package org.beangle.security.auth.dao;

import org.beangle.commons.lang.Strings;
import org.beangle.security.auth.AccountExpiredException;
import org.beangle.security.auth.AuthenticationProvider;
import org.beangle.security.auth.CredentialsExpiredException;
import org.beangle.security.auth.DisabledException;
import org.beangle.security.auth.LockedException;
import org.beangle.security.auth.UsernamePasswordAuthentication;
import org.beangle.security.core.Authentication;
import org.beangle.security.core.AuthenticationException;
import org.beangle.security.core.userdetail.UserDetail;
import org.beangle.security.core.userdetail.UserDetailChecker;
import org.beangle.security.core.userdetail.UsernameNotFoundException;

/* loaded from: input_file:org/beangle/security/auth/dao/AbstractUserDetailAuthenticationProvider.class */
public abstract class AbstractUserDetailAuthenticationProvider implements AuthenticationProvider {
    private boolean forcePrincipalAsString = false;
    private UserDetailChecker preAuthenticationChecker = new DefaultPreAuthenticationChecker();
    private UserDetailChecker postAuthenticationChecker = new DefaultPostAuthenticationChecker();

    /* loaded from: input_file:org/beangle/security/auth/dao/AbstractUserDetailAuthenticationProvider$DefaultPostAuthenticationChecker.class */
    private class DefaultPostAuthenticationChecker implements UserDetailChecker {
        private DefaultPostAuthenticationChecker() {
        }

        @Override // org.beangle.security.core.userdetail.UserDetailChecker
        public void check(UserDetail userDetail) {
            if (userDetail.isCredentialsExpired()) {
                throw new CredentialsExpiredException(null, userDetail);
            }
        }
    }

    /* loaded from: input_file:org/beangle/security/auth/dao/AbstractUserDetailAuthenticationProvider$DefaultPreAuthenticationChecker.class */
    private class DefaultPreAuthenticationChecker implements UserDetailChecker {
        private DefaultPreAuthenticationChecker() {
        }

        @Override // org.beangle.security.core.userdetail.UserDetailChecker
        public void check(UserDetail userDetail) {
            if (userDetail.isAccountLocked()) {
                throw new LockedException(null, userDetail);
            }
            if (!userDetail.isEnabled()) {
                throw new DisabledException(null, userDetail);
            }
            if (userDetail.isAccountExpired()) {
                throw new AccountExpiredException(null, userDetail);
            }
        }
    }

    protected abstract void additionalAuthenticationChecks(UserDetail userDetail, Authentication authentication) throws AuthenticationException;

    protected String determinePrincipal(Authentication authentication) {
        return authentication.getPrincipal() == null ? "NONE_PROVIDED" : authentication.getName();
    }

    @Override // org.beangle.security.auth.AuthenticationProvider
    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        String determinePrincipal = determinePrincipal(authentication);
        if (Strings.isEmpty(determinePrincipal)) {
            AuthenticationException authenticationException = new AuthenticationException("cannot find username for " + authentication.getPrincipal());
            authenticationException.setAuthentication(authentication);
            throw authenticationException;
        }
        UserDetail retrieveUser = retrieveUser(determinePrincipal, authentication);
        if (null == retrieveUser) {
            throw new UsernameNotFoundException();
        }
        this.preAuthenticationChecker.check(retrieveUser);
        additionalAuthenticationChecks(retrieveUser, authentication);
        this.postAuthenticationChecker.check(retrieveUser);
        UserDetail userDetail = retrieveUser;
        if (this.forcePrincipalAsString) {
            userDetail = retrieveUser.getUsername();
        }
        return createSuccessAuthentication(userDetail, authentication, retrieveUser);
    }

    protected Authentication createSuccessAuthentication(Object obj, Authentication authentication, UserDetail userDetail) {
        UsernamePasswordAuthentication usernamePasswordAuthentication = new UsernamePasswordAuthentication(obj, authentication.getCredentials(), userDetail.getAuthorities());
        usernamePasswordAuthentication.setDetails(authentication.getDetails());
        return usernamePasswordAuthentication;
    }

    protected void doAfterPropertiesSet() throws Exception {
    }

    public boolean isForcePrincipalAsString() {
        return this.forcePrincipalAsString;
    }

    protected abstract UserDetail retrieveUser(String str, Authentication authentication) throws AuthenticationException;

    public void setForcePrincipalAsString(boolean z) {
        this.forcePrincipalAsString = z;
    }

    @Override // org.beangle.security.auth.AuthenticationProvider
    public boolean supports(Class<? extends Authentication> cls) {
        return UsernamePasswordAuthentication.class.isAssignableFrom(cls);
    }

    protected UserDetailChecker getPreAuthenticationChecks() {
        return this.preAuthenticationChecker;
    }

    public void setPreAuthenticationChecks(UserDetailChecker userDetailChecker) {
        this.preAuthenticationChecker = userDetailChecker;
    }

    protected UserDetailChecker getPostAuthenticationChecks() {
        return this.postAuthenticationChecker;
    }

    public void setPostAuthenticationChecks(UserDetailChecker userDetailChecker) {
        this.postAuthenticationChecker = userDetailChecker;
    }
}
