package org.egov.infra.config.security.authentication.provider;

import java.util.HashMap;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.egov.infra.security.audit.entity.LoginAttempt;
import org.egov.infra.security.audit.service.LoginAttemptService;
import org.egov.infra.security.utils.SecurityConstants;
import org.egov.infra.security.utils.captcha.CaptchaUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.context.request.RequestContextHolder;

/* loaded from: input_file:org/egov/infra/config/security/authentication/provider/ApplicationAuthenticationProvider.class */
public class ApplicationAuthenticationProvider extends DaoAuthenticationProvider {
    private static final String BAD_CRED_MSG_KEY = "AbstractUserDetailsAuthenticationProvider.badCredentials";
    private static final String BAD_CRED_DEFAULT_MSG = "Bad credentials";
    private static final String ACCOUNT_LOCKED_MSG_KEY = "AbstractUserDetailsAuthenticationProvider.locked";
    private static final String ACCOUNT_LOCKED_DEFAULT_MSG = "User account is locked";
    private static final String TOO_MANY_ATTEMPTS_MSG_FORMAT = "Too many attempts [%d]";
    private static final String INVALID_CAPTCHA_MSG_FORMAT = "%s - Recaptcha Invalid";

    @Autowired
    private PasswordEncoder passwordEncoder;

    @Autowired
    private LoginAttemptService loginAttemptService;

    @Autowired
    private CaptchaUtils recaptchaUtils;

    public Authentication authenticate(Authentication authentication) {
        try {
            return super.authenticate(authentication);
        } catch (LockedException e) {
            return unlockAccount(authentication, e);
        } catch (BadCredentialsException e2) {
            lockAccount(authentication);
            throw e2;
        }
    }

    private Authentication unlockAccount(Authentication authentication, LockedException lockedException) {
        HttpServletRequest request = RequestContextHolder.currentRequestAttributes().getRequest();
        if (!StringUtils.isNotBlank(request.getParameter(CaptchaUtils.RECAPTCHA_RESPONSE)) && !StringUtils.isNotBlank(request.getParameter(CaptchaUtils.J_CAPTCHA_RESPONSE))) {
            throw lockedException;
        }
        if (!this.recaptchaUtils.captchaIsValid(request)) {
            throw new LockedException(String.format(INVALID_CAPTCHA_MSG_FORMAT, lockedException.getMessage()));
        }
        this.loginAttemptService.resetFailedAttempt(authentication.getName());
        return super.authenticate(authentication);
    }

    private void lockAccount(Authentication authentication) {
        Optional<LoginAttempt> updateFailedAttempt = this.loginAttemptService.updateFailedAttempt(authentication.getName());
        if (updateFailedAttempt.isPresent()) {
            if (updateFailedAttempt.get().getFailedAttempts().intValue() == 5) {
                throw new LockedException(this.messages.getMessage(ACCOUNT_LOCKED_MSG_KEY, ACCOUNT_LOCKED_DEFAULT_MSG));
            }
            if (updateFailedAttempt.get().getFailedAttempts().intValue() > 2) {
                throw new BadCredentialsException(String.format(TOO_MANY_ATTEMPTS_MSG_FORMAT, Integer.valueOf(5 - updateFailedAttempt.get().getFailedAttempts().intValue())));
            }
        }
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) {
        HashMap hashMap = (HashMap) usernamePasswordAuthenticationToken.getCredentials();
        if (hashMap == null || !this.passwordEncoder.matches((CharSequence) hashMap.get(SecurityConstants.LOGIN_PASS_FIELD), userDetails.getPassword())) {
            throw new BadCredentialsException(this.messages.getMessage(BAD_CRED_MSG_KEY, BAD_CRED_DEFAULT_MSG));
        }
    }
}
