package org.openvpms.web.security.firewall;

import javax.servlet.http.HttpServletRequest;
import org.openvpms.component.business.domain.im.security.User;
import org.openvpms.component.business.service.security.UserAuthenticationProvider;
import org.openvpms.web.security.firewall.FirewallService;
import org.openvpms.web.security.login.MfaAuthenticationToken;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;

/* loaded from: input_file:org/openvpms/web/security/firewall/FirewalledUserAuthenticationProvider.class */
public abstract class FirewalledUserAuthenticationProvider extends UserAuthenticationProvider {
    private final FirewallService firewallService;
    private final boolean enableMultifactorAuthentication;

    public FirewalledUserAuthenticationProvider(UserDetailsService userDetailsService, PasswordEncoder passwordEncoder, boolean z, boolean z2, FirewallService firewallService) {
        super(userDetailsService, passwordEncoder, z);
        this.firewallService = firewallService;
        this.enableMultifactorAuthentication = z2;
    }

    public boolean supports(Class<?> cls) {
        return super.supports(cls) && !MfaAuthenticationToken.class.isAssignableFrom(cls);
    }

    protected void checkAuthentication(UserDetails userDetails) {
        checkAllowed(userDetails);
        super.checkAuthentication(userDetails);
    }

    /* JADX INFO: Access modifiers changed from: protected */
    public void checkAllowedWithMFA(HttpServletRequest httpServletRequest, UserDetails userDetails) {
        throw new NoAccessFromHostException(httpServletRequest.getRemoteAddr());
    }

    private void checkAllowed(UserDetails userDetails) {
        ServletRequestAttributes requestAttributes = RequestContextHolder.getRequestAttributes();
        if (!(requestAttributes instanceof ServletRequestAttributes)) {
            throw new IllegalStateException("Not called from within a web request");
        }
        HttpServletRequest request = requestAttributes.getRequest();
        User user = getUser(userDetails);
        if (user == null) {
            throw new NoAccessFromHostException(request.getRemoteAddr());
        }
        checkAllowed(request, user, userDetails);
    }

    private void checkAllowed(HttpServletRequest httpServletRequest, User user, UserDetails userDetails) {
        FirewallService.AccessStatus accessStatus = this.firewallService.getAccessStatus(httpServletRequest, user, this.enableMultifactorAuthentication);
        if (accessStatus == FirewallService.AccessStatus.DENIED) {
            throw new NoAccessFromHostException(httpServletRequest.getRemoteAddr());
        }
        if (accessStatus == FirewallService.AccessStatus.ALLOWED_WITH_MFA) {
            checkAllowedWithMFA(httpServletRequest, userDetails);
        }
    }
}
