package org.minbox.framework.on.security.authorization.server.oauth2.authentication.support;

import java.util.List;
import java.util.Map;
import java.util.stream.Collectors;
import org.minbox.framework.on.security.core.authorization.AbstractOnSecurityAuthenticationProvider;
import org.minbox.framework.on.security.core.authorization.adapter.OnSecurityUserDetails;
import org.minbox.framework.on.security.core.authorization.data.application.SecurityApplication;
import org.minbox.framework.on.security.core.authorization.data.application.SecurityApplicationJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.application.SecurityApplicationRepository;
import org.minbox.framework.on.security.core.authorization.data.region.SecurityRegion;
import org.minbox.framework.on.security.core.authorization.data.region.SecurityRegionJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.region.SecurityRegionRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserAuthorizeApplicationJdbcRepository;
import org.minbox.framework.on.security.core.authorization.data.user.SecurityUserAuthorizeApplicationRepository;
import org.minbox.framework.on.security.core.authorization.exception.OnSecurityErrorCodes;
import org.minbox.framework.on.security.core.authorization.util.OnSecurityThrowErrorUtils;
import org.springframework.context.ApplicationContext;
import org.springframework.jdbc.core.JdbcOperations;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.util.ObjectUtils;

/* loaded from: input_file:org/minbox/framework/on/security/authorization/server/oauth2/authentication/support/OnSecurityPreAuthorizationCodeAuthenticationProvider.class */
public class OnSecurityPreAuthorizationCodeAuthenticationProvider extends AbstractOnSecurityAuthenticationProvider {
    private SecurityApplicationRepository securityApplicationRepository;
    private SecurityUserAuthorizeApplicationRepository userAuthorizeClientRepository;
    private SecurityRegionRepository regionRepository;

    public OnSecurityPreAuthorizationCodeAuthenticationProvider(Map<Class<?>, Object> map) {
        super(map);
        JdbcOperations jdbcOperations = (JdbcOperations) ((ApplicationContext) map.get(ApplicationContext.class)).getBean(JdbcOperations.class);
        this.securityApplicationRepository = new SecurityApplicationJdbcRepository(jdbcOperations);
        this.userAuthorizeClientRepository = new SecurityUserAuthorizeApplicationJdbcRepository(jdbcOperations);
        this.regionRepository = new SecurityRegionJdbcRepository(jdbcOperations);
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        OnSecurityPreAuthorizationCodeAuthenticationToken onSecurityPreAuthorizationCodeAuthenticationToken = (OnSecurityPreAuthorizationCodeAuthenticationToken) authentication;
        OnSecurityUserDetails userDetails = onSecurityPreAuthorizationCodeAuthenticationToken.getUserDetails();
        SecurityApplication securityApplication = null;
        if (!ObjectUtils.isEmpty(onSecurityPreAuthorizationCodeAuthenticationToken.getApplicationId())) {
            securityApplication = this.securityApplicationRepository.findByApplicationId(onSecurityPreAuthorizationCodeAuthenticationToken.getApplicationId());
            if (securityApplication == null || !securityApplication.isEnabled() || securityApplication.isDeleted()) {
                OnSecurityThrowErrorUtils.throwError(OnSecurityErrorCodes.INVALID_APPLICATION, "client_id", "Invalid Application，ID：" + onSecurityPreAuthorizationCodeAuthenticationToken.getApplicationId() + "，Please check data validity.");
            }
            SecurityRegion selectOne = this.regionRepository.selectOne(securityApplication.getRegionId());
            if (selectOne == null || !selectOne.getEnabled() || selectOne.getDeleted()) {
                OnSecurityThrowErrorUtils.throwError(OnSecurityErrorCodes.INVALID_REGION, (String) null, "Invalid Region：" + (selectOne == null ? securityApplication.getRegionId() : selectOne.getRegionId()) + "，Please check data validity.");
            }
        }
        if (userDetails != null) {
            List findByUserId = this.userAuthorizeClientRepository.findByUserId(userDetails.getUserId());
            if (ObjectUtils.isEmpty(findByUserId)) {
                OnSecurityThrowErrorUtils.throwError(OnSecurityErrorCodes.UNAUTHORIZED_APPLICATION, "client_id", "User: " + userDetails.getUsername() + ", not authorized to bind application: " + onSecurityPreAuthorizationCodeAuthenticationToken.getApplicationId());
            }
            if (!((List) findByUserId.stream().map((v0) -> {
                return v0.getApplicationId();
            }).collect(Collectors.toList())).contains(securityApplication.getId())) {
                OnSecurityThrowErrorUtils.throwError(OnSecurityErrorCodes.UNAUTHORIZED_APPLICATION, "client_id", "User: " + userDetails.getUsername() + ", not authorized to bind application: " + onSecurityPreAuthorizationCodeAuthenticationToken.getApplicationId());
            }
        }
        return onSecurityPreAuthorizationCodeAuthenticationToken;
    }

    public boolean supports(Class<?> cls) {
        return OnSecurityPreAuthorizationCodeAuthenticationToken.class.isAssignableFrom(cls);
    }
}
