package org.carewebframework.vista.security.base;

import ca.uhn.fhir.model.dstu.resource.User;
import java.util.List;
import org.apache.commons.lang.StringUtils;
import org.carewebframework.api.domain.DomainFactoryRegistry;
import org.carewebframework.cal.api.domain.UserProxy;
import org.carewebframework.security.spring.AbstractAuthenticationProvider;
import org.carewebframework.security.spring.AuthenticationCancelledException;
import org.carewebframework.security.spring.CWFAuthenticationDetails;
import org.carewebframework.vista.api.util.VistAUtil;
import org.carewebframework.vista.mbroker.BrokerSession;
import org.carewebframework.vista.mbroker.Security;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.DisabledException;
import org.springframework.security.authentication.LockedException;
import org.springframework.security.core.AuthenticationException;

/* loaded from: input_file:standalone.war:WEB-INF/lib/org.carewebframework.vista.security.base-1.0.1.jar:org/carewebframework/vista/security/base/BaseAuthenticationProvider.class */
public class BaseAuthenticationProvider extends AbstractAuthenticationProvider<User> {
    public BaseAuthenticationProvider() {
        super(false);
    }

    protected BaseAuthenticationProvider(boolean z) {
        super(z);
    }

    protected BaseAuthenticationProvider(List<String> list) {
        super(list);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    /* JADX WARN: Can't rename method to resolve collision */
    @Override // org.carewebframework.security.spring.AbstractAuthenticationProvider
    public User login(CWFAuthenticationDetails cWFAuthenticationDetails, String str, String str2, String str3) {
        BrokerSession brokerSession = VistAUtil.getBrokerSession();
        Security.AuthResult authenticate = Security.authenticate(brokerSession, str, str2, str3);
        User authenticatedUser = getAuthenticatedUser(brokerSession);
        cWFAuthenticationDetails.setDetail("user", new UserProxy(authenticatedUser));
        checkAuthResult(authenticate, authenticatedUser);
        return authenticatedUser;
    }

    /* JADX INFO: Access modifiers changed from: protected */
    @Override // org.carewebframework.security.spring.AbstractAuthenticationProvider
    public List<String> getAuthorities(User user) {
        if (user == null) {
            return null;
        }
        return VistAUtil.getBrokerSession().callRPCList("RGCWFUSR GETPRIV", null, user.getId().getIdPart());
    }

    private User getAuthenticatedUser(BrokerSession brokerSession) {
        try {
            if (brokerSession.isAuthenticated()) {
                return (User) DomainFactoryRegistry.fetchObject(User.class, Integer.toString(brokerSession.getUserId()));
            }
            return null;
        } catch (Exception e) {
            return null;
        }
    }

    private void checkAuthResult(Security.AuthResult authResult, User user) throws AuthenticationException {
        switch (authResult.status) {
            case SUCCESS:
                return;
            case CANCELED:
                throw new AuthenticationCancelledException(StringUtils.defaultIfEmpty(authResult.reason, "Authentication attempt was cancelled."));
            case EXPIRED:
                throw new CredentialsExpiredException(StringUtils.defaultIfEmpty(authResult.reason, "Your password has expired."), user);
            case FAILURE:
                throw new BadCredentialsException(StringUtils.defaultIfEmpty(authResult.reason, "Your username or password was not recognized."));
            case LOCKED:
                throw new LockedException(StringUtils.defaultIfEmpty(authResult.reason, "Your user account has been locked and cannot be accessed."));
            case NOLOGINS:
                throw new DisabledException(StringUtils.defaultIfEmpty(authResult.reason, "Logins are currently disabled."));
            default:
                return;
        }
    }
}
