package dev.niubi.commons.security.captcha.mobile;

import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.MessageSource;
import org.springframework.context.MessageSourceAware;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.InternalAuthenticationServiceException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper;
import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.util.Assert;

/* loaded from: input_file:dev/niubi/commons/security/captcha/mobile/MobileCaptchaAuthenticationProvider.class */
public class MobileCaptchaAuthenticationProvider implements AuthenticationProvider, InitializingBean, MessageSourceAware {
    private static final Logger log = LoggerFactory.getLogger(MobileCaptchaAuthenticationProvider.class);
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private UserCache userCache = new NullUserCache();
    private boolean forcePrincipalAsString = false;
    private UserDetailsChecker preAuthenticationChecks = new AccountStatusUserDetailsChecker();
    private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();
    private GrantedAuthoritiesMapper authoritiesMapper = new NullAuthoritiesMapper();
    private MobileUserDetailsService userDetailsService;

    /* loaded from: input_file:dev/niubi/commons/security/captcha/mobile/MobileCaptchaAuthenticationProvider$DefaultPostAuthenticationChecks.class */
    private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails.isCredentialsNonExpired()) {
                return;
            }
            MobileCaptchaAuthenticationProvider.log.debug("User account credentials have expired");
            throw new CredentialsExpiredException(MobileCaptchaAuthenticationProvider.this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
        }
    }

    public void afterPropertiesSet() throws Exception {
        Assert.notNull(this.userDetailsService, "A MobileUserDetailsService must be set");
    }

    public void setUserDetailsService(MobileUserDetailsService mobileUserDetailsService) {
        this.userDetailsService = mobileUserDetailsService;
    }

    public void setMessageSource(MessageSource messageSource) {
        this.messages = new MessageSourceAccessor(messageSource);
    }

    public UserDetailsChecker getPostAuthenticationChecks() {
        return this.postAuthenticationChecks;
    }

    public void setPostAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.postAuthenticationChecks = userDetailsChecker;
    }

    public UserCache getUserCache() {
        return this.userCache;
    }

    public void setUserCache(UserCache userCache) {
        this.userCache = userCache;
    }

    public boolean isForcePrincipalAsString() {
        return this.forcePrincipalAsString;
    }

    public void setForcePrincipalAsString(boolean z) {
        this.forcePrincipalAsString = z;
    }

    public void setAuthoritiesMapper(GrantedAuthoritiesMapper grantedAuthoritiesMapper) {
        this.authoritiesMapper = grantedAuthoritiesMapper;
    }

    public void setPreAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.preAuthenticationChecks = userDetailsChecker;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.isInstanceOf(MobileCaptchaAuthenticationToken.class, authentication, () -> {
            return this.messages.getMessage("MobileCodeAuthenticationProvider.onlySupports", "仅支持MobileCodeAuthenticationToken");
        });
        MobileCaptchaAuthenticationToken mobileCaptchaAuthenticationToken = (MobileCaptchaAuthenticationToken) authentication;
        String name = authentication.getPrincipal() == null ? "NONE_PROVIDED" : authentication.getName();
        UserDetails userFromCache = this.userCache.getUserFromCache(name);
        boolean z = true;
        if (userFromCache == null) {
            z = false;
            try {
                userFromCache = retrieveUser(name, mobileCaptchaAuthenticationToken);
                Assert.notNull(userFromCache, "retrieveUser returned null - a violation of the interface contract");
            } catch (Exception e) {
                throw new InternalAuthenticationServiceException(e.getMessage(), e);
            } catch (UsernameNotFoundException e2) {
                log.debug("mobile '" + name + "' not found");
                throw e2;
            }
        }
        try {
            this.preAuthenticationChecks.check(userFromCache);
        } catch (AuthenticationException e3) {
            if (!z) {
                throw e3;
            }
            z = false;
            userFromCache = retrieveUser(name, mobileCaptchaAuthenticationToken);
            this.preAuthenticationChecks.check(userFromCache);
        }
        this.postAuthenticationChecks.check(userFromCache);
        if (!z) {
            this.userCache.putUserInCache(userFromCache);
        }
        UserDetails userDetails = userFromCache;
        if (this.forcePrincipalAsString) {
            userDetails = userFromCache.getUsername();
        }
        return createSuccessAuthentication(userDetails, mobileCaptchaAuthenticationToken, userFromCache);
    }

    protected Authentication createSuccessAuthentication(Object obj, MobileCaptchaAuthenticationToken mobileCaptchaAuthenticationToken, UserDetails userDetails) {
        MobileCaptchaAuthenticationToken mobileCaptchaAuthenticationToken2 = new MobileCaptchaAuthenticationToken(obj, mobileCaptchaAuthenticationToken.getCode(), this.authoritiesMapper.mapAuthorities(userDetails.getAuthorities()));
        mobileCaptchaAuthenticationToken2.setDetails(mobileCaptchaAuthenticationToken.getDetails());
        return mobileCaptchaAuthenticationToken2;
    }

    public UserDetails retrieveUser(String str, MobileCaptchaAuthenticationToken mobileCaptchaAuthenticationToken) {
        UserDetails loadUserByMobile = this.userDetailsService.loadUserByMobile(str);
        if (loadUserByMobile == null) {
            throw new InternalAuthenticationServiceException("UserDetailsService returned null, which is an interface contract violation");
        }
        return loadUserByMobile;
    }

    public boolean supports(Class<?> cls) {
        return MobileCaptchaAuthenticationToken.class.isAssignableFrom(cls);
    }
}
