package org.springframework.security.boot.dingtalk.authentication;

import com.alibaba.fastjson.JSONObject;
import com.dingtalk.api.response.OapiUserGetResponse;
import com.dingtalk.api.response.OapiUserGetuserinfoResponse;
import com.dingtalk.spring.boot.DingTalkTemplate;
import com.taobao.api.ApiException;
import java.util.Objects;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.support.MessageSourceAccessor;
import org.springframework.security.authentication.AccountStatusUserDetailsChecker;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.boot.biz.exception.AuthResponse;
import org.springframework.security.boot.biz.userdetails.SecurityPrincipal;
import org.springframework.security.boot.biz.userdetails.UserDetailsServiceAdapter;
import org.springframework.security.boot.dingtalk.exception.DingTalkAuthenticationServiceException;
import org.springframework.security.boot.dingtalk.exception.DingTalkCodeNotFoundException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.SpringSecurityMessageSource;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsChecker;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;

/* loaded from: input_file:org/springframework/security/boot/dingtalk/authentication/DingTalkMaAuthenticationProvider.class */
public class DingTalkMaAuthenticationProvider implements AuthenticationProvider, InitializingBean {
    protected MessageSourceAccessor messages = SpringSecurityMessageSource.getAccessor();
    private UserDetailsChecker userDetailsChecker = new AccountStatusUserDetailsChecker();
    private final Logger logger = LoggerFactory.getLogger(getClass());
    private final UserDetailsServiceAdapter userDetailsService;
    private final DingTalkTemplate dingTalkTemplate;

    public DingTalkMaAuthenticationProvider(UserDetailsServiceAdapter userDetailsServiceAdapter, DingTalkTemplate dingTalkTemplate) {
        this.userDetailsService = userDetailsServiceAdapter;
        this.dingTalkTemplate = dingTalkTemplate;
    }

    public void afterPropertiesSet() throws Exception {
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Assert.notNull(authentication, "No authentication data provided");
        if (this.logger.isDebugEnabled()) {
            this.logger.debug("Processing authentication request : " + authentication);
        }
        DingTalkMaLoginRequest dingTalkMaLoginRequest = (DingTalkMaLoginRequest) authentication.getPrincipal();
        if (!StringUtils.hasText(dingTalkMaLoginRequest.getUserid()) && !StringUtils.hasText(dingTalkMaLoginRequest.getCode())) {
            this.logger.debug("No Code found in request.");
            throw new DingTalkCodeNotFoundException("No Code found in request.");
        }
        try {
            if (!this.dingTalkTemplate.hasAppKey(dingTalkMaLoginRequest.getKey())) {
                this.logger.debug("Invalid App Key {} .", dingTalkMaLoginRequest.getKey());
                throw new DingTalkCodeNotFoundException("Invalid App Key.");
            }
            String accessToken = this.dingTalkTemplate.getAccessToken(dingTalkMaLoginRequest.getKey(), this.dingTalkTemplate.getAppSecret(dingTalkMaLoginRequest.getKey()));
            if (StringUtils.hasText(dingTalkMaLoginRequest.getCode()) && !StringUtils.hasText(dingTalkMaLoginRequest.getUserid())) {
                OapiUserGetuserinfoResponse userinfoBycode = this.dingTalkTemplate.getUserinfoBycode(dingTalkMaLoginRequest.getCode(), accessToken);
                if (this.logger.isDebugEnabled()) {
                    this.logger.debug(userinfoBycode.getBody());
                }
                if (!userinfoBycode.isSuccess()) {
                    this.logger.error(JSONObject.toJSONString(AuthResponse.of(userinfoBycode.getErrorCode(), userinfoBycode.getErrmsg())));
                    throw new DingTalkAuthenticationServiceException(userinfoBycode.getErrmsg());
                }
                dingTalkMaLoginRequest.setUserid(userinfoBycode.getUserid());
            }
            DingTalkTmpCodeAuthenticationToken dingTalkTmpCodeAuthenticationToken = (DingTalkTmpCodeAuthenticationToken) authentication;
            if (Objects.isNull(dingTalkMaLoginRequest.getUserInfo()) && !Objects.isNull(dingTalkMaLoginRequest.getUserid())) {
                OapiUserGetResponse userByUserid = this.dingTalkTemplate.getUserByUserid(dingTalkMaLoginRequest.getUserid(), accessToken);
                if (!userByUserid.isSuccess()) {
                    this.logger.error(JSONObject.toJSONString(AuthResponse.of(userByUserid.getErrorCode(), userByUserid.getErrmsg())));
                    throw new DingTalkAuthenticationServiceException(userByUserid.getErrmsg());
                }
                dingTalkTmpCodeAuthenticationToken.setUserInfo(userByUserid);
                dingTalkTmpCodeAuthenticationToken.setUnionid(userByUserid.getUnionid());
                dingTalkTmpCodeAuthenticationToken.setOpenid(userByUserid.getOpenId());
                dingTalkMaLoginRequest.setUnionid(userByUserid.getUnionid());
                dingTalkMaLoginRequest.setOpenid(userByUserid.getOpenId());
            }
            UserDetails loadUserDetails = getUserDetailsService().loadUserDetails(dingTalkTmpCodeAuthenticationToken);
            getUserDetailsChecker().check(loadUserDetails);
            DingTalkTmpCodeAuthenticationToken dingTalkTmpCodeAuthenticationToken2 = SecurityPrincipal.class.isAssignableFrom(loadUserDetails.getClass()) ? new DingTalkTmpCodeAuthenticationToken(loadUserDetails, loadUserDetails.getPassword(), loadUserDetails.getAuthorities()) : new DingTalkTmpCodeAuthenticationToken(loadUserDetails.getUsername(), loadUserDetails.getPassword(), loadUserDetails.getAuthorities());
            dingTalkTmpCodeAuthenticationToken2.setDetails(authentication.getDetails());
            return dingTalkTmpCodeAuthenticationToken2;
        } catch (ApiException e) {
            throw new DingTalkAuthenticationServiceException(e.getErrMsg(), e);
        }
    }

    public boolean supports(Class<?> cls) {
        return DingTalkTmpCodeAuthenticationToken.class.isAssignableFrom(cls);
    }

    public void setUserDetailsChecker(UserDetailsChecker userDetailsChecker) {
        this.userDetailsChecker = userDetailsChecker;
    }

    public UserDetailsChecker getUserDetailsChecker() {
        return this.userDetailsChecker;
    }

    public UserDetailsServiceAdapter getUserDetailsService() {
        return this.userDetailsService;
    }
}
