package xyz.shodown.upms.security.support;

import io.jsonwebtoken.Jwts;
import io.jsonwebtoken.SignatureAlgorithm;
import java.security.NoSuchAlgorithmException;
import java.util.Date;
import javax.annotation.Resource;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;
import xyz.shodown.common.util.date.DateUtil;
import xyz.shodown.common.util.encrypt.PasswordUtil;
import xyz.shodown.upms.config.AdditionalProperties;
import xyz.shodown.upms.entity.sys.SysUser;
import xyz.shodown.upms.security.dto.SecurityUser;
import xyz.shodown.upms.service.ISysUserService;

@Component
/* loaded from: input_file:xyz/shodown/upms/security/support/AuthServiceProvider.class */
public class AuthServiceProvider implements AuthenticationProvider {

    @Resource
    private ISysUserService sysUserServiceImpl;

    @Resource
    private AdditionalProperties additionalProperties;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String str = (String) authentication.getPrincipal();
        String str2 = (String) authentication.getCredentials();
        SecurityUser securityUser = (SecurityUser) this.sysUserServiceImpl.loadUserByUsername(str);
        if (securityUser == null) {
            throw new BadCredentialsException("用户不存在");
        }
        SysUser currentUserInfo = securityUser.getCurrentUserInfo();
        try {
            if (!PasswordUtil.isValidPassword(str2, securityUser.getPassword(), securityUser.getCurrentUserInfo().getSalt())) {
                throw new BadCredentialsException("密码不正确");
            }
            String roleCodes = securityUser.getRoleCodes();
            Integer tokenExpireTime = this.additionalProperties.getAccess().getTokenExpireTime();
            currentUserInfo.setToken(Jwts.builder().claim(SecurityUser.ROLE_LOGIN, roleCodes).setSubject(authentication.getName()).setExpiration(new Date((tokenExpireTime == null || tokenExpireTime.intValue() == 0 || tokenExpireTime.intValue() < 0) ? System.currentTimeMillis() + 1800000 : System.currentTimeMillis() + (tokenExpireTime.intValue() * 60 * 1000))).signWith(SignatureAlgorithm.HS512, this.additionalProperties.getAccess().getSignKey()).compact());
            currentUserInfo.setLoginTime(DateUtil.date());
            this.sysUserServiceImpl.updateState(currentUserInfo);
            currentUserInfo.setPassword("");
            currentUserInfo.setSalt("");
            securityUser.setCurrentUserInfo(currentUserInfo);
            return new UsernamePasswordAuthenticationToken(securityUser, str2, securityUser.getAuthorities());
        } catch (NoSuchAlgorithmException e) {
            throw new BadCredentialsException("密码所使用的加密算法不存在");
        }
    }

    public boolean supports(Class<?> cls) {
        return true;
    }
}
