package com.elitescloud.boot.auth.provider.security.grant;

import com.elitescloud.boot.auth.client.common.AuthorizationException;
import com.elitescloud.boot.auth.client.common.LoginType;
import com.elitescloud.boot.auth.client.config.security.handler.DelegateAuthenticationCallable;
import com.elitescloud.boot.auth.client.token.AbstractCustomAuthenticationToken;
import com.elitescloud.boot.auth.model.OAuthToken;
import com.elitescloud.boot.auth.provider.provider.user.UserDetailManager;
import com.elitescloud.boot.auth.provider.security.AuthenticationCheckService;
import com.elitescloud.boot.auth.provider.security.generator.token.TokenGenerator;
import com.elitescloud.cloudt.security.entity.GeneralUserDetails;
import java.util.Collection;
import java.util.Collections;
import java.util.Iterator;
import java.util.List;
import java.util.stream.Collectors;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.validation.constraints.NotNull;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.beans.factory.ObjectProvider;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.util.Assert;

/* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/InternalAuthenticationGranter.class */
public class InternalAuthenticationGranter {
    private static final Logger log = LogManager.getLogger(InternalAuthenticationGranter.class);
    private final UserDetailManager userDetailManager;
    private final TokenGenerator tokenGenerator;
    private UserDetailsChecker userDetailsChecker = this::defaultAuthenticationChecker;
    private List<AuthenticationCheckService> authenticationCheckService;
    private DelegateAuthenticationCallable delegateAuthenticationCallable;

    /* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/InternalAuthenticationGranter$IdType.class */
    public enum IdType {
        USER_ID,
        USERNAME,
        MOBILE,
        EMAIL
    }

    /* loaded from: input_file:com/elitescloud/boot/auth/provider/security/grant/InternalAuthenticationGranter$InternalAuthenticationToken.class */
    public static final class InternalAuthenticationToken extends AbstractCustomAuthenticationToken<InternalAuthenticationToken> {
        private static final long serialVersionUID = -6577165524964905618L;
        private final IdType idType;
        private final String id;

        public LoginType loginType() {
            return LoginType.INTERNAL;
        }

        /* renamed from: convert, reason: merged with bridge method [inline-methods] */
        public InternalAuthenticationToken m41convert(HttpServletRequest httpServletRequest) {
            return null;
        }

        public InternalAuthenticationToken() {
            super((Object) null, (Object) null);
            this.idType = null;
            this.id = null;
        }

        public InternalAuthenticationToken(IdType idType, String str) {
            super((Object) null, (Object) null);
            this.idType = idType;
            this.id = str;
            super.setAuthenticated(false);
        }

        public InternalAuthenticationToken(IdType idType, String str, Object obj, Collection<GrantedAuthority> collection) {
            super(obj, (Object) null, collection);
            this.idType = idType;
            this.id = str;
            super.setAuthenticated(true);
        }

        public IdType getIdType() {
            return this.idType;
        }

        public String getId() {
            return this.id;
        }
    }

    public InternalAuthenticationGranter(UserDetailManager userDetailManager, TokenGenerator tokenGenerator) {
        this.userDetailManager = userDetailManager;
        this.tokenGenerator = tokenGenerator;
    }

    public OAuthToken authenticate(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @NotNull InternalAuthenticationToken internalAuthenticationToken) {
        AuthenticationException authenticationException = null;
        Authentication authentication = null;
        OAuthToken oAuthToken = null;
        try {
            authentication = load(internalAuthenticationToken);
            oAuthToken = this.tokenGenerator.generate(authentication);
        } catch (AuthenticationException e) {
            authenticationException = e;
        }
        if (this.delegateAuthenticationCallable != null) {
            try {
                if (authenticationException == null) {
                    this.delegateAuthenticationCallable.onLogin(httpServletRequest, httpServletResponse, oAuthToken.getAccessToken(), authentication);
                } else {
                    this.delegateAuthenticationCallable.onLoginFailure(httpServletRequest, httpServletResponse, internalAuthenticationToken, authenticationException);
                }
            } catch (Exception e2) {
                log.info("认证回调异常", e2);
            }
        }
        if (authenticationException != null) {
            throw authenticationException;
        }
        return oAuthToken;
    }

    private InternalAuthenticationToken load(InternalAuthenticationToken internalAuthenticationToken) {
        GeneralUserDetails loadUser = loadUser(internalAuthenticationToken.getIdType(), internalAuthenticationToken.getId());
        this.userDetailsChecker.check(loadUser);
        Iterator<AuthenticationCheckService> it = this.authenticationCheckService.iterator();
        while (it.hasNext()) {
            it.next().additionalAuthenticationChecks(loadUser, internalAuthenticationToken);
        }
        return new InternalAuthenticationToken(internalAuthenticationToken.getIdType(), internalAuthenticationToken.getId(), loadUser, Collections.emptyList());
    }

    @Autowired
    public void setAuthenticationCheckServiceObjectProvider(ObjectProvider<AuthenticationCheckService> objectProvider) {
        this.authenticationCheckService = (List) objectProvider.stream().collect(Collectors.toList());
    }

    public void setDelegateAuthenticationCallable(DelegateAuthenticationCallable delegateAuthenticationCallable) {
        this.delegateAuthenticationCallable = delegateAuthenticationCallable;
    }

    private GeneralUserDetails loadUser(IdType idType, String str) {
        Assert.hasText(str, "加载用户失败，ID为空");
        Assert.notNull(idType, "加载用户失败，ID类型为空");
        switch (idType) {
            case USER_ID:
                return this.userDetailManager.loadUserById(str);
            case USERNAME:
                return this.userDetailManager.loadUserByUsername(str);
            case EMAIL:
                return this.userDetailManager.loadUserByEmail(str);
            case MOBILE:
                return this.userDetailManager.loadUserByMobile(str);
            default:
                throw new AuthorizationException("认证失败，暂不支持的账号类型");
        }
    }

    private void defaultAuthenticationChecker(UserDetails userDetails) {
        if (userDetails == null) {
            throw new UsernameNotFoundException("账号不存在");
        }
        if (!userDetails.isAccountNonLocked()) {
            log.debug("Failed to authenticate since user account is locked");
            throw new LockedException("账号已锁定");
        }
        if (!userDetails.isEnabled()) {
            log.debug("Failed to authenticate since user account is disabled");
            throw new DisabledException("账号已禁用");
        }
        if (userDetails.isAccountNonExpired()) {
            return;
        }
        log.debug("Failed to authenticate since user account has expired");
        throw new AccountExpiredException("账号已过期");
    }
}
