package cn.crudapi.weixin.authentication;

import cn.crudapi.security.exception.VerificationCodeException;
import cn.crudapi.security.service.CaUserDetailsService;
import cn.crudapi.weixin.service.WeixinService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountExpiredException;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:cn/crudapi/weixin/authentication/WeixinCodeAuthenticationProvider.class */
public class WeixinCodeAuthenticationProvider implements AuthenticationProvider {
    private static final Logger log = LoggerFactory.getLogger(WeixinCodeAuthenticationProvider.class);
    private CaUserDetailsService userDetailsService;
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private WeixinService weixinService;

    public WeixinService getWeixinService() {
        return this.weixinService;
    }

    public void setWeixinService(WeixinService weixinService) {
        this.weixinService = weixinService;
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        WeixinCodeAuthenticationToken weixinCodeAuthenticationToken = (WeixinCodeAuthenticationToken) authentication;
        String str = (String) weixinCodeAuthenticationToken.getPrincipal();
        checkWeixinCode(str);
        try {
            String openId = this.weixinService.getOpenId(str);
            if (openId == null || openId.isEmpty()) {
                throw new BadCredentialsException("微信openId不能为空");
            }
            UserDetails loadUserByOpenId = this.userDetailsService.loadUserByOpenId(openId);
            check(loadUserByOpenId);
            WeixinCodeAuthenticationToken weixinCodeAuthenticationToken2 = new WeixinCodeAuthenticationToken(loadUserByOpenId, loadUserByOpenId.getAuthorities());
            weixinCodeAuthenticationToken2.setDetails(weixinCodeAuthenticationToken.getDetails());
            return weixinCodeAuthenticationToken2;
        } catch (Exception e) {
            throw new BadCredentialsException(e.getMessage());
        }
    }

    public void check(UserDetails userDetails) {
        if (!userDetails.isAccountNonLocked()) {
            log.debug("User account is locked");
            throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
        }
        if (!userDetails.isEnabled()) {
            log.debug("User account is disabled");
            throw new DisabledException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.disabled", "User is disabled"));
        }
        if (userDetails.isAccountNonExpired()) {
            return;
        }
        log.debug("User account is expired");
        throw new AccountExpiredException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.expired", "User account has expired"));
    }

    private void checkWeixinCode(String str) {
        try {
            RequestContextHolder.getRequestAttributes().getRequest();
            if (str == null || str.isEmpty()) {
                throw new BadCredentialsException("微信Code不能为空");
            }
        } catch (Exception e) {
            log.error("exception.getMessage", e);
            throw new VerificationCodeException(e.getMessage());
        }
    }

    public boolean supports(Class<?> cls) {
        return WeixinCodeAuthenticationToken.class.isAssignableFrom(cls);
    }

    public CaUserDetailsService getUserDetailsService() {
        return this.userDetailsService;
    }

    public void setUserDetailsService(CaUserDetailsService caUserDetailsService) {
        this.userDetailsService = caUserDetailsService;
    }
}
