package security.provider;

import framework.captcha.Captcha;
import framework.config.SecurityConfig;
import framework.security.Account;
import framework.security.AccountLoader;
import framework.security.RegApproval;
import framework.security.password.PasswordService;
import framework.utils.RequestUtil;
import javax.servlet.http.HttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import org.springframework.web.context.request.RequestContextHolder;
import security.exceptions.CaptchaException;
import security.service.CaptchaFailCache;
import security.vo.UserDetail;

@Component
/* loaded from: input_file:security/provider/AuthenticationProvider.class */
public class AuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private Captcha captcha;

    @Autowired
    private SecurityConfig securityConfig;

    @Autowired
    private PasswordService passwordService;

    @Autowired
    private AccountLoader accountLoader;

    @Autowired
    private CaptchaFailCache captchaFailCache;

    public AuthenticationProvider(UserDetailsService userDetailsService) {
        super.setUserDetailsService(userDetailsService);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        HttpServletRequest request = RequestContextHolder.getRequestAttributes().getRequest();
        String parameter = request.getParameter("captcha");
        String parameter2 = request.getParameter("captchaId");
        String str = (String) authentication.getPrincipal();
        boolean z = StringUtils.hasText(parameter2) && StringUtils.hasText(parameter);
        if (!z) {
            z = this.securityConfig.getEnableLoginCaptcha().booleanValue() && this.captchaFailCache.hasFailed(str);
        }
        if (z) {
            validateCaptcha(parameter2, parameter);
        }
        int loginFailLimit = this.accountLoader.loginFailLimit(str);
        if (loginFailLimit > 0) {
            throw new LockedException(RequestUtil.getMessageDefault("security.loginFailLimit", "Login failure too many times, limit login {0} minutes", new Object[]{((int) Math.ceil(loginFailLimit / 60.0d)) + ""}));
        }
        return super.authenticate(authentication);
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        Account account = ((UserDetail) userDetails).getAccount();
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            this.logger.debug("Failed to authenticate since no credentials provided");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (!this.passwordService.matched(usernamePasswordAuthenticationToken.getCredentials().toString(), account.getPasswordSalt(), userDetails.getPassword())) {
            this.logger.debug("Failed to authenticate since password does not match stored value");
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (account.getRegApproval() == null || RegApproval.Agree.equals(account.getRegApproval())) {
            return;
        }
        if (RegApproval.Reject.equals(account.getRegApproval())) {
            throw new DisabledException(RequestUtil.getMessageDefault("security.userRejectApproved", "Registration approval is rejected, the account is unavailable", new Object[0]));
        }
        if (RegApproval.Waiting.equals(account.getRegApproval())) {
            throw new DisabledException(RequestUtil.getMessageDefault("security.userWaitingApproved", "Waiting for registration approval, the account is unavailable", new Object[0]));
        }
    }

    protected void validateCaptcha(String str, String str2) {
        if (!StringUtils.hasText(str2)) {
            throw new CaptchaException(RequestUtil.getMessageDefault("security.captcha.empty", "Please input captcha code", new Object[0]));
        }
        if (!StringUtils.hasText(str)) {
            throw new CaptchaException("Not set captchaId");
        }
        if (!this.captcha.check(str, str2)) {
            throw new CaptchaException(RequestUtil.getMessageDefault("security.captcha.invalid", "Captcha code error", new Object[0]));
        }
        this.captcha.remove(str);
    }
}
