package top.dcenter.ums.security.core.oauth.provider;

import java.util.Iterator;
import java.util.List;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.RejectedExecutionException;
import javax.servlet.http.HttpServletRequest;
import me.zhyd.oauth.model.AuthUser;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.UserCache;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.security.core.userdetails.cache.NullUserCache;
import org.springframework.util.Assert;
import org.springframework.util.CollectionUtils;
import top.dcenter.ums.security.core.oauth.consts.SecurityConstants;
import top.dcenter.ums.security.core.oauth.entity.ConnectionData;
import top.dcenter.ums.security.core.oauth.justauth.request.Auth2DefaultRequest;
import top.dcenter.ums.security.core.oauth.repository.UsersConnectionRepository;
import top.dcenter.ums.security.core.oauth.service.Auth2UserService;
import top.dcenter.ums.security.core.oauth.service.UmsUserDetailsService;
import top.dcenter.ums.security.core.oauth.signup.ConnectionService;
import top.dcenter.ums.security.core.oauth.token.Auth2AuthenticationToken;
import top.dcenter.ums.security.core.oauth.token.Auth2LoginAuthenticationToken;
import top.dcenter.ums.security.core.oauth.userdetails.TemporaryUser;
import top.dcenter.ums.security.core.oauth.util.MvcUtil;

/* loaded from: input_file:top/dcenter/ums/security/core/oauth/provider/Auth2LoginAuthenticationProvider.class */
public class Auth2LoginAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(Auth2LoginAuthenticationProvider.class);
    private final Auth2UserService userService;
    private final UmsUserDetailsService umsUserDetailsService;
    private final UsersConnectionRepository usersConnectionRepository;
    private final ConnectionService connectionService;
    private final ExecutorService updateConnectionTaskExecutor;
    private final Boolean autoSignUp;
    private final String temporaryUserAuthorities;
    private final String temporaryUserPassword;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private UserCache userCache = new NullUserCache();
    private UserDetailsChecker preAuthenticationChecks = new DefaultPreAuthenticationChecks();
    private UserDetailsChecker postAuthenticationChecks = new DefaultPostAuthenticationChecks();

    /* loaded from: input_file:top/dcenter/ums/security/core/oauth/provider/Auth2LoginAuthenticationProvider$DefaultPostAuthenticationChecks.class */
    private class DefaultPostAuthenticationChecks implements UserDetailsChecker {
        private DefaultPostAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (userDetails.isCredentialsNonExpired()) {
                return;
            }
            Auth2LoginAuthenticationProvider.log.debug("User account credentials have expired");
            throw new CredentialsExpiredException(Auth2LoginAuthenticationProvider.this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
        }
    }

    /* loaded from: input_file:top/dcenter/ums/security/core/oauth/provider/Auth2LoginAuthenticationProvider$DefaultPreAuthenticationChecks.class */
    private class DefaultPreAuthenticationChecks implements UserDetailsChecker {
        private DefaultPreAuthenticationChecks() {
        }

        public void check(UserDetails userDetails) {
            if (!userDetails.isAccountNonLocked()) {
                Auth2LoginAuthenticationProvider.log.debug("User account is locked");
                throw new LockedException(Auth2LoginAuthenticationProvider.this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
            }
            if (!userDetails.isEnabled()) {
                Auth2LoginAuthenticationProvider.log.debug("User account is disabled");
                throw new DisabledException(Auth2LoginAuthenticationProvider.this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
            }
            if (userDetails.isAccountNonExpired()) {
                return;
            }
            Auth2LoginAuthenticationProvider.log.debug("User account is expired");
            throw new AccountExpiredException(Auth2LoginAuthenticationProvider.this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
        }
    }

    public Auth2LoginAuthenticationProvider(Auth2UserService auth2UserService, ConnectionService connectionService, UmsUserDetailsService umsUserDetailsService, UsersConnectionRepository usersConnectionRepository, ExecutorService executorService, Boolean bool, String str, String str2) {
        Assert.notNull(executorService, "updateConnectionTaskExecutor cannot be null");
        Assert.notNull(auth2UserService, "userService cannot be null");
        Assert.notNull(connectionService, "connectionService cannot be null");
        Assert.notNull(umsUserDetailsService, "umsUserDetailsService cannot be null");
        Assert.notNull(usersConnectionRepository, "usersConnectionRepository cannot be null");
        Assert.notNull(bool, "autoSignUp cannot be null");
        Assert.notNull(str, "temporaryUserAuthorities cannot be null");
        Assert.notNull(str2, "temporaryUserPassword cannot be null");
        this.updateConnectionTaskExecutor = executorService;
        this.connectionService = connectionService;
        this.userService = auth2UserService;
        this.umsUserDetailsService = umsUserDetailsService;
        this.usersConnectionRepository = usersConnectionRepository;
        this.autoSignUp = bool;
        this.temporaryUserAuthorities = str;
        this.temporaryUserPassword = str2;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Auth2LoginAuthenticationToken auth2LoginAuthenticationToken = (Auth2LoginAuthenticationToken) authentication;
        Auth2DefaultRequest auth2DefaultRequest = auth2LoginAuthenticationToken.getAuth2DefaultRequest();
        HttpServletRequest request = auth2LoginAuthenticationToken.getRequest();
        String parameter = request.getParameter(SecurityConstants.URL_PARAMETER_STATE);
        AuthUser loadUser = this.userService.loadUser(auth2DefaultRequest, request);
        String uuid = loadUser.getUuid();
        String providerId = auth2DefaultRequest.getProviderId();
        List<ConnectionData> findConnectionByProviderIdAndProviderUserId = this.usersConnectionRepository.findConnectionByProviderIdAndProviderUserId(providerId, uuid);
        Authentication authentication2 = SecurityContextHolder.getContext().getAuthentication();
        Object obj = null;
        if (authentication2 != null && authentication2.isAuthenticated() && !(authentication2 instanceof AnonymousAuthenticationToken)) {
            obj = authentication2.getPrincipal();
        }
        boolean z = false;
        UserDetails userDetails = null;
        if (!CollectionUtils.isEmpty(findConnectionByProviderIdAndProviderUserId)) {
            ConnectionData connectionData = null;
            if (obj instanceof UserDetails) {
                userDetails = (UserDetails) obj;
                String username = userDetails.getUsername();
                Iterator<ConnectionData> it = findConnectionByProviderIdAndProviderUserId.iterator();
                while (true) {
                    if (!it.hasNext()) {
                        break;
                    }
                    ConnectionData next = it.next();
                    if (username.equals(next.getUserId())) {
                        connectionData = next;
                        break;
                    }
                }
                if (connectionData == null) {
                    userDetails = null;
                    obj = null;
                }
            }
            if (userDetails == null) {
                connectionData = findConnectionByProviderIdAndProviderUserId.get(0);
                String userId = connectionData.getUserId();
                userDetails = this.userCache.getUserFromCache(userId);
                z = true;
                if (userDetails == null) {
                    z = false;
                    userDetails = this.umsUserDetailsService.loadUserByUserId(userId);
                }
            }
            asyncUpdateUserConnectionAndToken(loadUser, connectionData);
        } else if (obj == null) {
            userDetails = this.autoSignUp.booleanValue() ? this.connectionService.signUp(loadUser, providerId, parameter) : TemporaryUser.builder().username(loadUser.getUsername() + "_" + providerId + "_" + uuid).password("{noop}" + this.temporaryUserPassword).authUser(loadUser).disabled(false).accountExpired(false).accountLocked(false).credentialsExpired(false).authorities(AuthorityUtils.commaSeparatedStringToAuthorityList(this.temporaryUserAuthorities)).build();
        } else if (obj instanceof UserDetails) {
            this.connectionService.binding((UserDetails) obj, loadUser, providerId);
        }
        Auth2DefaultRequest.removeStateCacheOfSessionCache(auth2DefaultRequest.getAuthStateCache(), auth2DefaultRequest.getAuthSource());
        if (obj != null) {
            return authentication2;
        }
        try {
            this.preAuthenticationChecks.check(userDetails);
            additionalAuthenticationChecks(userDetails, (Auth2LoginAuthenticationToken) authentication);
        } catch (AuthenticationException e) {
            if (!z) {
                throw e;
            }
            z = false;
            userDetails = this.umsUserDetailsService.loadUserByUserId(userDetails.getUsername());
            this.preAuthenticationChecks.check(userDetails);
            additionalAuthenticationChecks(userDetails, (Auth2LoginAuthenticationToken) authentication);
        }
        this.postAuthenticationChecks.check(userDetails);
        if (!z) {
            this.userCache.putUserInCache(userDetails);
        }
        Auth2AuthenticationToken auth2AuthenticationToken = new Auth2AuthenticationToken(userDetails, userDetails.getAuthorities(), providerId);
        auth2AuthenticationToken.setDetails(auth2LoginAuthenticationToken.getDetails());
        return auth2AuthenticationToken;
    }

    private void asyncUpdateUserConnectionAndToken(AuthUser authUser, ConnectionData connectionData) {
        try {
            this.updateConnectionTaskExecutor.execute(() -> {
                try {
                    this.connectionService.updateUserConnection(authUser, connectionData);
                } catch (Exception e) {
                    log.error(String.format("异步更新第三方授权登录用户信息与 token 信息失败: AuthUser=%s, ConnectionData=%s, error=%s", MvcUtil.toJsonString(authUser), MvcUtil.toJsonString(connectionData), e.getMessage()), e);
                }
            });
        } catch (NullPointerException | RejectedExecutionException e) {
            log.error(String.format("异步更新第三方授权登录用户信息与 token 信息失败: %s, 再次同步更新", e.getMessage()), e);
            try {
                this.connectionService.updateUserConnection(authUser, connectionData);
            } catch (Exception e2) {
                log.error(String.format("同步更新第三方授权登录用户信息与 token 信息失败: AuthUser=%s, ConnectionData=%s, error=%s", MvcUtil.toJsonString(authUser), MvcUtil.toJsonString(connectionData), e.getMessage()), e);
            }
        }
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, Auth2LoginAuthenticationToken auth2LoginAuthenticationToken) throws AuthenticationException {
    }

    public void setUserCache(UserCache userCache) {
        this.userCache = userCache;
    }

    protected UserDetailsChecker getPreAuthenticationChecks() {
        return this.preAuthenticationChecks;
    }

    public void setPreAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.preAuthenticationChecks = userDetailsChecker;
    }

    protected UserDetailsChecker getPostAuthenticationChecks() {
        return this.postAuthenticationChecks;
    }

    public void setPostAuthenticationChecks(UserDetailsChecker userDetailsChecker) {
        this.postAuthenticationChecks = userDetailsChecker;
    }

    public boolean supports(Class<?> cls) {
        return Auth2LoginAuthenticationToken.class.isAssignableFrom(cls);
    }
}
