package org.openvpms.component.business.service.security;

import org.openvpms.component.business.domain.im.security.User;
import org.springframework.security.authentication.CredentialsExpiredException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;

/* loaded from: input_file:org/openvpms/component/business/service/security/UserAuthenticationProvider.class */
public class UserAuthenticationProvider extends DaoAuthenticationProvider {
    private final boolean expireOnChangePassword;

    public UserAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, boolean z) {
        setUserDetailsService(userDetailsService);
        setPasswordEncoder(passwordEncoder);
        this.expireOnChangePassword = z;
    }

    protected void additionalAuthenticationChecks(UserDetails userDetails, UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken) throws AuthenticationException {
        super.additionalAuthenticationChecks(userDetails, usernamePasswordAuthenticationToken);
        checkAuthentication(userDetails);
    }

    protected void checkAuthentication(UserDetails userDetails) {
        if (this.expireOnChangePassword && (userDetails instanceof User) && ((User) userDetails).getChangePassword()) {
            throw new CredentialsExpiredException(this.messages.getMessage("AbstractUserDetailsAuthenticationProvider.credentialsExpired", "User credentials have expired"));
        }
    }
}
