package cn.home1.oss.lib.security.api;

import cn.home1.oss.boot.autoconfigure.AppProperties;
import cn.home1.oss.lib.common.crypto.EncodeCipher;
import cn.home1.oss.lib.security.api.User;
import cn.home1.oss.lib.security.internal.BaseGrantedAuthority;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.ImmutableSet;
import com.google.common.collect.Lists;
import java.util.ArrayList;
import java.util.Iterator;
import java.util.List;
import java.util.Set;
import java.util.stream.Collectors;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.boot.autoconfigure.security.SecurityProperties;
import org.springframework.context.ApplicationListener;
import org.springframework.context.event.ContextRefreshedEvent;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:cn/home1/oss/lib/security/api/BaseUserDetailsAuthenticationProvider.class */
public abstract class BaseUserDetailsAuthenticationProvider<U extends User> extends AbstractUserDetailsAuthenticationProvider implements AuthenticationProvider, UserDetailsService, ApplicationListener<ContextRefreshedEvent> {
    private static final Logger log = LoggerFactory.getLogger(BaseUserDetailsAuthenticationProvider.class);
    private EncodeCipher cipher;

    @Autowired(required = false)
    private PasswordEncoder passwordEncoder;

    @Autowired(required = false)
    private SecurityProperties securityProperties;

    protected final void additionalAuthenticationChecks(org.springframework.security.core.userdetails.UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
    }

    public final org.springframework.security.core.userdetails.UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        GenericUser findEverywhere = findEverywhere(str);
        if (findEverywhere != null) {
            return findEverywhere;
        }
        throw new UsernameNotFoundException(str);
    }

    protected final org.springframework.security.core.userdetails.UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        if (log.isDebugEnabled()) {
            log.debug("retrieveUser: {}", str);
        }
        String decryptIfEncrypted = decryptIfEncrypted((String) usernamePasswordAuthenticationToken.getCredentials());
        if (StringUtils.isBlank(decryptIfEncrypted)) {
            log.warn("Username {}: no password provided", str);
            throw new BadCredentialsException("Please enter password");
        }
        GenericUser findEverywhere = findEverywhere(str);
        if (findEverywhere == null) {
            log.warn("Username {} password {}: user not found", str, decryptIfEncrypted);
            throw new UsernameNotFoundException(str);
        }
        PasswordEncoder passwordEncoder = getPasswordEncoder();
        if (!(passwordEncoder != null ? Boolean.valueOf(passwordEncoder.matches(decryptIfEncrypted, findEverywhere.getPassword())) : Boolean.valueOf(StringUtils.equals(decryptIfEncrypted, findEverywhere.getPassword()))).booleanValue()) {
            log.warn("Username {} password {}: invalid password", str, decryptIfEncrypted);
            throw new BadCredentialsException("Invalid Login");
        }
        if (findEverywhere.isEnabled()) {
            return findEverywhere;
        }
        log.warn("Username {}: disabled", str);
        throw new BadCredentialsException("User disabled");
    }

    public final GenericUser findEverywhere(String str) {
        U findByName = findByName(str);
        return findByName == null ? findSecurityUser(str) : GenericUser.fromUser(findByName);
    }

    protected final GenericUser findSecurityUser(String str) {
        GenericUser genericUser;
        if (this.securityProperties == null) {
            genericUser = null;
        } else {
            SecurityProperties.User user = this.securityProperties.getUser();
            if (user != null && StringUtils.isNotBlank(user.getName()) && user.getName().equals(str)) {
                Set<GrantedAuthority> set = (Set) user.getRole().stream().map(str2 -> {
                    return new BaseGrantedAuthority(Security.ROLE_PREFIX + str2);
                }).collect(Collectors.toSet());
                PasswordEncoder passwordEncoder = getPasswordEncoder();
                genericUser = GenericUser.fromUser(UserDetails.userDetailsBuilder().authorities(set).enabled(true).id("").name(user.getName()).password(passwordEncoder != null ? passwordEncoder.encode(user.getPassword()) : user.getPassword()).properties(ImmutableMap.of()).build());
            } else {
                genericUser = null;
            }
        }
        return genericUser;
    }

    String decryptIfEncrypted(String str) {
        String str2;
        if (str == null) {
            str2 = null;
        } else if (str.startsWith("rsa:")) {
            Preconditions.checkState(this.cipher != null, "Encrypt not supported.");
            str2 = this.cipher.decrypt(str.substring("rsa:".length()));
        } else {
            str2 = str;
        }
        return str2;
    }

    public void onApplicationEvent(ContextRefreshedEvent contextRefreshedEvent) {
        if (AppProperties.getProdEnvironment(AppProperties.getEnvironment(contextRefreshedEvent.getApplicationContext().getEnvironment())).booleanValue()) {
            log.info("skip init test users on production environment.");
        } else {
            log.info("init test users on non-production environment.");
            initTestUsers();
        }
    }

    protected abstract List<U> testUsers();

    public final List<U> initTestUsers() {
        List<U> testUsers = testUsers();
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(testUsers.size());
        for (U u : testUsers) {
            U findByName = findByName(u.getName());
            if (findByName == null) {
                (u.mo5getAuthorities() != null ? u.mo5getAuthorities() : ImmutableSet.of()).forEach(this::saveRole);
                newArrayListWithExpectedSize.add(save(u));
            } else if (findByName.isEnabled() && findByName.equals(u)) {
                newArrayListWithExpectedSize.add(findByName);
            } else {
                delete(findByName);
                newArrayListWithExpectedSize.add(save(u));
            }
        }
        return newArrayListWithExpectedSize;
    }

    public List<U> deleteTestUsers() {
        List<U> testUsers = testUsers();
        ArrayList newArrayListWithExpectedSize = Lists.newArrayListWithExpectedSize(testUsers.size());
        Iterator<U> it = testUsers.iterator();
        while (it.hasNext()) {
            U findByName = findByName(it.next().getName());
            if (findByName != null) {
                delete(findByName);
            }
        }
        return newArrayListWithExpectedSize;
    }

    public final void setCipher(EncodeCipher encodeCipher) {
        this.cipher = encodeCipher;
    }

    protected abstract U findByName(String str);

    protected abstract U save(U u);

    protected abstract void delete(U u);

    protected abstract GrantedAuthority saveRole(GrantedAuthority grantedAuthority);

    public EncodeCipher getCipher() {
        return this.cipher;
    }

    public void setPasswordEncoder(PasswordEncoder passwordEncoder) {
        this.passwordEncoder = passwordEncoder;
    }

    public PasswordEncoder getPasswordEncoder() {
        return this.passwordEncoder;
    }
}
