package org.openvpms.web.security.firewall;

import javax.servlet.http.HttpServletRequest;
import org.openvpms.component.business.service.security.UserAuthenticationProvider;
import org.openvpms.component.business.service.security.UserService;
import org.openvpms.component.model.user.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:org/openvpms/web/security/firewall/FirewalledUserAuthenticationProvider.class */
public class FirewalledUserAuthenticationProvider extends UserAuthenticationProvider {
    private final FirewallService firewallService;

    public FirewalledUserAuthenticationProvider(UserService userService, PasswordEncoder passwordEncoder, boolean z, FirewallService firewallService) {
        super(userService, passwordEncoder, z);
        this.firewallService = firewallService;
    }

    protected void checkAuthentication(UserDetails userDetails) {
        checkAllowed(userDetails);
        super.checkAuthentication(userDetails);
    }

    protected User getUser(UserDetails userDetails) {
        if (userDetails instanceof User) {
            return (User) userDetails;
        }
        return null;
    }

    private void checkAllowed(UserDetails userDetails) {
        User user = getUser(userDetails);
        if (user == null) {
            throw new IllegalStateException("Not called from within a web request");
        }
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (!(requestAttributes instanceof ServletRequestAttributes)) {
            throw new IllegalStateException("Not called from within a web request");
        }
        HttpServletRequest request = requestAttributes.getRequest();
        if (!this.firewallService.isAllowed(request, user)) {
            throw new NoAccessFromHostException(request.getRemoteAddr());
        }
    }
}
