package com.elitescloud.boot.auth.provider.security.grant;

import com.elitescloud.boot.auth.client.token.AbstractCustomAuthenticationToken;
import com.elitescloud.boot.auth.provider.CustomAuthenticationProvider;
import com.elitescloud.boot.auth.provider.config.system.ConfigProperties;
import com.elitescloud.boot.auth.provider.provider.user.UserDetailManager;
import com.elitescloud.boot.auth.provider.security.AuthenticationCheckService;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.util.Collection;
import java.util.Iterator;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.lang.NonNull;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/AbstractCustomAuthenticationProvider.class */
public abstract class AbstractCustomAuthenticationProvider<T extends AbstractCustomAuthenticationToken<T>> implements CustomAuthenticationProvider {
    private static final Logger log = LogManager.getLogger(AbstractCustomAuthenticationProvider.class);
    private boolean forcePrincipalAsString = false;
    private boolean hideUserNotFoundExceptions = true;
    private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
    private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
    protected PasswordEncoder passwordEncoder;
    protected UserDetailManager userDetailManager;
    protected ConfigProperties configProperties;
    protected CredentialCheckable credentialCheckable;
    private ObjectProvider<AuthenticationCheckService> authenticationCheckServiceObjectProvider;

    /* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/AbstractCustomAuthenticationProvider$DefaultPostAuthenticationChecks.class */
    private static class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (!userDetails.isCredentialsNonExpired()) {
                AbstractCustomAuthenticationProvider.log.debug("Failed to authenticate since user account credentials have expired");
                throw new CredentialsExpiredException("密码已过期");
            }
            if (!userDetails.isAccountNonLocked()) {
                AbstractCustomAuthenticationProvider.log.debug("Failed to authenticate since user account is locked");
                throw new LockedException("账号已锁定");
            }
            if (!userDetails.isEnabled()) {
                AbstractCustomAuthenticationProvider.log.debug("Failed to authenticate since user account is disabled");
                throw new DisabledException("账号已禁用");
            }
            if (userDetails.isAccountNonExpired()) {
                return;
            }
            AbstractCustomAuthenticationProvider.log.debug("Failed to authenticate since user account has expired");
            throw new AccountExpiredException("账号已过期");
        }
    }

    /* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/AbstractCustomAuthenticationProvider$DefaultPreAuthenticationChecks.class */
    private static class DefaultPreAuthenticationChecks implements UserDetailsChecker {
        private DefaultPreAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails == null) {
                throw new UsernameNotFoundException("账号不存在");
            }
        }
    }

    @NonNull
    protected abstract GeneralUserDetails retrieveUser(T t) throws AuthenticationException;

    /* JADX INFO: Access modifiers changed from: protected */
    public void additionalAuthenticationChecks(GeneralUserDetails generalUserDetails, T t) throws AuthenticationException {
        customAdditionalAuthenticationChecks(generalUserDetails, t);
    }

    /* JADX WARN: Multi-variable type inference failed */
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        AbstractCustomAuthenticationToken abstractCustomAuthenticationToken = (AbstractCustomAuthenticationToken) authentication;
        try {
            String retrieveUser = retrieveUser(abstractCustomAuthenticationToken);
            this.preAuthenticationChecks.check(retrieveUser);
            additionalAuthenticationChecks(retrieveUser, abstractCustomAuthenticationToken);
            this.postAuthenticationChecks.check(retrieveUser);
            String str = retrieveUser;
            if (this.forcePrincipalAsString) {
                str = retrieveUser.getUsername();
            }
            return createSuccessAuthentications(str, abstractCustomAuthenticationToken, retrieveUser);
        } catch (UsernameNotFoundException e) {
            if (!this.hideUserNotFoundExceptions) {
                throw e;
            }
            log.info("用户不存在：{}", authentication.getPrincipal());
            throw new BadCredentialsException("账号或密码错误");
        }
    }

    public boolean supports(Class<?> cls) {
        return getAuthenticationTokenType().isAssignableFrom(cls);
    }

    public abstract Class<T> getAuthenticationTokenType();

    public abstract Class<?> getMixinAuthenticationTokenType();

    public boolean isHideUserNotFoundExceptions() {
        return this.hideUserNotFoundExceptions;
    }

    public void setHideUserNotFoundExceptions(boolean z) {
        this.hideUserNotFoundExceptions = z;
    }

    public UserDetailsChecker getPreAuthenticationChecks() {
        return this.preAuthenticationChecks;
    }

    public void setPreAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.preAuthenticationChecks = userDetailsChecker;
    }

    public UserDetailsChecker getPostAuthenticationChecks() {
        return this.postAuthenticationChecks;
    }

    public void setPostAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.postAuthenticationChecks = userDetailsChecker;
    }

    public boolean isForcePrincipalAsString() {
        return this.forcePrincipalAsString;
    }

    public void setForcePrincipalAsString(boolean z) {
        this.forcePrincipalAsString = z;
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    @Autowired(required = false)
    public void setUserDetailManager(UserDetailManager userDetailManager) {
        this.userDetailManager = userDetailManager;
    }

    @Autowired
    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    @Autowired
    public void setConfigProperties(ConfigProperties configProperties) {
        this.configProperties = configProperties;
    }

    @Autowired
    public void setAuthenticationCheckServiceObjectProvider(ObjectProvider<AuthenticationCheckService> objectProvider) {
        this.authenticationCheckServiceObjectProvider = objectProvider;
    }

    @Autowired
    public void setCredentialCheckable(CredentialCheckable credentialCheckable) {
        this.credentialCheckable = credentialCheckable;
    }

    private void customAdditionalAuthenticationChecks(GeneralUserDetails generalUserDetails, T t) {
        Iterator it = this.authenticationCheckServiceObjectProvider.iterator();
        while (it.hasNext()) {
            ((AuthenticationCheckService) it.next()).additionalAuthenticationChecks(generalUserDetails, t);
        }
    }

    private Authentication createSuccessAuthentications(Object obj, T t, GeneralUserDetails generalUserDetails) {
        try {
            T newInstance = getAuthenticationTokenType().getDeclaredConstructor(Object.class, Object.class, Collection.class).newInstance(obj, t.getCredentials(), this.authoritiesMapper.mapAuthorities(generalUserDetails.getAuthorities()));
            newInstance.setPrincipal(obj);
            newInstance.setDetails(t.getDetails());
            newInstance.setTerminal(t.getTerminal());
            log.debug("Authenticated user");
            return newInstance;
        } catch (Exception e) {
            throw new AuthenticationServiceException("创建Authentication Success Token失败", e);
        }
    }
}
