package net.smartcosmos.cluster.auth;

import java.util.Collection;
import java.util.HashMap;
import java.util.Map;
import java.util.stream.Collectors;
import net.smartcosmos.cluster.auth.domain.UserResponse;
import net.smartcosmos.security.SecurityResourceProperties;
import net.smartcosmos.security.user.SmartCosmosCachedUser;
import org.hibernate.validator.internal.metadata.core.ConstraintHelper;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.boot.json.JacksonJsonParser;
import org.springframework.context.annotation.Profile;
import org.springframework.http.HttpEntity;
import org.springframework.http.HttpMethod;
import org.springframework.http.MediaType;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.stereotype.Service;
import org.springframework.util.StringUtils;
import org.springframework.web.client.HttpStatusCodeException;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.util.UriComponentsBuilder;

@Profile({"!test"})
@EnableConfigurationProperties({SecurityResourceProperties.class})
@Service
/* loaded from: input_file:net/smartcosmos/cluster/auth/SmartCosmosAuthenticationProvider.class */
public class SmartCosmosAuthenticationProvider extends AbstractUserDetailsAuthenticationProvider implements UserDetailsService {
    private static final Logger log = LoggerFactory.getLogger((Class<?>) SmartCosmosAuthenticationProvider.class);
    public static final int MILLISECS_PER_SEC = 1000;
    private final PasswordEncoder passwordEncoder;
    private final Map<String, SmartCosmosCachedUser> users = new HashMap();
    private String userDetailsServerLocationUri;
    private RestTemplate restTemplate;
    private Integer cachedUserKeepAliveSecs;

    @Autowired
    public SmartCosmosAuthenticationProvider(SecurityResourceProperties securityResourceProperties, PasswordEncoder passwordEncoder, @Qualifier("userDetailsRestTemplate") RestTemplate restTemplate) {
        this.passwordEncoder = passwordEncoder;
        this.restTemplate = restTemplate;
        this.cachedUserKeepAliveSecs = securityResourceProperties.getCachedUserKeepAliveSecs();
        this.userDetailsServerLocationUri = securityResourceProperties.getUserDetails().getServer().getLocationUri();
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        String username = userDetails.getUsername() != null ? userDetails.getUsername() : "(NULL)";
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            log.debug("Authentication failed for user {}: no credentials provided", username);
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (this.passwordEncoder.matches(usernamePasswordAuthenticationToken.getCredentials().toString(), userDetails.getPassword())) {
            return;
        }
        log.debug("Authentication failed for user {}: password does not match stored value", username);
        throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
    }

    /* JADX WARN: Multi-variable type inference failed */
    protected UserResponse fetchUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException, OAuth2Exception {
        try {
            if (usernamePasswordAuthenticationToken != null) {
                UserResponse userResponse = (UserResponse) this.restTemplate.exchange(this.userDetailsServerLocationUri + "/authenticate", HttpMethod.POST, new HttpEntity<>(usernamePasswordAuthenticationToken), UserResponse.class, str).getBody();
                log.debug("Fetching details for user {} with authentication token {} succeeded: {}", str, usernamePasswordAuthenticationToken, userResponse);
                return userResponse;
            }
            UserResponse userResponse2 = (UserResponse) this.restTemplate.exchange(UriComponentsBuilder.fromUriString(this.userDetailsServerLocationUri).pathSegment("active").pathSegment(str).build().toUri(), HttpMethod.GET, HttpEntity.EMPTY, UserResponse.class).getBody();
            log.debug("Fetching details for user {} during refresh token succeeded: {}", str, userResponse2);
            return userResponse2;
        } catch (HttpStatusCodeException e) {
            log.debug("Fetching details for user {} with authentication token {} failed: {} - {}", str, usernamePasswordAuthenticationToken, e.toString(), e.getResponseBodyAsString());
            switch (e.getStatusCode()) {
                case UNAUTHORIZED:
                    log.warn("Auth Server or User Details Service not properly configured to use SMART COSMOS Security Credentials; all requests will fail.");
                    throw new IllegalStateException("Service not properly configured to use credentials", e);
                case BAD_REQUEST:
                    String errorResponseMessage = getErrorResponseMessage(e);
                    if (!StringUtils.isEmpty(errorResponseMessage)) {
                        throw new BadCredentialsException(errorResponseMessage, e);
                    }
                    break;
            }
            throw new RuntimeException(org.apache.commons.lang.StringUtils.defaultIfBlank(getErrorResponseMessage(e), e.getMessage()), e);
        } catch (Exception e2) {
            log.debug("Fetching details for user {} with authentication token {} failed: {}", str, usernamePasswordAuthenticationToken, e2);
            throw new RuntimeException(e2.getMessage(), e2);
        }
    }

    @Override // org.springframework.security.authentication.dao.AbstractUserDetailsAuthenticationProvider
    protected UserDetails retrieveUser(String str, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        log.debug("Authenticating, {}", str);
        SmartCosmosCachedUser checkedCachedUser = checkedCachedUser(str);
        if (checkedCachedUser != null && !StringUtils.isEmpty(usernamePasswordAuthenticationToken.getCredentials()) && !StringUtils.isEmpty(checkedCachedUser.getPassword()) && this.passwordEncoder.matches(usernamePasswordAuthenticationToken.getCredentials().toString(), checkedCachedUser.getPassword())) {
            log.debug("Retrieved user {} from auth server cache.", checkedCachedUser.getUsername());
            return checkedCachedUser;
        }
        UserResponse fetchUser = fetchUser(str, usernamePasswordAuthenticationToken);
        log.trace("Received response of: {}", fetchUser);
        SmartCosmosCachedUser smartCosmosCachedUser = new SmartCosmosCachedUser(fetchUser.getTenantUrn(), fetchUser.getUserUrn(), fetchUser.getUsername(), fetchUser.getPasswordHash(), (Collection) fetchUser.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
        this.users.put(fetchUser.getUsername(), smartCosmosCachedUser);
        log.debug("Retrieved user {} from user details service.", fetchUser.getUsername());
        return smartCosmosCachedUser;
    }

    private String getErrorResponseMessage(HttpStatusCodeException httpStatusCodeException) {
        MediaType contentType = httpStatusCodeException.getResponseHeaders().getContentType();
        if (!MediaType.APPLICATION_JSON.equals(contentType) && !MediaType.APPLICATION_JSON_UTF8.equals(contentType)) {
            return "";
        }
        Map<String, Object> parseMap = new JacksonJsonParser().parseMap(httpStatusCodeException.getResponseBodyAsString());
        return (parseMap.containsKey(ConstraintHelper.MESSAGE) && (parseMap.get(ConstraintHelper.MESSAGE) instanceof String)) ? (String) parseMap.get(ConstraintHelper.MESSAGE) : "";
    }

    private SmartCosmosCachedUser checkedCachedUser(String str) {
        if (!this.users.containsKey(str)) {
            return null;
        }
        SmartCosmosCachedUser smartCosmosCachedUser = this.users.get(str);
        if (System.currentTimeMillis() - smartCosmosCachedUser.getCachedDate().getTime() <= this.cachedUserKeepAliveSecs.intValue() * 1000) {
            return smartCosmosCachedUser;
        }
        this.users.remove(str);
        return null;
    }

    @Override // org.springframework.security.core.userdetails.UserDetailsService
    public UserDetails loadUserByUsername(String str) throws UsernameNotFoundException {
        log.debug("Checking to see if account {} is still active", str);
        UserResponse fetchUser = fetchUser(str, null);
        log.trace("Received response of: {}", fetchUser);
        log.debug("Retrieved user {} from user details service.", fetchUser.getUsername());
        SmartCosmosCachedUser smartCosmosCachedUser = new SmartCosmosCachedUser(fetchUser.getTenantUrn(), fetchUser.getUserUrn(), fetchUser.getUsername(), getPasswordHash(fetchUser), (Collection) fetchUser.getAuthorities().stream().map(SimpleGrantedAuthority::new).collect(Collectors.toSet()));
        this.users.put(fetchUser.getUsername(), smartCosmosCachedUser);
        return smartCosmosCachedUser;
    }

    private String getPasswordHash(UserResponse userResponse) {
        SmartCosmosCachedUser checkedCachedUser = checkedCachedUser(userResponse.getUsername());
        return (checkedCachedUser != null && org.apache.commons.lang.StringUtils.isNotBlank(checkedCachedUser.getPassword()) && checkedCachedUser.getAccountUrn().equals(userResponse.getTenantUrn()) && checkedCachedUser.getUserUrn().equals(userResponse.getUserUrn())) ? checkedCachedUser.getPassword() : "";
    }
}
