package com.usthe.sureness.processor.support;

import com.usthe.sureness.processor.BaseProcessor;
import com.usthe.sureness.processor.exception.DisabledAccountException;
import com.usthe.sureness.processor.exception.ExcessiveAttemptsException;
import com.usthe.sureness.processor.exception.IncorrectCredentialsException;
import com.usthe.sureness.processor.exception.SurenessAuthenticationException;
import com.usthe.sureness.processor.exception.SurenessAuthorizationException;
import com.usthe.sureness.processor.exception.UnauthorizedException;
import com.usthe.sureness.processor.exception.UnknownAccountException;
import com.usthe.sureness.provider.SurenessAccount;
import com.usthe.sureness.provider.SurenessAccountProvider;
import com.usthe.sureness.subject.Subject;
import com.usthe.sureness.subject.support.PasswordSubject;
import com.usthe.sureness.util.Md5Util;
import java.util.List;
import java.util.stream.Stream;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

/* loaded from: input_file:com/usthe/sureness/processor/support/PasswordProcessor.class */
public class PasswordProcessor extends BaseProcessor {
    private static final Logger logger = LoggerFactory.getLogger(PasswordProcessor.class);
    private SurenessAccountProvider accountProvider;

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public boolean canSupportSubjectClass(Class<?> cls) {
        return cls == PasswordSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor, com.usthe.sureness.processor.Processor
    public Class<?> getSupportSubjectClass() {
        return PasswordSubject.class;
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public Subject authenticated(Subject subject) throws SurenessAuthenticationException {
        String str = (String) subject.getPrincipal();
        SurenessAccount loadAccount = this.accountProvider.loadAccount(str);
        if (loadAccount == null) {
            if (logger.isDebugEnabled()) {
                logger.debug("PasswordProcessor authenticated fail, no this user: {}", subject.getPrincipal());
            }
            throw new UnknownAccountException("do not exist the account: " + str);
        }
        if (subject.getCredential() != null && loadAccount.getPassword() != null) {
            String valueOf = String.valueOf(subject.getCredential());
            if (loadAccount.getSalt() != null && !"".equals(loadAccount.getSalt())) {
                valueOf = Md5Util.md5(valueOf + loadAccount.getSalt());
            }
            if (valueOf == null || !valueOf.equals(loadAccount.getPassword())) {
                if (logger.isDebugEnabled()) {
                    logger.debug("PasswordProcessor authenticated fail, user: {}", subject.getPrincipal());
                }
                throw new IncorrectCredentialsException("incorrect password");
            }
        }
        if (loadAccount.isDisabledAccount()) {
            throw new DisabledAccountException("account is disabled");
        }
        if (loadAccount.isExcessiveAttempts()) {
            throw new ExcessiveAttemptsException("account is disable due to many time authenticated, try later");
        }
        return PasswordSubject.builder(subject).setOwnRoles(loadAccount.getOwnRoles()).build();
    }

    @Override // com.usthe.sureness.processor.BaseProcessor
    public void authorized(Subject subject) throws SurenessAuthorizationException {
        List list = (List) subject.getOwnRoles();
        List list2 = (List) subject.getSupportRoles();
        if (list2 == null || list2.isEmpty()) {
            return;
        }
        Stream stream = list2.stream();
        list.getClass();
        if (!stream.anyMatch((v1) -> {
            return r1.contains(v1);
        })) {
            throw new UnauthorizedException("do not have the role to access resource");
        }
    }

    public void setAccountProvider(SurenessAccountProvider surenessAccountProvider) {
        this.accountProvider = surenessAccountProvider;
    }
}
