package org.egov.infstr.security.spring.dao;

import java.util.HashMap;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.egov.infra.security.audit.entity.LoginAttempt;
import org.egov.infra.security.audit.service.LoginAttemptService;
import org.egov.infra.security.utils.RecaptchaUtils;
import org.egov.infra.security.utils.SecurityConstants;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:org/egov/infstr/security/spring/dao/EgovDaoAuthenticationProvider.class */
public class EgovDaoAuthenticationProvider extends DaoAuthenticationProvider {

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private LoginAttemptService loginAttemptService;

    @Autowired
    private RecaptchaUtils recaptchaUtils;

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        try {
            return super.authenticate(authentication);
        } catch (BadCredentialsException e) {
            Optional<LoginAttempt> updateFailedAttempt = this.loginAttemptService.updateFailedAttempt(authentication.getName());
            if (updateFailedAttempt.isPresent()) {
                if (updateFailedAttempt.get().getFailedAttempts().intValue() == 5) {
                    throw new LockedException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.locked", "User account is locked"));
                }
                if (updateFailedAttempt.get().getFailedAttempts().intValue() > 2) {
                    throw new BadCredentialsException("Too many attempts [" + (5 - updateFailedAttempt.get().getFailedAttempts().intValue()) + "]");
                }
            }
            throw e;
        } catch (LockedException e2) {
            HttpServletRequest request = RequestContextHolder.currentRequestAttributes().getRequest();
            if (request.getParameter("g-recaptcha-response") == null && request.getParameter("recaptcha_response_field") == null) {
                throw e2;
            }
            if (!this.recaptchaUtils.captchaIsValid(request)) {
                throw new LockedException(e2.getMessage() + " - Recaptcha Invalid");
            }
            this.loginAttemptService.resetFailedAttempt(authentication.getName());
            return super.authenticate(authentication);
        }
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        HashMap hashMap = (HashMap) usernamePasswordAuthenticationToken.getCredentials();
        if (usernamePasswordAuthenticationToken.getCredentials() == null) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
        if (!this.passwordEncoder.matches((String) hashMap.get(SecurityConstants.PWD_FIELD), userDetails.getPassword())) {
            throw new BadCredentialsException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.badCredentials", "Bad credentials"));
        }
    }
}
