthenticationGranter.class);
    private final UserDetailManager b;
    private final TokenGenerator c;
    private UserDetailsChecker d = this::a;
    private List<AuthenticationCheckService> e;
    private DelegateAuthenticationCallable f;

    /* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/security/grant/InternalAuthenticationGranter$IdType.class */
    public enum IdType {
        USER_ID,
        USERNAME,
        MOBILE,
        EMAIL
    }

    /* loaded from: input_file:com/elitescloud/cloudt/authorization/api/provider/security/grant/InternalAuthenticationGranter$InternalAuthenticationToken.class */
    public static final class InternalAuthenticationToken extends AbstractCustomAuthenticationToken<InternalAuthenticationToken> {
        private static final long serialVersionUID = -6577165524964905618L;
        private final IdType idType;
        private final String id;

        public LoginType loginType() {
            return LoginType.INTERNAL;
        }

        /* renamed from: convert, reason: merged with bridge method [inline-methods] */
        public InternalAuthenticationToken m30convert(HttpServletRequest httpServletRequest) {
            return null;
        }

        public InternalAuthenticationToken() {
            super((Object) null, (Object) null);
            this.idType = null;
            this.id = null;
        }

        public InternalAuthenticationToken(IdType idType, String str) {
            super((Object) null, (Object) null);
            this.idType = idType;
            this.id = str;
            super.setAuthenticated(false);
        }

        public InternalAuthenticationToken(IdType idType, String str, Object obj, Collection<GrantedAuthority> collection) {
            super(obj, (Object) null, collection);
            this.idType = idType;
            this.id = str;
            super.setAuthenticated(true);
        }

        public IdType getIdType() {
            return this.idType;
        }

        public String getId() {
            return this.id;
        }
    }

    public InternalAuthenticationGranter(UserDetailManager userDetailManager, TokenGenerator tokenGenerator) {
        this.b = userDetailManager;
        this.c = tokenGenerator;
    }

    public OAuthToken authenticate(@NotNull InternalAuthenticationToken internalAuthenticationToken) {
        GeneralUserDetails a2 = a(internalAuthenticationToken.getIdType(), internalAuthenticationToken.getId());
        this.d.check(a2);
        Iterator<AuthenticationCheckService> it = this.e.iterator();
        while (it.hasNext()) {
            it.next().additionalAuthenticationChecks(a2, internalAuthenticationToken);
        }
        Authentication internalAuthenticationToken2 = new InternalAuthenticationToken(internalAuthenticationToken.getIdType(), internalAuthenticationToken.getId(), a2, Collections.emptyList());
        OAuthToken generate = this.c.generate(internalAuthenticationToken2);
        if (this.f != null) {
            try {
                this.f.onLogin((HttpServletRequest) null, (HttpServletResponse) null, generate.getAccessToken(), internalAuthenticationToken2);
            } catch (Exception e) {
                a.error("认证成功后的回调异常：", e);
            }
        }
        return generate;
    }

    @Autowired
    public void setAuthenticationCheckServiceObjectProvider(ObjectProvider<AuthenticationCheckService> objectProvider) {
        this.e = (List) objectProvider.stream().collect(Collectors.toList());
    }

    public void setDelegateAuthenticationCallable(DelegateAuthenticationCallable delegateAuthenticationCallable) {
        this.f = delegateAuthenticationCallable;
    }

    private GeneralUserDetails a(IdType idType, String str) {
        Assert.hasText(str, "加载用户失败，ID为空");
        Assert.notNull(idType, "加载用户失败，ID类型为空");
        switch (a.a[idType.ordinal()]) {
            case 1:
                return this.b.loadUserById(str);
            case 2:
                return this.b.loadUserByUsername(str);
            case 3:
                return this.b.loadUserByEmail(str);
            case 4:
                return this.b.loadUserByMobile(str);
            default:
                throw new AuthorizationException("认证失败，暂不支持的账号类型");
        }
    }

    private void a(UserDetails userDetails) {
        if (userDetails == null) {
            throw new UsernameNotFoundException("账号不存在");
        }
        if (!userDetails.isAccountNonLocked()) {
            a.debug("Failed to authenticate since user account is locked");
            throw new LockedException("账号已锁定");
        }
        if (!userDetails.isEnabled()) {
            a.debug("Failed to authenticate since user account is disabled");
            throw new DisabledException("账号已禁用");
        }
        if (userDetails.isAccountNonExpired()) {
            return;
        }
        a.debug("Failed to authenticate since user account has expired");
        throw new AccountExpiredException("账号已过期");
    }
}
