package top.verytouch.vkit.rabc.oauth2;

import java.util.Map;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
import org.springframework.security.oauth2.provider.TokenRequest;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import top.verytouch.vkit.captcha.CaptchaContext;
import top.verytouch.vkit.rabc.RbacProperties;

/* loaded from: input_file:top/verytouch/vkit/rabc/oauth2/CaptchaTokenGranter.class */
public class CaptchaTokenGranter extends AbstractTokenGranter {
    private static final String GRANT_TYPE = "captcha";
    private final UserDetailsService userDetailsService;
    private final PasswordEncoder passwordEncoder;
    private final ParameterPasswordEncoder parameterPasswordEncoder;
    private final RbacProperties rbacProperties;

    public CaptchaTokenGranter(AuthorizationServerTokenServices authorizationServerTokenServices, ClientDetailsService clientDetailsService, OAuth2RequestFactory oAuth2RequestFactory, UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, ParameterPasswordEncoder parameterPasswordEncoder, RbacProperties rbacProperties) {
        super(authorizationServerTokenServices, clientDetailsService, oAuth2RequestFactory, GRANT_TYPE);
        this.userDetailsService = userDetailsService;
        this.passwordEncoder = passwordEncoder;
        this.parameterPasswordEncoder = parameterPasswordEncoder;
        this.rbacProperties = rbacProperties;
    }

    protected OAuth2Authentication getOAuth2Authentication(ClientDetails clientDetails, TokenRequest tokenRequest) {
        Map<String, String> requestParameters = tokenRequest.getRequestParameters();
        verifyCode(requestParameters);
        UserDetails verifyUserNameAndPassword = verifyUserNameAndPassword(requestParameters);
        OAuth2Authentication oAuth2Authentication = new OAuth2Authentication(tokenRequest.createOAuth2Request(clientDetails), new UsernamePasswordAuthenticationToken(verifyUserNameAndPassword.getUsername(), verifyUserNameAndPassword, verifyUserNameAndPassword.getAuthorities()));
        oAuth2Authentication.setDetails(verifyUserNameAndPassword);
        return oAuth2Authentication;
    }

    private UserDetails verifyUserNameAndPassword(Map<String, String> map) {
        UserDetails loadUserByUsername = this.userDetailsService.loadUserByUsername(map.get(this.rbacProperties.getUsernameParameter()));
        if (this.passwordEncoder.matches(this.parameterPasswordEncoder.decode(map.get(this.rbacProperties.getPasswordParameter())), loadUserByUsername.getPassword())) {
            return loadUserByUsername;
        }
        throw new OauthException("密码错误");
    }

    private void verifyCode(Map<String, String> map) {
        if (this.rbacProperties.isCaptchaEnabled()) {
            CaptchaContext.verify(map);
        }
    }
}
