package com.yonyou.bpm.webserver.scrt;

import com.yonyou.bpm.scrt.GrantedApplicationAuthority;
import java.util.ArrayList;
import java.util.Collections;
import javax.annotation.PostConstruct;
import org.activiti.engine.IdentityService;
import org.apache.commons.lang.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.core.env.Environment;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Component;

@Component
/* loaded from: input_file:com/yonyou/bpm/webserver/scrt/BpmServerWebAuthenticationProvider.class */
public class BpmServerWebAuthenticationProvider implements AuthenticationProvider {
    private static final String SDK_AGENT_AUTHEN_ENABLE = "sdk.agent.authen";
    private String operatorID;

    @Autowired
    private Environment environment;

    @Autowired
    private IdentityService identityService;

    @Autowired
    private ApplicationAuthenticationService appAuthenService;
    private Logger logger = LoggerFactory.getLogger(BpmServerWebAuthenticationProvider.class);
    private boolean sdkAgentAuthEnable = false;

    @PostConstruct
    private void init() {
        String property = System.getProperty(SDK_AGENT_AUTHEN_ENABLE);
        if (property != null) {
            this.sdkAgentAuthEnable = Boolean.valueOf(property).booleanValue();
        }
    }

    public Authentication authenticate(Authentication authentication) throws AuthenticationException {
        Object details = authentication.getDetails();
        boolean z = false;
        if (details != null && (details instanceof BpmServerWebAuthenticationDetails)) {
            BpmServerWebAuthenticationDetails bpmServerWebAuthenticationDetails = (BpmServerWebAuthenticationDetails) details;
            this.operatorID = bpmServerWebAuthenticationDetails.getOperator();
            if (bpmServerWebAuthenticationDetails.getUserAgent() != null && bpmServerWebAuthenticationDetails.getUserAgent().startsWith("BPM_SDK")) {
                z = true;
            }
        }
        return (this.sdkAgentAuthEnable && z) ? authenticateByApplicationToken(authentication) : authenticateByUserPassword(authentication);
    }

    private Authentication authenticateByApplicationToken(Authentication authentication) {
        BpmServerWebAuthenticationDetails bpmServerWebAuthenticationDetails = (BpmServerWebAuthenticationDetails) authentication.getDetails();
        String name = authentication.getName();
        String obj = authentication.getCredentials().toString();
        try {
            GrantedApplicationAuthority authenticate = this.appAuthenService.authenticate(name, obj, bpmServerWebAuthenticationDetails);
            if (authenticate != null) {
                return new UsernamePasswordAuthenticationToken(name, obj, Collections.singletonList(authenticate));
            }
            throw new BadCredentialsException("Authentication failed for this application request from IP[" + bpmServerWebAuthenticationDetails.getRemoteAddress() + "] with applicaton code[" + name + "]! ");
        } catch (Exception e) {
            this.logger.error("校验应用请求的令牌时发生错误！--异常类型：" + e.getClass().getName() + "；错误信息：" + e.getMessage(), e);
            throw new BadCredentialsException("Authentication failed for this application request because of server internal exception::[" + e.getClass().getName() + "]--" + e.getMessage());
        }
    }

    private Authentication authenticateByUserPassword(Authentication authentication) {
        String name = authentication.getName();
        String obj = authentication.getCredentials().toString();
        if (StringUtils.isBlank(obj)) {
            obj = name;
        }
        if (this.operatorID == null || "".equals(this.operatorID.trim())) {
            this.operatorID = name;
        }
        if (1 == 0) {
            throw new BadCredentialsException("Authentication failed for this username and password");
        }
        ArrayList arrayList = new ArrayList();
        this.logger.info("当前线程操作人信息设置" + Thread.currentThread().getId() + ">>" + Thread.currentThread().getName() + ">>" + this.operatorID);
        this.identityService.setAuthenticatedUserId(this.operatorID);
        return new UsernamePasswordAuthenticationToken(name, obj, arrayList);
    }

    public boolean supports(Class<?> cls) {
        return cls.equals(UsernamePasswordAuthenticationToken.class);
    }
}
